How it should be done.
Pat Ferrier reports:
When
employees of the Fort
Collins Loveland Water District and South
Fort Collins Sanitation District got to work the
morning of Feb. 11, they were locked out of technical and engineering
data and drawings stored on their computers.
The
districts had fallen victim to a ransomware cyber attack, the
second in two years, General Manager Chris Matkins said.
Hackers were holding the data hostage and demanding a ransom payment
before they’d unlock the information.
Matkins
won’t say how big the ransom demand was or how payment was to be
made. “It’s not something we will talk about,” he said. “It
didn’t have any bearing on how we responded.”
Fort
Collins Loveland Water never
considered paying the ransom and within about three weeks
was able to unlock the data on its own, Matkins said.
That persistent threat: North Korea.
Lily Hay Newman reports:
In January 2018 a group of hackers, now
thought to be working for the North
Korean state-sponsored group Lazarus, attempted to steal $110
million from the Mexican commercial bank Bancomext. That effort
failed. But just a few months later, a smaller yet still elaborate
series of attacks allowed hackers to siphon off 300 to 400 million
pesos, or roughly $15 to $20 million from Mexican banks. Here’s
how they did it.
At the RSA security conference in San
Francisco last Friday, penetration tester and security advisor Josu
Loza, who was an incident responder in the wake of the April attacks,
presented findings on how hackers executed the heists both digitally
and on the ground around Mexico.
[From
the article:
All of these vulnerabilities collectively made it
possible for hackers to lay extensive groundwork, eventually
establishing the infrastructure they needed to begin carrying out
actual cash grabs. Once that was in place, the attacks moved
quickly.
The hackers would exploit flaws in how SPEI
validated sender accounts to initiate
a money transfer from a nonexistant source like “Joe
Smith, Account Number: 12345678.” They would then direct the
phantom funds to a real, but pseudonymous account under their control
and send a so-called cash mule to withdraw the money before the bank
realized what had happened. Each malicious transaction was
relatively small, in the range of tens or hundreds of thousands of
pesos. "SPEI sends and receives millions and millions of pesos
daily, this would have been a very little percentage of that
operation," Loza says.
Attackers would have potentially needed to work
with hundreds of mules to make all of those withdrawals possible over
time.
Why is this a DARPA thing? Is it Defense related?
DARPA to
Develop $10 Million Open Source Voting System
The US election might be different in 2020 thanks
to a project by DARPA (Defense Advanced Research Projects Agency),
the US Department of Defense research division, aiming at
bullet-proofing voting machines by moving away from proprietary
software that can’t be properly evaluated for bugs,
writes
Motherboard.
$10 million is invested in creating an unhackable,
fully open source voting system with a touch screen that will allow
voters to ensure their votes are accurately recorded.
… “We will not have a voting system that we
can deploy. That’s not what we do,” said Salmon. “We will
show a methodology that could be used by others to build a voting
system that is completely secure.”
Chatters gotta chat! I’m (mostly/kinda/almost)
sure they had nothing to do with the outage.
Telegram
gets 3M new signups during Facebook apps’ outage
Messaging platform
Telegram claims to have had a surge in signups during a period of
downtime for
Facebook’s
rival messaging services.
In a message sent to his Telegram channel, founder
Pavel
Durov wrote: “I see 3 million new users signed up for Telegram
within the last 24 hours.”
It’s probably not a coincidence that
Facebook
and its related family of apps went down for most of Wednesday, as we
reported
earlier.
I have been hacked, that is proof our enemies fear
me! OR I have been hacked. That does not mean I don’t understand
security.
Leading
Israeli Candidate for PM Targeted by Iranian Hackers
Israeli
media reported Thursday that the Shin Bet internal security service
warned Benny Gantz that Iranian intelligence hacked his cellphone,
putting “his personal details and addresses in hostile hands.”
A
statement from Gantz’s campaign insinuated his opponents leaked the
news to damage his political bid, saying the timing of the report
just weeks before Israel’s April 9 elections “raises important
questions.”
A
campaign official says the security breach happened several months
ago, before Gantz entered politics. The official spoke on condition
of anonymity because they were not authorized to talk to media.
(Related)
Why only “successful” attacks? Why not five days for everyone?
Sounds like they think the attacks are not important.
U.S.
Senators Want Transparency on Senate Cyberattacks
U.S.
Senators Ron Wyden and Tom Cotton believe all senators should receive
information on successful
cyberattacks
aimed at the Senate.
In
a letter sent this week to the U.S. Senate Sergeant at Arms, Michael
C. Stenger, Wyden and Cotton have asked that each senator be provided
an annual report containing
information on the number of cyber incidents that involved
compromised Senate computers or illegally accessed sensitive data.
They
also want Senate leadership and members of the Committees on Rules
and Intelligence to be informed
of any breach within five days of discovery.
But
will it become law?
Mike Maharrey writes:
Last Friday, a
Utah House committee passed a bill that would prohibit police from
using a person’s biometric data to gain access to their electronic
device. The bill would not only privacy in Utah; it would also
hinder one aspect of the federal surveillance state.
Rep. Adam Robertson (R-Provo) introduced
House Bill 438 (HB438)
on Feb. 27. The legislation would prohibit law enforcement from
using an individual’s biometric information to access an electronic
device protected by biometric security.
[…]
There are no exceptions to the ban.
Should I be surprised?
The
Internet Knows You Better Than Your Spouse Does
If you enjoy computerized personality tests, you
might consider visiting Apply Magic Sauce
(
https://applymagicsauce.com).
The Web site prompts you to enter some text you have written—such
as e-mails or blogs—along with information about your activities on
social media. You do not have to provide social media data, but if
you want to do it, you either allow Apply Magic Sauce to access your
Facebook and Twitter accounts or follow directions for uploading
selected data from those sources, such as your history of pressing
Facebook’s “like” buttons. Once you click “Make Prediction,”
you will see a detailed psychogram, or personality profile, that
includes your presumed age and sex, whether you are anxious or easily
stressed, how quickly you give in to impulses, and whether you are
politically and socially conservative or liberal.
Examining the psychological profile that the
algorithm derives from your online traces can certainly be
entertaining. On the other hand, the algorithm’s ability to draw
inferences about us illustrates how easy it is for anyone who tracks
our digital activities to gain insight into our personalities—and
potentially invade our privacy. What is more, psychological
inferences about us might be exploited to manipulate, say, what we
buy or how we vote.
Public ledger meets GDPR Privacy.
Blockchain
Privacy Poisoning a New Concern in Post-GDPR Era
When it comes to blockchain technology, the very
features that make blockchain so attractive to many enterprises –
such as the ability to create an immutable public ledger of
transactions – are also the very features that could lead to
privacy issue headaches for those enterprises. In fact, tech
research firm Gartner is now calling “blockchain privacy poisoning”
one of the biggest risks facing organizations over the next few
years. By 2022, says Gartner, three-fourths of all public
blockchains will suffer some form of privacy poisoning.
What is blockchain privacy poisoning?
The term “blockchain privacy poisoning” refers
to the insertion of personal data into a public blockchain, thereby
making that blockchain non-compliant under the European General Data
Protection Regulation (GDPR).
Farming in your PJs?
The Amazing
Ways John Deere Uses AI And Machine Vision To Help Feed 10 Billion
People
… Near the start of the journey in 2013, it
unveiled its
Farm
Forward vision – demonstrating the concept of the “autonomous
farm” where machinery would be remotely managed from a central
control hub. It showed a farmer monitoring data points and managing
machinery from a console in his home in real-time, while AI takes
care of the moment-to-moment operational decisions.
Now it has released what it calls the
2.0
version of that vision – representing the leaps in learning and
practical application of smart, self-teaching technology that has
been made since those early days of the digital transformation.
… “When we tell them they can spray their
fields with 80 – 90% less herbicide, based on Blue River's testing
… that's real money right in your pocket. As well as less
herbicide going onto the plants that are going to become our food.
Farmers are business people, and they're looking for business
outcomes from this precision agricultural technology."
… Stone says “The farmer has been the
primary ‘sensor’ on a farm for years – and so much of farming
is visual.
“It’s how does the ground look, what can you
tell about the health of a plant by how it looks? Are the leaves
nice and lush or are they going yellow? Are there bugs?
… One application of Blue River’s technology
has been in the development of Deere’s See and Spray pesticide and
herbicide distribution systems. This involves using smart cameras
powered by computer vision, which are able to distinguish between
healthy and unhealthy crops as machinery passes through the field.
While traditionally the decision about whether or not to dose a crop
with chemicals has been made on a field-by-field basis, this system
allows targeted bursts of chemicals to be directed precisely where
they are needed, at individual plants – hence the 80 to 90%
reduction in herbicide use touted above.
Perspective. Why they are looking at self-driving
cars?
Don't Read
This If You're Bullish About Lyft
The
coming
initial public offerings from Lyft Inc. and Uber give the
public its first deep look inside the economics of car rides on
demand. There were two obscure data points about Lyft that I found
discouraging about the financial viability of that company, and
potentially the entire industry.
First, Lyft disclosed
in its
IPO
document that it generates about the same average revenue
for each car ride as it does from a trip on Lyft's growing network of
rented bicycles and scooters: $3.75, to be exact, as of the fourth
quarter.
1
And second, Lyft's financials show that its average expense for
each ride has gone up.
… People don't pay much to rent a scooter for
a mile or two, but remember the important difference compared to a
car: There's no driver in the equation when Lyft rents a scooter or
bike, so the company keeps almost 100 percent of the fare. With
a car ride, the driver effectively ends up with the vast majority of
that money.
Interesting article. They’ve got the data, why
not use it?
Amazon gets
an edge with its secret squad of PhD economists
Estimating inflation is a tricky and complex task.
In the United States, the government's Bureau of Labor Statistics
sends
testers to stores to record the price of everything from cheese
to tires, and surveys consumers over the phone about what they spent
on gas and funeral services.
Amazon thinks it could do it better.
With help from outside researchers, the company's
economists are
working
on a way to measure inflation using thousands of transactions
across its own platform. Automatically analyzing product
descriptions allows them to better assess the quality of a dress or a
juicer or a bathmat, theoretically creating a more accurate,
up-to-date index of how much things cost.
That's just one way Amazon is using the squad of
economists it has recruited in recent years.
Make your tools work for you.
A beginners
guide to voice search and digital assistants in 2019
Search
Engine Land: “Voice search isn’t only here to stay, it’s on
the rise. Is your website optimized for spoken queries? If not,
then you could lose market share to competitors whose websites
are
optimized for voice search. Good news, though, that’s a
problem you can start fixing today. In this article, I’ll explain
the various types of digital assistants and what to do to get your
site ready for voice search. If you want to learn more, I’ll be
talking about voice search in more detail at
SMX
Advanced in Seattle on June 5…”
One of those tools you don’t know you need until
you need it.
For my students, who still think every “big”
company is profitable.
How Does
Netflix Make Money?
Netflix
is the undisputed leader in streaming video. The DVD-by-mail company
created modern streaming as we know it and has built a massive
audience by being the first mover -- more than 50% of U.S. households
have the streaming service.
But how does the company turn all those eyeballs
into dollar signs?
In this video
from
our YouTube channel, we break down how Netflix makes money and
what the strategy is behind the company's huge cash burn.
For us military history buffs. (Perhaps a map
showing the spread of GDPR level Privacy?)
Interactive
Map - The Battle of Gettysburg
Decisive
Moments at the Battle of Gettysburg is an interactive map hosted
on Smithsonian.com. The map details events of the battle and the
decisions made by commanding officers on both sides of the war. You
can navigate the map by using the timeline on the left-hand side of
the map or by clicking the placemarks on the map. While viewing the
map you will see "eye" icons that you can click to view a
panorama of that location. The panoramic view is of Gettysburg as it
exists today.