• Content Count

  • Joined

  • Last visited

  • Days Won


Everything posted by kya100

  1. Omniverse, a now-defunct supplier of IPTV streams, has agreed to pay $50 million in piracy damages to several Hollywood studios. Omniverse initially described the piracy allegations as "scandalous" but has since stepped back from its claim. Anti-piracy group ACE, which was a driving force behind the lawsuit, is pleased with yet another legal victory. In February, several major Hollywood studios filed a lawsuit against Omniverse One World Television. Under the flag of anti-piracy group ACE, the companies accused Omniverse and its owner Jason DeMeo of supplying of pirate streaming channels to various IPTV services. Omniverse sold live-streaming services to third-party distributors, such as Dragon Box and HDHomerun, which in turn offered live TV streaming packages to customers. According to ACE, the company was a pirate streaming TV supplier, offering these channels without permission from its members. Omniverse disagreed with this characterization and countered that it did everything by the book. It relied on a deal from the licensed cable company Hovsat, which has a long-standing agreement with DirecTV to distribute a broad range of TV-channels with few restrictions. As time went on, however, it transpired that the streaming provider was clearly worried about the legal threat. After several of its distributors distanced themselves from the service, Omniverse decided to wind down its business. The streaming provider also filed a third-party complaint against Hovsat for indemnification and breach of contract, among other things. Omniverse believed that it was properly licensed and wants Hovsat to pay the damages for any alleged infringements if that was not the case. That there are damages became crystal clear yesterday, when ACE announced that it had obtained a consent judgment against Omniverse. Both parties have agreed to settle the matter with the streaming provider committing to pay a $50 million settlement. “Damages are awarded in favor of Plaintiffs and against Defendants, jointly and severally, in the total amount of fifty million dollars,” the proposed judgment reads. The agreement also includes a permanent injunction that prevents Omniverse and its owner Jason DeMeo from operating the service and being involved in supplying or offering pirate streaming channels in any other way. The damages amount of $50 million is a substantial figure. In the past, however, we have seen that the public figure can be substantially higher than what’s agreed in private. In any case, Omniverse may hold Hovsat accountable, as previously suggested. Karen Thorland, Senior Vice President at the Motion Picture Association, which has a leading role in the ACE coalition, is pleased with the outcome. “This judgment and injunction are a major win for creators, audiences, and the legitimate streaming market, which has been undermined by Omniverse and its ‘back office’ piracy infrastructure for years,” Thorland, says Over the past years, ACE has built a steady track record of successful cases against IPTV providers and services. In addition to Omniverse, it also helped to shut down SetTV, Dragon Box, TickBox, Vader Streams, and many third-party Kodi addons. The consent judgment and permanent injunction have yet to be signed off by the court but since both parties are in agreement, that’s mostly a formality.
  2. Two groups involved in the distribution of third-party Kodi addons and 'builds' have shut down citing legal pressure. KodiUKTV and OneNation both ran so-called repositories where software could be downloaded but that activity will not continue into the future. It is currently unknown who threatened the groups but there are a couple of prime candidates. Being involved in the development of third-party Kodi addons and ‘builds’ (Kodi installations pre-customized with addons and tweaks) is a somewhat risky activity. Providing simple access to otherwise restricted movies and TV shows attracts copyright holders, and that always has the potential to end badly. And it does, pretty regularly. On November 1, 2019, UK-focused Kodi platform made an announcement on Twitter, stating briefly that “Something has happened this morning. Sorry!” While that could mean anything, an ominous follow-up message indicated that a statement would be released in due course “detailing the future”. Several hours later, confirmed what fans already knew, that it had taken down its site. Why that happened remained open to question but a few hours ago the group confirmed that legal action was to blame. “We took our website offline 10 days ago closed our repo and the builds due to legal demands against us,” announced on Twitter. “We will say more when we can bring the site back up safely. But the builds & repo will not be back nor will we host any add-ons anymore for anyone.” The closure is particularly bad news for anyone who used the popular DadLife Kodi build that was previously installable via the group’s repository. Whether it will find a new official home somewhere else is open to question. But there is more bad news too. In an announcement posted a few hours ago to its Facebook page, Kodi builds and addon repository OneNation revealed that it too had shut down, again as a result of legal pressure. “Unfortunately due to outside Legal pressures this group will close with immediate effect along with our Repository etc. We would just like to thank each and every one of you for all your support over the years,” OneNation wrote. Noting they’d had an “absolute blast”, OneNation added they were going out with their “heads held high” having done things their way, without “robbing links from others” or accepting payment in any “shape or form”. OneNation: another one bites the dust OneNation went down with strict instructions for no-one to contact the team for any further information and to treat any additional information published online as “hearsay.” That means that confirming who applied the legal pressure will be reliant on word from the anti-piracy groups most likely to be have been involved.
  3. Last year, Defense Distributed won a legal battle, which allowed it to continue uploading and sharing blueprints for 3D-printed guns. The decision was immediately criticized by states and gun-reform advocates. Now, a US District Judge has overturned the ruling. Once again, it is illegal to publish blueprints for 3D-printed guns online. The battle started in 2012, when Defense Distributed posted blueprints for a 3D-printed pistol. More than 100,000 copies were downloaded, and it wasn't long before the US State Department told Defense Distributed that it was violating International Traffic in Arms Regulations. The State Department said sharing the files "could cause serious harm to U.S. national security and foreign policy interests." Defense Distributed argued that preventing it from sharing its blueprints online violated the First Amendment, and in what many felt was a surprising response, the State Department surrendered to that argument. It reached a settlement with Defense Distributed that allowed the company to continue sharing its 3D-printed gun files. Yesterday, U.S. District Judge Robert Lasnik in Seattle ruled that the State Department did not give a proper explanation when it reached that settlement. That's a violation of the federal Administrative Procedure Act, and as a result, Lasnik has overturned the ruling. "Given the agency's prior position regarding the need to regulate 3D-printed firearms and the CAD files used to manufacture them, it must do more than simply announce a contrary position," Lasnik wrote in his decision. The State Department is reviewing Lasnik's ruling, and Defense Distributed will likely appeal., Even President Trump said 3D-printed guns don't "make much sense." Whether or not Lasnik's ruling is allowed to stand, the battle over 3D-printed guns will likely continue.
  4. It's not just Apple and Facebook diving headlong into the financial world. Google has revealed plans to offer checking accounts in 2020 through a project nicknamed Cache. The search giant won't handle the actual underpinnings -- Citigroup and a credit union at Stanford University will both handle the accounts and feature the most prominent branding. There will still be integration between Google and the accounts, though, and some of it might raise concerns among regulators. Google is promising that it won't sell account holders' financial data. Instead, this is meant to add value for customers, shops and the banks themselves with services like loyalty programs. In a chat with the Wall Street Journal, the company's Caesar Sengupta also touted it as a way to further digitize the banking world. "If we can help more people do more stuff in a digital way... it's good for the internet and good for us," he said. Whether or not officials see it the same way is another story. Banking accounts include extremely sensitive information by their very nature, and governments will want assurances that Google isn't snooping on that data, exposing it to security risks or abusing it to maintain its internet dominance. Rivals like Facebook are already facing scrutiny for their financial plans -- Google might encounter more of the same. Combine that with ongoing antitrust investigations and Google may have to go out of its way to prove that its checking accounts will help more than they hurt.
  5. A laser defense system burned several flying drones out of the sky at army base in Oklahoma, demonstrating it can handle multiple threats per engagement. The U.S. military is pushing to develop laser weapons as a counter to the threat of drone swarms against military bases, especially air bases, where a single drone can do a lot of damage against multi-million dollar aircraft. Advanced Test High Energy Asset, or ATHENA, is a 30 kilowatt laser weapon system that uses the 30 kilowatt Accelerated Laser Demonstration Initiative (ALADIN) laser. ALADIN combines the power of three 10 kilowatt fiber lasers into a single 30 kilowatt beam. The use of multiple lasers means it can also operate at lower levels, say 10 or 20 kilowatts, if necessary. Thirty kilowatts is sufficient to inflict structural damage against drones, causing them to fall out of the sky. Lasers are concentrated beams of light that transmit large amounts of electromagnetic radiation, expressed in kilowatts, against their target. Pointed at a target, the laser causes rapid heating on the surface. This can cause objects to melt and fuel tanks to ignite. A drone can fail structurally, falling out of the sky, or burst into flames. Lockheed Martin’s press release says ATHENA torched several flying drones, including fixed wing (glider-type) and rotor (quadcopter) drones. The company says a “government command and control (C2) system and radar sensor” detected the drones, then passed on the radar track to airmen controlling the laser weapon. The U.S. Air Force is concerned about the threat of drone swarms against air bases and the multi-million dollar radars and aircraft stationed there. Even a small drone carrying a grenade-sized explosive warhead could easily disable a $80 million F-35 Joint Strike Fighter parked on the tarmac of an air base. Drones swarms could also do things like attack Patriot missile batteries and their fragile radars, destroying them and clearing the way for more powerful air attacks. In January 2018 Russian forces beat back a drone swarm launched against their main air base, Khmeimim Air Base, in Syria. The attacking drones, coordinated by Syrian rebels, were all shot down. Despite its failure, the attack put the world’s armed forces on notice: the age of the drone swarm was here. The release describing this latest ATHENA test lacks key details: how many drones were there? How quickly were the drones engaged? Did the laser miss? Did the data link between the sensor and the airmen aiming the laser work smoothly? How many kilowatts did ATHENA require to shoot down the drones? How far away were the drones from the laser when they were shot down? According to Lockheed Martin ATHENA is also capable of shooting down incoming artillery shells and rockets. This also has a U.S. Air Force application. In 1967, a Viet Cong rocket attack on Bien Hoa air base in South Vietnam killed eight Americans, wounded 173, and destroyed 11 aircraft on the ground. In anti-artillery mode, ATHENA operates autonomously, with no “man in the loop” to authorize the laser to fire. Artillery rounds simply move too fast for the system to seek permission from a human operator.
  6. The Center for Disease Control is edging closer to an explanation for vaping-related lung illnesses. The agency has determined that vitamin E acetate, a compound present in all 29 lung tissue samples obtained from patients, is a "potential toxin of concern." The chemical is used to dilute liquid in e-cigarettes and vaping products that include THC, and is found in some food as well as cosmetic products like skin cream. It doesn't normally cause harm when swallowed or rubbed on your skin, but past research suggests that inhaling might impede lung functions. There were other ingredients in the samples, although they didn't appear as consistently. THC surfaced in 23 out of the samples, while nicotine appeared in 16. The CDC was quick to warn that vitamin E acetate wasn't confirmed as the cause, and that there may be multiple factors involved in the occasionally deadly illnesses. It nonetheless repeated a recommendation to avoid using e-cigs and vapes that included THC, especially from "informal sources" like friends or street dealers. The CDC also stressed that companies shouldn't add the compound to their products until and unless there's a clearer understanding of its effect on lungs. Answers may well be coming -- it's just that officials don't want to take any chances.
  7. Global anti-piracy coalition Alliance for Creativity and Entertainment is continuing its drive to purge pirate sites from the Internet. In addition to the dramatic taking down of Openload last week and a related domain seizure run, another two streaming services have succumbed to the Alliance's wishes by closing down their operations and handing their domains to the MPA. After a standing start just over two years ago, the Alliance for Creativity and Entertainment quickly became the most feared anti-piracy group on the planet. Compromised of around three dozen entertainment companies, including the major Hollywood studios, Netflix and Amazon, the group now targets piracy on a global scale, sharing resources and costs to tackle infringement wherever it might be. Last week the group took down Openload and Streamango, a dramatic and significant action by any standard. However, as documented here on several occasions (1,2,3), the anti-piracy group also shuts down smaller players with little to no fanfare. Today we can report that another two sites have joined the club. The first,, appears to have been a seller/reseller of IPTV services targeted at the Brazilian market. Its packages started off pretty cheaply, less than US$4.50 for around 1000 standard definition channels. The ‘master’ package, however, offered an impressive 13,000 mixed SD, HD and ‘FullHD’ channels for around US$9.70 per month, almost double the price but still cheap by most standards.…..gone Thanks to the intervention of ACE, however, the site’s domain is now in the hands of the MPA. A notice on the site informs visitors that the platform bit the dust for infringing copyright. The familiar timer then runs down to zero and diverts disappointed users to the ACE homepage for a lesson in copyright. Finally, a dedicated streaming portal has also handed over its domain to ACE. first appeared online in 2015, streaming popular TV shows such as Game of Thrones, The Walking Dead, and Prison Break to a fairly sizeable audience. But now, without any official announcement from ACE, the show is clearly over for the TV show streaming platform. Like so many other similar sites and services, its domain now redirects to the ACE anti-piracy portal. What happened between the parties may never be known but it seems fairly obvious that the group’s influence convinced the site’s operator that continuing just wasn’t worth the trouble. Finally, over the past week ACE has been taking control of more Openload, Streamango, and StreamCherry domains. We previously reported that,,,, and had been seized, but more can be added to the list. They are:,,,,,,,,,,,,,,,,,,,, and openload.status.
  8. Last year, several major music companies sued Internet provider Cox Communications for failing to take proper action against pirating subscribers. The case will soon head to trial where Cox plans to present evidence showing that its anti-piracy measures were effective. However, the music labels want to exclude the evidence, describing it as a confusing mess of misleading calculations. Regular Internet providers are being put under increasing pressure for not doing enough to curb copyright infringement. Music rights company BMG got the ball rolling a few years ago when it won its piracy liability lawsuit against Cox Communications. The ISP was ordered to pay $25 million in damages and another $8 million in legal fees. Hoping to escape this judgment, the company filed an appeal, but the case was eventually settled with Cox agreeing to pay an undisclosed but substantial settlement amount. The landmark case signaled the start of many similar lawsuits against a variety of ISPs, several of which are still ongoing. In fact, just days after the settlement was announced, Cox was sued again, this time by a group of RIAA-affiliated music companies. In simple terms, the crux of the case is whether Cox did enough stop pirating subscribers. While the ISP did have the policy to disconnect repeat infringers, the music companies argue that this wasn’t sufficient. Over the past several months, both parties have conducted discovery and they are currently gearing up for a jury trial which is scheduled for December. Most recently, both parties have presented their motions in limine, requesting the court to exclude certain testimony from being presented to the jury. This is typically material they see as irrelevant, misleading, or confusing. One of the music companies’ motions focuses on a document (DX 74) Cox wants to present which indicates that the ISP’s own graduated response system worked pretty well. Apparently, internal Cox research showed that 96% of subscribers stop receiving notices after the 5th warning. This was concluded in 2010 and resulted in the ISP’s belief that its “graduated response” system was effective. The number was also brought up to the plaintiffs, as it was mentioned during the Copyright Alert System negotiations. Cox says that it chose not to join this voluntary piracy notice agreement because it already had a functional anti-piracy system in place. The music companies don’t want this evidence to be shown to the jury. In a reply to Cox’s objections, they argue that the facts and figures in the document are a confusing mess of misleading calculations that lack data to support them. The reply, which also rebuts other issues, is aggressively worded and redacts the 96% figure at the center of the dispute. “The mere utterance of the so-called ‘study’ and its misleading and unsupported conclusion will lend it an air of credibility in the jury’s mind. The proverbial bell cannot be un-rung. The only adequate solution is exclusion,” the music companies write. Cox has also submitted a variety of motions in limine. Among other things, the ISP doesn’t want the plaintiffs to present the millions of infringement notices tracking company MarkMonitor sent to Cox on behalf of other rightsholders. The music companies disagree, however, arguing that the jury is allowed to know that potential copyright infringements are not limited to their own complaints. The other notices are also relevant to determine crucial issues such as liability, willfulness, and statutory damages, they add. According to Cox, however, these third-party infringements notices are irrelevant to the present case and don’t prove anything. “Plaintiffs’ attempt to litigate this case with evidence from an unrelated case concerning acts of infringement that are not at issue is inappropriate, improper, and prejudicial. Plaintiffs’ evidence of third-party infringement allegations should be excluded from trial.” The docket is littered with back and forths on issues one party wants to exclude while being considered vital evidence by the other. This process is generally the last major clash before the trial starts. The court has yet to rule on the various motions. When that is done the case will move forward. If all goes according to the current schedule, the verdict will be announced in a few weeks.
  9. Russia is planning to use swarms with more than 100 drones in them. Each drone would pack an explosive charge, and the swarms would be unleashed on convoys and other targets. A surefire defense against a large swarm may be impossible, but it's worth remembering that Russia says a lot of things, and not all of them come to pass. Russian academics and aerospace engineers recently came together to present a fairly terrifying vision of the future of warfare. Flock-93 envisions more than a hundred drones, each armed with an explosive charge, swarming targets including vehicle convoys. Although difficult to pull off (especially for Russia at this point), such huge drone swarms would be extremely hard to defend against, with even the best active defenses letting some of the drones through. An article at C4ISRNet describes the Flock-93 concept. Originally proposed by the Zhukovsky Air Force Academy and private industry, the concept involves simultaneously launching more than a hundred drones, each armed with a 5.5 pound warhead. The drones will be flying wings capable of taking off and landing vertically. Here’s one example of such a drone: A VTOL drone doesn’t need a runway for takeoff. In fact, you could crowd dozens of drones—or in Flock-93’s case more than a hundred—inside a fairly compact area, like a field surrounded by trees or the roof of a building. Currently there is no Flock-93 flying wing drone, and the drone pictured above is a Kalashnikov ZALA-KYB attack drone. There also isn't a proven method of controlling more than a hundred drones at once. Flock-93 is purely a concept at this point, but a very intriguing one. How does a military force defend against a swarm of more than a hundred drones? It’s not going to be easy. A kinetic defense involving missiles, anti-drone drones, cannons, shotguns, and machine guns will never be perfect. A defense that shoots down ninety percent of the drones, a very good number, still lets ten drones through. Directed energy weapons might fare marginally better, particularly microwave weapons that broadcast a broad swathe of microwave radiation, frying anything in its path. That would be something like a flamethrower against a horde locusts. Still, no flamethrower would ever get all the locusts—and no microwave weapon would get all the drones. The best defense against drone swarms might simply be jamming them, preventing them from receiving commands from human controllers. This would affect all the drones within range of the jammer with a 100 percent success rate. One countermeasure to this: make the drone autonomous, so they don’t need to receive radio signals at all. These kamikaze-like drone swarms are pretty far out for now, particularly for the Russia who lags behind the West in drone technology. But it will eventually catch up, and this is a clear road map to a weapon system that looks effective even on paper. Another country like China might take the concept and run with it first. It seems that sooner or later, swarms like Flock-93 will be everyone’s problem. Source: C4ISRNet
  10. A team of cybersecurity researchers has discovered a clever technique to remotely inject inaudible and invisible commands into voice-controlled devices — all just by shining a laser at the targeted device instead of using spoken words. Dubbed 'Light Commands,' the hack relies on a vulnerability in MEMS microphones embedded in widely-used popular voice-controllable systems that unintentionally respond to light as if it were sound. According to experiments done by a team of researchers from Japanese and Michigan Universities, a remote attacker standing at a distance of several meters away from a device can covertly trigger the attack by simply modulating the amplitude of laser light to produce an acoustic pressure wave. "By modulating an electrical signal in the intensity of a light beam, attackers can trick microphones into producing electrical signals as if they are receiving genuine audio," the researchers said in their paper. Doesn't this sound creepy? Now read this part carefully… Smart voice assistants in your phones, tablets, and other smart devices, such as Google Home and Nest Cam IQ, Amazon Alexa and Echo, Facebook Portal, Apple Siri devices, are all vulnerable to this new light-based signal injection attack. "As such, any system that uses MEMS microphones and acts on this data without additional user confirmation might be vulnerable," the researchers said. Since the technique ultimately allows attackers to inject commands as a legitimate user, the impact of such an attack can be evaluated based on the level of access your voice assistants have over other connected devices or services. Therefore, with the light commands attack, the attackers can also hijack any digital smart systems attached to the targeted voice-controlled assistants, for example: Control smart home switches, Open smart garage doors, Make online purchases, Remotely unlock and start certain vehicles, Open smart locks by stealthily brute-forcing the user's PIN number. As shown in the video demonstration listed below: In one of their experiments, researchers simply injected "OK Google, open the garage door" command to a Google Home by shooting a laser beam at Google Home that was connected to it and successfully opened a garage door. In a second experiment, the researchers successfully issued the same command, but this time from a separate building, about 230 feet away from the targeted Google Home device through a glass window. Besides longer-range devices, researchers were also able to test their attacks against a variety of smartphone devices that use voice assistants, including iPhone XR, Samsung Galaxy S9, and Google Pixel 2, but they work only at short distances. The maximum range for this attack depends upon the power of the laser, the intensity of the light, and of course, your aiming capabilities. Besides this, physical barriers (e.g., windows) and the absorption of ultrasonic waves in the air can further reduce the range of the attack. Web Application Firewall Moreover, in cases where speech recognition is enabled, attackers can defeat the speaker authentication feature by constructing the recording of desired voice commands from relevant words spoken by the device's legitimate owner. According to the researchers, these attacks can be mounted "easily and cheaply," using a simple laser pointer,a laser driver, and a sound amplifier. For their set up, they also used a telephoto lens to focus the laser for long-range attacks. How can you protect yourself against the light vulnerability in real-life? Software makers should offer users to add an additional layer of authentication before processing commands to mitigate malicious attacks. For now, the best and common solution is to keep the line of sight of your voice assistant devices physically blocked from the outside and avoid giving it access to things that you don't want someone else to access. voice activated smart assistant hacking The team of researchers—Takeshi Sugawara from the Japan's University of Electro-Communications and Mr. Fu, Daniel Genkin, Sara Rampazzi, and Benjamin Cyr from the University of Michigan—also released their findings in a paper on Monday. Genkin was also one of the researchers who discovered two major microprocessor vulnerabilities, known as Meltdown and Spectre, last year.
  11. Citing reports of unlawful phone tracking confirmed by Homeland Security officials last year, Senator Ron Wyden on Wednesday called on the Federal Communications Commission to establish new regulations to force wireless companies to secure 5G networks from unlawful interception and tracking. While older cellular network technology has long been easy to compromise, the wireless industry is still in the early days of rolling out 5G and is still in a position to address known vulnerabilities exploited by hackers and foreign governments, Wyden writes in a letter sent to FCC Chairman Ajit Pai on Wednesday. “Unencrypted cellular phone calls and other wireless communications have long been vulnerable to interception by criminals and spies. Surveillance technology companies openly sell products that exploit these flaws to intercept calls, track phones and infect phones will malware,” the letter says. “This decades-long cybersecurity vulnerability has undoubtedly caused massive harm to our national security, and damage continues with each sensitive call or text that is tapped.” Last year, the Department of Homeland Security revealed it had obtained evidence of phone tracking equipment being used near the White House and other sensitive locations around the nation’s capitol. The devices, called IMSI catchers, or “Stringrays” after a popular law enforcement model, mimic cell phone towers and, with the addition of hand-held or vehicle-mounted equipment, can be used to accurately pinpoint a cellphone’s location to a single home or apartment. In certain modes, the devices are known to be highly disruptive, causing nearby phones to drop their connectivity. Researchers have shown that illegal home-brew versions of IMSI catchers, which cost less than $1,000 to make, are also capable of launching more sophisticated attacks; booting phones off phone networks and leaving them inoperable, for example. In a September 2018 report, an FCC advisory group known as the Communications Security, Reliability and Interoperability Council (CSRIC)—or “scissor-ick”—noted that many common attacks on cellular networks could be mitigated by improvements in 5G. These include location tracking, traffic interception, network spoofing, denial of service, impersonation of devices, and the malicious use of base stations. Even with these improvements, however, phones may still be vulnerable if they can be tricked into downgrading to a lower generation of network technology. This is accomplished through what’s known as a “bidding down attack.” Security researchers are already looking for ways to exploit 5G networks using this technique. CSRIC recommended that carriers adopt various encryption and authentication technologies to ward off attacks, noting that, for example, hackers targeting networks whose brain is based on a Software-Defined Network (SDN) architecture “can take advantage of any unencrypted communication interface to intercept or interfere with traffic to and from a central controller or network element.” However, the group does not recommend any regulatory action whatsoever. At every turn, it states the best route is to allow the telecommunications industry to do its own thing; the government should merely provide the companies with threat assessments generated by the Department of Homeland Security to help inform its decision. But it’s worth noting that CSRIC is overwhelmingly compromised of industry representatives. This, even though originally CSRIC was intended to include a balance of government and non-profit consumer advocates as well. According to recent research by the Project on Government Oversight (POGO), the last iteration of CSRIC—responsible for the aforementioned security recommendations—included 13 privacy-sector members and only a single civil society representative. “For decades, wireless carriers have ignored known cybersecurity vulnerabilities that foreign governments were and are still actively exploiting to target Americans. The market has failed to incentivize cybersecurity in part because consumers have no way of comparing the cybersecurity practices of phone companies,” Wyden states. “The FCC has the authority to regulate wireless carriers and their use of the public airwaves, particularly in areas that involve public safety and nation security,” he says. “The FCC must stop leaving the cybersecurity of American consumers, businesses and government agencies to wireless carriers and finally secure America’s next-generation 5G networks against interception and hacking by criminals and foreign spies.”
  12. Researchers have breached a crowdsourced DNA database by reverse engineering a user profile. DNA testing and database sites are vulnerable to many kinds of attacks and data sales. Users must ask themselves if the potential benefits of DNA testing outweigh privacy concerns. Genealogy and security are clashing yet again, this time over the massively crowdsourced DNA database GEDmatch. MIT Technology Review reports that computer science researchers designed targeted attacks that breached the GEDmatch database by making complex search strings that let them guess much of users’ DNA. The founder of GEDmatch, Curtis Rogers, said he’s not that surprised, because genealogy has always involved sharing information and comparing it directly to others to find commonality. This has been exploited in the past by social engineering, the low-tech but effective form of hacking that involves searching for written-down passwords, asking personal questions to glean security clues, and more. We’re all asked for our mother’s maiden name, which is an anachronism in a hundred ways in 2019, least of all that it’s very easily findable on any genealogy site. Even sites that attempt to use other information still ask for family names and relationships, probably because users who don’t understand the importance of a secure password also won’t spend time or energy to make secure passwords, let alone remember them without an accessible hint. Now, services like Ancestry or 23andMe bank users’ genome data, and amassing more and more sample data lets their results grow more specific and accurate by reducing the margin of error. But these services are also likely selling your genome to drug companies or even insurers. It seems like there’s a paradox in information security where users are so sure their identity will be stolen or their data will be sold that they choose not to worry about it or attempt to prevent it. Enter GEDmatch, a user-sourced database designed to help match people with unknown relatives. Because of the openness and accessibility of the project, it’s available to law enforcement as well. (Last year, California police revealed they used GEDmatch to finally ID the notorious Golden State Killer.) Without your express permission, law enforcement can only obtain your DNA if you’re arrested for a related crime. But departments are beginning to collect samples from entire communities as a way to, purportedly, exclude the innocent. With that in mind, it’s easy to see why the vulnerability that researchers found in GEDmatch is so troubling. They put together a DNA profile and uploaded it to the site, which in turn unlocked the ability to search for close matches. GEDmatch is run by volunteers who have, apparently, done too good a job building their user interface and search capability; this specific kind of attack only works on their system, not those of commercial sites like Ancestry or 23andMe. Experts say that one of the big ways an open database could be exploited is that strangers could claim to be relatives in order to gain an advantage. Think of the classic “Nigerian prince” scam, but with an even more tempting sheen of science-y credulity based on shared DNA. The reason commercial testing sites aren’t vulnerable is that they don’t let users share their own data. If someone sought to defraud 23andMe in the same way, they’d have to do something like take a sample from another person and submit it as their own. If GEDmatch is like a bank of data, right now the bank doesn’t even have a security guard snoozing by the front door. Years ago, internet users at corporations or universities would share corporate credit card information or FedEx account numbers on public websites they just assumed strangers would have no reason to look at, and this mismatch of audience and intention is nothing new. Hopefully other services can learn from this hack and better secure their information.
  13. An interim report compiled by a national security panel warns the U.S. government of falling too far behind China and Russia in the AI arms race, while calling for new investments to foster innovation. Released yesterday, the November interim report from the National Security Commission on Artificial Intelligence (NSCAI) advises the U.S. government to get its act together on the development of security- and defense-related AI, lest it fall behind its adversaries, namely China and Russia. Failure to do so would relinquish America’s role as a primary player in AI, while exposing the nation to serious new threats, including a diminishing of U.S. military advantage, unchecked disinformation campaigns, increased cyberattacks, and the erosion of democracy and civil liberties, according to the new report. “There’s no question the game is set... and we have to win.” “We are concerned that America’s role as the world’s leading innovator is threatened,” wrote commission chairman (and former Google CEO) Eric Schmidt and vice chairman Robert Work in the report’s introduction. “We are concerned that strategic competitors and non-state actors will employ AI to threaten Americans, our allies, and our values.” The final full report, which will include detailed budget recommendations, won’t be released until next year, but this preliminary version, which will be submitted to the U.S. Secretary of Defense, offered some advice on how the government should move forward. In summary, the government should invest heavily in AI research and development, increase its use of AI for national security purposes, train, recruit, and maintain AI talent, build upon pre-existing U.S. technologies, and work to foster global cooperation on AI-related matters, according to the report. To assist with the new report, the NSCAI held a conference yesterday (November 5) at the Liaison Washington Hotel in Washington D.C., titled “Strength Through Innovation: The Future of A.I. and U.S. National Security.” The purpose of the conference, which I viewed via livestream, was to discuss the interim report and to kickstart a series of discussions that will lead to the commission’s final report, which will eventually fall into the hands of Congress. “We are in a competition,” said Schmidt during his opening remarks. “There’s no question the game is set... and we have to win.” He said the U.S. government “is currently unprepared for the potential of AI,” and that a culture change needs to happen in both the public and private sectors. In addition to new investments in education, Schmidt said the U.S. needs to expand public and private sponsorship of R&D, work to keep talented researchers inside the U.S., be the first to reach global markets, and develop ancillary technologies like quantum computers and 5G networks. Schmidt said collaborative discussions will also be needed to ensure AI safety, such that AI will do “what we want it to do.” The U.S. would be smart to work with its competitors on this matter, he added. Christine Fox, an assistant director at Johns Hopkins University Applied Physics Lab, said cultural shifts will be required across many departments, both in the public and private sectors, and that leadership will be key to breaking stubborn bureaucracies resistant to change. “This is a multigenerational problem requiring a multigenerational solution.” The risks of falling behind in the AI arms race emerged as recurring theme throughout the day. Lieutenant General John N.T. “Jack” Shanahan, the director of the Joint Artificial Intelligence Center, talked about the coming shift to “algorithmic warfare” and how “we are going to be shocked by the speed, chaos, and bloodiness” of future combat involving AI. He said humans pitted against machines will have a distinct disadvantage and that it would be incumbent upon the U.S. to avoid this lopsided dynamic on the battlefield. Shanahan commended the authors of the interim report but cautioned that the findings will take some time to implement. “This is a multigenerational problem requiring a multigenerational solution,” he said. Shanahan heads the Pentagon’s Project Maven—an initiative that seeks to improve drone technology with AI. News that Google will no longer be participating in the program represented a serious setback for the project, but Shanahan said the incident served to expose deeper issues. He said “employees of these companies see no value in working with the DoD [Department of Defense],” and “we don’t make it easy for them.” Shanahan said the U.S. will not be able to attain the guidelines outlined in the new report without public-private partnerships, which he described as “the very essence of our success as a nation.” And unlike China or Russia, the U.S. government actually takes the time to consider the ethics of militarized AI, he said, in reference to a recently concluded DoD investigation. Steve Chien, a commissioner of the NSCAI, co-author of the interim report, and research scientist at NASA’s Jet Propulsion Lab, said we’re in the midst of a software revolution and that big advances in hardware are becoming less of an issue. The task at hand, he said, is to create “algorithms of punch and counterpunch.” Andrew Hallman, the principal executive at the Office of the Director of National Intelligence, said AI will exert a tremendous influence on American security concerns, including the general speed of operations, identity intelligence (i.e. identifying patterns in the relationships of people and organizations), detecting and defending against “influence operations” (i.e. adversaries who spread false or misleading information or try to influence elections), among other realms. The U.S. will need to “respond to cyber intrusions at machine speed and faster than our adversaries,” said Hallman. Also speaking at the conference was commission co-chair Robert Work, who said AI can keep Americans secure but only “if we let it.” He said defense and security agencies have to “urgently” accelerate their efforts but warned that the underlying infrastructure at the Department of Defense is “severely” underdeveloped. Work said collaborations should be welcomed, both domestically and internationally, to help solve common problems, including efforts to improve the explainability of AI. Former secretary of state Henry Kissinger, who spoke at the conference in a kind of fireside chat format, addressed this exact issue—that is, the potential for machine intelligence to operate beyond human comprehension. Kissinger said AI is “bound to change the nature of strategy and warfare” and could also upend the way diplomacy is done. He noted that future engagements involving AI will create a tremendous amount of ambiguity in terms of a country’s ability to understand the nature of a threat and who’s responsible, as an “enemy may not know where the threat came from.” Kissinger’s fear conjures many different possible scenarios, including nations falsely blaming each other for AI-related attacks, a kind of digital fog-of-war in which no one is even sure what’s happening. This tracks with a recent report finding that AI will increase the risk of nuclear war. Senator Chuck Schumer (D-New York) spoke briefly at the conference, saying the U.S. has “not matched the level of commitment” of its adversaries and that “we will rue the day” should the U.S. fall behind China and Russia. Schumer said a discussion draft is currently in development to consider a new branch of the National Science Foundation. The new agency would fund fundamental research related to AI and other high-tech areas, such as quantum computing and robotics, he said, adding that these grants, amounting to $100 billion, would go to universities, companies, and special government agencies. When the full report is released next year, we’ll see how much money the commission wants the U.S. to spend on artificial intelligence R&D. If this report is any indication, however, it likely won’t be a small amount.
  14. Scam artists are using phone numbers from more than a dozen federal government departments to defraud Canadians — making it look as if the calls are coming from legitimate government agencies and police departments. Some of the calls tell potential victims that their social insurance numbers have been compromised. Others are told that they owe the government money and are in legal trouble. To deceive potential victims who examine the numbers on incoming calls, the scammers spoof their calls so that they display the phone numbers of the relevant federal government departments. In many cases, a scammer tells a victim they will be getting a call from a police officer — then spoofs the call that comes in a few minutes later so that it appears to be coming from local police. "It's hitting lots of Canadians," said Jeff Thomson of the Canadian Anti-Fraud Centre. His own organization has been hit by the scam, with fraudsters pretending to be calling from his office. "It's inundating police departments and it's inundating us with a number of calls. So it's a huge impact. We've seen a huge spike in the reporting on this fraud." Thomson said he received four scam calls on his own personal phone inside of one week. Scam undermining work of federal departments The scam is having an impact on the ability of government departments to serve the public because they are being bogged down with phone calls from Canadians checking to see whether the calls they're getting are legitimate. Federal government officials were unable to say just how many departments and agencies have been affected to date by the scam. But atleast a dozen have been identified — including bodies like the Canadian Anti-Fraud Centre, local RCMP divisions, the Competition Bureau and the Cybersecurity Centre which are supposed to help protect Canadians. The calls spoofing the phone numbers of several different government departments appear to be part of a newer, more sophisticated version of a scam that has been running since at least 2014. That older scam involves fraud artists claiming to be agents of the Canada Revenue Agency, while the newer scam impersonates more government departments. In 2018, an investigation into the CRA phone scam tracked the calls to a call centre in Mumbai, India. Since 2014, the Canadian Anti-Fraud Centre has received 78,472 reports from across Canada of scammers pretending to represent the CRA or Immigration, Refugees and Citizenship Canada. The centre said 4,695 people across Canada have lost more than $16.7 million to the scam. That doesn't include people like Andrea van Noord of Vancouver, who lost $6,000 last week to the scam. The series of events that cleaned out her bank account started when she picked up her cellphone to hear a recorded message claiming to come from the CRA. 'I was panicked' "I do owe them a small sum of money ... so when I heard that not pressing one would be tantamount to not showing up in court to deal with that issue, I was panicked," she said. "So I pressed one." A woman asked her to confirm her identity, then told her that her social insurance number had been used in a $3 million fraud involving 25 credit cards. When the woman asked if her personal information could have been stolen, van Noord thought immediately of the laptop filled with personal information that had been stolen from her car a year ago. The unknown woman then volunteered to help by contacting Vancouver police and starting a process to clear her name. Minutes later, when van Noord's phone rang, it displayed the Vancouver police department's phone number, spoofed by the scammers. A separate woman, claiming to be a Vancouver police officer, told her that a 1998 Toyota Camry registered in her name had been abandoned in North Vancouver with bloodstains on the back seat and the trunk. A house, also registered in her name, was found with 22 pounds of cocaine inside, the phoney officer told her. "It all just seemed very plausible to me and very scary," van Noord said. "They said at this time there was a warrant for my arrest and I was currently being charged with drug trafficking, money laundering and fraud against the Canada Revenue Agency." The fake police officer claimed there was a series of bank accounts in her name and asked van Noord about her actual bank accounts and how much money they contained. The fraudster told her she had to withdraw her money within the hour to protect it before the account was frozen. Keeping her on the phone the entire time, the scammer instructed her to take a cab to her bank and coached her as she withdrew the money., then told her to take it to a café with a bitcoin machine (described as a "government wallet safe machine") that would "protect" her money. It was only later in the day, after she talked with her partner, that she realized she had been robbed. "I felt like an idiot," she said. "I felt completely invaded. I felt kind of dirty. I felt that this was very much my fault and that I should have recognized the signs." Van Noord said both of the people she spoke with had accents that suggested they were based in India. Police told her there wasn't much they could do.Thomson said van Noord's experience is not unique. "These calls are very alarming," he said. "The callers will present themselves as a government official. They will sound very official. They will use a badge number. They will say they are an officer or special agent or an official-sounding title to give themselves some credibility. "They will sound very formal and they will come across as very threatening and ask you to act right away." Thomson said the centre is still getting reports of scammers claiming to be from the CRA but, increasingly, they have been posing as representatives of other government departments. He said those behind the scam are based overseas. "If you have fraudsters operating in one country, targeting consumers in another country and money going to yet a third country, they're clearly organized," he said. "It's organized crime and it's international in scope." Isabelle Maheu is a spokeswoman for Employment and Social Development Canada, which includes Service Canada. She said the fraudulent calls are affecting the government's ability to provide services to Canadians. "Wary Canadians who receive a suspicious incoming phone call frequently disconnect the call and call the government to verify the legitimacy of the call," she explained. "This can result in an increase in call volume and caller wait times. Additionally, legitimate phone calls from government departments can be dismissed as fraudulent, leading to the recipient of the call not receiving important information." Many of the departments whose numbers are being spoofed have put notices on their websites warning Canadians. Meanwhile, the Canadian Radio-television and Telecommunications Commission (CRTC) has given telecommunications providers until Dec. 19, 2019 to implement a system to block calls in their networks to crack down on nuisance and illegitimate calls. Here's a list of some of the federal departments, agencies and courts whose phone numbers are being spoofed: •Service Canada •Justice Canada •Federal Court •Federal Court of Appeal •Department of National Defence •Canadian Anti-Fraud Centre •Canada Revenue Agency •RCMP detachments in Kingston and Cornwall •Correctional Service of Canada •Canadian Centre for Cyber Security •Privacy Commissioner's Office •Competition Bureau of Canada •Financial Consumer Agency of Canada •Canada Border Services Agency •Parole Board of Canada
  15. At the end of October, the Bloodhound supersonic car team clocked up a new record for the decade-plus project of 334 mph. On Friday, the car pushed past the 450 mph mark and came tantalizingly close to Bloodhound LSR's current target of 500 mph. Run Profile 5 was not all about speed, the Land Speed Racing team also wanted to test the left parachute. Driver Andy Green picked up speed to 50 mph (80 km/h) before pushing down the throttle to engage maximum reheat to dial in 90 kN of thrust and rocket the vehicle down the Hakskeenpan desert runway. When he reached 440 mph (708 km/h), Green eased back on the throttle but acceleration increased to 461 mph (741.9 km/h) before the parachute was pulled. The front brakes were only applied when the supersonic car had dropped to 150 mph. At the 9-km (5.6-mi) mark on the runway, the car was u-turned and prepared for Run Profile 6. Sadly, it wasn't to be and the planned 500 mph run was aborted due to minor damage. The damage is being repaired and the next run planned. The team is aiming to break the current 763.035 mph (1,227.9 km/h) late next year, and will then focus on blasting past the 1,000-mph mark. Source: Bloodhound LSR
  16. Originally developed for Israeli special forces operatives, the Australian-designed Tomcar TX is a mil-spec brick outhouse of a UTV. In fact, it's the go-anywhere UTV you need if you want to carry another UTV across some rough terrain. The TX series takes the UTV in a hyper-utility direction. Where others shoot for off-road fun and farming practicality, Tomcar has built these things to tow or carry at least their own weight, to survive parachute drops, to outlast anything on the market under the toughest conditions, and to be easily repairable in the field. The series includes the TX4 4-seater (pictured), the TX3 two-seater with a large tray, and a TX5 2-seater with a smaller tray and wheelbase. All are built on welded-up steel frame chassis designs incorporating a roll cage, a huge aluminum skid tray protecting the entire underside, and adjustable four-wheel independent suspension with 14 inches of travel apiece and a huge 17 inches of ground clearance. Unlike the company's early rear wheel drive designs, the TX series has incorporated 4WD. The engine is a 1.5-liter petrol 4-cylinder making 107 horsepower and 80 lb-ft (108.5 Nm) of torque, and the team has gone with a CVT transmission. Diesel and all-electric versions also appear to be in the works. The positioning of the heavy motor helps keep the center of mass low, enabling the TX to manage sidehill gradients over a ridiculous 60 degrees. When things get really hairy, you've got pneumatically activated locking diffs to call on, at both the front and rear axles. The cabin is significantly friendlier in this civilian version than the poor grunts in the military get, including a full heating and air con system, power steering, a widened cabin with extra room and cushioned seats. The company says it's also working on a "upscale" version with a fully enclosed cab, "additional amenities," and nicer materials inside. Source: Tomcar
  17. Major Internet platforms such as Facebook, Twitter and YouTube are taking proactive measures to keep offensive content off their services. According to the Motion Picture Association, online services can use similar systems to proactively remove pirated content too. That would be even easier since it doesn't raise the same speech concerns, the group's senior vice president notes. The entertainment industries are becoming increasingly frustrated by major Internet platforms that are, in their view, not doing enough to tackle online piracy. While legitimate user-generated content platforms respond to takedown requests, which they are legally required to, most don’t go any further. This, despite repeated calls from industry groups for help. Over the past several years, the Motion Picture Association (MPA) has made some progress, partnering with several intermediaries, including payment providers and advertising companies. However, it has struggled to persuade major user-generated platforms and social media sites to be more proactive. This frustration is fueled by more recent developments which have seen these same platforms take voluntary action against hate speech, fake news, violence, and other offensive content that populates social media timelines. Twitter, for example, took action against more than half a million accounts over “hateful content” during the first half of the year, helped by ‘artificial intelligence’. YouTube and Facebook also report that they are doing more to proactively detect hate speech, while other online services are taking voluntary action as well. The MPA has followed this trend. The group recently brought the topic up during a hearing of the House Energy and Commerce Committee on “Fostering a Healthier Internet to Protect Consumers.” The hearing dealt with an ongoing examination of Section 230 of the Communications Act. Section 230 shields online services from liability. However, Congress also intended it to encourage these platforms to take reasonable steps to deter undesirable behavior. While Section 230 doesn’t apply to copyright, the MPA’s SVP and Senior Counsel, Neil Fried, chimed in with a written testimony for the record. Fried notes that the liability protections are similar to those of the DMCA, where copyright is at the center. Also, the complaint that Internet services are not doing enough to prevent harmful content from spreading, is similar to the MPA’s complaint that they do too little to prevent copyright infringement. The MPA’s General Senior Vice President highlights these hate-speech enforcement efforts and acknowledges there are complex issues to address – especially with subjects that are not by definition illegal in law, since free speech is a great good. “A few companies have recently developed systems to proactively identify posts promoting hate and violence, and have invoked their terms of service to terminate accounts of those engaged in such activity, although not before wrestling with concerns over the impact on expression,” Fried writes. However, that’s not much of a problem when it comes to copyright, the MPA believes. “If online intermediaries and user-generated content platforms can proactively identify such content and terminate service in these cases, surely they can terminate service and take other effective action in cases of clearly illegal conduct, which present brighter lines and don’t raise the same speech concerns,” Fried adds. Fried suggests that online services should use the same tools they employ to detect hate speech and other harmful content to proactively remove pirated content too. Copyright infringement is prohibited in the terms of services of these companies, so they would have room to do so. While Fried is right that copyright infringement is more clearly defined than harmful content, dealing with it proactively is not without challenges. Unlike harmful content, some people may have the right to post some copyrighted content, while others do not. And fair use is hard to capture by an algorithm as well. The MPA nonetheless hopes that online platforms will cooperate. In addition, it wants to see if current liability exemptions can be overhauled, using legislation to motivate Internet companies to do more. This was also made clear to the House Energy and Commerce Committee. And while possible legal fixes are being considered, the US should not include such liability provisions into new trade agreements, the MPA’s SVP notes. “In the meantime, as Congress reexamines online liability limitations, the United States should refrain from including such limitations in future trade agreements, which runs the risk of freezing the current framework in place,” Fried writes. This follows an earlier recommendation from the House Judiciary Committee. Last month the Committee urged lawmakers not to include DMCA-style safe harbors in trade agreements while alternatives are being discussed.
  18. For those involved in the online piracy supply chain, keeping your head down has almost always been part of the strategy. So why are there suddenly dozens of IPTV suppliers promoting their businesses on YouTube, holding personal question and answer sessions, bragging about the money they're making, while turning the camera on themselves? Anyone who has followed piracy and copyright infringement issues for years or even decades, few developments fall into the ‘WOW’ category anymore. That torrent and streaming services are still getting sued or raided is frankly daily fodder and after the military-style raid on Kim Dotcom hit the headlines, pretty much anything is possible. Over the past couple of years, however, something so bizarre – so ridiculous – has been developing on sites like YouTube to make even the most outspoken of pirates raise an eyebrow or two. We’re talking about the rise of the IPTV seller and reseller ‘celebrities’ who are openly promoting their businesses like a regular company might. IPTV reseller company Boom Media LLC is getting sued by DISH Networks and NagraStar in the United States. That another one of these outfits is being targeted isn’t a shock. However, when promotional YouTube videos are produced in court evidence, with the alleged owner of the company personally appearing in them stating that “it’s pirated f**cking streams. It’s no different than buying f**king knockoff shoes. It’s black market shit,” one has to wonder what the hell is going on. So, just one person has allegedly done something reckless or ill-considered, right? Wrong. This type of behavior is neither isolated or rare. Over the past couple of weeks, I’ve been sitting through hours of YouTube videos produced by people selling or reselling ‘pirate’ IPTV packages. In a worrying number, particularly given the popularity of their services, owners, founders, or ’employees’ of these outfits appear in person. Their names are publicly known and in some cases, even their addresses. These are not small players, not by any stretch. In some cases, we’re talking huge numbers of followers and many hundreds of thousands of views, selling well-recognized services. While in some cases hyperbole is clearly part of the pitch, it’s child’s play to find operators of these companies bragging about how much money they’ve made or are making, and how many customers they have. They speak to their subscribers, in person via live-streams, conduct detailed Q&A sessions, while ‘confirming’ the supposed legality of what they’re doing. In a surprising number of cases, negative comments by users concerning legality are passed off as ridiculous, with sellers describing the sale of pirate IPTV subscriptions as residing in a gray area with the law powerless to do anything about it. While we could have a detailed argument here about the intricacies of any number of laws, both criminal and civil, and any potential defenses to them, these people appear to be missing the point. Just this week, Openload – a true Internet giant with considerable resources – was pummeled into submission by dozens of the world’s largest content companies after agreeing to pay substantial damages. This was a file-hosting goliath being beaten up dozens of bigger goliaths. No face on YouTube required. Another example can be found in Kim Dotcom, who says he has spent upwards of $40m in legal fees, even though, on the surface, many argue he has a solid legal basis for mounting a successful defense in the United States. But that’s $40,000,0000 already, before trial, an amount that will no doubt skyrocket in the event he ever gets sent there. But here’s the thing. The majority of these IPTV ‘celebrities’, for want of a better term, are actually living in the United States already. It’s not necessary to name any of them, they do enough of that themselves. But in addition to their self-declared IPTV empires, some have significant and legitimate additional business interests too, which could all be put in jeopardy, one way or another, should the proverbial hit the fan. In a piracy world where many are discussing anonymity, encryption, proxies, cryptocurrency payments, to name just a few, these people are deliberately making their identities known. They are not hiding away and as a result, they are known by anti-piracy groups who probably can’t believe their luck. They not only have their real names and their own faces splashed across their own IPTV-based YouTube channels, but also channels that cover other aspects of their sometimes flamboyant lives. Anti-piracy groups don’t need investigators to find out who they are anymore, it’s common knowledge. An alias? Not parading yourself on the modern equivalent of TV? That’s soooo 1999, apparently. The big question is whether these people really have lost their minds, or do they actually know something that most other people don’t? When did putting your own face in multiple videos, selling access to an admittedly pirated product via a company in your own name, become part of a solid business plan? It’s truly bizarre and cannot end well. Welcome to 2019, it’s a truly strange place to be.
  19. A massive operation in Brazil has seen police across the country take action against hundreds of 'pirate' websites and apps. The Ministry of Justice initially said that 'suspensions' had hit 136 sites and 100 apps but that number has continued to grow. Authorities state that they received assistance from US authorities including ICE and the Department of Justice. Authorities in Brazil have periodically attempted to disrupt piracy in the region, including actions such as ‘Operation Copyright‘ that targeted a large private torrent site in January. Last Friday, however, it became clear that a much more ambitious operation had begun. Codenamed ‘Operation 404’ after the HTTP error of the same name, the action was announced by Brazil’s Ministry of Justice and Public Security. During an early press conference detailing progress thus far, the Secretariat of Integrated Operations (Seopi) revealed that “136 websites and 100 applications” had already been suspended alongside the execution of 30 search and seizure warrants. “After four months of investigation, it can be said that the action is a milestone for piracy in the country, which causes various damages to society,” said Alesandro Barreto, coordinator of Seopi’s Cyber Operations Laboratory. “I don’t know of another operation that has blocked so many apps and websites in one day. This is a very clear message and that the judicial police, through the integrated operation with Seopi, will act against this crime that cannot be tolerated.” The authorities did not release the names of any websites or applications targeted nor specifically detail what “suspension” means in the context of any specific case. Suspensions can take many forms, from serious ones (raids and equipment confiscations, for example) through to ones that have a more limited long-term impact, such as blocking or domain seizures. Details are fairly scarce but a site known locally as Megacine announced that it had decided to close down following the operation. A notice now displayed on the football-focused site Futemax indicates that it is being blocked but is still online. The Ministry of Justice states that at least in some instances it had worked with authorities in France, the United States and Canada to suspend domains, arrange “de-indexing from search engines” while suspending profile pages on social networks. The operation is said to be receiving support from local anti-piracy groups including ANCINE (National Film Agency) and the National Council for the Fight Against Piracy (CNCP). Additionally, the US Embassy in Brazil, US Immigration and Customs Enforcement (ICE), and the US Department of Justice have reportedly played roles. While the early figures presented (136 websites and 100 applications suspended) were already significant, local media reports suggest that the number is increasing fairly rapidly. Globo reports that 210 sites involved in the unlawful distribution of movies, TV shows and live TV have been targeted, in addition to the initial 100 apps that provide access to “illegal content streaming”. Raids have been carried out in 12 states in Brazil and in six states, at least eight people have been arrested. Details include: Warrant executed against a 33-year-old for the unlicensed distribution of TV signals (no arrest) Warrant executed against an individual suspected of “stealing” a TV operator’s signals. Computer seized but no arrest A 63-year-old man was arrested in São Paulo under suspicion of operating a website that broadcast TV channels in return for a US$7.50 per month subscription fee Penalties for operating piracy sites or services in Brazil can reach four years in prison, more if other criminal aspects such as money laundering are involved. According to the Ministry of Justice, up to 20 million households in Brazil access pirated content via the Internet but many citizens are said to have a poor understanding of which services are legitimate and which ones are not.
  20. Boom Media, a prominent reseller of 'pirate' IPTV subscriptions, is being sued in the United States. Boom Media has sold packages from providers including Nitro, Epic, Beast, MFG, and Vaders, but now faces an almost certainly ruinous lawsuit filed by DISH Network and NagraStar. Selling ‘pirate’ IPTV packages and subscriptions to the public is a growing market, with the obvious potential to end badly for anyone involved. With that in mind, there’s a growing trend for so-called IPTV resellers to be extremely open about their activities, utilizing highly active social media accounts and particularly YouTube channels, where they promote their services, describe them as illegal, and then have their own faces front and center. For Boom Media, a prominent reseller of various ‘pirate’ IPTV services, this business model has attracted the wrong type of attention. The company, which trades as Boom Media LLC in North Carolina, is now being sued by DISH Network and NagraStar for illegally offering their content to the public. Alongside the LLC, John Henderson of New York and Debra Henderson of North Carolina are also named as defendants. The lawsuit, filed in a New York district court, states that Boom Media is run from John’s home and he is the sole member of the company. Together with his mother, Debra, it’s alleged they sell “access codes” (a common term used in DISH lawsuits to reference IPTV subscriptions) which are designed to enable subscribers to illegally receive DISH programming via the Internet. “The codes are designed and produced to enable a set-top box or other Internet-enabled device to access servers used to transmit DISH programming to customers of the MFG TV, Beast TV, Nitro TV, Murica Streams, Epic IPTV, Vader Streams and OK2 services,” the complaint reads. Noting that Vader Streams and OK2 are no longer on offer from Boom Media (likely due to the former being shut down by ACE earlier this year), the lawsuit notes that the defendants also promote their service to access channels such as HBO and Showtime, plus PPV events associated with UFC, WWE, and various boxing promotions. In common with similar suits filed recently, DISH says it was able to determine that the channels were sourced from its service due to watermarks embedded in its broadcasts. These were then resold from the above-listed IPTV suppliers by Boom Media, which charged customers between $10 and $20 per month with an option to buy a “pre-loaded” set-top box for $150. While DISH points the finger firmly at John Henderson for the running of Boom Media, the broadcaster claims that it is his mother, Debra, who receives payment from Boom’s customers. As previously mentioned, Boom Media has a YouTube channel which it uses to promote the various packages it sells. This hasn’t gone unnoticed by DISH, which highlights some of the language used by Boom Media in its videos. “In a video posted to the Boom Media YouTube channel, Defendant John Henderson informed customers that “[y]ou guys are buying pirated streams, this shit is not Hulu, it’s not Netflix, it’s pirated f**cking streams. It’s no different than buying f**king knockoff shoes. It’s black market shit,” DISH writes in its complaint. In common with other similar lawsuits, DISH hasn’t gone down the copyright infringement route with this action, instead opting for willful violations of the Federal Communications Act. The company demands a permanent injunction to prevent the ongoing behavior and seizure of all devices and equipment used to facilitate the violations. It also wants to seize the domain name (and any others involved in the scheme) plus “all hard copy and electronic records” regarding persons involved in the entire “Rebroadcasting Scheme”. At this stage it’s difficult to put a figure on the final amount DISH will demand in damages but even hundreds of thousands of dollars could be a conservative estimate.
  21. But how well will the Defense Department implement these principles? Tech companies might have trouble establishing groundwork for the ethical use of AI, but the Defense Department appears to be moving forward. The Defense Innovation Board just published draft guidelines for AI ethics at the Defense Department that aim to keep the emerging technology in check. Some of them are more practical (such as demanding reliability) or have roots in years-old policies (demanding human responsibility at every stage), but others are relatively novel for both the public and private spheres. The draft demands equitable AI that avoids "unintended bias" in algorithms, such as racism or sexism. AI could lead to people being treated "unfairly," the board said, even if they're not necessarily in life-and-death situations. The board called on the military to ensure that its data sources were neutral, not just the code itself. Bias could be useful for targeting key combatants or minimizing civilian casualties, but not in some situations. The documents also call for "governable" AI that can stop itself if it detects that it's about to cause unnecessary harm and stop itself (or switch to a human operator) in time. This wouldn't greenlight fully automated weapons, but it would reduce the chances of AI going rogue. Accordingly, the draft includes a call for "traceable" AI output that lets people see how a system reached its conclusion. While the draft is promising, there's still the challenge of implementing it in practice. It's easy to promise more accountable and trustworthy AI, it's another thing to ensure that every military branch follows those ideals with every project. As Defense One observed, though, the Department may have an advantage over tech companies in that it's starting with a relatively blank slate. It doesn't have to make exceptions for current AI projects or else rethink its existing strategy -- the guidelines should be there from day one. Source: Defense One
  22. Critics warn that it could lead to Russia's own 'Great Firewall.' Russia's "sovereign internet" law, which President Vladimir Putin signed back in May, has taken effect on November 1st. As the BBC explains, it gives the country's government power to block access to content whether from within or from outside Russia "in an emergency." Of course, it's up to the government to decide what constitutes one. The government's official reason for signing the bill into law is that it will prevent cyberattacks and will allow Russia to keep its internet functioning in case the West cuts the country off from the world wide web. However, the deep packet inspection equipment that internet providers will be required to install under the law can both track and reroute traffic, as well as filter content. According to Human Rights Watch, that equipment will allow Roskomnadzor, Russia's telecommunications watchdog, to block access to content that the government deems a threat anytime it wants. Further, it gives the government a legal basis for mass surveillance. HRW deputy Europe and Central Asia director Rachel Denber said in a statement: "Now the government can directly censor content or even turn Russia's internet into a closed system without telling the public what they are doing or why. This jeopardizes the right of people in Russia to free speech and freedom of information online." NPR notes, though, that experts believe the law will be technically difficult to enforce, no matter what the government's true intentions are. David Belson, senior director of Internet Research & Analysis at Internet Society, told the publication that there are "hundreds of networks coming together [in Russia] to exchange traffic" and that "it's challenging -- if not impossible, [he thinks] -- to completely isolate the Russian Internet." He also believes it won't be easy getting all internet service providers to install and deploy tracking software, as well as to make sure they're all filtering the same content. Due to those difficulties, he says it's unclear how the law will change the way Russians use the internet. It could lead to the "extrajudicial blocking of speech and information without transparency," as Human Rights Watch warns, or it could cause no change at all. Source: NPR, BBC
  23. Peacock could offer an ad-free subscription, but otherwise cost you nothing. With the streaming wars heating up -- Apple TV+ debuted today and HBO Max launch details were announced this week -- there are still some services that have a few cards to play before they start to roll out. Among them is Peacock, NBCUniversal's offering, which might very well be free for everyone when it debuts in April. It's long been known that Peacock will be an ad-supported platform (with between three and five minutes of ads per hour) and that cable subscribers and Comcast broadband users wouldn't have to pay extra for access. However, a report suggests NBCU might pull the trigger on making Peacock available to everyone at no cost, though a paid subscription may be an option for ad-free viewing. Comcast and other pay-TV subscribers might get extra benefits, such as additional content, according to CNBC sources. As it stands, Peacock is scheduled to include more than 15,000 hours of shows and movies, including Parks and Recreation, Cheers and new shows from The Good Place creator Mike Schur and Saturday Night Live chief Lorne Michaels. The Office will be a Peacock streaming exclusive from 2021. You can expect other originals, including reboots of Battlestar Galactica, Saved by the Bell and Punky Brewster. There'll be plenty of other shows and movies from across the NBCUniversal brands as well. While there are other ad-supported, on-demand streaming services around, if Peacock takes that approach, it'd be the only such platform run by a major media company to do so. As such, it'd surely pick up a host of users who might not want to pay subscriptions for other services. HBO Max, for instance, will cost $15/month. Netflix costs from $9/month, Hulu starts at $6 (with ads), Apple TV+ costs $5, Disney+ will be $7 and Amazon charges $9/month for Prime Video. Source: CNBC
  24. Dropbox introduced Extensions last year to help mitigate the fuss of switching between apps -- the new function let users take action directly on files stored within Dropbox. Now, the company has announced it's doubling the number of Extensions with 13 new and updated partner apps. Now, you'll be able to add files to messages in Gmail, Workplace by Facebook, Microsoft Teams, Outlook, WhatsApp and Line Works. You can also use Vimeo to capture feedback and distribute videos, use Clipchamp and WeVideo to edit, create and publish videos, and bring media files into Canva before saving finished work back into Dropbox. Other new partners include FreshBooks, for managing expenses, DocSend, for tracking document workflow, and Notarize, for signing and notarizing documents. These Extensions are available today, and Dropbox says it's planning on adding even more partner apps next year, as well as support for additional languages.
  25. Facebook may be thinking of expanding Secret Conversations' capabilities. According to Jane Manchun Wong, who takes apart applications to discover unreleased features, the social network is testing audio and video calls over Secret Conversations. A screenshot of the experimental capability says the calls will be "end-to-end encrypted across all your active mobile devices." Facebook rolled out Secret Conversations in 2016, giving you a way to encrypt Messenger chats if you want to wrap your words with a layer of privacy. It uses the same encryption used by the Signal app and Facebook's own WhatsApp. More recently, the social network announced its plans to implement end-to-end encryption across its products, including Instagram -- a move that's frowned upon by authorities, who say they're worried about not being able to investigate child sexual exploitation, terrorism and election meddling that occur on Facebook's platform. Secret Conversations, however, is an opt-in feature. You'd have to fire up the Messenger app on your mobile, tap on your profile picture, go to Secret Conversations and then switch it on. After you do so, nobody other than you and the recipient would be able to read your chat. Further, the conversation will only be visible on the device you choose, and you can even set a time limit for each message you send. We're guessing secret audio and video calls will be just as protected. Wong also says that the company is working on bringing its Voice Assistant to the main app. Back in April, the tech giant admitted that it's developing a Siri and Alexa rival after reports came out that it's been working on one since 2018. The spokesperson said it was for Facebook's family of AR/VR products including Portal and Oculus, though, and didn't mention the main app itself.