Educational CyberPlayGround Inc. NetHappenings Newsletter 7-27-2020

CyberPlayGround NetHappenings©1989Be Smarter Sign Up and Get
NetHappenings Delivered into your email box.

www.cyberplayground.org @cyberplayground @nethappenings @k12playground

REMEMBER THIS?

“Democracy is not safe if the people tolerate the growth of private power to a point where it becomes stronger than their democratic state itself. That […] is fascism: ownership of government by an individual, by a group, or by any other controlling private power.” — FDR

1960s
ASK NOT WHAT YOUR COUNTRY CAN DO FOR YOU
ASK WHAT YOU CAN DO FOR YOUR COUNTRY!!!!!!!

SECURITY

2020s
Rethuglican Party of Death run by Mr. Make Everything Worse
Mike Pompeo’s wife, Susan, faces ethics issues at State Dept: report

Trump has killed more than nukes.
Nukes have killed fewer people than Trump. For comparison, confirmed deaths from coronavirus in the US now exceed the Manhattan Engineer District’s direct casualty estimates of both the nuclear attack on Hiroshima and Nagasaki combined. Makes more sense if you consider that the Kremlin helped put this man in the White House. July alone already has a million confirmed COVID19 cases and we may hit five million by the end of the month. Factor in death rate this White House lovingly celebrates without taking into account rising numbers, and the pain is only beginning. Genocide!

You know:
– google knows where you are
– google knows what you search

You probably don’t know:
-when you search for food poisoning symptoms,
– google looks back in your location history the time that food poisoning takes to incubate and guesses which restaurant poisoned you

More than 1,000 people at Twitter had ability to aid hack of accounts

#1 DELETE FACEBOOK TODAY

#DELETE FACEBOOK IMMEDIATELY

#1 DELETE FACEBOOK TODAY

#DELETE FACEBOOK IMMEDIATELY

If you’re not terrified about Facebook, you haven’t been paying attention | Carole Cadwalladr | Opinion | The Guardian

“Finally. Here in SEC docs is what Facebook has painfully avoided public knowing and press has mostly missed documenting. Facebook data was ****SOLD**** to Cambridge Analytica. Can everyone please now say that Facebook personal data was sold rather than captured, transferred,etc

Facebook Employee Leaks Show Betrayal By Company Leadership

Mercer, Zuckerberg, Sandberg, Page, Brinn, Dorsey Handmaidens to Authoritarism

Esteemed Reporter Carole Cadwalla takes down piece of sh^t Mark Zuckerberg at TedTalk

DELETE #TikTok IMMEDIATELY
DELETE #ZOOM TODAY
DELETE #TikTok IMMEDIATELY
DELETE #ZOOM TODAY

Why TikTok’s ties to China pose a significant privacy and security risk
After reviewing TikTok’s data collection policies, lawsuits, cybersecurity white papers, past security vulnerabilities, and its privacy policy, we find TikTok to be a grave privacy threat that likely shares data with the Chinese government. We recommend everyone approach TikTok with great caution, especially if your threat model includes the questionable use of your personal data or Chinese government surveillance.

San Francisco consulate is harboring Chinese military researcher wanted by FBI then Chinese researcher ‘hiding’ in San Francisco consulate is arrested

 

Black Lives Matter @armedequality Another huge crowd tonight in Portland, including a new “wall” on the front lines: a Wall of Vets. Here’s a look at the line of military veterans getting set up here in front of the federal courthouse. Behind them, the Wall of Moms and the Wall of Dads are arriving.

We’re Publishing Thousands of Police Discipline Records That New York Kept Secret for Decades — ProPublica Editor’s note

Civilian Complaints Against New York City Police Officers
Remember folks – only in the US have people lost health insurance due to the pandemic. For profit healthcare is a disgrace, and tying that for profit healthcare to employment makes us all less free.

Trump working with Bush torture lawyer to cut Congress out of lawmaking:

Court Allows Search of Wilbur Ross’s Personal Emails

McConnell Accused of ‘Doing Everything He Can to Suppress the Vote’ by Proposing $0 in Election Assistance

Sen. Hawley to Introduce Bill to Hold Corporate America Accountable for Having Slave Labor in Supply Chains | Senator Josh Hawley

Tom Cotton calls slavery  ‘necessary evil’ in attack on New York Times’ 1619 Project

Cotton’s Saving American History Act of 2020 and “would prohibit the use of federal funds to teach the 1619 Project by K-12 schools or school districts”, according to a statement from the senator’s office. An initiative from the New York Times that reframes US history around August 1619 and the arrival of slave ships on American shores for the first time.  She tweeted: “If chattel slavery – heritable, generational, permanent, race-based slavery where it was legal to rape, torture, and sell human beings for profit – were a ‘necessary evil’ as Tom Cotton says, it’s hard to imagine what cannot be justified if it is a means to an end. “Imagine thinking a non-divisive curriculum is one that tells black children the buying and selling of their ancestors, the rape, torture, and forced labor of their ancestors for PROFIT, was just a ‘necessary evil’ for the creation of the ‘noblest’ country the world has ever seen.

Senate Approves Proposal To Strip Confederate Names From Army Bases By Veto-Proof Majority

We Shouldn’t Sacrifice the Health of Our Teachers
When it comes to the daunting question of reopening schools, America’s educators deserve a plan, not a trap. ~Dave Grohl
https://www.theatlantic.com/culture/archive/2020/07/dave-grohl-pandemic-reopening-schools-health-teachers/614422/

The Black Hand (1906) is one of the first films made about the mafia, and possibly the earliest gangster film to survive.

HEALTH

In Era of Sickness, Doctors Prescribe Unusual Cure: VOTING

Symptom Duration and Risk Factors for Delayed Return to Usual Health
Among Outpatients with COVID-19 in a Multistate Health Care Systems Network — United States, March–June 2020
20% of 18-34 year olds w no pre/existing conditions have not returned to normal after 2-3 weeks. 35% if all ages. Longer term tracking to continue. New report on long-lasting COVID symptoms

Study: Poor social distancing linked to lower intelligence

Scans Reveal Heart Damage in Over Half of COVID-19 Patients in Study

Cover your nose with your mask to prevent COVID-19 spread

Coronavirus: Rocklin CA church defying order got PPP loan

Ed Henry accused of rape, Sean Hannity and Tucker Carlson accused of harassment

 HUMOR WITH BAD LANGUAGE WARNING

Mrs. Betty Bowers, America’s Best Christian
https://www.youtube.com/watch?v=G4oNAHA6Hfw

If you never read it – Maxwell’s Indictment
https://www.courthousenews.com/wp-content/uploads/2020/07/Maxwell-Indictment.pdf

How to hydroxychloroquine
https://www.youtube.com/watch?v=0dUUkpVpS_k

How to testing
https://www.youtube.com/watch?v=h-ol9kvk7rc

Ad for Biden
https://www.youtube.com/watch?v=g5Xpwyd4aMM
The ad was launched by the coalition Republican Voters Against Trump and started with footage of Graham railing against Trump on CNN in 2015. It then showed Graham praising Biden in an interview that same year with the Huffington Post.

BANKS

Exclusive: Global banks scrutinize their Hong Kong clients for pro-democracy ties – sources
HONG KONG (Reuters) – Global wealth managers are examining whether their clients in Hong Kong have ties to the city’s pro-democracy movement, in an attempt to avoid getting caught in the crosshairs of China’s new national security law, according to six people with knowledge of the matter.
Bankers at Credit Suisse Group AG (CSGN.S), HSBC Holdings Plc (HSBA.L), Julius Baer Gruppe AG (BAER.S) and UBS Group AG (UBSG.S), among others, are broadening scrutiny under their programs that screen clients for political and government ties and subjecting them to additional diligence requirements, these people said. The designation, called politically exposed persons, can make it more difficult or altogether prevent people from accessing banking services, depending on what the bank finds about the person’s source of wealth or financial transactions. The checks at some wealth managers have involved combing through comments made by clients and their associates in public and in media, and social media posts in the recent past, these people said. The new law prohibits what Beijing describes broadly as secession, subversion, terrorism and collusion with foreign forces, with up to life in prison for offenders. The sources, who requested anonymity because of the sensitivity of the situation, said the broadened scrutiny of clients also applied to Hong Kong and Chinese officials who had implemented the law in anticipation of any U.S. sanctions against them.< – >

BITCOIN

Banks in US Can Now Offer Crypto Custody Services, Regulator Says

Apple co-founder sues Google, YouTube over fake Bitcoin giveaways

 

NetHappenings ©1989 – 2020 started by Internet Pioneer Gleason Sackmann

www.edu-cyberpg.comNetHappenings ©1989  The oldest K12 Education Mailing List in the United States.

NetHappenings ©1989 started by Internet Pioneer Gleason Sackmann.

Rated #10 on Newsweek’s prestigious List of “50 People Who Matter Most on the Internet.” ~ Newsweek Dec 25, 1995 / Jan. 1, 1996
This mailing list included announcements of the first K12 school websites built in the United States, who were first citizens in the K12 world to do this.

GLEASON SACKMANN FIRST TO WIRE NORTH DAKOTA’S K-16 SCHOOLS TO THE INTERNET

When Gleason retired
the Net-happenings Mailing list
was given to

Karen Ellis CEO and Founder of the Educational CyberPlayGround Inc. ® 1993.

Karen Ellis has been collecting online K12 Information since 1991 before there was a World Wide Web and continues to publish NetHappenings.

BECOME PART OF HISTORY – GET NETHAPPENINGS

Get the Nethappenings posts delivered into your mail box
Sign up here– Put your email address into the box located in the upper right corner of this website and you’ll get the posts delivered into your email daily.

NetHappenings continues to announce K12 school websites and school attributes  in the United States where you find links to students’ #STEAM video projects.

Students evidence their skills and show “proof of work” to the public.
Search using #hashtags.

k12playground.comThe data base of K12 School Websites is a curated public folklore project, with  over 100,000 K12 school websites found on the  K12Playground.com

July 9, 1998 Educational CyberPlayground migrated and launched Gleason’s “Hot List” of the first school websites ever built on planet earth. This data became the first public database of school websites ever built by teachers and their students. We allowed the public to enter school information. Every submission was vetted by Karen Ellis. This has always been a curated public folklore project found by the earliest search engines circa 1996.

k12playground.comThe K12PlayGround.com™

https://K12PlayGround.comYOU CAN BECOME A PART OF K12 HISTORY: 

~ Find Your School
~ Submit / edit your school website info
~ link to your #STEAM video project
~ Use #hashtags to help everyone find your work
~ evidence your skills – show public proof of work

#EDUCATIONAL CYBERPLAYGROUND #ECP #K12PLAYGROUND #CYBERPLAYGROUND #NET-HAPPENINGS #NETHAPPENINGS #KarenEllis #GleasonSackmann #ScoutProject

Twitter trolls cause epileptic seizures on twitter

HEALTH Twitter trolls cause epileptic seizures on twitter
#followFriday

@cyberplayground

@NetHappenings

Foundation says Twitter trolls have bombarded its Twitter feed with seizure-inducing content to harm epilepsy victims.
Epilepsy Foundation files criminal complaint over seizure-inducing videos posted on Twitter Foundation says Twitter trolls have bombarded its Twitter feed with seizure-inducing content to harm epilepsy victims.

The foundation says unidentified users posted flashing or strobing lights as responses to its tweets, and using popular epilepsy-related hashtags, hoping to cause seizures for people who have photosensitive epilepsy and were viewing their posts.

The attacks were carried out last month during the National Epilepsy Awareness Month “when the greatest number of people with epilepsy and seizures were likely to be following the feed,” the foundation said. Over 30 different Twitter accounts participated, it said.

These attacks are no different than a person carrying a strobe light into a convention of people with epilepsy and seizures, with the intention of inducing seizures and thereby causing significant harm to the participants,” said Allison Nichol, Esq., director of legal advocacy for the Epilepsy Foundation.

https://www.zdnet.com/article/epilepsy-foundation-files-criminal-complaint-over-seizure-inducing-videos-posted-on-twitter/

Your City, Your State, Your K12 Public School all attacked using NSA weapon.

Your City, Your State, Your K12 Public School all attacked using NSA weapon.

In Baltimore and Beyond, a Stolen N.S.A. Tool Wreaks Havoc
By Nicole Perlroth and Scott Shane
May 25, 2019

In Pennsylvania School Districts Stockpiling Huge budget surplus accounts, while still raising property taxes every year

WannaCry? Hundreds of US schools still haven’t patched servers
A dive into vulnerability data shows even big districts’ servers still offering up SMB v. 1.

I think patching your software and making backups will protect you better than blaming the Gov’t
or
… than blaming the government who weaponized an unknown flaw in software and made sure not to tell the software vendor, in order to prevent a patch which customers could install, you mean?
or
Microsoft was warned, and the patch came out a month before Shadow Brokers dumped it.

If you’re wondering why ransomware continues to be such a problem for state and local governments and other public institutions, all you have to do to get an answer is poke around the Internet a little. Publicly accessible security-scan data shows that many public organizations have failed to do more than put a bandage over long-standing system vulnerabilities that, if successfully exploited, could bring their operations to a standstill.

While the method by which RobbinHood ransomware infected the network of Baltimore City two weeks ago is still unknown, insiders within city government have pointed to the incomplete efforts by the Office of Information Technology to get a handle on the city’s tangle of software, aging servers, and wide-flung network infrastructure. Baltimore isn’t even the only city to have been hit by ransomware in the last month—Lynn, Massachusetts, and Cartersville, Georgia, both had electronic payment systems taken offline by ransomware this month. Greenville, North Carolina, was struck by the same RobbinHood ransomware affecting Baltimore in April.

But cities aren’t the only highly vulnerable targets to be found by would-be attackers. There are hundreds of thousands of Internet-connected Windows systems in the United States that still appear to be vulnerable to an exploit of Microsoft Windows’ Server Message Block version 1 (SMB v. 1) file sharing protocol, despite repeated public warnings to patch systems following the worldwide outbreak of the WannaCry cryptographic malware two years ago. And based on data from the Shodan search engine and other public sources, hundreds of them—if not thousands—are servers in use at US public school systems. Even in cases where Microsoft’s patch of SMB v. 1 has been applied, the protocol remains a potential security problem—one that some organizations can’t completely close because some vendors still require the protocol for applications such as networked copiers and scanners.

While conducting research as a follow-up to our coverage of Baltimore City’s ongoing ransomware attack, Ars discovered that neighboring Baltimore County’s public school system had eight publicly accessible servers that still were running in configurations that indicated they were vulnerable to EternalBlue, the Equation Group exploit exposed by Shadow Brokers in April 2017 and then used as part of the WannaCry malware a month later. The exploit is now packaged as part of multiple malware kits, according to security researchers.

https://arstechnica.com/information-technology/2019/05/two-years-after-wannacry-us-schools-still-vulnerable-to-eternalblue/

SEE

Where are the State AG’s in protecting the citizens from malware that “gets away” from the NSA? The weaponized software created by the NSA…. when employees who have been taught everything by the NSA leave their jobs and take what they know with them then form companies and sell their “knowledge /skills / know how” learned on the job by working for America to enemies.

https://krebsonsecurity.com/2017/12/former-nsa-employee-pleads-guilty-to-taking-classified-data/


02
Dec 17

Former NSA Employee Pleads Guilty to Taking Classified Data

A former employee for the National Security Agency pleaded guilty on Friday to taking classified data to his home computer in Maryland. According to published reports, U.S. intelligence officials believe the data was then stolen from his computer by hackers working for the Russian government.

Nghia Hoang Pho, 67, of Ellicott City, Maryland, pleaded guilty today to “willful retention of national defense information.” The U.S. Justice Department says that beginning in April 2006 Pho was employed as a developer for the NSA’s Tailored Access Operations (TAO) unit, which develops specialized hacking tools to gather intelligence data from foreign targets and information systems.

According to Pho’s plea agreement, between 2010 and March 2015 he removed and retained highly sensitive classified “documents and writings that contained national defense information, including information classified as Top Secret.”

Pho is the third NSA worker to be charged in the past two years with mishandling classified data. His plea is the latest — and perhaps final — chapter in the NSA’s hunt for those responsible for leaking NSA hacking tools that have been published online over the past year by a shadowy group calling itself The Shadow Brokers.

https://thehill.com/policy/national-security/436950-former-cia-nsa-employees-sue-agencies-over-alleged-censorship

Ex-NSA employees criticize Mike Rogers’ role with Israeli venture firm

In Baltimore and Beyond, a Stolen N.S.A. Tool Wreaks Havoc By Nicole Perlroth and Scott Shane May 25, 2019

For nearly three weeks, Baltimore has struggled with a cyberattack by digital extortionists that has frozen thousands of computers, shut down email and disrupted real estate sales, water bills, health alerts and many other services.

But here is what frustrated city employees and residents do not know: A key component of the malware that cybercriminals used in the attack was developed at taxpayer expense a short drive down the Baltimore-Washington Parkway at the National Security Agency, according to security experts briefed on the case.

Since 2017, when the N.S.A. lost control of the tool, EternalBlue, it has been picked up by state hackers in North Korea, Russia and, more recently, China, to cut a path of destruction around the world, leaving billions of dollars in damage. But over the past year, the cyberweapon has boomeranged back and is now showing up in the N.S.A.’s own backyard.

It is not just in Baltimore. Security experts say EternalBlue attacks have reached a high, and cybercriminals are zeroing in on vulnerable American towns and cities, from Pennsylvania to Texas, paralyzing local governments and driving up costs.

The N.S.A. connection to the attacks on American cities has not been previously reported, in part because the agency has refused to discuss or even acknowledge the loss of its cyberweapon, dumped online in April 2017 by a still-unidentified group calling itself the Shadow Brokers. Years later, the agency and the Federal Bureau of Investigation still do not know whether the Shadow Brokers are foreign spies or disgruntled insiders.

< – >

WHERE ARE THE CLASS ACTION SUITS?

WHY DOESN’T THE STATE HOLD THE DEFENSE DEPARTMENT ACCOUNTABLE FOR THE DAMAGE DONE TO THEIR CITIZENS?

Breaking news. Patch yourself for the CVEs exploited by NSA tools on the loose. This includes major cities!

ETERNALBLUE was initially nicknamed EternalBluescreen —NSA never seriously considered alerting Microsoft about discovering the vulnerability (before Shadow Brokers happened), and —“held on it” (“used it,” presumably) for more than five years
https://www.nytimes.com/2019/05/25/us/nsa-hacking-tool-baltimore.html


NEW: Baltimore was hit with an NSA hacking tool that is being used to hijack U.S. cities. ⁦⁩ and I spent months looking into the origins of EternalBlue, a stolen NSA weapon that is popping up in more and more attacks across the country.

The NSA spent more than a year searching for the flaw in Microsoft’s software and writing the code to exploit it.

NSA TAO operators jokingly referred to it as “EternalBluescreen” because it often crashed computer systems, a risk they might tip off targets. It took months to hone. Once it became a reliable espionage tool, it netted some of the NSA’s best counter-terrorism intelligence, and there was never any serious consideration that NSA would turn over the underlying flaw to Microsoft for patching.

The NSA kept it for 5+ years until unidentified hackers threatened to publish it.

In April 2017, the group, which calls itself the ShadowBrokers, dumped it online, where it has been picked up by North Korea, Russia, Iran and, just this week, China in attacks that have cut a path of destruction around the globe. But in the last year, it has boomeranged back to the NSA’s own backyard, hitting Baltimore, Allentown, San Antonio and countless other cities in attacks that have paralyzed municipal operations and alarmed government officials, who privately say the NSA needs to account. The NSA refuses to discuss the incidents or even acknowledge that the dumped tools were part of its cyber arsenal, but in an unusually candid interview, NSA former director Mike Rogers, who oversaw the agency during the leak, deflected blame. “If Toyota makes pickup trucks and someone takes a pickup truck, welds an explosive device onto the front, crashes it through a perimeter and into a crowd of people, is that Toyota’s responsibility?

“The N.S.A. wrote an exploit that was never designed to do what was done.”

Microsoft rejects that analogy: “These exploits are developed and kept secret by governments for the express purpose of using them as weapons or espionage tools. They’re inherently dangerous. When someone takes that, they’re not strapping a bomb to it. It’s already a bomb.”

EternalBlue is being packaged as part of many malware attacks as one possible lateral movement tool. Making a bomb is very much responsibility of the creator.

NSA toyota analogy was not correct. Exploit is like a bomb its a different matter who detonate it and where. NSA is very much responsible for their malicious espionage tools.

https://twitter.com/waveslide/status/1132442317372219392

EternalBlue was leaked 2 years ago. MS patched BEFORE it hit the wild. Some industry gossip the NSA knew they’d lost control and gave MS a heads-up. THIS PATCH HAS BEEN OUT FOR TWO YEARS! If it hits your network now, you deserve it. Usually, it’s a component of a malware package.

China has also been able to intercept an NSA tool as it attacked their networks. They stopped it, copied it, modified it, and sent it back to us and all of our allies.


‏ @bitsdigits
No, it wasn’t the NSA hacking tool that did this. It was basic exemptions to the #Baltimore #CIO policies that didn’t address patch management deficiencies that did this. Has anyone looked at what .gov requirements are
https://home.dotgov.gov/registration/requirements/

In Baltimore and Beyond, a Stolen N.S.A. Tool Wreaks Havoc

https://www.nytimes.com/2019/05/25/us/nsa-hacking-tool-baltimore.html

For nearly three weeks, Baltimore has struggled with a cyberattack by digital extortionists that has frozen thousands of computers, shut down email and disrupted real estate sales, water bills, health alerts and many other services.

But here is what frustrated city employees and residents do not know: A key component of the malware that cybercriminals used in the attack was developed at taxpayer expense a short drive down the Baltimore-Washington Parkway at the National Security Agency, according to security experts briefed on the case.

Since 2017, when the N.S.A. lost control of the tool, EternalBlue, it has been picked up by state hackers in North Korea, Russia and, more recently, China, to cut a path of destruction around the world, leaving billions of dollars in damage. But over the past year, the cyberweapon has boomeranged back and is now showing up in the N.S.A.’s own backyard.

It is not just in Baltimore. Security experts say EternalBlue attacks have reached a high, and cybercriminals are zeroing in on vulnerable American towns and cities, from Pennsylvania to Texas, paralyzing local governments and driving up costs.

The N.S.A. connection to the attacks on American cities has not been previously reported, in part because the agency has refused to discuss or even acknowledge the loss of its cyberweapon, dumped online in April 2017 by a still-unidentified group calling itself the Shadow Brokers. Years later, the agency and the Federal Bureau of Investigation still do not know whether the Shadow Brokers are foreign spies or disgruntled insiders.

< – >

https://www.nytimes.com/2019/05/25/us/nsa-hacking-tool-baltimore.html

In Pennsylvania School Districts Stockpiling Huge budget surplus accounts, while still raising property taxes every year