Wednesday, March 10, 2021


UPDATE
Harrowing Report Finds 110,000 People Were Contaminated by French Nuclear Tests

Peter Dockrill 

The horrific extent of decades of controversial nuclear tests conducted by France in the islands of French Polynesia has been revealed in a new report, calculating the true scale of an unmitigated health disaster that researchers say has been hidden or ignored for decades.

© Moruroa Files France’s first nuclear test in Polynesia in 1966.

Beginning in 1966, France began in secret a new round of nuclear tests at the Polynesian atolls of Moruroa and Fangataufa – a classified military program that continued for 30 years before ending amidst mass protests in 1996, almost 200 nuclear explosions later.

In a new two-year investigation conducted by an international group of security researchers, data scientists, and investigative journalists, the team stitched together and analyzed an archive of approximately 2,000 pages of now declassified French government and military documents.

In addition, they interviewed dozens of people of interest – including Polynesian inhabitants, former military personnel, and scientists – all to put together a clearer picture of the 193 nuclear tests fired at the Moruroa and Fangataufa sites, which up to now have been shrouded by secrecy and red tape.

With new 3D modeling based on the data to extrapolate the extent of the populated regions showered with radioactive fallout in the wake of the blasts, the report comes to uncomfortable and shocking conclusions.

"According to our calculations, based on a scientific reassessment of the doses received, approximately 110,000 people were infected, almost the entire Polynesian population at the time," the researchers explain.

Evidence in the documentation suggests the contamination of radioactive particles settling onto populated regions was the basis for a 'cluster' of cancer cases affecting local Polynesians, which were secretly known to be linked to the tests by French military officials.

"It was when our elders began to die that we really started to ask questions," says one woman, whose mother died from breast cancer in 2009.

While numerous unsafe tests were conducted in the first few years of the program, more powerful weapons fired in the 1970s presented even graver risks to the civilians of French Polynesia – with tests in 1971 and 1974 unleashing huge clouds of radioactive particles carried by the wind onto inhabitants who were never warned.

Military scientists at the time were aware that contamination on the ground, in the air, and in drinking water posed serious dangers – especially to vulnerable children, many of whom went on to develop cancer in the years following the tests.

Nonetheless, even when weather forecasts indicated the wind would carry the toxic clouds onto populated islands, officials did not delay testing. Most notoriously, an explosion in 1974 of a device called Centaure is estimated to have exposed 110,000 Polynesians to significant amounts of radiation. At the time, the total population of French Polynesia was 125,000.

Over the decades, internal military assessments of the exposure risk have consistently underestimated and denied the scope of the dangers, researchers say.

To date, only 454 people have ever received compensation from the French government in recognition of health impacts stemming from the testing, with over 80 percent of applications being rejected by authorities without explanation.

Based on the new findings, tens of thousands of people may now stand to rightfully claim compensation for these wrongs of the past, with the new data supporting their case with a giant trove of publicly available evidence, surfaced for the first time.

"There are about 110,000 people – and not 10,000, as the local health authorities suspect – who could potentially demand compensation from the French state, should they develop one of the recognized cancers," the researchers write.

"Yet up until now, the number of Polynesians from the civilian population – that is, those who were not in the military nor among those specifically contracted as service providers – who have received compensation total just 63. That [is] a veritable fiasco."

The damage done went far beyond native Polynesians. According to email correspondence exchanged within the French defense ministry, an estimated 2,000 of the 6,000 former military and civilian staff who were involved in the tests were also exposed, and either already have "or will contract a radio-induced cancer", with compensation expected to cost in the amount of 100 million euros.

Much of the data assessed by the researchers comes from now declassified and open-access sources, and the researchers have provided details of their methodology, and pledged to further share their results with the public and the scientific community.

After decades of being hidden and denied, the truth of these terrible events is finally being heard.

"The state has tried hard to bury the toxic heritage of these tests," Geoffrey Livolsi, editor-in-chief of nonprofit media organization Disclose, which helped produce the report, told The Guardian.

"This is the first truly independent scientific attempt to measure the scale of the damage and to acknowledge the thousands of victims of France's nuclear experiment in the Pacific."

The findings are summarized here, and a new book based on the research is available here.

SEE 
WHY GREENPEACE WAS FORMED



Letters From Tesla’s Counsel to California DMV Show Greater Wariness of

 Self-Driving Capability Than Elon Musk’s Public Comments

Timothy B. Lee, Ars Technica:

In a pair of letters last November and December, officials at the California DMV asked Tesla for details about the FSD beta program. Tesla requires drivers using the beta software to actively supervise it so they can quickly intervene if needed. The DMV wanted to know if Tesla planned to relax requirements for human supervision once the software was made available to the general public.

In its first response, sent in November, Tesla emphasized that the beta software had limited functionality. Tesla told state regulators that the software is “not capable of recognizing or responding” to “static objects and road debris, emergency vehicles, construction zones, large uncontrolled intersections with multiple incoming ways, occlusions, adverse weather, complicated or adversarial vehicles in the driving path, and unmapped roads.”

In a December follow-up, Tesla added that “we expect the functionality to remain largely unchanged in a future, full release to the customer fleet.” Tesla added that “we do not expect significant enhancements” that would “shift the responsibility for the entire dynamic driving task to the system.” The system “will continue to be an SAE Level 2, advanced driver-assistance feature.”

Apparently this is the year that we get fully autonomous transportation — assuming Tesla manages to resolve that enormous list of things not recognized by its “full self-driving” software. So this is not the year that we get fully autonomous transportation, and the name of Tesla’s “Autopilot” software is still writing cheques that it cannot cash. Some things never change.







A Digital New Deal: How Can We Tackle the Worst Economy Since the Great Depression?

ROY ZUR·MARCH 4, 2021

There are twice as many people looking for a job as there are job openings, and securing a stable career has become more difficult than ever in the past year. Through changing times, there has been a shift in the way professionals enter the workforce, as well as how they work. Securing a career is no longer limited to professionals with university degrees—and it is no secret that since the onset of the pandemic, any role that could be made remote quickly underwent the transition.

These drastic shifts in the structure of our economy took place right in the middle of the worst economy since the Great Depression. Hospitality, retail, manufacturing, and support services are among the industries that have been hit hardest, with massive layoffs and pay declines for employees that were on payroll. The industries that either stayed afloat or thrived managed to do so thanks to remote work, creating a shift in the workforce, both remote and otherwise, and universities are expected to take note of these shifts in the workforce, and how they will lead to shifts in educational training.

Just as in the previous Great Depression jobs were created to tackle the challenges society faced, culminating in factory jobs to power the Allied victory in World War Ⅱ, the jobs that will fuel our recovery today lie in fields tackling 21st-century challenges, and these roles don’t necessarily require degrees. In fact, most of the employers of today value skillsets over degrees, unlike the employers of yesteryear. As such, universities must be aware, and adapt to the fact that in the current economy, students are looking for jobs within future-proofed fields that quickly secure stable employment. The first step in adapting to the change in demands and times is by offering skill learning as part of a Digital New Deal.

The role of educational facilities in a Digital New Deal

Traditional four-year degrees are as much a promising investment as ever, but the current job crisis, especially with regards to filling roles in high-demand industries such as cybersecurity, calls for high intensity training that can help professionals secure roles within a matter of months instead of years. COVID-19 sped up the changes in higher education that were already on track and ultimately begging for a shift to alternative career tracks. In order to truly help their students develop skills for employability and to diversify revenue streams, universities must offer highly technical training in additional forms, such as bootcamps, in addition to the general education curriculum.

Cybersecurity bootcamps, for instance, serve as the fast track to a fulfilling career in the space. While there are plenty of speedier certification programs out there, they ultimately fall short across multiple fronts. The training behind those programs don’t translate to a well-rounded set of skills, and pale in comparison to bootcamps, which are far more hands-on and align with industry demands.

Careers in cybersecurity, even at the entry level, are future-proofed, and do not require prior IT experience, which is a big deal considering many entry-level positions elsewhere call for an unrealistic number of years of experience out of young adults.

Reversing the effects of the Great Recession

Many of the effects of the Great Recession can be reversed if anyone who is unemployed, underemployed, or simply looking to switch careers, takes the initiative to switch over to the world of cybersecurity, which boasts tremendous job satisfaction. Career options within the space are plentiful, and they pay more than most other IT jobs. That’s true even at the entry level, by as much as a full 16 percent more—or about $13,000—than the average for all IT jobs.

Positions in this field are also far more stable than other positions in the tech sector. Some of the entry-level roles in cybersecurity that don’t require prior IT experience include SOC Operator, Information Security Analyst, Junior Penetration Tester, and Systems Administrator. More often than not, professionals in cybersecurity earn six-figure salaries, even at an early stage in their career.

#Cybersecurity bootcamps in collaboration with educational facilities worldwide can play a pivotal role in filling roles and improving the earning potential of professionals. #respectdataClick to Tweet

As part of a Digital New Deal, in collaboration with educational facilities worldwide, cybersecurity bootcamps will play a pivotal role in improving the earning potential of professionals in a space that is desperately looking to fill roles. The fact that there are millions of positions available (and barely enough qualified people to fill the roles) puts those who enroll in bootcamps at an advantage on the fast track to expansion of employment prospects. Collectively, a Digital New Deal would make a tremendous impact in tackling the worst economy since the Great Depression. Its successful deployment would also reduce the risk of cyber crimes and their repercussions across the board, from businesses, to governments, to individuals.


Founder and CEO at Cybint



Facial Recognition Systems Scan 23 Million People at US Borders, 
Come up With Zero Imposters

SCOTT IKEDA·FEBRUARY 23, 2021

Though international travel was down in 2020 due to the protracted coronavirus pandemic, there were still 23 million border crossers entering the United States that were subject to facial recognition scans. Of these, it appears not one was determined to be an imposter at any of the country’s airports according to an annual U.S. Customs and Border Protection (CBP) report.

These numbers are generally low each year; the agency caught 100 imposters out of 19 million scans in 2019, but it has been as high as 285 among fewer scans in recent years since more advanced (and more numerous) facial recognition systems have been implemented and statistics have been tracked.
Facial recognition system catches no imposters among 4 million more travelers

The system did have some luck with pedestrian border crossers, where it identified just under 100 people attempting to cross national borders on foot under an assumed identity. It completely struck out at airports in spite of a substantially increased amount of facial recognition scans, however. Commercial airlines have been using facial recognition since 2017, and it has also been used at seaports for international cruise passengers since 2018.

CBP has been in some trouble over the accuracy of this program since it began publicly reporting numbers several years ago. The Government Accountability Office (GAO) took the CBP to task in late 2020 over a general poor quality of operations, from unhelpful traveler-facing signage and program information in airports to questionable accuracy audits.

James McQuiggan, security awareness advocate at KnowBe4, points out that given the small sample size of data and relative newness of the technology it is impossible to say if this is a case of unique coronavirus conditions limiting attempts or if the system simply is no good at picking out fraudulent travel documents: “Having no imposters come through in 2020 and with 23 million coming into the U.S. could be due to lockdowns in various countries and restrictions on travel, which might have slowed imposters’ progress to gain entry in the U.S. illegally … While the report does not provide any data or audit results, it’s unclear whether the Government Assurance Office (GAO) conducted any test with a “fake” imposter to see if they could bypass the CBP. In cybersecurity or physical security, organizations want to test and monitor their perimeters, whether electronic or physical. These audits can determine any areas of improvement and if the processes and procedures are operating as required.”

It is known that CBP auditing of each airport’s scans is fairly limited: only two flights from each airport are examined by the department each week and that process can take weeks to detect issues in how scans are being done.

Are border facial recognition systems failing?


The airport facial recognition scan essentially compares the travelers face to their passport photo, looking for a match and for signs that the passport may be illegitimate. INTERPOL maintains an international database of reported lost and stolen passports that the US and other countries use as part of these checks, but a 2014 government hearing found that many countries were not reporting these passports to the agency.

Stuart Sharp, Vice President of Technical Services at OneLogin, expanded on the screening system that is in use at airports: “We should not assume that the CBP facial recognition tools have failed simply by a lack of imposter identification, as this may simply be the result of fewer individuals attempting to enter the country as a result of Covid. Nevertheless, while biometrics have a role to play in identification, it does face significant limitations. Most people don’t realise that Biometric authentication relies on a probabilistic model, not deterministic. When comparing a facial or fingerprint scan to the stored value, the system accepts a degree of variation. This is called the False Acceptance Rate (FAR) metric, which is the probability that the system will incorrectly identify a user as valid. Realizing that facial recognition is simply verifying that the scan is ‘similar’ to the stored image, you can see that there is a real risk that the CBP tools are not detecting skillful imposters.”

Facial recognition has also run into its own inherent accuracy problems. An NIST study in late 2019 found that the facial scanning systems used by border control and law enforcement agencies had serious inaccuracy problems for specific demographics of people: African-American and Asian people specifically, and it was considerably more inaccurate for women and older people than men and middle-aged data subjects. These inaccuracies were tracked back to the possibility of biased facial samples used to train the AI algorithms, with the data sets simply not containing enough members of these demographics to be able to accurately identify them. As of late 2020 a number of companies have claimed that they are working to fix these inherent bias issues, but due to the secretive nature of the industry it is difficult for the general public to tell how successful these efforts are or if real world improvements are being seen.

Out of 23 million border crossers entering the US, none were determined to be an imposter from #facialrecognition scans, raising questions on the tech. #privacy #respectdataClick to Tweet

There are also questions about the security of the facial recognition systems used at the border, and the prospect of attackers gaining illicit access to them. The Department of Homeland Security (DHS) experienced a breach by way of a vendor in 2019, which caused the photos and personal data (including license plate numbers) of thousands of border-crossing travelers to be leaked to the dark web. The vendor had apparently stored these images on its own local servers against DHS policy; a rogue employee gained access to the photos between 2018 and 2019 and exfiltrated them, later attempting to ransom the vendor for Bitcoin and leaking the images to the dark web when the ransom was not paid. The incident was not confirmed by DHS until 2020. While there have not been any known incidents of CBP’s facial comparison biometrics or the screening processes used at airports being hacked, the vendor compromise demonstrates that the entire facial recognition system relies on a massive network of subcontractors that each represent potential points of vulnerability
PRC Spying, Malware and Disinformation Campaigns Push Hong Kong Dissidents to Underground Communications Channels


DATA PRIVACYNEWS·

SCOTT IKEDA·FEBRUARY 19, 2021

Following the anti-extradition protests that spanned from 2019 into 2020, the Chinese Communist Party has stepped up its digital actions against Hong Kong activists and dissidents. A new report from threat intelligence firm Intsights finds that aggressive disinformation campaigns and related measures have forced organizers to move to the digital underground, using encryption and the dark web to keep the PRC from observing and inserting itself into their communication

Disinformation campaigns, mass surveillance drive “dark web” uptick in Hong Kong

Though the Hong Kong street protests have since dissipated, tensions have nevertheless remained high as the Chinese government has aggressively moved to control the flow of information in the region. It has also made mass arrests of protesters under charges such as “subverting state power.” The PRC has also been conducting blanket surveillance that sweeps up even those that are not politically involved, for example monitoring and censoring Zoom conferences organized by businesses and schools. The country’s national security laws require companies based in its territory to turn over any information requested by the government.

Dissidents have responded to disinformation campaigns and surveillance by moving their communications to encrypted messaging apps and dark web forums. However, the researchers warn that this opens up inexperienced navigators to a new realm of criminal threats; some paid services have sprung up to safely guide activists and dissidents to the clandestine meeting places and resources that they are seeking.

The dark web is best known for the sale of illicit goods, everything from credit card skimming equipment to illegal drugs. This is the world that novices must learn to navigate, generally without assistance (unless they pay for it). And when they do find homes for political discussion, they are not necessarily ideologically friendly. The report finds that the most popular Chinese-language discussion forums on the dark web actually tend to be pro-PRC. And the dark web is not free from the eyes of the government; posts from users indicate that Chinese espionage agents monitor at least some of these sites and will occasionally make attempts to disrupt or take down the servers that host them

The move away from mainstream social media sites has largely been driven by disinformation campaigns, even when those sites do not fall under the influence of China’s government. The PRC is also able to weaponize false claims of “disinformation” against activists by placing the poster in jail for spreading “fake news.” The government’s reach into foreign social media companies is substantial, at least judging by Twitter’s own internal numbers. The social media giant reports finding over 23,000 accounts spreading “geopolitical narratives favorable to the CCP” as part of disinformation campaigns in the past year, taking down thousands of them for abuse of the terms of service. These accounts appear to be supported by an additional network of at least 150,000 accounts that serve to “signal boost” the information that the primary accounts post by “liking” and retweeting it.

And when the Chinese government identifies and targets a dissident, surveillance and arrest is not their only concern. The government has been known to target activists with malware dating back to at least 2014. A recent example that has been seen in the wild is the use of the LightSpy malware, which targets iOS devices and allows the attacker to remotely execute commands. It is able to vacuum up quite a bit of a phone’s data: contact lists, call history, geolocation data and lists of installed apps among other items. A similar piece of malware called dmsSpy was seen to be targeting Android users via a fake app claiming to be associated with the Hong Kong Democracy and Freedom Movement.

The Chinese government has also been observed targeting dissidents with malicious PDF files that appear to come from trusted sources. This aspect of the disinformation campaigns is usually topical and ties into items of great interest to protestors; for example, one recent attack claimed to provide an update to United Kingdom PM Boris Johnson’s announcement that the country would take in up to three million refugees from Hong Kong.

Usage of encrypted communications

In addition to the dark web, activists are responding with an uptick in usage of encrypted communications apps and VPNs located outside of China to counter the disinformation campaigns. The messaging app Signal has become very commonly used in recent months; other popular choices are Telegram, Proton and the local mesh networking app Bridgefy.

Dissidents need all of the assistance they can get from these various tools, as they are up against one of the world’s most formidable hacking forces in addition to the social media disinformation campaigns. The report indicates that state-backed advanced persistent threat (APT) groups have turned their attention from cyber attacks to the business of tracking and exposing Hong Kong activists. These include Winnti Group (APT 41), known for attacking online games for over a decade, and Gothic Panda (APT 3).
Dissidents have responded to #disinformation campaigns and #surveillance by moving their communications to encrypted messaging apps and #darkweb forums. #respectdataClick to Tweet

Hong Kong is supposed to be politically and legally independent from China until 2047, but the PRC has called the treaty “unequal.” The UK views the implementation of the new security laws as a violation of the treaty and is considering sanctions as a response.


New Polling Reveals Increasingly Negative Views of Big Tech, Strong Public Support for Regulation

DATA PRIVACYNEWS·

SCOTT IKEDA·MARCH 3, 2021

As of August 2019, Big Tech companies were not particularly popular. At that time, only 46% of Americans had at least a “somewhat” positive view of them according to Gallup polling. A new poll shows that negative views have increased since then, with only 34% of Americans now expressing any level of positive opinion.

Due to the timing, the polls are thought to be influenced by the then-recent riots at the U.S. Capitol. However, that source of displeasure has typically come from the political left; the right has perhaps even more negative views of Big Tech due to a perception of ongoing censorship and political bias on social media platforms.

Big Tech struggling to please anyone

45% of US adults express some level of negative view of Big Tech in the recent polling, and 20% are neutral. The survey defined “Big Tech” as mostly Silicon Valley-rooted companies that are among the biggest names in social media and retail, for example listing Amazon and Facebook by name as well as Google. The swap from positive to negative sentiment was close to uniform, and the percentage of those indicating that they had the lowest possible view of Big Tech firms (a response of “very negative”) more than doubled from 10% to 22%.

The poll also indicates that Americans have an increasing appetite for regulation of Big Tech firms. The number that wanted to see an increase in government regulation moved from 48% to 57%.

The poll was conducted from January 21 to February 2, so Gallop speculates that the events of January 6 may have been an influence on respondents. In response to the riots that saw a pro-Trump mob storm into the US Capitol and several deaths resulting from clashes between rioters and security forces, a number of major social media platforms banned Donald Trump. Additionally Google, Amazon and Apple took action to terminate hosting of Parler, an alternative social media platform that conservatives had been favoring recently.

While these are all moves that would primarily rile up right-wing supporters, political animus against the Big Tech platforms had previously come in great quantities from the left as well. Prior to Trump’s deplatforming, many on the left felt that the social media platforms were too permissive with Trump and those in his political orbit as well as various campaigns in support of him. Platforms such as Twitter had previously implemented fact-checking notifications as a specific response to this discontent from the left.

The Gallup poll did ask respondents for their political affiliation, and among those that opted to respond there was an unsurprising trend of conservative politics correlating with more negative views of Big Tech. Republicans with a negative view of Big Tech ballooned from 37% to 65% in 18 months, and independents grew from 33% to 44%. Democrat views were almost unchanged since 2019; 49% continue to view Big Tech in some sort of a positive light, with the share of negative views increasing only 1% to 30%. However, Democrats remain more in favor of increased regulation at a rate of 60% to 58% of independents and 53% of Republicans. Republican interest in regulation has increased since 2019, however, gaining 5% to go to a majority among those respondents.











Negative views coming from differing sources

While both ends of the political spectrum are distrustful of Big Tech and would like to see government put reins on the industry, the concerns stem from differing sources.

American conservatives are staunchly anti-regulation when it comes to private businesses, and the polling indicates that many are holding to that principle even as they decry Big Tech’s practices. Their concerns center on a presumed connection between the Democratic party and Big Tech as a general industry, a partnership that causes their content and posts to be flagged more frequently and to be unfairly subject to removal and limitation. Democrats have relatively little concern about censorship on social media, but have led the charge in pushing for antitrust investigations into companies such as Facebook and tighter regulation of how personal data is collected and used.

45% of US adults express some level of negative view of #
BigTech in recent polling by Gallup. #respectdata

While one can argue about what (if any) side of the political aisle Big Tech tends to fall on, it has shown a decided preference for government regulation of technology: a hands-off “self regulation” approach. A number of its recent voluntary moves, such as increased policing of alleged misinformation, have ultimately been to this end. Big tech faces some inherent (and significant) problems here. The Gallup poll illustrates one of them; selling self-regulation to the public does not seem to be going well given that there is a bipartisan preference for increased government intervention and a negative view of everything associated with the industry. The other major issue is that any attempt to police information will have a negative impact on user engagement, which social media platforms are fine-tuned to maximize (and which profits greatly depend on).

New York Cyber Task Force Report Identifies Near-Term Cyber Defense Challenges, Calls for Increased Government and Private Industry Collaboration















SCOTT IKEDA·MARCH 4, 2021


A new report prepared by the New York Cyber Task Force examines the leading cyber defense challenges anticipated through 2025 and finds that coordination between government agencies and private business must be revamped in a dramatic way for the United States to be up to the task.

Titled “Enhancing Readiness for National Cyber Defense through Operational Collaboration,” the report finds that public-private coordination to curtail and remediate severe cyber defense crises is a vital leverage point going forward. The report looks at national defense through the lens of emerging technologies and opportunities for threat actors such as the rollout of 5G, expected geopolitical areas of competition and advances in AI and the Internet of Things (IoT).
A potential future face of cyber defense partnerships

The report sees the state of cyber defense changing very rapidly in the next few years due to these various technological developments rolling out and becoming a part of everyday life. Commissioned by the School of International and Public Affairs (SIPA) just after the Covid-19 outbreak in early 2020, the central purpose of the report is to forecast “severe but plausible” threats that are likely to emerge by 2025.

The answer to this variety of emerging cyber defense challenges, at least according to the report, is the concept of “operational collaboration.” Made as simple as possible, this means the forging of new partnerships between government agencies and the private companies that run the internet’s infrastructure and various communications platforms for the purpose of cyber readiness.

That’s a concept that can make people nervous when stated broadly, but the report is careful to specify that these partnerships are meant for response to “severely disruptive” crisis threats. The central proposition is the formation of a new federal agency, the National Cyber Response Network (NCRN), which acts on what it calls National Cyber Crisis Contingencies (NCCC).

So what exactly are these contingencies? The report role-plays four imagined scenarios that serve as examples, all involving US rival nations that pose some sort of threat. One scenario sees Iran attacking US smart devices and the utilities used by forces deployed in support of Saudi Arabia. Another envisions China mounting a disruptive long-term campaign against US logistics using IoT and AI-based attacks. And a third sees North Korea escalating its cybercrime campaigns to directly attack cloud-based services used by US banks. The crisis contingencies addressed by this proposal involve some sort of national-level security threats against critical functions at a scale and duration that is more severe than the average attack.

“Big tech” sums up the private organizations that would be a part of the proposed NCRN. The agency is visualized as a network of nodes that loops in the relevant federal agencies as well as state and local entities and providers of critical infrastructure. The “digital service provider node” is where the private entities come in; the report’s flow chart identifies Amazon AWS, Microsoft, Google and AT&T as specific businesses that would be included. The NCRN’s primary directive would be integrating these disparate organizations and training their response teams to activate and coordinate during an NCCC response. This would include regular collaborative cyber security training and exercises centered on shared playbooks.

Recommendations for cyber defense

Among the handful of specific recommendations in the report that would allow for this new cyber defense network to begin assembling, the third – “Remove legal and procedural barriers to enhance response” – is the one most likely to give people pause. The report is somewhat vague in this area but does call for “emergency collaboration clauses” for the private industry security teams that ” … offer full protection from legal recourse for any information appropriately disclosed to better enable a timely response to a declared NCCC.” It also calls for increased local law enforcement access to federal-level intelligence during cyber attacks.

Another recommendation that could prove contentious and hard to manage, given general public attitudes toward the media and big tech, is “building trust and confidence” by engaging “traditional media organizations and reporters.” This proposal calls for “digital literacy programming” for the general public to identify misinformation, and “mechanisms for the public to flag and report disinformation during a cyber crisis.” The proposal also seeks to “Increase collaboration between governmental communications, traditional media, social media platforms and influencers though crisis co-creation of cyber crisis communications playbooks for media stakeholders and NCRN node operators,” and to ” … ensure that the government and media companies have appropriate active collaborative mechanisms to moderate content with stricter fact-checking, publishing criteria, and warnings of misinformation campaigns.”

The report’s section on “trusted information sources” also provides some interesting reading, addressing the reality that private organizations will be hesitant to transparently collaborate with the same government agencies that are regulating them. The researchers also see the media’s “competing priorities” as a potential barrier to use as an information outlet during a cyber defense crisi

Answer to the variety of emerging #cyberdefense challenges is the concept of 'operational collaboration' between public and private entities. #cybersecurity #respectdata

While the report is peppered with politically and socially contentious proposals, what might ultimately be the biggest barrier to this bold digital transformation is the cost. The report does not name any figures, but the level of cyber defense readiness it calls for would undoubtedly come with a huge bill to public funds in addition to substantially increased costs for various private stakeholders and their vendors.


Senior Correspondent at CPO Magazine
Hacktivists Attack Controversial Christian Conservative Social Media Site Gab, Leak 70 Gigabytes of Hacked Data Including Private Messages and Passwords


CYBER SECURITYNEWS·

SCOTT IKEDA·MARCH 10, 2021


When Donald Trump was banned from major social media platforms and conservative personalities cried foul over censorship measures earlier this year, a number migrated to Parler. When Parler suffered hosting difficulties and data breaches, some opted to move on to Gab instead. A hacktivist group calling itself “Distributed Denial of Secrets” has taken it upon itself to expose the sites users, dumping some 70 gigabytes of hacked data that includes highly sensitive personal information, messages and passwords.

The hacktivist group calls the breach “GabLeaks,” and it includes all (some 40 million) of Gab’s public and private posts minus any attached pictures or video. It also includes an unknown amount of both user and group passwords. The hacktivist group is not making the hacked data available to the general public, instead promising to share it selectively with journalists and academics who have characterized the data as a gold mine of research material regarding ” … everything surrounding January 6.”

Hackers attack heavily criticized platform, but ethical questions abound

Critics of Gab would likely take issue with the simple description of it as a “Christian conservative” platform. The first incident they would undoubtedly point to is the Pittsburgh synagogue shooting massacre in 2018. Gab was a favored hangout of the shooter, who posted neo-Nazi and anti-Semitic messages there prior to the attack. The service has also welcomed figures banned from other social media platforms, some of them open white supremacists.

Gab is unusual even among the sometimes fringe milieu of sites oriented to right-wing politics. The site itself does not openly promote extremist values, but is explicit about being an organization with religious values. However, its central selling point is that it rarely moderates content. The company spins this as a principled stand for free speech, but the practical result is that extremist ideologies banned from other platforms have tended to gather there.

Critics among extremism research communities say that this position has provided a unique opportunity for neo-Nazi and terrorist groups to publish content to and recruit from a more mainstream audience than they are usually limited to, and that situation was only exacerbated with the flood of new users in the wake of the Trump suspensions and Parler’s monthlong struggle to find hosting. The site has run into a number of problems in the past due to its permissiveness. Apple refused to host the Gab app in 2016 due to the presence of pornography and hate speech, and Google removed it from the Android app store after a few months for similar reasons. Stripe has banned it from its payment services due to adult content, and PayPal has done so due to hate speech.

Though there is ample evidence that the site is a hotbed for extremism, not all of its users are necessarily extremists or involved in matters “surrounding January 6” (referring to the storming of the US Capitol by protesters). The hacktivist group, which itself expresses some extremist sentiments, does not seem to be bothered by that possibility. Distributed Denial of Secrets added a note to the top of a chatlogs.txt file that contains the private conversations of all of the sites users that reads “F*** TRUMP. F*** COLONIZERS & CAPITALISTS. DEATH TO AMERIKKKA.” Founded in 2018, the group styles itself as a successor to WikiLeaks and was also recently behind the breach of law firm Jones Day (which represents the Chicago Police Department among other clients) and the mass scraping of Parler’s public posts. In January it published a terabyte of hacked data from ransomware victims collected from the dark web, and it was behind the 2020 BlueLeaks dump that shared 269 gigabytes of hacked law enforcement agency data (something that prompted the Department of Homeland Security to label it a “criminal hacker group”).

The lead hacktivist behind the action refers to themselves as “JaXpArO and My Little Anonymous Revival Project.” The username can be found as a poster on various hardware forums and discussion sites such as MacRumors making references to hacking, but it is unclear if there is a connection with the person responsible for the hacked data.

Andrew Barratt, Managing Principal of Solutions and Investigations at Coalfire, notes that wide-ranging document dumps such as this are becoming the new normal in hacktivist circles and that organizations should expect more free and immediate circulation of hacked data: “Hacktivism has been around since the birth of the internet with attacks on political parties around the world, as well as corporations that have fallen foul of their own transparency goals. In the old days a webpage would be defaced, or made to be self satire. Now denial of service attacks and data drops are the preferred weapon to get the attention of those in charge. It is definitely here to stay, in one evolved form or another.”
Gab hacked data appears to be almost complete compromise of the platform

It is unclear exactly how many of the platform’s personal and private group passwords were leaked by the hacktivists, but it appears that the personal account passwords were cryptographically hashed. Without knowing what hashing method was used, it is impossible to say how secure they are; the difficulty of breaking the encryption could range from trivial to nearly impossible. The hacked data includes hashed passwords for the accounts of Donald Trump, MyPillow founder Mike Lindell and talk radio host Alex Jones. It is known that the private group passwords are not encrypted and were leaked in plaintext, something that is disclosed to Gab users before they create a new group.
'GabLeaks' includes all (some 40 million) of Gab's public and private posts minus any attached pictures or video, along with some amount of both user and group passwords. #cybersecurity #respectdataClick to Tweet

In a public blog post and comments to Wired magazine and other media outlets, a spokesperson for the controversial social media site confirmed that the breach was the result of an SQL injection that has since been patched and downplayed the amount of personal information among the hacked data. The spokesperson said that Gab does not collect highly sensitive pieces of personal information such as birth dates or telephone numbers. In a statement on Twitter confirming the breach, Gab CEO Andrew Torba referred to the hacktivists as “mentally ill demon hackers” and used a transphobic slur to describe them.


Senior Correspondent at CPO Magazine
West Bank refuge welcomes unfancied donkeys
Issued on: 09/03/2021 - 



Donkeys in a pen at the Safe Haven for Donkeys sanctuary in the West Bank town of Rujayb Jaafar 
Rujayb (Palestinian Territories) (AFP)






Rakan Silos rises early every Thursday and heads to a West Bank donkey shelter where he helps care for animals that still play an important role in daily Palestinian life.

Donkeys that did not attract a buyer at a weekly market in Nablus are brought to the shelter in nearby Rujayb, where Silos, a veterinarian, examines them "completely and free of charge".

The shelter is run by the British charity Safe Haven For Donkeys, established in 2000 to care for working donkeys in Israel and the Palestinian territories.

Donkeys "work so hard for so little," but are often plagued by easily treatable conditions like overgrown hooves and bad teeth, the charity says.

Some Palestinians still rely on donkeys for transport and in agricultural work.

Silos, who trained at Al-Najah University in the Israeli-occupied West Bank, said donkeys in Nablus are brushed and coddled, the way some in other cultures might treat a cherished horse.

On Thursdays, market day in Nablus, fully grown donkeys are popular sellers, but younger ones often go unsold and abandoned because buyers want animals at full strength rather than one that will take time and money to raise.

"We take care of them until they are adults," said Wael Salama, who also works at the shelter.

He explained that adoption is free but on the conditions that the donkey not be sold.

The refuge, the only one in the West Bank, has capacity to care for up to 200 donkeys, but also offers free treatment for farmers who bring their donkeys to the site.

© 2021 AFP

Raskin demands briefing from FBI on extremists infiltrating police, military



A top House Democrat, concerned that the FBI has not been candid about extremist efforts to infiltrate law enforcement and the military, is demanding an urgent briefing from the nation's top law-enforcement agency.

Rep. Jamie Raskin, chairman of the House Civil Rights and Civil Liberties Subcommittee, dispatched a letter to FBI Director Christopher Wray Tuesday with a deadline for action.

"I am deeply concerned that the bureau dismissed this threat last year and instead characterized the threat of white-supremacist infiltration of law enforcement as a hypothetical problem that has not materialized," wrote Raskin (D-Md.), who led a hearing on the problem last year. "For the above reasons, I am requesting a member briefing on this topic no later than March 26, 2021."

The new urgency comes in the wake of an ABC News report published Monday detailing a confidential FBI intelligence assessment of the problem of white supremacists and other right-wing extremists plotting to infiltrate police agencies and the military.MORE: White supremacists 'seek affiliation' with law enforcement to further their goals, internal FBI report warns

Based on investigations between 2016 and 2020, agents and analysts with the FBI's division in San Antonio concluded that extremists would "very likely seek affiliation with military and law enforcement entities in furtherance of" their ideologies, according to a confidential intelligence assessment issued late last month.

The document, obtained by ABC News, was distributed to law enforcement agencies both in Texas and elsewhere in the country. It focused on extremists inspired by the white-supremacist publication "Siege," which served as motivation for the neo-Nazi group Atomwaffen Division, among others.

The report was titled "Siege-Inspired Actors Very Likely Seek Military and Law Enforcement Affiliation, Increasing Risk of Tradecraft Proliferation and Color of Law Offenses in the FBI San Antonio Area of Responsibility."

The FBI told ABC News Wednesday that they had received Raskin's letter, but did not offer further comment.

Testifying before the Senate Judiciary Committee last week, Wray said that there are currently 2,000 domestic terrorism investigations, up from almost 1,000 when he first started in 2017.

"Whenever we've had the chance we've tried to emphasize that this is a top concern and remained so for the FBI," Wray said in his testimony. "The FBI will not tolerate agitators and extremists who plan or committed violence. Period. And that goes for violent extremists, of any stripe."

In an interview, Raskin told ABC News he believes that the vast majority of police and members of military do their jobs properly. However, he said he has become increasingly concerned in recent years by episodes that seem to point to a serious problem with extremist activity on the inside.

"The bureau failed to level with the American people," said Raskin, who led the impeachment of former President Donald Trump in response to the Jan. 6 insurrection at the U.S. Capitol. "This is an emergency."© Brent Stirton/Getty Images Trump supporters clash with police and security forces as people try to storm the US Capitol on Jan. 6, 2021, in Washington.

Since the Jan. 6 attack, lawmakers and officials have increasingly focused on the issue of white supremacy and other types of violent extremism in the military and law enforcement. According to research by news organizations including The New York Times, at least 30 people with law enforcement training have been tied to the events of the insurrection, which left five dead, including a Capitol Hill police officer.© Brent Stirton/Getty Images

"As the world now knows, on Jan. 6, 2021, irrefutable proof of this threat materialized on the steps of the U.S. Capitol, when off-duty law enforcement officers participated in the violent insurrection against Congress," Raskin wrote in his letter to Wray. "Given the FBI's refusal just last year to admit that extremist police officers posed a serious threat to our Nation's security, I am now concerned that the Bureau lacks an adequate strategy to respond to this clear and present danger to public safety."

Conclusions in the FBI's Feb. 25 assessment were based on information from records and informants, some of whom had "excellent access," according to the document.MORE: The symbols of hate and far-right extremism on display in pro-Trump Capitol siege

"In the long term, FBI San Antonio assesses [racially motivated violent extremists] successfully entering military and law enforcement careers almost certainly will gain access to non-public tradecraft and information, enabling them to enhance operational security and develop new tactics in and beyond the FBI San Antonio" region," the report said.

The report's assessment is "based on evidence [extremists] expressed a desire to join the military and law enforcement primarily to obtain tradecraft to prepare for and initiate a collapse of society, specifically by engaging in violence against the US government and specified racial and ethnic groups," said the document. "Online peers encouraged them to seek these careers and [extremists] built relationships with associates seeking military employment, focusing on the associates' current and future martial skills."

In addition, the report says extremists are "likely to seek to exploit familial and social connections when pursuing military and law enforcement employment, reducing obstacles and increasing opportunities ... to acquire tradecraft."

The FBI publicly issued a similar warning in 2006, and in 2015 agents were instructed to modify methods and tactics because of the fear of infiltrators in their midst.