WINDING DOWN
An idiosyncratic look at, and comment on, the week's net, technology and science news
by Alan Lenton
July already! This week we feature stuff about the ‘NotPetya’ cyber attack, the 15 worst hacks of the 21st Century, who is responsible for algorithms that learn to do thing that offline would be classed as being illegal, illegal immigrants voting and the wrong interpretation of data, the UK Royal Society’s annual Summer Science Exhibition, a time lapse movie of the Sun’s surface, and a memo on how the CIA staples its pieces of paper together! You want more? Then take a look at the URLs in the Scanner section for material on self-driving cars and kangaroos, kaleidoscopes, Microsoft being sticky, how to hurt Google, and the Windows 10 source code hack.
Just a little light reading for the weekend...
Shorts:
I suspect most of you will be aware of the latest high profile malware attack called ‘NotPetya’. It mainly attacked Ukraine and it appears that the infection was initially spread via an update server for the MeDoc financial software system. Use of MeDoc is almost compulsory for large businesses and infrastructure bodies in Ukraine, and it’s also used in the central European countries.
The interesting thing is that NotPeyta has got no facilities for spreading via the internet as such, but it will take over any local network it gets onto and trash all the computers on that network. At first it was thought that it was a ransomware hack, but it soon became obvious that the ramsomeware component was just a token gesture.
The obvious culprit is Russia, which has been blamed for some previous cyber attacks on Ukraine. But there is the fact that Russia, including some state enterprises, were also affected. Perhaps the only amusing feature of the whole business has been watching the ‘security experts’ continually contradicting themselves on ‘who’, ‘what’, and ‘why’. (see the dark reading URL for an example!)
My take on the whole business? I haven’t a clue, but if you insist, I throw into the melange the suggestion that it was a 14 year old year child who developed the code on a Raspberry Pi in an attempt to get some cash for a pair of high fashion trainers. Hence the ransom demand for only $300 in Bitcoin...
http://www.theregister.co.uk/2017/06/28/petya_notpetya_ransomware/?page=1
https://www.darkreading.com/attacks-breaches/decrypting-the-motivations-behind-notpetya-expetr-goldeneye/d/d-id/1329261
CSO have come up with their list of the 15 worse data breaches of the 21st Century. It makes for interesting reading, since there is also a short explanation of each breach. Probably the most embarrassing was the FriendFinderNetwork – 20 years of data including names, email addresses, and passwords.
For me though the classic one was the TJX crack, and not because of what was lifted, but the revelation that the guy who led the gang involved, Albert Gonzalez, was working as a paid informer for the US Secret Service at a salary of US$75,000 a year at the time of the heist! Talk about having your cake and eating it...
As for the most ironic break in. That has to be the one at RSA, one of the premier security outfits, who lost their SecurID authentication tokens. This was a serious blow not just for RSA, but also for other major companies using RSA’s security products.
http://www.csoonline.com/article/2130877/data-protection/data-protection-the-15-worst-data-security-breaches-of-the-21st-century.html
Homework:
A piece in The Register alerted me to an interesting conundrum that is likely to bite retail companies in the future as they start depending more heavily on algorithms to track and adapt prices online. It’s not some vague possibility, either, some firms are already doing this – judging from the way prices fluctuate both up and down in my Amazon wish lists, I’d guess that the company is doing something like it.
Now think of two companies that dominate a market using algorithms to track one another’s price and adjust their own accordingly. It’s not that difficult to imagine the prices they charge converging to a situation where they are at the maximum the market will bear, and which is the market’s natural pricing with competition. Now, if, instead of using algorithms the two companies had got together to set that price, in virtually all industrialised countries that would be illegal collusion.
Is it the same if a pair of algorithms does it?
Very likely, though as far as I know it’s not yet been tested by law. I find it difficult to believe, though, that behaviour that’s illegal when people indulge in it offline, isn’t also illegal when algorithms do the same thing online. I’d guess the owners would be liable for the actions of their algorithms.
Incidentally, last issue I mentioned that Facebook’s attempt to teach chatbots to negotiate had resulted in the bots gaining the ability to lie. I wonder how long it will take tracking algorithms to gain the same ability!
http://www.theregister.co.uk/2017/06/23/algorithmic_pricing_raises_concerns_for_eu_
competition_law_enforcement/ [Note: very legalistic article AL]
One of the stories doing the rounds at the moment is the suggestion that anything up to 5.7 million illegal immigrants voted in the 2008 US elections. It’s based on the common sense extrapolation of some figures that came out of a small research project. (Actually ‘common sense’ is not as common as you might expect!)
Unfortunately , common sense is not very helpful when dealing with figures and anything that involves statistics...
One of the problems is that the data set for non-citizens was too small to be statistically significant. Another is that the study fails to take account of respondents ticking the wrong box! There isn’t space here to go into the full details, but the URL points to an excellent Snopes piece (which includes quotes defending the figures) covering the whole issue.
Perhaps, with the rise of the social media as a way of getting ‘news’ we should be considering expanding schooling to include basic statistics as well as reading writing and arithmetic!
http://www.snopes.com/illegal-immigrants-2008-election/
Geek Stuff:
If you are in London this coming week, you might like to make time to visit The Royal Society’s annual Summer Science Exhibition. I’ve been to several previous ones and they have been well worth the experience – and they’re FREE! Some of the items included in this year’s exhibition are spotting counterfeit goods, masers, quantum computing, DNA folding, gravity waves, engineering safety testing and smart surfaces. Highly recommended.
https://royalsociety.org/science-events-and-lectures/2017/summer-science-exhibition/exhibits/
Here is a nice item for a pub quiz: What is the correct way to staple sheets of paper together, according to the CIA? Yep, in 1963 they circulated a memo explaining not only why paper clips are not to be trusted, but describing the two official ways staples should be inserted.
If you want to know the answer go to:
https://www.muckrock.com/news/archives/2017/jun/28/cia-staple/
Pictures:
Moving pictures this week! Eaon has a very nice four minute video based on footage of the sun’s surface captured by the Solar Dynamics Observatory spacecraft between 2011 and 2015. Make sure you have the sound on – the soundtrack is eerily appropriate!
https://aeon.co/videos/the-sun-our-steady-reliable-companion-tells-a-very-different-story-up-close
Scanner:
Self-driving Oz cars still thwarted by kangaroos!
http://www.theregister.co.uk/2017/06/27/selfdriving_aussie_cars_thwarted_by_kangaroos/
https://www.youtube.com/watch?v=_D-LmRNdQiQ [Singer Rolf Harris’s solution]
Long before iPhones, this 19th-century gadget made everyone a mobile addict
https://qz.com/1007704/long-before-iphones-this-19th-century-gadget-made-everyone-a-mobile-addict/
Microsoft’s new Surface laptop defeats teardown – with glue
http://www.theregister.co.uk/2017/06/19/the_microsoft_surface_glue_teradown/
How to hurt Google
http://mailchi.mp/worldcrunch/how-to-hurt-google-european-commission-fine [The first article at this URL]
NATO: ‘Cyber’ is a military domain
http://www.theregister.co.uk/2017/06/29/nato_cyber_is_a_military_domain/
Heaps of Windows 10 internal builds, private source code leak online
http://www.theregister.co.uk/2017/06/23/windows_10_leak/
Acknowledgements
Thanks to readers Barb and Fi for drawing my attention to material for Winding Down.
Please send suggestions for stories to alan@ibgames.com and include the words Winding Down in the subject line, unless you want your deathless prose gobbled up by my voracious Thunderbird spam filter...
Alan Lenton
alan@ibgames.com
2 July 2017
Alan Lenton is an on-line games designer, programmer and sociologist, the order of which depends on what he is currently working on! His web site is at http://www.ibgames.net/alan/index.html.
Past issues of Winding Down can be found at http://www.ibgames.net/alan/winding/index.html.
