Saturday, September 10, 2022

If the best we can recover is 10%, crypto theft is probably still attractive.

https://thehackernews.com/2022/09/us-seizes-cryptocurrency-worth-30.html

U.S. Seizes Cryptocurrency Worth $30 Million Stolen by North Korean Hackers

More than $30 million worth of cryptocurrency plundered by the North Korea-linked Lazarus Group from online video game Axie Infinity has been recovered, marking the first time digital assets stolen by the threat actor have been seized.

"The seizures represent approximately 10% of the total funds stolen from Axie Infinity (accounting for price differences between time stolen and seized), and demonstrate that it is becoming more difficult for bad actors to successfully cash out their ill-gotten crypto gains," Erin Plante, senior director of investigations at Chainalysis, said.





Bad Iran, bad!

https://thehackernews.com/2022/09/us-imposes-new-sanctions-on-iran-over.html

U.S. Imposes New Sanctions on Iran Over Cyberattack on Albania

The U.S. Treasury Department on Friday announced sanctions against Iran's Ministry of Intelligence and Security (MOIS) and its Minister of Intelligence, Esmaeil Khatib, for engaging in cyber-enabled activities against the nation and its allies.

"Since at least 2007, the MOIS and its cyber actor proxies have conducted malicious cyber operations targeting a range of government and private-sector organizations around the world and across various critical infrastructure sectors," the Treasury said.

The agency also accused Iranian state-sponsored actors of staging disruptive attacks aimed at Albanian government computer systems in mid-July 2022, forcing it to suspend its online services.



Friday, September 09, 2022

I (My digital twin) will contact your corporate digital twin and anything I might want or need will be purchased and delivered before I know I need it.

https://venturebeat.com/ai/gartner-predicts-digital-twins-of-a-customer-will-transform-cx/

Gartner predicts ‘digital twins of a customer’ will transform CX

Digital twins of physical products and infrastructure are already transforming how companies design and manufacture products, equipment and infrastructure. In its latest Immersive Hype Cycle, Gartner predicts that digital twins of a customer (DToC) could transform the way enterprises deliver experiences. Simulating a customer experience (CX) is a bit more nuanced than a machine — and there are privacy considerations to address, not to mention the creepiness factor. Though if done right, Gartner predicts the DToC will drive sales while delighting customers in surprising ways.

Enterprises are taking advantage of new identity resolution capabilities that assemble pieces of data to create a holistic view of the customer. This stitching can help a company understand what an individual customer buys, how frequently they purchase, how much they spend, how often they visit a website and more.

Tatavarti said the most difficult obstacles are the quality and availability of customer data from physical and digital interaction and data sharing between multiple organizations. These challenges will also involve privacy considerations and the ability to connect physical systems and virtual models without affecting the experience or performance. Teams also need to ensure the accuracy of the models and eliminate bias.





Might be worth following…

https://www.datanami.com/2022/09/08/dataiku-releases-new-ai-us-documentary-series/

Dataiku Releases New ‘AI & Us’ Documentary Series

Dataiku has released a new documentary series exploring how artificial intelligence, now more accessible than ever, is transforming various industries.

The company says its objective for the web series, “AI & Us,” is to build a link between AI and business, through the eyes of its practitioners, in order to create meaningful conversations encompassing issues facing both businesses and wider society around the implementation of machine learning-driven processes.

Future episodes will feature other interesting AI topics including how society’s perception of AI technology and its associated ethical questions are being discussed, how it is being used to drive innovation in the $6.1 billion insurance industry, and how it may assist in resolving the gender pay gap through surpassing human bias in hiring decisions.





I hope they expend as much energy considering the harm their ‘remedies’ may cause as they seem to be in organizing their arguments. (Did everyone recognize this as ‘illegal?’)

https://www.bloomberg.com/news/articles/2022-09-08/google-pays-enormous-sums-to-maintain-its-dominance-doj-says?leadSource=uverify%20wall

Google Pays ‘Enormous’ Sums to Maintain Search-Engine Dominance, DOJ Says

Alphabet Inc.’s Google pays billions of dollars each year to Apple Inc., Samsung Electronics Co. and other telecom giants to illegally maintain its spot as the No. 1 search engine, the US Justice Department told a federal judge Thursday.





Tools & Techniques. A reminder for the start of a new school year.

https://www.makeuseof.com/must-have-tools-researchers/

9 Must-Have Online Tools for Researchers

Research is already time-intensive work. And little tasks like formatting or citing eat up more of your time. Luckily, you can automate these tedious tasks to a large extent and focus more on actual research.

Here, we’ve rounded up all the online tools researchers should have in their arsenal—from Google Scholar to Citationsy.



Thursday, September 08, 2022

If I have a million dollars of ransomware insurance, am I a bigger target than someone with no insurance?

https://www.cpomagazine.com/cyber-security/cyber-insurance-gap-growing-as-80-of-business-coverage-below-median-ransomware-payment-demand/

Cyber Insurance Gap” Growing as 80% Of Business Coverage Below Median Ransomware Payment Demand

Cyber insurance cost and terms has been an issue for businesses of all types since 2021, when the soaring cost of ransomware payments and remediation caused insurance firms to re-evaluate their options. A new study from BlackBerry and Corvus Insurance finds that this new landscape is causing a chronic shortage of cyber coverage for businesses.

The survey included 450 IT and cybersecurity decision makers at firms located in the US and Canada. Organizations in this part of the world now face an average ransomware payment in the millions of dollars, and the median cost of investigation and recovery is $2.4 million.

However, only 55% of the organizations surveyed are carrying any cyber insurance at all. And of those that are insured, just under 20% have more than $600,000 in coverage; not enough to meet the usual ransomware payment, let alone the potential cleanup costs.





Not unexpected. Volume, gathering location, using systems, and hundreds of other factors influence gathering and storage. (Now find the erroneous data…)

https://www.bespacific.com/facebook-engineers-we-have-no-idea-where-we-keep-all-your-personal-data/

Facebook Engineers: We Have No Idea Where We Keep All Your Personal Data

Intercept: “In March, two veteran Facebook engineers found themselves grilled about the company’s sprawling data collection operations in a hearing for the ongoing lawsuit over the mishandling of private user information stemming from the Cambridge Analytica scandal. The hearing, a transcript of which was recently unsealed (PDF), was aimed at resolving one crucial issue: What information, precisely, does Facebook store about us, and where is it? The engineers’ response will come as little relief to those concerned with the company’s stewardship of billions of digitized lives: They don’t know. The admissions occurred during a hearing with special master Daniel Garrie, a court-appointed subject-matter expert tasked with resolving a disclosure impasse. Garrie was attempting to get the company to provide an exhaustive, definitive accounting of where personal data might be stored in some 55 Facebook subsystems. Both veteran Facebook engineers, with according to LinkedIn two decades of experience between them, struggled to even venture what may be stored in Facebook’s subsystems. “I’m just trying to understand at the most basic level from this list what we’re looking at,” Garrie asked. “I don’t believe there’s a single person that exists who could answer that question,” replied Eugene Zarashaw, a Facebook engineering director. “It would take a significant team effort to even be able to answer that question.” When asked about how Facebook might track down every bit of data associated with a given user account, Zarashaw was stumped again: “It would take multiple teams on the ad side to track down exactly the — where the data flows. I would be surprised if there’s even a single person that can answer that narrow question conclusively.”…





Late, but not too late to start thinking about this.

https://www.cio.com/article/405620/measuring-the-business-impact-of-ai.html

Measuring the business impact of AI

Artificial intelligence is in transition, both as a technology and in how it’s being used. Companies are increasingly bringing AI pilots out of the test labs and deploying them at scale, and some are seeing significant benefits as a result. Regardless of any uncertainty surrounding AI, ignoring its potential poses the risk that companies doing business the old way will go under.

For many organizations, however, deriving value from AI may be elusive. Their models might not be tuned. Their training data sets might not be big enough. Customers may be leery. There are also concerns about bias, ethics, and transparency. Pushing an AI initiative into production before it’s ready, or expanding an AI strategy beyond an initial phase before properly vetting its results can cost a company money, or worse, send it in a direction detrimental to the business.





Is any of this really new?

https://www.zdnet.com/article/20-it-trends-that-cios-must-be-aware-of/

20 IT trends that CIOs must be aware of and plan against

A survey of over 1,000 IT senior leaders shows that businesses are reevaluating their IT operating model and doubling down on automation as a result of the resignations across the IT function and widening skills gaps.





What’s in a name?”

https://dilbert.com/strip/2022-09-08



Wednesday, September 07, 2022

I worry about ‘proof of concept’ attacks. Who has similar security?

https://www.cpomagazine.com/cyber-security/devastating-ransomware-attacks-on-chile-montenegro-shut-down-government-agencies-banks/

Devastating Ransomware Attacks on Chile, Montenegro Shut Down Government Agencies, Banks

A set of ransomware attacks in Chile and Montenegro has caused substantial damage, shutting down banks and government agencies and even prompting a call to North Atlantic Treaty Organization (NATO) partners for emergency assistance.

Montenegro is dealing with a brutal ongoing campaign of ransomware attacks that appears to be coming from criminal groups in Russia and targeting government websites. A member of NATO since 2017, Montenegro has requested help from the United States in fending off these attacks. Government agencies in Chile have also been hit by a new form of ransomware that targets Linux servers, and at least one has been threatened with a “double extortion” dump of stolen information.



(Related) Quick attribution suggests a clumsy attack.

https://apnews.com/article/nato-technology-iran-middle-east-6be153b291f42bd549d5ecce5941c32a

Albania cuts diplomatic ties with Iran over July cyberattack

Albania cut diplomatic ties with Iran and expelled the country’s embassy staff over a major cyberattack nearly two months ago that was allegedly carried out by Tehran on Albanian government websites, the prime minister said Wednesday.

The move by Albania, a NATO country, was the first known case of a country cutting diplomatic relations over a cyberattack.





Seems strange that the bad guys think a school district has a budget for ransomware…

https://www.bespacific.com/los-angeles-school-district-warns-of-disruption-as-it-battles-ongoing-ransomware-attack/

Los Angeles school district warns of disruption as it battles ongoing ransomware attack

TechCrunch: “The Los Angeles Unified School District (LAUSD) has confirmed it was hit by a ransomware attack that is causing ongoing technical disruptions. LAUSD is the second largest school district in the U.S. after the New York City Department of Education. LAUSD serves more than 600,000 students spanning kindergarten through 12th grade at over 1,000 schools, and employs more than 26,000 teachers. The district said on Monday that it was hit by a cyberattack over the weekend, which it later confirmed was ransomware…”





Papers, Citizen!” Or in this case, “RFID card, student!” Will students be allowed on the bus if they forgot/lost their card?

https://www.thedenverchannel.com/news/local-news/cherry-creek-school-district-debuts-new-technology-for-students-on-school-buses

Cherry Creek School District debuts new technology for students on school buses

The Cherry Creek School District is rolling out a new program so parents can check to make sure their children [or their child’s RFID card Bob] made it to school safely.

As part of the new program, every single student in the district will be given a RFID card. That card will be scanned every single time students get on and off a school bus.





Is this an indication that other states might adopt similar laws?

https://apnews.com/article/technology-lawsuits-united-states-maine-data-privacy-9b2a40a18839c16df732368ee04ea856

Internet service providers drop challenge of privacy law

One of the strictest internet privacy laws in the United States has withstood a legal challenge, as a group of telecommunication providers has dropped its bid to overturn the Maine standard.

Maine created one of the toughest rules in the nation for internet service providers in 2020 when it began enforcing an “opt-in” web privacy standard. The law stops the service providers from using, disclosing, selling or providing access to customers’ personal information without permission.

Industry associations swiftly sued with a claim that the new law violated their First Amendment rights. A federal judge rejected that challenge, but legal wrangling continued.





Have I mentioned this already?

https://www.bakerdatacounsel.com/data-security/2022-dsir-report-deeper-dive-the-expanding-landscape-of-state-data-privacy-law/

2022 DSIR Report Deeper Dive: The Expanding Landscape of State Data Privacy Law

BakerHostetler’s Data Security Incident Response Report is a one-of-a-kind resource that leverages aggregated data from security incidents. Our Digital Risk Advisory and Cybersecurity team has shared insights from attorneys across the firm’s Digital Assets and Data Management Practice Group who work with clients on complex privacy and data protection matters. This article takes a closer look at recent updates to the privacy law compliance landscape in the United States.





Tools & Techniques.

https://www.makeuseof.com/techsmith-capture-how-to-screen-record-computer/

How to Record Your Computer Screen Using TechSmith Capture

TechSmith Capture is software that allows you to record your computer screen. It's simple to use, free to download, and offers many basic screen recording features.

You can record your microphone in the event that you want to do a voiceover. You can also record the system's audio or your webcam. If you choose to record your webcam, TechSmith will place your webcam's view in the bottom-right corner of the screen recording.

Once you have recorded your video, TechSmith will generate a link. You can use this link to share your video with others.



Tuesday, September 06, 2022

A change worth thinking about.

https://www.cpomagazine.com/cyber-security/business-communication-shift-results-in-data-and-risk-nightmares/

Business Communication Shift Results in Data and Risk Nightmares

Despite massive data, risk and compliance challenges, today’s work-from-home environment has accelerated our reliance on electronic communication apps like WhatsApp, Zoom, Microsoft Teams and more, ushering in a monumental shift in the way we communicate and conduct business. A significant change that is happening on the fly, in real time, privacy officers and their teams, especially in regulated industries like banking and finance, must adapt their policies and procedures to meet the communication expectations of both employees and valued customers, or otherwise continue to pay the price for it.





Resource.

https://www.kdnuggets.com/2022/09/free-python-data-science-course.html

Free Python for Data Science Course

It will be no surprise to readers that Python is one of the languages most associated with the practice of data science.

While it could be reasonably argued that Python is the absolute top data science programming language, it would be difficult to argue that, along with R and SQL, Python is not one of the top 3.

freeCodeCamp and Maxwell Armi put are responsible for putting together and making available this 12 hour (that's right, 12 hour!) course on using Python and its ecosystem to write data science code.



(Related) More resources.

https://insights.dice.com/2022/09/06/data-scientist-training-resources-and-tips-for-what-to-learn/

Data Scientist Training: Resources and Tips for What to Learn

Data science is a complex field that requires its practitioners to think strategically. On a day-to-day basis, it requires aspects of database administration and data analysis, along with expertise in statistical modeling (and even machine learning algorithms). It also needs, as you might expect, a whole lot of training before you can plunge into a career as a data scientist.

There are a variety of training options out there for data scientists at all points in their careers, from those just starting out to those looking to master the most cutting-edge tools. Here are some platforms and training tips for all data scientists.



Monday, September 05, 2022

Inevitable? No doubt there’s an App for that. “Dis is my friend, Guido. Guido will do tings for youse. You want Guido should break some knees?”

https://krebsonsecurity.com/2022/09/violence-as-a-service-brickings-firebombings-shootings-for-hire/

Violence-as-a-Service: Brickings, Firebombings & Shootings for Hire

A 21-year-old New Jersey man has been arrested and charged with stalking in connection with a federal investigation into groups of cybercriminals who are settling scores by hiring people to carry out physical attacks on their rivals. Prosecutors say the defendant recently participated in several of these schemes — including firing a handgun into a Pennsylvania home and torching a residence in another part of the state with a Molotov Cocktail.





Also inevitable? The only new thing is the organization. Individual dissenters have always been active.

https://www.politico.eu/article/nafo-doge-shiba-russia-putin-ukraine-twitter-trolling-social-media-meme/

The shit-posting, Twitter-trolling, dog-deploying social media army taking on Putin one meme at a time

Ivana Stradner opened her iPhone and typed a simple call-to-arms: Unleash the hounds.

A Washington think-tanker and an expert in Russian propaganda, Stradner is also a member of NAFO — or the North Atlantic Fellas Organization — an informal alliance of internet culture warriors, national security experts and ordinary Twitter users weaponizing memes, viral videos and, yes, dog photos to push back against Russian online disinformation.

I see myself as a NAFO civilian propagandist,” said Stradner, an adviser to the Foundation for Defense of Democracies, a conservative think tank. “Until now, Russia has been the only ones willing to play a dirty game.” By posting on Twitter, she was letting her 26,000 followers know who they could turn to if they needed to deal with an infestation of “Vatniks” — a Russian pejorative for Kremlin sympathizers.

Whenever a NAFO fellas spots a Russian official or sympathizer posting a pro-Kremlin take on Twitter, for instance, they can use the hashtag #Article5 — a nod to the part of the NATO treaty that calls for collective defense — to bombard these accounts with support for Ukraine. They’ve also flooded Twitter with viral memes attacking Russian President Vladimir Putin and videos mocking the Kremlin’s war effort. On an average day, there are now more than 5,000 Twitter posts linked to NAFO versus a mere handful in May, according to an analysis shared with POLITICO by the Institute for Strategic Dialogue, a think tank that tracks online activity.





Yet another application of facial recognition.

https://www.theguardian.com/global-development/2022/sep/05/iran-government-facial-recognition-technology-hijab-law-crackdown

Iranian authorities plan to use facial recognition to enforce new hijab law

Government says it will use technology on public transport in crackdown on women’s dress





Just what my AI wants you to think...

https://www.niagara-gazette.com/news/web_extra/ub-philosopher-claims-ai-will-never-rule-the-world/article_07822006-2816-11ed-8d2a-77c043e92339.html

UB philosopher claims AI will “never” rule the world

Barry Smith, PhD, SUNY Distinguished Professor in the Department of Philosophy in UB’s College of Arts and Sciences, and Jobst Landgrebe, PhD, founder of Cognotekt, a German AI company, have co-authored “Why Machines Will Never Rule the World: Artificial Intelligence without Fear.”

Smith and Landgrebe offer a critical examination of AI’s unjustifiable projections, such as machines detaching themselves from humanity, self-replicating, and becoming “full ethical agents.” There cannot be a machine will, they say. Every single AI application rests on the intentions of human beings – including intentions to produce random outputs. This means the Singularity, a point when AI becomes uncontrollable and irreversible (like a Skynet moment from the “Terminator” movie franchise) is not going to occur. Wild claims to the contrary serve only to inflate AI’s potential and distort public understanding of the technology’s nature, possibilities and limits.

Reaching across the borders of several scientific disciplines, Smith and Landgrebe argue that the idea of a general artificial intelligence (AGI) − the ability of computers to emulate and go beyond the general intelligence of humans − rests on fundamental mathematical impossibilities that are analogous in physics to the impossibility of building a perpetual motion machine. AI that would match the general intelligence of humans is impossible because of the mathematical limits on what can be modeled and is “computable.” These limits are accepted by practically everyone working in the field; yet they have thus far failed to appreciate their consequences for what an AI can achieve.





Something for my students?

https://www.makeuseof.com/websites-to-find-academic-writing-jobs/

https://www.makeuseof.com/websites-to-find-academic-writing-jobs/

If you're a student looking for some extra dough, academic writing is one of the best ways to encash your skills. At the same time, it enhances your knowledge and helps you grow as a learner. In fact, it's not just for students; you can do it full-time if you are a professional writer.



Sunday, September 04, 2022

AI designed to be moral, what a concept!

https://wollic2022.github.io/Marija-Slavkovik.pdf

Automating Moral Reasoning (tutorial)

Machine ethics has, as its topic of research, the behaviour of machines towards humans and other machines. One aspect of that research problem is enabling machines to reason about right and wrong. The automation of moral reasoning is on one end the field of dreams and speculative fiction, but on the other it is a very real need to ensure that the artificial intelligence used to automate various tasks that require intelligence does not neglect the ethical and value impact this ‘replacement’ of man with machine has. This tutorial introduces the problem of making moral decisions and gives a general overview of how a computational agent can be constructed to make moral decisions.





A summary?

https://link.springer.com/chapter/10.1007/978-3-031-06636-8_11

Legal Principles Governing Disruptive Technologies in Policing

This chapter will address the law and policy considerations raised by technological innovations in public safety and policing. Across the United States, law enforcement officials have been deploying a range of disruptive technologies designed to assist policing, such as (1) city surveillance networks; (2) body cameras; (3) facial recognition technology, and (4) automatic license plate readers. Drawing on human rights law set forth by the United Nations and U.S. jurisprudence, this chapter will describe the range of legal considerations related to the collection, utilization, and access of emerging technology. Disruptive technologies raise critical questions related to the concepts of privacy, appropriate use parameters, and the balance of power in a democratic society. This chapter will provide recommendations of points to consider when assessing the impact of disruptive technologies prior to adoption.





Searching for an AI that believes in God or an AI that thinks it is God?

https://onlinelibrary.wiley.com/doi/abs/10.1111/zygo.12827

LESSONS FROM THE QUEST FOR ARTIFICIAL CONSCIOUSNESS: THE EMERGENCE CRITERION, INSIGHT-ORIENTED AI, AND IMAGO DEI

There are several lessons that can already be drawn from the current research programs on strong AI and building conscious machines, even if they arguably have not produced fruits yet. The first one is that functionalist approaches to consciousness do not account for the key importance of subjective experience and can be easily confounded by the way in which algorithms work and succeed. Authenticity and emergence are key concepts that can be useful in discerning valid approaches versus invalid ones and can clarify instances where algorithms are considered conscious, such as Sophia or LaMDA. Subjectivity and embeddedness become key notions that should also lead us to re-examine the ethics of decision delegation. In addition, the focus on subjective experience shifts what is relevant in our understanding of ourselves as human beings and as an image of God, namely, in de-emphasizing intellectuality in favor of experience and contemplation over action.



(Related) Will we ever have an AI religious leader?

https://link.springer.com/chapter/10.1007/978-3-031-14859-0_15

Papal Teaching on the Ethical Challenges of Artificial Intelligence

Although the widespread use of Artificial Intelligence (AI) in society has brought many benefits, recent failures in data security and examples of algorithmic bias intensifying social injustices have led to greater focus on the ethics of AI development and usage. Pope Francis has called for a growth in moral maturity and a rejection of the technocratic paradigm, that people might act with “responsible and merciful consciences.” This article aims to explore papal teaching on technology and AI in particular in order to outline a person-centred ethics of AI which is built upon responsibility and mercy.