ECP NetHappenings Headlines – Security, Health, FTX, Politics, Friends

ECP NetHappenings Headlines

#SECURITY

U.S. lawmakers unveil bipartisan bid to ban China’s TikTok

Oath Keepers Have Worked for Department of Homeland Security: Report – Rolling Stone

Who Really Invented the Thumb Drive?

Which Explains This

An intel analyst tried to prevent the Jan. 6 attack — but DHS failed to act

#HEALTH

“US outbreaks reported since Spring:
Covid, RSV, severe rhinovirus, Enterovirus-D68, parechovirus, Influenza A/H1N1, Mpox, measles, “mystery” pediatric hepatitis, adenovirus, Legionella, meningococcal disease, a cornucopia of foodborne pathogens, & C-auris. And polio returned.”

Judge rejects vaccine choice law in health care settings

How Medicare Advantage plans dodged auditors and overcharged taxpayers by millions

Research-Giant Salk Institute Partners with HUMAN Protocol to Tap into Web3’s Biggest Workforce

Catholic collective narcissism linked to acceptance of myths about child sexual abuse

POLITICS

Clarence Thomas Should Resign for Being ‘Corrupt as Hell’: Congressman

Freedom of the Press “URGENT: Tell @SenSchumer to pass the PRESS Act and stop the government from spying on reporters! @ChuckSchumer can put the PRESS Act in the Senate’s end-of-year package and be a hero for press freedom.
https://freedom.press/news/urgent-tell-sen-schumer-to-pass-the-press-act-and-stop-the-government-from-spying-on-journalists/

Laurence Tribe on Twitter: “The constitutional officer second in line to the presidency should not be someone who tried to overturn the last election for the presidency.” But too few Dems will vote for any R. So the problem is bipartisan, though asymmetrical.

Preparing for the Worst
Unless voters wake up—and Democrats wake them up—we’re on the verge of permanent, minoritarian, single-party rule.

Mark Meadows Exchanged Texts With 34 Members Of Congress About Plans To Overturn The 2020 Election

Senator Merkley Introduces Legislation to Ban Hedge Fund Ownership of Residential Housing

Billionaire Ken Griffin sues IRS over tax disclosure
Hedge-fund billionaire Ken Griffin has sued the IRS and the Treasury Department over the “unlawful disclosure” of his tax information, escalating the battle in Washington over leaked tax filings of super-wealthy people including Warren Buffett and Jeff Bezos.

Tech Figure In Dot-Com Child Sex Scandal Was A Clinton Global Initiative Member

#FTX

Chief Economist at the European Central Bank takes 1m30s to explain why fiat is a scam. Peter Praet, Chief Economist at the ECB, trying to explain how central bank money gets created.

Crypto Insurance Firm Evertas Bucks Bear Market With $14M Raise

FOLLOW FTX CASE Kroll Restructuring Administration

Congressman Tom Emmer alleges SEC Chairman Gensler was aware of FTX fraud

New FTX CEO is getting paid $1,300 an hour, and customers will foot the bill

FTX’s inner circle had a secret chat group called ‘Wirefraud’

How a secret software change allowed FTX to use client money | They all knew they were stealing funds that’s why “conspiracy”

Co CEO Carolyn might be the whistle blower and may have been paid 20 million dollars reward money.  SBF’s Daddy was also working there for 1 year so we don’t know if he will get charged.

Neeraj K. Agrawal on Twitter: “@SenWarren The Digital Asset Anti-Money Laundering Act is an opportunistic, unconstitutional assault on cryptocurrency self custody, developers, and node operators Nothing about the bill would prevent the next FTX. In fact, it puts users at more risk.

The Digital Asset Anti-Money Laundering Act is an opportunistic, unconstitutional assault on cryptocurrency self custody, developers, and node operators

“Context: in her decade as a Senator, Elizabeth Warren has introduced 315 bills. Only one has been enacted into law. That’s a 0.32% success rate.”

Canadian regulator bans margin and leverage crypto trading and says stablecoins are considered securities

Musk suspended the twitter acct that follow his Jet.
“The powers-that-be don’t want you know how they’re using their private jets.”

Musk Didn’t Even Vote in Midterms He Cared So Much About

Friends

All thanks to Jonny for sending the following:

How Elon Musk’s anti-Fauci attacks are designed for the ‘right-wing information ecosystem’

Musk Declares ‘I’m Rich, Bitch!’ After Thousands Boo Him At Dave Chappelle Show

Dr. Fauci Hits Back At Elon Musk Attack With Withering Description Of Twitter

‘Losing value’: Mary Trump reveals the real reason why Ivanka and Kushner distanced themselves from Trump

In Wake Of Shocking Dinner, Trump Says It’s Jews Who Should Be ‘Ashamed’ For Disloyalty

Coinbase has 66% rise in police, government info requests
Coinbase says law enforcement departments and other government agencies sent it 12,320 requests for information from October 2021 through September, a 66% increase from what the cryptocurrency exchange saw in the previous 12-month period. Nearly 90% of the requests in the US were connected to federal, state or local criminal inquiries, while the remainder involved civil matters.

They Weren’t Rich But They Wanted to Invest. Then They Lost Everything on FTX.

The FTX Collapse Is Also a Huge Campaign Finance Scandal

Why Tom Brady, David Ortiz, Jimmy Fallon and other celebrities are getting sued over crypto

Snap Snap
They’re Really Spooky Mysterious and Ooky

Charles Addams: The Addams Family’s Ties to Penn

Educational CyberPlayGround NetHappenings News SECURITY 4-15-2021

► ► Educational CyberPlayGround®, Inc. 1999 https://edu-cyberpg.com
► ► Blog https://CyberPlayGround.org ©
► ► NetHappenings Newsletter ©1989 email subscribe / unsubscribe
► ► K12 School Directory © http://k12playground.com
► ► Twitter @Cyberplayground @NetHappenings @K12Playground

THIS IS VERY VERY LONG……

MAKE SURE YOU SCROLL ALL THE WAY DOWN

A Casino Gets Hacked Through a Fish-Tank Thermometer
https://www.entrepreneur.com/article/368943
Are your fish tanks secure? Secure yourlaptop. Secure your smart phone. Secure your tablet. And, before I forget, secure your fish tank. Yes, you heard me. Your fish tank. That was the lessoned learned a few years ago from the operators of a North American casino. According to a 2018 Business Insider report, cybersecurity executive Nicole Eagan of security firm Darktrace told the story while addressing a conference.
“The attackers used that (a fish-tank thermometer) to get a foothold in the network,” she recounted. “They then found the high-roller database and then pulled that back across the network, out the thermostat, and up to the cloud.” Can this really be possible?  It certainly can. And you can blame the Internet of Things.

AI Security: How Human Bias Limits Artificial Intelligence
April 15, 2021 | By Mark Stone
https://securityintelligence.com/articles/ai-security-human-bias-artificial-intelligence/
For cybersecurity experts, artificial intelligence (AI) can both respond to and predict threats. But because AI security is everywhere, attackers are using it to launch more refined attacks. Each side is seemingly playing catch-up, with no clear winner in sight.
How can defenders stay ahead? To gain context about AI that goes beyond prediction, detection and response, our industry will need to ‘humanize’ the process. We’ve explored some of the technical aspects of AI, like how it can both prevent and launch direct-denial-of-service attacks, for instance. But to get the most out of it in the long run, we’ll need to take a social sciences approach instead.
What AI Security Can’t Do
First, let’s establish what AI and machine learning are. AI, much like its name, represents the higher concept of machines carrying out ‘smart’ tasks. Machine learning (ML) is a subset of AI. It provides data to computers so they can process that data and learn for themselves. Whether it’s AI or machine learning, algorithms are built based on data that determine what patterns are expected and what are considered abnormal.
The best AI requires data scientists, statistics and as much human input as possible. As you train it, AI learns to create results that may not be visible to the human running it. It can even make judgments based on data for which you didn’t train it. This ‘black box’ nature means there’s also a push to make AI that can reveal how it makes decisions.

No matter how well AI trains itself, human oversight and input are key to its success. That’s the takeaway from Julie Carpenter, research fellow in the ethics and emerging sciences group at California Polytechnic State University.

“Every decision you make in AI should have a human in the loop at this point,” she says. “We don’t have any sort of genius AI that understands human context, or human ways of life or sentience. Some sort of oversight is necessary.”

AI Can’t Outthink Us
Carpenter explains that AI’s original goal is to replicate human-like thinking, an attempt that remains true today for most AI products. AI cybersecurity — and AI in general — is there to serve humans in one way or another, she said. But it still doesn’t understand human context, culture or meaning.

The belief that AI will, sometime in the future, outsmart and outthink us is incorrect, Carpenter said. She also shared her strong doubts about the current state of AI reading emotion. ‘Affective’ AI like this is being used in advertising to try to read consumers’ attitudes toward products and marketing campaigns.

“I don’t think it’s necessarily a good direction for AI to go,” she warned. “How can we teach AI to do something we (ourselves) cannot do — which is perfectly read each other’s emotions?”

How AI Bias Hurts Cybersecurity
Is artificial intelligence a threat? Maybe not in the science fiction sense of machines taking over the world. But it does open up new avenues of attack. And because AI is trained by humans, it can include human bias — or fail to account for human bias. Instead of approaching AI security from an external standpoint (i.e. preventing breaches) we must also consider the impact it might have internally.

Suppose you decide you’re going to start using AI to prevent breaches in your company. In that case, you may not want to worry so much about how to block clever threat actors. Instead, you should worry more about how to keep your own users, customers or employees safe. By using AI security in some form, are you putting them at risk? In today’s threat landscape, where personal devices are on corporate networks with people working from home, enterprise networks are handling much more personal traffic than ever before.

How to Overcome Bias
Carpenter advises that companies look for the broader impacts that go beyond just the intended use of the AI product.

In our industry, protecting personal information is critical. But what happens when AI security glosses over something that may, at first glance, seem harmless but is, in fact, sensitive to certain groups?

Carpenter offers an example. Let’s say a company suffers a data breach in which the only information that leaked was employees’ genders. For many people, that might not be a concern.

“But having someone’s gender hacked and put out there could be a really big deal for a lot of people,” she said. “It could be life changing … devastating … traumatizing … because gender is such a complicated social and cultural issue.”

Depending on what kind of service you handle and what kind of data is linked, you may have different kinds of outcomes.

The Limits on ‘Reading People’
Another potential pitfall for the use of AI in cybersecurity is with advanced biometrics — especially when it comes to specifics like facial expressions. Even looking ahead into the 2040s, Carpenter is skeptical that AI will understand visual cues. The subtleties, nuances and cultural differences are simply too complex.

“It’s going to disregard context, situations and suggestiveness,” she says. “You could have a frown on your face and the AI technology thinks that you’re frustrated or angry. But you pull back the picture, and the person is standing while they’re reading a book, and they’re actually just concentrating. It doesn’t really matter what other biometrics you triangulate it with. It’s a guessing game.”

Remember Ethical Frameworks
One piece of ‘low-hanging-fruit’ companies can take from a user perspective, Carpenter advises, is to look at things like the General Data Protection Regulation (GDPR) and any protocols that talk about the user’s rights and think about an ethical framework built on those rights.

“If you look at things like the rights for the citizen section of the GDPR, it explicitly defines what my rights are as a user and as a data person,” she says. “If my data is incorrect, how do I fix it, how can I get organizations to stop disseminating false data about me? These are the ethical questions that are out there, and things that are user-centered that can be a starting point for discussions in organizations.”

With any type of strategic planning, having the right people in place is a crucial element for success. With AI security, it’s no different.

Checklist for Working With AI
Carpenter insists organizations should have an important initial discussion about AI security and answer several key questions:

What are the goals of using AI, even beyond the business goals?
How does the organization think of AI as a concept?
What should the AI do, and what shouldn’t it do?
What is it we’re artificially replicating with AI?
Whose intelligence are we artificially replicating?
How will this intelligence be used?
What do we want the intelligence to do that goes above and beyond its primary functionality?

“There needs to be explicit discussions, smaller discussions and micro discussions between and within the teams and working groups,” she says. “We also need to make decisions about what to include and not to include, what to code and not to code, how to promote the product or not promote their product, who do we give it to and who we are designing it for.”

What’s Next for AI Security?
Carpenter recalls a recent talk with another very large tech company in which she asked how their AI security handles a huge data breach. Beyond its uses, she was curious about what the company learned about the group that carried out the attack.

“We’re not detectives,” the executive told her, “and all we can do is put a cork back in the leak and move on to predicting how they might attack us again.”

This type of reactive, short-term thinking is often the best we can do to keep up with the cycle of prediction, detection and response. Carpenter hopes that in the long term, cybersecurity can leverage people in social sciences more. They could help AI find forensic patterns, cultural patterns, how attacks were happening, who is behind the attacks and what their motivations are. When programmed and put in place correctly, AI security could someday predict and forecast how future events might emerge.

Use Some AI … But Not Too Much
“AI should provide more refined insights, not so much in terms of quantity but in terms of quality,” Carpenter says. “Because you’re looking at this diverse set of rules, and you’re not stuck in an echo chamber with the same ideas and the same concepts. Frankly, if I was working in cybersecurity, and I was working in an organization with everybody throwing around the term AI (too much), I’d be a little concerned.”

Cybersecurity experts, she suggests, must learn to think like social scientists, taking a step back, so everyone in the enterprise is on the same page — increasing communication to help everybody’s plan.

“People from social sciences are specifically trained to help you give AI more understanding,” she says.

Better AI Security By Thinking Like a Human
In fact, it’s difficult not to come away with the perception that winning in cybersecurity is about taking human psychology and social sciences into account in other areas, too. Almost anyone who has instilled a culture of awareness in their enterprise will tell you that they’re much more confident about their security posture.

Learning about, adopting and getting the most out of AI security is no different. The more we understand about the human element and the more we add that understanding into AI input, the better off we’ll be as an industry.

FACEBOOK

So where did that cache of 500 million Facebook phone numbers come from? @lilyhnewman got to the bottom of it. Turns out it was scraped from the site directly by exploiting an undisclosed vulnerability in the site’s contact import feature, which allowed attackers to create a massive address book with millions of phone numbers in order to “match” those numbers against existing Facebook accounts. Facebook never fully disclosed the issue, instead this past week pointed back to similar — but only tangentially related — stories.

Motherboard: Cool, how about one more? There’s yet another cache of Facebook phone numbers in the form of a Telegram bot. @josephfcox ran the numbers.

Clearview AI, the controversial facial recognition app

BuzzFeed News: Breathtakingly good reporting here. BuzzFeed News found more than 7,000 users from close to 2,000 public agencies using Clearview AI, the controversial facial recognition app that checks faces against a database of 3 billion images scraped from social media sites. BuzzFeed News published the results in a searchable table — including ICE, the Air Force, and even public schools. This is incredible work that took the reporters over a year to complete.

THE BOTNET

Bitcoin should become a global, universal currency. In this context, asymmetric threats like embedded illegal data become a major challenge.

Akamai has reported on a new method: a botnet that uses the Bitcoin blockchain ledger. Since the blockchain is globally accessible and hard to take down, the botnet’s operators appear to be safe.

There’s even illegal pornography and leaked classified documents. All of these were put in by anonymous Bitcoin users. But none of this, so far, appears to seriously threaten those in power in governments and corporations. Once someone adds something to the Bitcoin ledger, it becomes sacrosanct. Removing something requires a fork of the blockchain, in which Bitcoin fragments into multiple parallel cryptocurrencies (and associated blockchains). Forks happen, rarely, but never yet because of legal coercion. And repeated forking would destroy Bitcoin’s stature as a stable(ish) currency.

The botnet’s designers are using this idea to create an unblockable means of coordination, but the implications are much greater. Imagine someone using this idea to evade government censorship. Most Bitcoin mining happens in China. What if someone added a bunch of Chinese-censored Falun Gong texts to the blockchain?

Direct line. Now #IndictTrump

On the Insecurity of ES&S Voting Machines’ Hash Code

It turns out that ES&S has bugs in their hash-code checker: if the “reference hashcode” is completely missing, then it’ll say “yes, boss, everything is fine” instead of reporting an error. It’s simultaneously shocking and unsurprising that ES&S’s hashcode checker could contain such a blunder and that it would go unnoticed by the U.S. Election Assistance Commission’s federal certification process. It’s unsurprising because testing naturally tends to focus on “does the system work right when used as intended?” Using the system in unintended ways (which is what hackers would do) is not something anyone will notice.

Also:

Another gem in Mr. Mechler’s report is in Section 7.1, in which he reveals that acceptance testing of voting systems is done by the vendor, not by the customer. Acceptance testing is the process by which a customer checks a delivered product to make sure it satisfies requirements. To have the vendor do acceptance testing pretty much defeats the purpose.

Capitol Police ignored intelligence warnings ahead of Jan. 6 riots, watchdog report finds

The Capitol Police ignored critical intelligence ahead of the Jan. 6th riot, including overlooking a warning that, “Congress itself is the target,” according to an internal watchdog report obtained by NBC News.

The police force tasked with protecting the U.S. Capitol also lacked policies and procedures that left them severely unprepared to deal with the deadly insurrection, the 104-page report prepared by the Capitol Police’s inspector general found. The report has not been made public.

Pennsylvania GOP launches ‘super MAGA Trump’ primary
Never mind Pittsburgh and Philadelphia. Palm Beach, Fla., is where the party’s Senate nomination is likely to be decided.
“There’s no denying that the Republican Party in Pennsylvania is still a party of Trump.” Steve Bannon, a former White House chief strategist to Trump, told POLITICO that “any candidate who wants to win in Pennsylvania in 2022 must be full Trump MAGA.”

US formally names Russian Foreign Intelligence Service (SVR) as the culprit in SolarWinds hack

The former president of the united states of America acted like a Russian operative for 4 years, blew the pandemic response, got Covid, crashed the economy, insulted everyone in the world, hasn’t conceded, and incited an ongoing insurrection and violent attack on the capitol

For the first time EVER, the US government said Russian agent Konstantin Kilimnik provided Russian intelligence agencies with the internal Trump campaign polling/strategy data he received from Manafort and Gates in 2016. Even Mueller didn’t go that far.

We knew Trump 2016 polling data went from Manafort > Kilimnik. Today, Treasury says that data went from Kilimnik > Russian intelligence agencies.
https://home.treasury.gov/news/press-releases/jy0126

Here’s KK with long term buds Manafort and….look, it’s Bernie’s 2016 Chief Strategist Tad Devine!

One of the most under-talked about pieces of the Mueller report. Manafort met Kilimnik to discuss polling data & Trump campaign strategy in the Midwest, but also discussed the Russian belief that Trump needed to win in order for Russia to effectively control Eastern Ukraine.

See https://home.treasury.gov/policy-issues/financial-sanctions/recent-actions/20210415

 

Which messengers leak your data, drain your battery, and more

Study shows which messengers leak your data, drain your battery, and more
https://arstechnica.com/information-technology/2020/10/study-shows-which-messengers-leak-your-data-drain-your-battery-and-more/

They make online conversations easier by providing images and text associated with the file that’s being linked. Unfortunately, they can also leak our sensitive data, consume our limited bandwidth, drain our batteries, and, in one case, expose links in chats that are supposed to be end-to-end encrypted. Among the worst offenders, according to research published on Monday, were messengers from Facebook, Instagram, LinkedIn, and Line.

For this to happen, the app itself—or a proxy designated by the app—has to visit the link, open the file there, and survey what’s in it. This can open users to attacks. The most severe are those that can download malware. Other forms of malice might be forcing an app to download files so big they cause the app to crash, drain batteries, or consume limited amounts of bandwidth. And in the event the link leads to private materials—say, a tax return posted to a private OneDrive or DropBox account—the app server has an opportunity to view and store it indefinitely.