• Content Count

  • Joined

  • Last visited

  • Days Won


kya100 last won the day on November 8

kya100 had the most liked content!

About kya100

  • Rank
    Advanced Member

Profile Information

  • Gender
    Not Telling

Recent Profile Visitors

856 profile views
  1. Omniverse, a now-defunct supplier of IPTV streams, has agreed to pay $50 million in piracy damages to several Hollywood studios. Omniverse initially described the piracy allegations as "scandalous" but has since stepped back from its claim. Anti-piracy group ACE, which was a driving force behind the lawsuit, is pleased with yet another legal victory. In February, several major Hollywood studios filed a lawsuit against Omniverse One World Television. Under the flag of anti-piracy group ACE, the companies accused Omniverse and its owner Jason DeMeo of supplying of pirate streaming channels to various IPTV services. Omniverse sold live-streaming services to third-party distributors, such as Dragon Box and HDHomerun, which in turn offered live TV streaming packages to customers. According to ACE, the company was a pirate streaming TV supplier, offering these channels without permission from its members. Omniverse disagreed with this characterization and countered that it did everything by the book. It relied on a deal from the licensed cable company Hovsat, which has a long-standing agreement with DirecTV to distribute a broad range of TV-channels with few restrictions. As time went on, however, it transpired that the streaming provider was clearly worried about the legal threat. After several of its distributors distanced themselves from the service, Omniverse decided to wind down its business. The streaming provider also filed a third-party complaint against Hovsat for indemnification and breach of contract, among other things. Omniverse believed that it was properly licensed and wants Hovsat to pay the damages for any alleged infringements if that was not the case. That there are damages became crystal clear yesterday, when ACE announced that it had obtained a consent judgment against Omniverse. Both parties have agreed to settle the matter with the streaming provider committing to pay a $50 million settlement. “Damages are awarded in favor of Plaintiffs and against Defendants, jointly and severally, in the total amount of fifty million dollars,” the proposed judgment reads. The agreement also includes a permanent injunction that prevents Omniverse and its owner Jason DeMeo from operating the service and being involved in supplying or offering pirate streaming channels in any other way. The damages amount of $50 million is a substantial figure. In the past, however, we have seen that the public figure can be substantially higher than what’s agreed in private. In any case, Omniverse may hold Hovsat accountable, as previously suggested. Karen Thorland, Senior Vice President at the Motion Picture Association, which has a leading role in the ACE coalition, is pleased with the outcome. “This judgment and injunction are a major win for creators, audiences, and the legitimate streaming market, which has been undermined by Omniverse and its ‘back office’ piracy infrastructure for years,” Thorland, says Over the past years, ACE has built a steady track record of successful cases against IPTV providers and services. In addition to Omniverse, it also helped to shut down SetTV, Dragon Box, TickBox, Vader Streams, and many third-party Kodi addons. The consent judgment and permanent injunction have yet to be signed off by the court but since both parties are in agreement, that’s mostly a formality.
  2. Two groups involved in the distribution of third-party Kodi addons and 'builds' have shut down citing legal pressure. KodiUKTV and OneNation both ran so-called repositories where software could be downloaded but that activity will not continue into the future. It is currently unknown who threatened the groups but there are a couple of prime candidates. Being involved in the development of third-party Kodi addons and ‘builds’ (Kodi installations pre-customized with addons and tweaks) is a somewhat risky activity. Providing simple access to otherwise restricted movies and TV shows attracts copyright holders, and that always has the potential to end badly. And it does, pretty regularly. On November 1, 2019, UK-focused Kodi platform made an announcement on Twitter, stating briefly that “Something has happened this morning. Sorry!” While that could mean anything, an ominous follow-up message indicated that a statement would be released in due course “detailing the future”. Several hours later, confirmed what fans already knew, that it had taken down its site. Why that happened remained open to question but a few hours ago the group confirmed that legal action was to blame. “We took our website offline 10 days ago closed our repo and the builds due to legal demands against us,” announced on Twitter. “We will say more when we can bring the site back up safely. But the builds & repo will not be back nor will we host any add-ons anymore for anyone.” The closure is particularly bad news for anyone who used the popular DadLife Kodi build that was previously installable via the group’s repository. Whether it will find a new official home somewhere else is open to question. But there is more bad news too. In an announcement posted a few hours ago to its Facebook page, Kodi builds and addon repository OneNation revealed that it too had shut down, again as a result of legal pressure. “Unfortunately due to outside Legal pressures this group will close with immediate effect along with our Repository etc. We would just like to thank each and every one of you for all your support over the years,” OneNation wrote. Noting they’d had an “absolute blast”, OneNation added they were going out with their “heads held high” having done things their way, without “robbing links from others” or accepting payment in any “shape or form”. OneNation: another one bites the dust OneNation went down with strict instructions for no-one to contact the team for any further information and to treat any additional information published online as “hearsay.” That means that confirming who applied the legal pressure will be reliant on word from the anti-piracy groups most likely to be have been involved.
  3. Last year, Defense Distributed won a legal battle, which allowed it to continue uploading and sharing blueprints for 3D-printed guns. The decision was immediately criticized by states and gun-reform advocates. Now, a US District Judge has overturned the ruling. Once again, it is illegal to publish blueprints for 3D-printed guns online. The battle started in 2012, when Defense Distributed posted blueprints for a 3D-printed pistol. More than 100,000 copies were downloaded, and it wasn't long before the US State Department told Defense Distributed that it was violating International Traffic in Arms Regulations. The State Department said sharing the files "could cause serious harm to U.S. national security and foreign policy interests." Defense Distributed argued that preventing it from sharing its blueprints online violated the First Amendment, and in what many felt was a surprising response, the State Department surrendered to that argument. It reached a settlement with Defense Distributed that allowed the company to continue sharing its 3D-printed gun files. Yesterday, U.S. District Judge Robert Lasnik in Seattle ruled that the State Department did not give a proper explanation when it reached that settlement. That's a violation of the federal Administrative Procedure Act, and as a result, Lasnik has overturned the ruling. "Given the agency's prior position regarding the need to regulate 3D-printed firearms and the CAD files used to manufacture them, it must do more than simply announce a contrary position," Lasnik wrote in his decision. The State Department is reviewing Lasnik's ruling, and Defense Distributed will likely appeal., Even President Trump said 3D-printed guns don't "make much sense." Whether or not Lasnik's ruling is allowed to stand, the battle over 3D-printed guns will likely continue.
  4. It's not just Apple and Facebook diving headlong into the financial world. Google has revealed plans to offer checking accounts in 2020 through a project nicknamed Cache. The search giant won't handle the actual underpinnings -- Citigroup and a credit union at Stanford University will both handle the accounts and feature the most prominent branding. There will still be integration between Google and the accounts, though, and some of it might raise concerns among regulators. Google is promising that it won't sell account holders' financial data. Instead, this is meant to add value for customers, shops and the banks themselves with services like loyalty programs. In a chat with the Wall Street Journal, the company's Caesar Sengupta also touted it as a way to further digitize the banking world. "If we can help more people do more stuff in a digital way... it's good for the internet and good for us," he said. Whether or not officials see it the same way is another story. Banking accounts include extremely sensitive information by their very nature, and governments will want assurances that Google isn't snooping on that data, exposing it to security risks or abusing it to maintain its internet dominance. Rivals like Facebook are already facing scrutiny for their financial plans -- Google might encounter more of the same. Combine that with ongoing antitrust investigations and Google may have to go out of its way to prove that its checking accounts will help more than they hurt.
  5. A laser defense system burned several flying drones out of the sky at army base in Oklahoma, demonstrating it can handle multiple threats per engagement. The U.S. military is pushing to develop laser weapons as a counter to the threat of drone swarms against military bases, especially air bases, where a single drone can do a lot of damage against multi-million dollar aircraft. Advanced Test High Energy Asset, or ATHENA, is a 30 kilowatt laser weapon system that uses the 30 kilowatt Accelerated Laser Demonstration Initiative (ALADIN) laser. ALADIN combines the power of three 10 kilowatt fiber lasers into a single 30 kilowatt beam. The use of multiple lasers means it can also operate at lower levels, say 10 or 20 kilowatts, if necessary. Thirty kilowatts is sufficient to inflict structural damage against drones, causing them to fall out of the sky. Lasers are concentrated beams of light that transmit large amounts of electromagnetic radiation, expressed in kilowatts, against their target. Pointed at a target, the laser causes rapid heating on the surface. This can cause objects to melt and fuel tanks to ignite. A drone can fail structurally, falling out of the sky, or burst into flames. Lockheed Martin’s press release says ATHENA torched several flying drones, including fixed wing (glider-type) and rotor (quadcopter) drones. The company says a “government command and control (C2) system and radar sensor” detected the drones, then passed on the radar track to airmen controlling the laser weapon. The U.S. Air Force is concerned about the threat of drone swarms against air bases and the multi-million dollar radars and aircraft stationed there. Even a small drone carrying a grenade-sized explosive warhead could easily disable a $80 million F-35 Joint Strike Fighter parked on the tarmac of an air base. Drones swarms could also do things like attack Patriot missile batteries and their fragile radars, destroying them and clearing the way for more powerful air attacks. In January 2018 Russian forces beat back a drone swarm launched against their main air base, Khmeimim Air Base, in Syria. The attacking drones, coordinated by Syrian rebels, were all shot down. Despite its failure, the attack put the world’s armed forces on notice: the age of the drone swarm was here. The release describing this latest ATHENA test lacks key details: how many drones were there? How quickly were the drones engaged? Did the laser miss? Did the data link between the sensor and the airmen aiming the laser work smoothly? How many kilowatts did ATHENA require to shoot down the drones? How far away were the drones from the laser when they were shot down? According to Lockheed Martin ATHENA is also capable of shooting down incoming artillery shells and rockets. This also has a U.S. Air Force application. In 1967, a Viet Cong rocket attack on Bien Hoa air base in South Vietnam killed eight Americans, wounded 173, and destroyed 11 aircraft on the ground. In anti-artillery mode, ATHENA operates autonomously, with no “man in the loop” to authorize the laser to fire. Artillery rounds simply move too fast for the system to seek permission from a human operator.
  6. The Center for Disease Control is edging closer to an explanation for vaping-related lung illnesses. The agency has determined that vitamin E acetate, a compound present in all 29 lung tissue samples obtained from patients, is a "potential toxin of concern." The chemical is used to dilute liquid in e-cigarettes and vaping products that include THC, and is found in some food as well as cosmetic products like skin cream. It doesn't normally cause harm when swallowed or rubbed on your skin, but past research suggests that inhaling might impede lung functions. There were other ingredients in the samples, although they didn't appear as consistently. THC surfaced in 23 out of the samples, while nicotine appeared in 16. The CDC was quick to warn that vitamin E acetate wasn't confirmed as the cause, and that there may be multiple factors involved in the occasionally deadly illnesses. It nonetheless repeated a recommendation to avoid using e-cigs and vapes that included THC, especially from "informal sources" like friends or street dealers. The CDC also stressed that companies shouldn't add the compound to their products until and unless there's a clearer understanding of its effect on lungs. Answers may well be coming -- it's just that officials don't want to take any chances.
  7. Global anti-piracy coalition Alliance for Creativity and Entertainment is continuing its drive to purge pirate sites from the Internet. In addition to the dramatic taking down of Openload last week and a related domain seizure run, another two streaming services have succumbed to the Alliance's wishes by closing down their operations and handing their domains to the MPA. After a standing start just over two years ago, the Alliance for Creativity and Entertainment quickly became the most feared anti-piracy group on the planet. Compromised of around three dozen entertainment companies, including the major Hollywood studios, Netflix and Amazon, the group now targets piracy on a global scale, sharing resources and costs to tackle infringement wherever it might be. Last week the group took down Openload and Streamango, a dramatic and significant action by any standard. However, as documented here on several occasions (1,2,3), the anti-piracy group also shuts down smaller players with little to no fanfare. Today we can report that another two sites have joined the club. The first,, appears to have been a seller/reseller of IPTV services targeted at the Brazilian market. Its packages started off pretty cheaply, less than US$4.50 for around 1000 standard definition channels. The ‘master’ package, however, offered an impressive 13,000 mixed SD, HD and ‘FullHD’ channels for around US$9.70 per month, almost double the price but still cheap by most standards.…..gone Thanks to the intervention of ACE, however, the site’s domain is now in the hands of the MPA. A notice on the site informs visitors that the platform bit the dust for infringing copyright. The familiar timer then runs down to zero and diverts disappointed users to the ACE homepage for a lesson in copyright. Finally, a dedicated streaming portal has also handed over its domain to ACE. first appeared online in 2015, streaming popular TV shows such as Game of Thrones, The Walking Dead, and Prison Break to a fairly sizeable audience. But now, without any official announcement from ACE, the show is clearly over for the TV show streaming platform. Like so many other similar sites and services, its domain now redirects to the ACE anti-piracy portal. What happened between the parties may never be known but it seems fairly obvious that the group’s influence convinced the site’s operator that continuing just wasn’t worth the trouble. Finally, over the past week ACE has been taking control of more Openload, Streamango, and StreamCherry domains. We previously reported that,,,, and had been seized, but more can be added to the list. They are:,,,,,,,,,,,,,,,,,,,, and openload.status.
  8. Last year, several major music companies sued Internet provider Cox Communications for failing to take proper action against pirating subscribers. The case will soon head to trial where Cox plans to present evidence showing that its anti-piracy measures were effective. However, the music labels want to exclude the evidence, describing it as a confusing mess of misleading calculations. Regular Internet providers are being put under increasing pressure for not doing enough to curb copyright infringement. Music rights company BMG got the ball rolling a few years ago when it won its piracy liability lawsuit against Cox Communications. The ISP was ordered to pay $25 million in damages and another $8 million in legal fees. Hoping to escape this judgment, the company filed an appeal, but the case was eventually settled with Cox agreeing to pay an undisclosed but substantial settlement amount. The landmark case signaled the start of many similar lawsuits against a variety of ISPs, several of which are still ongoing. In fact, just days after the settlement was announced, Cox was sued again, this time by a group of RIAA-affiliated music companies. In simple terms, the crux of the case is whether Cox did enough stop pirating subscribers. While the ISP did have the policy to disconnect repeat infringers, the music companies argue that this wasn’t sufficient. Over the past several months, both parties have conducted discovery and they are currently gearing up for a jury trial which is scheduled for December. Most recently, both parties have presented their motions in limine, requesting the court to exclude certain testimony from being presented to the jury. This is typically material they see as irrelevant, misleading, or confusing. One of the music companies’ motions focuses on a document (DX 74) Cox wants to present which indicates that the ISP’s own graduated response system worked pretty well. Apparently, internal Cox research showed that 96% of subscribers stop receiving notices after the 5th warning. This was concluded in 2010 and resulted in the ISP’s belief that its “graduated response” system was effective. The number was also brought up to the plaintiffs, as it was mentioned during the Copyright Alert System negotiations. Cox says that it chose not to join this voluntary piracy notice agreement because it already had a functional anti-piracy system in place. The music companies don’t want this evidence to be shown to the jury. In a reply to Cox’s objections, they argue that the facts and figures in the document are a confusing mess of misleading calculations that lack data to support them. The reply, which also rebuts other issues, is aggressively worded and redacts the 96% figure at the center of the dispute. “The mere utterance of the so-called ‘study’ and its misleading and unsupported conclusion will lend it an air of credibility in the jury’s mind. The proverbial bell cannot be un-rung. The only adequate solution is exclusion,” the music companies write. Cox has also submitted a variety of motions in limine. Among other things, the ISP doesn’t want the plaintiffs to present the millions of infringement notices tracking company MarkMonitor sent to Cox on behalf of other rightsholders. The music companies disagree, however, arguing that the jury is allowed to know that potential copyright infringements are not limited to their own complaints. The other notices are also relevant to determine crucial issues such as liability, willfulness, and statutory damages, they add. According to Cox, however, these third-party infringements notices are irrelevant to the present case and don’t prove anything. “Plaintiffs’ attempt to litigate this case with evidence from an unrelated case concerning acts of infringement that are not at issue is inappropriate, improper, and prejudicial. Plaintiffs’ evidence of third-party infringement allegations should be excluded from trial.” The docket is littered with back and forths on issues one party wants to exclude while being considered vital evidence by the other. This process is generally the last major clash before the trial starts. The court has yet to rule on the various motions. When that is done the case will move forward. If all goes according to the current schedule, the verdict will be announced in a few weeks.
  9. Russia is planning to use swarms with more than 100 drones in them. Each drone would pack an explosive charge, and the swarms would be unleashed on convoys and other targets. A surefire defense against a large swarm may be impossible, but it's worth remembering that Russia says a lot of things, and not all of them come to pass. Russian academics and aerospace engineers recently came together to present a fairly terrifying vision of the future of warfare. Flock-93 envisions more than a hundred drones, each armed with an explosive charge, swarming targets including vehicle convoys. Although difficult to pull off (especially for Russia at this point), such huge drone swarms would be extremely hard to defend against, with even the best active defenses letting some of the drones through. An article at C4ISRNet describes the Flock-93 concept. Originally proposed by the Zhukovsky Air Force Academy and private industry, the concept involves simultaneously launching more than a hundred drones, each armed with a 5.5 pound warhead. The drones will be flying wings capable of taking off and landing vertically. Here’s one example of such a drone: A VTOL drone doesn’t need a runway for takeoff. In fact, you could crowd dozens of drones—or in Flock-93’s case more than a hundred—inside a fairly compact area, like a field surrounded by trees or the roof of a building. Currently there is no Flock-93 flying wing drone, and the drone pictured above is a Kalashnikov ZALA-KYB attack drone. There also isn't a proven method of controlling more than a hundred drones at once. Flock-93 is purely a concept at this point, but a very intriguing one. How does a military force defend against a swarm of more than a hundred drones? It’s not going to be easy. A kinetic defense involving missiles, anti-drone drones, cannons, shotguns, and machine guns will never be perfect. A defense that shoots down ninety percent of the drones, a very good number, still lets ten drones through. Directed energy weapons might fare marginally better, particularly microwave weapons that broadcast a broad swathe of microwave radiation, frying anything in its path. That would be something like a flamethrower against a horde locusts. Still, no flamethrower would ever get all the locusts—and no microwave weapon would get all the drones. The best defense against drone swarms might simply be jamming them, preventing them from receiving commands from human controllers. This would affect all the drones within range of the jammer with a 100 percent success rate. One countermeasure to this: make the drone autonomous, so they don’t need to receive radio signals at all. These kamikaze-like drone swarms are pretty far out for now, particularly for the Russia who lags behind the West in drone technology. But it will eventually catch up, and this is a clear road map to a weapon system that looks effective even on paper. Another country like China might take the concept and run with it first. It seems that sooner or later, swarms like Flock-93 will be everyone’s problem. Source: C4ISRNet
  10. A team of cybersecurity researchers has discovered a clever technique to remotely inject inaudible and invisible commands into voice-controlled devices — all just by shining a laser at the targeted device instead of using spoken words. Dubbed 'Light Commands,' the hack relies on a vulnerability in MEMS microphones embedded in widely-used popular voice-controllable systems that unintentionally respond to light as if it were sound. According to experiments done by a team of researchers from Japanese and Michigan Universities, a remote attacker standing at a distance of several meters away from a device can covertly trigger the attack by simply modulating the amplitude of laser light to produce an acoustic pressure wave. "By modulating an electrical signal in the intensity of a light beam, attackers can trick microphones into producing electrical signals as if they are receiving genuine audio," the researchers said in their paper. Doesn't this sound creepy? Now read this part carefully… Smart voice assistants in your phones, tablets, and other smart devices, such as Google Home and Nest Cam IQ, Amazon Alexa and Echo, Facebook Portal, Apple Siri devices, are all vulnerable to this new light-based signal injection attack. "As such, any system that uses MEMS microphones and acts on this data without additional user confirmation might be vulnerable," the researchers said. Since the technique ultimately allows attackers to inject commands as a legitimate user, the impact of such an attack can be evaluated based on the level of access your voice assistants have over other connected devices or services. Therefore, with the light commands attack, the attackers can also hijack any digital smart systems attached to the targeted voice-controlled assistants, for example: Control smart home switches, Open smart garage doors, Make online purchases, Remotely unlock and start certain vehicles, Open smart locks by stealthily brute-forcing the user's PIN number. As shown in the video demonstration listed below: In one of their experiments, researchers simply injected "OK Google, open the garage door" command to a Google Home by shooting a laser beam at Google Home that was connected to it and successfully opened a garage door. In a second experiment, the researchers successfully issued the same command, but this time from a separate building, about 230 feet away from the targeted Google Home device through a glass window. Besides longer-range devices, researchers were also able to test their attacks against a variety of smartphone devices that use voice assistants, including iPhone XR, Samsung Galaxy S9, and Google Pixel 2, but they work only at short distances. The maximum range for this attack depends upon the power of the laser, the intensity of the light, and of course, your aiming capabilities. Besides this, physical barriers (e.g., windows) and the absorption of ultrasonic waves in the air can further reduce the range of the attack. Web Application Firewall Moreover, in cases where speech recognition is enabled, attackers can defeat the speaker authentication feature by constructing the recording of desired voice commands from relevant words spoken by the device's legitimate owner. According to the researchers, these attacks can be mounted "easily and cheaply," using a simple laser pointer,a laser driver, and a sound amplifier. For their set up, they also used a telephoto lens to focus the laser for long-range attacks. How can you protect yourself against the light vulnerability in real-life? Software makers should offer users to add an additional layer of authentication before processing commands to mitigate malicious attacks. For now, the best and common solution is to keep the line of sight of your voice assistant devices physically blocked from the outside and avoid giving it access to things that you don't want someone else to access. voice activated smart assistant hacking The team of researchers—Takeshi Sugawara from the Japan's University of Electro-Communications and Mr. Fu, Daniel Genkin, Sara Rampazzi, and Benjamin Cyr from the University of Michigan—also released their findings in a paper on Monday. Genkin was also one of the researchers who discovered two major microprocessor vulnerabilities, known as Meltdown and Spectre, last year.
  11. Citing reports of unlawful phone tracking confirmed by Homeland Security officials last year, Senator Ron Wyden on Wednesday called on the Federal Communications Commission to establish new regulations to force wireless companies to secure 5G networks from unlawful interception and tracking. While older cellular network technology has long been easy to compromise, the wireless industry is still in the early days of rolling out 5G and is still in a position to address known vulnerabilities exploited by hackers and foreign governments, Wyden writes in a letter sent to FCC Chairman Ajit Pai on Wednesday. “Unencrypted cellular phone calls and other wireless communications have long been vulnerable to interception by criminals and spies. Surveillance technology companies openly sell products that exploit these flaws to intercept calls, track phones and infect phones will malware,” the letter says. “This decades-long cybersecurity vulnerability has undoubtedly caused massive harm to our national security, and damage continues with each sensitive call or text that is tapped.” Last year, the Department of Homeland Security revealed it had obtained evidence of phone tracking equipment being used near the White House and other sensitive locations around the nation’s capitol. The devices, called IMSI catchers, or “Stringrays” after a popular law enforcement model, mimic cell phone towers and, with the addition of hand-held or vehicle-mounted equipment, can be used to accurately pinpoint a cellphone’s location to a single home or apartment. In certain modes, the devices are known to be highly disruptive, causing nearby phones to drop their connectivity. Researchers have shown that illegal home-brew versions of IMSI catchers, which cost less than $1,000 to make, are also capable of launching more sophisticated attacks; booting phones off phone networks and leaving them inoperable, for example. In a September 2018 report, an FCC advisory group known as the Communications Security, Reliability and Interoperability Council (CSRIC)—or “scissor-ick”—noted that many common attacks on cellular networks could be mitigated by improvements in 5G. These include location tracking, traffic interception, network spoofing, denial of service, impersonation of devices, and the malicious use of base stations. Even with these improvements, however, phones may still be vulnerable if they can be tricked into downgrading to a lower generation of network technology. This is accomplished through what’s known as a “bidding down attack.” Security researchers are already looking for ways to exploit 5G networks using this technique. CSRIC recommended that carriers adopt various encryption and authentication technologies to ward off attacks, noting that, for example, hackers targeting networks whose brain is based on a Software-Defined Network (SDN) architecture “can take advantage of any unencrypted communication interface to intercept or interfere with traffic to and from a central controller or network element.” However, the group does not recommend any regulatory action whatsoever. At every turn, it states the best route is to allow the telecommunications industry to do its own thing; the government should merely provide the companies with threat assessments generated by the Department of Homeland Security to help inform its decision. But it’s worth noting that CSRIC is overwhelmingly compromised of industry representatives. This, even though originally CSRIC was intended to include a balance of government and non-profit consumer advocates as well. According to recent research by the Project on Government Oversight (POGO), the last iteration of CSRIC—responsible for the aforementioned security recommendations—included 13 privacy-sector members and only a single civil society representative. “For decades, wireless carriers have ignored known cybersecurity vulnerabilities that foreign governments were and are still actively exploiting to target Americans. The market has failed to incentivize cybersecurity in part because consumers have no way of comparing the cybersecurity practices of phone companies,” Wyden states. “The FCC has the authority to regulate wireless carriers and their use of the public airwaves, particularly in areas that involve public safety and nation security,” he says. “The FCC must stop leaving the cybersecurity of American consumers, businesses and government agencies to wireless carriers and finally secure America’s next-generation 5G networks against interception and hacking by criminals and foreign spies.”
  12. Researchers have breached a crowdsourced DNA database by reverse engineering a user profile. DNA testing and database sites are vulnerable to many kinds of attacks and data sales. Users must ask themselves if the potential benefits of DNA testing outweigh privacy concerns. Genealogy and security are clashing yet again, this time over the massively crowdsourced DNA database GEDmatch. MIT Technology Review reports that computer science researchers designed targeted attacks that breached the GEDmatch database by making complex search strings that let them guess much of users’ DNA. The founder of GEDmatch, Curtis Rogers, said he’s not that surprised, because genealogy has always involved sharing information and comparing it directly to others to find commonality. This has been exploited in the past by social engineering, the low-tech but effective form of hacking that involves searching for written-down passwords, asking personal questions to glean security clues, and more. We’re all asked for our mother’s maiden name, which is an anachronism in a hundred ways in 2019, least of all that it’s very easily findable on any genealogy site. Even sites that attempt to use other information still ask for family names and relationships, probably because users who don’t understand the importance of a secure password also won’t spend time or energy to make secure passwords, let alone remember them without an accessible hint. Now, services like Ancestry or 23andMe bank users’ genome data, and amassing more and more sample data lets their results grow more specific and accurate by reducing the margin of error. But these services are also likely selling your genome to drug companies or even insurers. It seems like there’s a paradox in information security where users are so sure their identity will be stolen or their data will be sold that they choose not to worry about it or attempt to prevent it. Enter GEDmatch, a user-sourced database designed to help match people with unknown relatives. Because of the openness and accessibility of the project, it’s available to law enforcement as well. (Last year, California police revealed they used GEDmatch to finally ID the notorious Golden State Killer.) Without your express permission, law enforcement can only obtain your DNA if you’re arrested for a related crime. But departments are beginning to collect samples from entire communities as a way to, purportedly, exclude the innocent. With that in mind, it’s easy to see why the vulnerability that researchers found in GEDmatch is so troubling. They put together a DNA profile and uploaded it to the site, which in turn unlocked the ability to search for close matches. GEDmatch is run by volunteers who have, apparently, done too good a job building their user interface and search capability; this specific kind of attack only works on their system, not those of commercial sites like Ancestry or 23andMe. Experts say that one of the big ways an open database could be exploited is that strangers could claim to be relatives in order to gain an advantage. Think of the classic “Nigerian prince” scam, but with an even more tempting sheen of science-y credulity based on shared DNA. The reason commercial testing sites aren’t vulnerable is that they don’t let users share their own data. If someone sought to defraud 23andMe in the same way, they’d have to do something like take a sample from another person and submit it as their own. If GEDmatch is like a bank of data, right now the bank doesn’t even have a security guard snoozing by the front door. Years ago, internet users at corporations or universities would share corporate credit card information or FedEx account numbers on public websites they just assumed strangers would have no reason to look at, and this mismatch of audience and intention is nothing new. Hopefully other services can learn from this hack and better secure their information.
  13. An interim report compiled by a national security panel warns the U.S. government of falling too far behind China and Russia in the AI arms race, while calling for new investments to foster innovation. Released yesterday, the November interim report from the National Security Commission on Artificial Intelligence (NSCAI) advises the U.S. government to get its act together on the development of security- and defense-related AI, lest it fall behind its adversaries, namely China and Russia. Failure to do so would relinquish America’s role as a primary player in AI, while exposing the nation to serious new threats, including a diminishing of U.S. military advantage, unchecked disinformation campaigns, increased cyberattacks, and the erosion of democracy and civil liberties, according to the new report. “There’s no question the game is set... and we have to win.” “We are concerned that America’s role as the world’s leading innovator is threatened,” wrote commission chairman (and former Google CEO) Eric Schmidt and vice chairman Robert Work in the report’s introduction. “We are concerned that strategic competitors and non-state actors will employ AI to threaten Americans, our allies, and our values.” The final full report, which will include detailed budget recommendations, won’t be released until next year, but this preliminary version, which will be submitted to the U.S. Secretary of Defense, offered some advice on how the government should move forward. In summary, the government should invest heavily in AI research and development, increase its use of AI for national security purposes, train, recruit, and maintain AI talent, build upon pre-existing U.S. technologies, and work to foster global cooperation on AI-related matters, according to the report. To assist with the new report, the NSCAI held a conference yesterday (November 5) at the Liaison Washington Hotel in Washington D.C., titled “Strength Through Innovation: The Future of A.I. and U.S. National Security.” The purpose of the conference, which I viewed via livestream, was to discuss the interim report and to kickstart a series of discussions that will lead to the commission’s final report, which will eventually fall into the hands of Congress. “We are in a competition,” said Schmidt during his opening remarks. “There’s no question the game is set... and we have to win.” He said the U.S. government “is currently unprepared for the potential of AI,” and that a culture change needs to happen in both the public and private sectors. In addition to new investments in education, Schmidt said the U.S. needs to expand public and private sponsorship of R&D, work to keep talented researchers inside the U.S., be the first to reach global markets, and develop ancillary technologies like quantum computers and 5G networks. Schmidt said collaborative discussions will also be needed to ensure AI safety, such that AI will do “what we want it to do.” The U.S. would be smart to work with its competitors on this matter, he added. Christine Fox, an assistant director at Johns Hopkins University Applied Physics Lab, said cultural shifts will be required across many departments, both in the public and private sectors, and that leadership will be key to breaking stubborn bureaucracies resistant to change. “This is a multigenerational problem requiring a multigenerational solution.” The risks of falling behind in the AI arms race emerged as recurring theme throughout the day. Lieutenant General John N.T. “Jack” Shanahan, the director of the Joint Artificial Intelligence Center, talked about the coming shift to “algorithmic warfare” and how “we are going to be shocked by the speed, chaos, and bloodiness” of future combat involving AI. He said humans pitted against machines will have a distinct disadvantage and that it would be incumbent upon the U.S. to avoid this lopsided dynamic on the battlefield. Shanahan commended the authors of the interim report but cautioned that the findings will take some time to implement. “This is a multigenerational problem requiring a multigenerational solution,” he said. Shanahan heads the Pentagon’s Project Maven—an initiative that seeks to improve drone technology with AI. News that Google will no longer be participating in the program represented a serious setback for the project, but Shanahan said the incident served to expose deeper issues. He said “employees of these companies see no value in working with the DoD [Department of Defense],” and “we don’t make it easy for them.” Shanahan said the U.S. will not be able to attain the guidelines outlined in the new report without public-private partnerships, which he described as “the very essence of our success as a nation.” And unlike China or Russia, the U.S. government actually takes the time to consider the ethics of militarized AI, he said, in reference to a recently concluded DoD investigation. Steve Chien, a commissioner of the NSCAI, co-author of the interim report, and research scientist at NASA’s Jet Propulsion Lab, said we’re in the midst of a software revolution and that big advances in hardware are becoming less of an issue. The task at hand, he said, is to create “algorithms of punch and counterpunch.” Andrew Hallman, the principal executive at the Office of the Director of National Intelligence, said AI will exert a tremendous influence on American security concerns, including the general speed of operations, identity intelligence (i.e. identifying patterns in the relationships of people and organizations), detecting and defending against “influence operations” (i.e. adversaries who spread false or misleading information or try to influence elections), among other realms. The U.S. will need to “respond to cyber intrusions at machine speed and faster than our adversaries,” said Hallman. Also speaking at the conference was commission co-chair Robert Work, who said AI can keep Americans secure but only “if we let it.” He said defense and security agencies have to “urgently” accelerate their efforts but warned that the underlying infrastructure at the Department of Defense is “severely” underdeveloped. Work said collaborations should be welcomed, both domestically and internationally, to help solve common problems, including efforts to improve the explainability of AI. Former secretary of state Henry Kissinger, who spoke at the conference in a kind of fireside chat format, addressed this exact issue—that is, the potential for machine intelligence to operate beyond human comprehension. Kissinger said AI is “bound to change the nature of strategy and warfare” and could also upend the way diplomacy is done. He noted that future engagements involving AI will create a tremendous amount of ambiguity in terms of a country’s ability to understand the nature of a threat and who’s responsible, as an “enemy may not know where the threat came from.” Kissinger’s fear conjures many different possible scenarios, including nations falsely blaming each other for AI-related attacks, a kind of digital fog-of-war in which no one is even sure what’s happening. This tracks with a recent report finding that AI will increase the risk of nuclear war. Senator Chuck Schumer (D-New York) spoke briefly at the conference, saying the U.S. has “not matched the level of commitment” of its adversaries and that “we will rue the day” should the U.S. fall behind China and Russia. Schumer said a discussion draft is currently in development to consider a new branch of the National Science Foundation. The new agency would fund fundamental research related to AI and other high-tech areas, such as quantum computing and robotics, he said, adding that these grants, amounting to $100 billion, would go to universities, companies, and special government agencies. When the full report is released next year, we’ll see how much money the commission wants the U.S. to spend on artificial intelligence R&D. If this report is any indication, however, it likely won’t be a small amount.
  14. Scam artists are using phone numbers from more than a dozen federal government departments to defraud Canadians — making it look as if the calls are coming from legitimate government agencies and police departments. Some of the calls tell potential victims that their social insurance numbers have been compromised. Others are told that they owe the government money and are in legal trouble. To deceive potential victims who examine the numbers on incoming calls, the scammers spoof their calls so that they display the phone numbers of the relevant federal government departments. In many cases, a scammer tells a victim they will be getting a call from a police officer — then spoofs the call that comes in a few minutes later so that it appears to be coming from local police. "It's hitting lots of Canadians," said Jeff Thomson of the Canadian Anti-Fraud Centre. His own organization has been hit by the scam, with fraudsters pretending to be calling from his office. "It's inundating police departments and it's inundating us with a number of calls. So it's a huge impact. We've seen a huge spike in the reporting on this fraud." Thomson said he received four scam calls on his own personal phone inside of one week. Scam undermining work of federal departments The scam is having an impact on the ability of government departments to serve the public because they are being bogged down with phone calls from Canadians checking to see whether the calls they're getting are legitimate. Federal government officials were unable to say just how many departments and agencies have been affected to date by the scam. But atleast a dozen have been identified — including bodies like the Canadian Anti-Fraud Centre, local RCMP divisions, the Competition Bureau and the Cybersecurity Centre which are supposed to help protect Canadians. The calls spoofing the phone numbers of several different government departments appear to be part of a newer, more sophisticated version of a scam that has been running since at least 2014. That older scam involves fraud artists claiming to be agents of the Canada Revenue Agency, while the newer scam impersonates more government departments. In 2018, an investigation into the CRA phone scam tracked the calls to a call centre in Mumbai, India. Since 2014, the Canadian Anti-Fraud Centre has received 78,472 reports from across Canada of scammers pretending to represent the CRA or Immigration, Refugees and Citizenship Canada. The centre said 4,695 people across Canada have lost more than $16.7 million to the scam. That doesn't include people like Andrea van Noord of Vancouver, who lost $6,000 last week to the scam. The series of events that cleaned out her bank account started when she picked up her cellphone to hear a recorded message claiming to come from the CRA. 'I was panicked' "I do owe them a small sum of money ... so when I heard that not pressing one would be tantamount to not showing up in court to deal with that issue, I was panicked," she said. "So I pressed one." A woman asked her to confirm her identity, then told her that her social insurance number had been used in a $3 million fraud involving 25 credit cards. When the woman asked if her personal information could have been stolen, van Noord thought immediately of the laptop filled with personal information that had been stolen from her car a year ago. The unknown woman then volunteered to help by contacting Vancouver police and starting a process to clear her name. Minutes later, when van Noord's phone rang, it displayed the Vancouver police department's phone number, spoofed by the scammers. A separate woman, claiming to be a Vancouver police officer, told her that a 1998 Toyota Camry registered in her name had been abandoned in North Vancouver with bloodstains on the back seat and the trunk. A house, also registered in her name, was found with 22 pounds of cocaine inside, the phoney officer told her. "It all just seemed very plausible to me and very scary," van Noord said. "They said at this time there was a warrant for my arrest and I was currently being charged with drug trafficking, money laundering and fraud against the Canada Revenue Agency." The fake police officer claimed there was a series of bank accounts in her name and asked van Noord about her actual bank accounts and how much money they contained. The fraudster told her she had to withdraw her money within the hour to protect it before the account was frozen. Keeping her on the phone the entire time, the scammer instructed her to take a cab to her bank and coached her as she withdrew the money., then told her to take it to a café with a bitcoin machine (described as a "government wallet safe machine") that would "protect" her money. It was only later in the day, after she talked with her partner, that she realized she had been robbed. "I felt like an idiot," she said. "I felt completely invaded. I felt kind of dirty. I felt that this was very much my fault and that I should have recognized the signs." Van Noord said both of the people she spoke with had accents that suggested they were based in India. Police told her there wasn't much they could do.Thomson said van Noord's experience is not unique. "These calls are very alarming," he said. "The callers will present themselves as a government official. They will sound very official. They will use a badge number. They will say they are an officer or special agent or an official-sounding title to give themselves some credibility. "They will sound very formal and they will come across as very threatening and ask you to act right away." Thomson said the centre is still getting reports of scammers claiming to be from the CRA but, increasingly, they have been posing as representatives of other government departments. He said those behind the scam are based overseas. "If you have fraudsters operating in one country, targeting consumers in another country and money going to yet a third country, they're clearly organized," he said. "It's organized crime and it's international in scope." Isabelle Maheu is a spokeswoman for Employment and Social Development Canada, which includes Service Canada. She said the fraudulent calls are affecting the government's ability to provide services to Canadians. "Wary Canadians who receive a suspicious incoming phone call frequently disconnect the call and call the government to verify the legitimacy of the call," she explained. "This can result in an increase in call volume and caller wait times. Additionally, legitimate phone calls from government departments can be dismissed as fraudulent, leading to the recipient of the call not receiving important information." Many of the departments whose numbers are being spoofed have put notices on their websites warning Canadians. Meanwhile, the Canadian Radio-television and Telecommunications Commission (CRTC) has given telecommunications providers until Dec. 19, 2019 to implement a system to block calls in their networks to crack down on nuisance and illegitimate calls. Here's a list of some of the federal departments, agencies and courts whose phone numbers are being spoofed: •Service Canada •Justice Canada •Federal Court •Federal Court of Appeal •Department of National Defence •Canadian Anti-Fraud Centre •Canada Revenue Agency •RCMP detachments in Kingston and Cornwall •Correctional Service of Canada •Canadian Centre for Cyber Security •Privacy Commissioner's Office •Competition Bureau of Canada •Financial Consumer Agency of Canada •Canada Border Services Agency •Parole Board of Canada
  15. At the end of October, the Bloodhound supersonic car team clocked up a new record for the decade-plus project of 334 mph. On Friday, the car pushed past the 450 mph mark and came tantalizingly close to Bloodhound LSR's current target of 500 mph. Run Profile 5 was not all about speed, the Land Speed Racing team also wanted to test the left parachute. Driver Andy Green picked up speed to 50 mph (80 km/h) before pushing down the throttle to engage maximum reheat to dial in 90 kN of thrust and rocket the vehicle down the Hakskeenpan desert runway. When he reached 440 mph (708 km/h), Green eased back on the throttle but acceleration increased to 461 mph (741.9 km/h) before the parachute was pulled. The front brakes were only applied when the supersonic car had dropped to 150 mph. At the 9-km (5.6-mi) mark on the runway, the car was u-turned and prepared for Run Profile 6. Sadly, it wasn't to be and the planned 500 mph run was aborted due to minor damage. The damage is being repaired and the next run planned. The team is aiming to break the current 763.035 mph (1,227.9 km/h) late next year, and will then focus on blasting past the 1,000-mph mark. Source: Bloodhound LSR