Do
you really believe that this is their first time? Since when has the
FBI had the computer power to do this? What if they cause harm?
https://gizmodo.com/the-fbi-just-snuck-into-computers-all-over-the-country-1846679332
The
FBI Just Snuck Into Computers All Over the Country to Stop a Hacking
Campaign
In
what may be [but
isn’t. Careful language reveals all! Bob] a
first-of-its-kind operation, the FBI recently accessed private
servers across the United States, ostensibly to delete malware that
had previously been installed by foreign hackers.
The
FBI targeted this unique digital clean-up at servers running the
vulnerability-ridden email product Microsoft Exchange. The U.S.
Justice Department said
Tuesday that
the purpose of the bureau’s operation was to digitally erase traces
of web shells that, had they remained, “could have been used to
maintain and escalate persistent, unauthorized access to U.S.
networks.”
… The
operation seems to have been strictly targeted at this one particular
campaign, as the feds did not “search for or remove any additional
malware or hacking tools that hacking groups may have placed on
victim networks by exploiting the web shells,” the release says.
This
may be the first time that the FBI has conducted an operation like
this, TechCrunch
reports.
For years, the bureau has sought greater powers and authority when
it comes to conducting
digital investigations inside
the U.S., though critics and civil liberties defenders have
consistently fought against such encroachments into private servers.
(Related)
https://www.schneier.com/blog/archives/2021/04/the-fbi-is-now-securing-networks-without-their-owners-permission.html
The FBI Is
Now Securing Networks Without Their Owners’ Permission
In
January, we learned
about a
Chinese espionage campaign that exploited four
zero-days in
Microsoft Exchange. One of the characteristics of the campaign, in
the later days when the Chinese probably realized that the
vulnerabilities would soon be fixed, was to install a web shell in
compromised networks that would give them subsequent remote access.
Even if the vulnerabilities were patched, the shell would remain
until the network operators removed it.
Now,
months later, many of those shells are still in place. And they’re
being used by criminal hackers as well.
On
Tuesday, the FBI announced that it successfully
received
a
court order to remove “hundreds” of these web shells from
networks in the US.
This
is nothing short of extraordinary, and I can think of no real-world
parallel. It’s kind of like if a criminal organization infiltrated
a door-lock company and surreptitiously added a master passkey
feature, and then customers bought and installed those locks. And
then if the FBI got a court order to fix all the locks to remove the
master passkey capability. And it’s kind of not like that. In any
case, it’s not what we
normally think of when we think of a warrant. The links
above have details, but I would like a legal scholar to weigh in on
the implications of this.
Not
exactly stopping the barbarians at the gate. More like, “We won’t
let your tailor make us a suit!”
https://www.nbcnews.com/news/world/u-s-sanction-russia-alleged-election-interference-solarwinds-hack-n1264142
U.S.
sanctions Russia for 2020 election interference, SolarWinds hack
The
United States is hitting Russia with fresh sanctions for interference
in the 2020 presidential election,
a sweeping
cyberattack against
American government and corporate networks and other activities.
President
Joe Biden signed an executive order Thursday morning to strengthen
his administration's response to Russia, the White House said. Under
the order, the Treasury Department has blacklisted six Russian
technology companies that provide support to the cyber program run by
Russia's intelligence services.
Would
you rather have this data in the hands of unknown persons?
https://www.bespacific.com/opinion-data-brokers-are-a-threat-to-democracy/
Wired
–
“Unless
the federal government steps up, the unchecked middlemen
of surveillance capitalism
will continue to harm our civil rights and national security… Enter
the data brokerage industry, the multibillion dollar economy of
selling consumers’ and citizens’ intimate details. Much of the
privacy discourse has rightly pointed fingers at Facebook, Twitter,
YouTube, and TikTok, which collect users’ information directly.
But a far broader ecosystem of buying up, licensing, selling, and
sharing data exists around those platforms. Data brokerage firms are
middlemen of surveillance capitalism—purchasing, aggregating, and
repackaging data from a variety of other companies, all with the aim
of selling or further distributing it. Data brokerage is a threat to
democracy. Without robust national privacy safeguards, entire
databases of citizen information are ready for purchase, whether to
predatory loan companies, law enforcement agencies, or even malicious
foreign actors. Federal privacy bills that don’t give sufficient
attention to data brokerage will therefore fail to tackle an enormous
portion of the data surveillance economy, and will leave civil
rights, national security, and public-private boundaries vulnerable
in the process. Large data brokers—like Acxiom, CoreLogic, and
Epsilon—tout the detail of their data on millions or even billions
of people. CoreLogic, for instance, advertises
its
real estate and property information on 99.9 percent of the US
population. Acxiom promotes
11,000-plus
“data attributes,” from auto loan information to travel
preferences, on 2.5 billion people (all to help brands connect with
people “ethically,” it adds). This level of data collection and
aggregation enables remarkably specific profiling…”
After
GDPR?
https://www.bbc.com/news/technology-56745730
Europe
seeks to limit use of AI in society
The
use of facial recognition for surveillance, or algorithms that
manipulate human behaviour, will be banned under proposed EU
regulations on artificial intelligence.
The
wide-ranging proposals, which were leaked ahead of their official
publication, also promised tough new rules for what they deem
high-risk AI.
That
includes algorithms used by the police and in recruitment.
Experts
said the rules were vague and contained loopholes.
The
use of AI in the military is exempt, as are systems used by
authorities in order to safeguard public security.
The
suggested list of banned AI systems includes:
those
designed or used in a manner that manipulates human behaviour,
opinions or decisions ...causing a person to behave, form an opinion
or take a decision to their detriment [Behavioral
advertising? Bob]
AI
systems used for indiscriminate surveillance applied in a
generalised manner
AI
systems used for social scoring
those
that exploit information or predictions and a person or group of
persons in order to target their vulnerabilities
An
HBR podcast.
https://hbr.org/podcast/2021/04/mapping-ais-societal-impact
Mapping
AI’s Societal Impact
AI
is not just code and algorithms. It’s an industry built on a
global network of resource extraction, human labor, and data
collection. Kate Crawford, senior principal researcher at Microsoft
Research and research professor of communication and science and
technology studies at USC Annenberg, joins Azeem Azhar to explore the
far-reaching impacts of AI and to consider the urgent case for proper
governance and regulation of the industry.
They
also discuss:
Why
we need to observe hardware supply chains to understand AI’s
impact.
Why
the AI industry, like aviation and pharma, should be subject to
strict regulation.
Why
tech leaders should take a much greater responsibility for the
social and environmental effects of technical systems.
Sentient,
but not human. “Where will you find a jury of my peers,” my AI
asks?
https://hai.stanford.edu/news/when-artificial-agents-lie-defame-and-defraud-who-blame
When
Artificial Agents Lie, Defame, and Defraud, Who Is to Blame?
The
movie Robot and Frank imagines a near future in which robots
can be purchased to act as in-home caregivers and companions.
Frank’s son buys him a robot, and Frank quickly realizes he can
enlist its help in committing cat burglaries. The robot begins to
show creativity and initiative in these criminal acts, and Frank is
suffering from dementia. Who is ultimately responsible for these
violations of the law?
Experts
in robotics and artificial intelligence will have to suspend belief
in order to enjoy Robot and Frank – the robot has capabilities that
will continue to be purely science fiction for some time. But
continuing advances in the field of artificial intelligence make it
worth considering a provocative question that may become more
practically relevant in the future: How would we, as individuals and
as a society, react to an artificial agent that participated in the
commission of some civil or criminal offense? The artificial agents
of today would not make good cat burglars, but they have the gift of
gab, and so it is only a matter of time before they are accused of
committing offenses involving language in some way: libel, slander,
defamation, bribery, coercion, and so forth.
Tools for my students.
https://www.freetech4teachers.com/2021/04/bibcitations-new-chrome-extension-makes.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+freetech4teachers/cGEY+(Free+Technology+for+Teachers)
Bibcitation's
New Chrome Extension Makes It Easy to Create Citations
A
few weeks ago I published an overview of seven
free tools that help students create bibliographies.
Bibcitation was one of the tools in that list. This week
Bibcitation introduced a new
Chrome extension that
makes it easier than ever for students to cite webpages and build
bibliographies.
Bibcitation's
Chrome extension will
generate a citation for any webpage that a student needs to include
in his or her bibliography. To do that students simply have to click
on the Bibcitation extension while viewing a webpage and select the
citation style that they want to use. Students can then copy the
text for the citation with just one click and paste it wherever they
need to use it. Students can also click the "Add to
Bibcitation.com" button within the extension to send the
citation directly to the bibliographies they're working on.
… Bibcitation
doesn't require students to register in order to use it. Completed
Bibliographies can be downloaded as a document, as a BibTex file, or
as HTML.