Thursday, May 31, 2018

'LATITUDIONAL DIABOLICAL BRILLIANCE': These hackers warned Congress the internet was not secure; 20 years later, their message is the same.

It is absurd for the Evolutionist to complain that it is unthinkable for an admittedly unthinkable God to make everything out of nothing, and then pretend that it is more thinkable that nothing should turn itself into everything. 
— G. K. Chesterton, born  in 1874

Clips from around the globe, web and Hundred Flowers Campaigns

MEdia Dragon, Tom Wolfe, was the great statustician, exposing the pretensions, hypocrisies, fraudulence, and anxieties of others. He was ruthless to sad social climbers and intellectuals alike  ALIKE

Democratic thinkers are divided between two goals: preserving norms and combating runaway corporate power.
↩︎ New York Magazine


Google, Facebook and Snap challenge governance standards FT. Because they’re crooks. And where’s that Oxford comma?

IN FRANCE, HERO GETS CITIZENSHIP: A Malian migrant who scaled four stories to save a dangling child is also getting a job with Paris’ fire department, the French president said Monday. The story was cited as a contrast with the Trump administration’s tough stand on migrants, particularly of color, but France has tightened its immigration rules, too.

BOOED: Birthday boy Rudy Giuliani, whose main job for Trump appears to be disparaging Mueller, a Marine vet and Vietnam war hero, got a real Bronx cheer at Yankee Stadium on Memorial Day. It was bad, reports the New York Daily News.

'DIABOLICAL BRILLIANCE': That's historian Jon Meacham talking about how Trump's gaslighting of America is having the desired effect: Americans, facing his incessant tear-down of media, government and legal institutions during a legitimate investigation of Trump-era corruption and Russian connections, are becoming more suspicious and less trustworthy of democratic institutions. How many people will believe Trump's made-up conspiracies? That's at the center of the examination by The New York Times' Julie Hirschfeld Davis and Maggie Haberman. A nugget: For months, Trump rejected a conspiracy about the "deep state" as being too way-out for him to use. Then polling suggested that a chunk of his base believed the baseless charge, so he began using it to try to discredit special prosecutor Robert Mueller.
Dilbert of Latitudional Fame

Amazon is selling police departments a real-time facial recognition system

- Twitter
- TechCrunch

The New York Times -May 20, 2018
In a windowless bunker here, a wall of monitors tracked incoming attacks — 267,322 in the last 24 hours, according to one hovering dial, or about three every second — as a dozen analysts stared at screens filled with snippets of computer code. Pacing around, overseeing the stream of warnings, was a former Delta Force soldier who fought in Iraq and Afghanistan before shifting to a new enemy: cyberthieves. “This is not that different from terrorists and drug cartels,” Matt Nyman, the command center’s creator, said as he surveyed his squadron of Mastercard employees. “Fundamentally, threat networks operate in similar ways.” Cybercrime is one of the world’s fastest-growing and most lucrative industries. At least $445 billion was lost last year, up around 30 percent from just three years earlier, a global economic study found, and the Treasury Department recently designated cyberattacks as one of the greatest risks to the American financial sector. For banks and payment companies, the fight feels like a war — and they’re responding with an increasingly militarized approach.

Modern Bank Heists: Cybersecurity Threats Facing the Financial Sector - Carbon Black: “Despite investing heavily in security, financial institutions continue to experience cyber attacks at a rapid pace. Conducted primarily for the purpose of yielding illicit financial gain, cyber attacks against the financial services industry are increasing in sophistication and are often undetectable, global and instantaneous. This will be one of the themes of this year’s FS-ISAC Annual Summit, taking place in Boca Raton this week. To better understand how cybercriminals remain undetected in their attacks against the financial services industry, Carbon Black recently collected responses from CISOs at 40 major financial institutions, including six of the top 10 global banks. In the report, Modern Bank Heists: Cyberattacks & Lateral Movement in the Financial Sector, survey respondents revealed trends in lateral movement, counter incident response, integrity attacks and the most concerning threat actors financial institutions are currently facing…”



Reuters - May 24, 2018
Criminals have stolen about $1.2 billion in cryptocurrencies since the beginning of 2017, as bitcoin’s popularity and the emergence of more than 1,500 digital tokens have put the spotlight on the unregulated sector, according to estimates from the Anti-Phishing Working Group released on Thursday. The estimates were part of the non-profit group’s research on cryptocurrency and include reported and unreported theft. “One problem that we’re seeing in addition to the criminal activity like drug trafficking and money laundering using cryptocurrencies is the theft of these tokens by bad guys,” Dave Jevans, chief executive officer of cryptocurrency security firm CipherTrace, told Reuters in an interview. Jevans is also chairman of APWG. Of the $1.2 billion, Jevans estimates that only about 20 percent or less has been recovered, noting that global law enforcement agencies have their hands full tracking down these criminals.

CyberScoop -May 23, 2018
If you try visiting certain Department of Defense websites, like the one for Strategic Operations Command or the Navy’s Blue Angels, you might be met with a browser message telling you that your connection is not secure and that malicious actors could be trying to steal your information. Sen. Ron Wyden, D-Ore., wants the Pentagon to fix this issue. In a letter written to DOD Chief Information Officer Dana Deasy on Tuesday, Wyden calls for the department to implement proper encryption and protection on all of its public-facing websites. Wyden writes that a “small number” of DOD websites, such as the Army, Air Force and NSA homepages by default use trusted certificates and HTTPS encryption, the web protocol that ensures secure connections and prevents man-in-the-middle attacks. But many others, Wyden says, like the CIO’s own website, either don’t employ HTTPS or issue basic certificates.

Reuters - May 23, 2018

Mexico's central bank said on Wednesday that a cyber attack had sucked around 300 million pesos ($15.33 million) in fraudulent transfers from five companies, but it was unclear how much thieves had managed to pull out in cash. Bank of Mexico Governor Alejandro Diaz de Leon said authorities were still deciphering how the cyber criminals, who were detected in late April, had tapped into banks' connections to the payment system to send false orders. He declined to identify the companies that had been hit, only saying that three banks, a broker and a credit union had seen fake transfers. Diaz de Leon said preliminary estimates pointed to around 300 million pesos in "irregular transactions," but he said some of that had not been withdrawn and could still be recovered. Sources close to the investigation told Reuters that there were cash withdrawals from dozens of banks around the country shortly after hundreds of fraudulent transfers.

The Guardian -May 22, 2018
Britain will name and shame foreign states that hire hackers to carry out cyber-attacks or interfere via the internet in national elections, the attorney general has warned. In a speech referring to Russian and North Korean “campaigns of intrusion”, Jeremy Wright QC called for international sanctions to be applied against countries that exploit cyberspace for illegal purposes. “If we stay silent, if we accept that the challenges posed by cyber technology are too great for the existing framework of international law to bear, that cyberspace will always be a grey area, a place of blurred boundaries, then we should expect cyberspace to continue to become a more dangerous place,” Wright told an audience at Chatham House in central London.

Bleeping Computer May 25, 2018
The Z-Wave wireless communications protocol used for some IoT/smart devices is vulnerable to a downgrade attack that can allow a malicious party to intercept and tamper with traffic between smart devices.

The Washington Post - May 21, 2018

In 2013, Jurijs Martisevs says, he was contacted by Russian law enforcement. The agents from the Federal Security Service, or FSB, told him the U.S. government was seeking information on him, Martisevs testified in court last week. But he said the Russians did not want to hand him over — they wanted his help. At the time, Martisevs was helping run a service based overseas that helped hackers get past anti-virus programs. His testimony in a U.S. court in Virginia helped lead to the conviction of his partner in that business, but it also shed light on the symbiotic relationship between Russian intelligence and the criminal underworld. The partner, Ruslan Bondars, 37, was found guilty Wednesday of several hacking-related crimes; Martisevs pleaded guilty earlier this year. Martisevs is set to be sentenced in July, Bondars in September. “Everyone cooperates — especially with the FSB,” Martisevs said over a chat app to Bondars translated from Russian and read in court. “They may even bring more clients to us,” he added, punctuating the remark with a smiley face.

Reuters - May 24, 2018

A fundraiser for U.S. President Donald Trump on Thursday added several defendants to a lawsuit claiming the Persian Gulf state of Qatar hacked his email accounts and shared the contents with news organizations. Elliott Broidy, whose access to Trump has been the subject of press coverage in the United States in recent months, sued Qatar in federal court in Los Angeles in March. On Thursday, he filed an amended complaint adding as defendants the brother of the Qatari ruler and Ahmed al-Rumaihi, a former head of investments at the Qatari sovereign wealth fund. In the complaint, Broidy said he was targeted over his vocal opposition to Qatar as part of efforts orchestrated by Mohammed bin Hamad bin Khalifa Al Thani, a younger brother of Qatari Emir Tamim bin Hamad Al Thani, and al-Rumaihi to shift U.S. policy toward the Gulf nation.

The FBI has put a spoke in the wheel of a major Russian hacking operation potentially aimed at causing havoc in Ukraine, evidence pieced together from researchers, Ukrainian officials and U.S. court documents indicates. On Wednesday, network technology company Cisco Systems and antivirus company Symantec warnedthat a half-million routers had been compromised in a possible effort to lay the groundwork for a cyber-sabotage operation against targets in Ukraine. Court documents simultaneously unsealed in Pittsburgh the same day show the FBI has seized a key website communicating with the massive army of hijacked devices, disrupting what could have been — and might still be — an ambitious cyberattack by the Russian government-aligned hacking group widely known as Fancy Bear. “I hope it catches the actors off guard and leads to the downfall of their network,” said Craig Williams, the director of outreach for Talos, the digital threat intelligence unit of Cisco that cooperated with the bureau. But he warned that the hackers could still regain control of the infected routers if they possessed their addresses and the right resources.

On Friday, British free-speech activist and Islam critic Tommy Robinson was acting as a responsible citizen journalist -- reporting live on camera from outside a Leeds courtroom where several Muslims were being tried for child rape -- when he was set upon by several police officers. In the space of the next few hours, a judge tried, convicted, and sentenced him to 13 months in jail -- and also issued a gag order, demanding a total news blackout on the case in the British news media. Robinson, whose real name is Stephen Yaxley-Lennon, was immediately taken to Hull Prison.
Chinese security officials asked about Turnbull's adviser
Chinese security officials who detained a Sydney academic in 2017 spent a full day interrogating him about Prime Minister Malcolm Turnbull's hand-picked ...

Michaelia Cash ordered to give evidence in Australian Workers Union raids case
The Federal Court has issued a subpoena requiring Jobs Minister Michaelia Cash to give evidence in the Australian Workers Union (AWU) raids case.
Albert H. Choi (Virginia), Quinn Curtis (Virginia) & Andrew T. Hayashi (Virginia), Taxes and Mergers: Evidence from Banks During the Financial Crisis:
At the peak of the financial crisis the IRS issued Notice 2008-83, administrative guidance that curtailed a tax rule designed to discourage tax-motivated acquisitions. The Notice increased the value to potential acquirors of tax assets of commercial banks that would have otherwise been impaired if the bank changed ownership. We find little evidence that the Notice affected bank merger activity, but we do find that mergers that occurred while the Notice was in effect had lower post-merger income growth. We also find evidence consistent with the strategic recognition of tax losses to exploit the benefits of the Notice.

In his opening statement to a Senate Estimates hearing on 30 May 2018, the Commissioner said the ATO continues "to perform well in the large and multinational markets, and we expect large corporates to pay roughly $10 billion more in company income tax for the 2017-18 income year than they did in the previous year". While this increase can be attributable to economic growth and commodity price changes, the Commissioner said the ATO knows that it has contributed to some of the increase from "better taxpayer compliance - both voluntary and 'ATO assisted'".
Mr Jordan also noted that 590 taxpayers are currently under review or audit as part of the ATO's focus on wealthy individuals and associated groups, including trusts and aggressive tax planning. For this year to the end of March 2018, the ATO had raised almost $1.5 billion in liabilities against wealthy individuals and associated groups.
On superannuation guarantee (SG) obligations, the Commissioner said the ATO had nearly doubled its coverage and completion of cases compared with the same period last year. He said the ATO has contacted nearly 20,000 employers as a result of reviews or audits, and has raised over $660 million from all its SG case work compared with around $480 million for all of 2016-17. The ATO has also issued over 2,800 superannuation guarantee charge director penalty notices with a combined value of nearly $275 million in relation to around 2,700 companies.
Concerning the black economy, Mr Jordan said the ATO has been very active in areas with a prevalence of 'cash only' and low use of merchant banking facilities; with almost 6,000 businesses visited in Cabramatta, Liverpool, Bateman's Bay, Chatswood, Werribee, Glen Waverley, Melbourne, Sunnybank, Toowoomba, Mandurah, Glenelg and north-west Adelaide.