FB’s Zuckerberg Apologizes, Privacy Protection not Solved

Just how literate are you about social media platforms and the use of your keystrokes/interaction on Facebook?

Zuckerberg hopes you are not too literate regarding your data on Facebook and he says he is sorry, wont happen again….really? Media even uses the trending hashtags for their headlines and lead news items applying their own political twist. How about those apps you keep installing? Danger zone? yup…

Everything you do on Facebook is sold elsewhere and other platforms such as Twitter or Instagram is a database and being analyzed. The revenue for these social media companies comes from selling you and you cannot opt out unless you divorce yourself from the relationship and go back to old fashioned communications. Well sorta…

Paul Ford penned an interesting solution below that should begin an interesting debate…

Silicon Valley Has Failed to Protect Our Data. Here’s How to Fix It

It’s time for a digital protection agency. It’s clear ethics don’t scale, and it’s not just Facebook’s problem.
Illustration: Sally Thurer for Bloomberg Businessweek

Over and over in the last 20 years we’ve watched low-cost or free internet communications platforms spring from the good intentions or social curiosity of tech folk. We’ve watched as these platforms expanded in power and significance, selling their influence to advertisers. Twitter, Facebook, LinkedIn, Google—they grew so fast. One day they’re a lovable new way to see kid pix, next thing you know they’re reconfiguring democracy, governance, and business.

Facebook’s recent debacle is illustrative. It turns out that the company let a researcher spider through its social network to gather information on 50 million people. Then the Steve Bannon-affiliated, Robert Mercer-backed U.K. data analysis firm Cambridge Analytica used that data to target likely Trump voters. Facebook responded that, no, this was not a “breach.”

OK, sure, let’s not call it a breach. It’s how things were designed to work. That’s the problem.

For years we’ve been talking and thinking about social networks as interesting tools to model and understand human dynamics. But it’s no longer academic—Facebook has reached a scale where it’s not a model of society as much as an engine of culture. A researcher gained legitimate access to the platform and then just … kept going, and Cambridge Analytica ended up with those 50 million profiles. The “hack” was a true judo move that used the very nature of the platform against itself—like if you gave MacGyver a phone book and he somehow made it into a bomb.

What’s been unfolding for a while now is a rolling catastrophe so obvious we forget it’s happening. Private data are spilling out of banks, credit-rating providers, email providers, and social networks and ending up everywhere.

So this is an era of breaches and violations and stolen identities. Big companies can react nimbly when they fear regulation is actually on the horizon—for example, Google, Facebook, and Twitter have agreed to share data with researchers who are tracking disinformation, the result of a European Union commission on fake news. But for the most part we’re dealing with global entities that own the means whereby politicians garner votes, have vast access to capital to fund lobbying efforts, and are constitutionally certain of their own moral cause. That their platforms are used for awful ends is just a side effect on the way to global transparency, and shame on us for not seeing that.

So are we doomed to let them take our data or that of our loved ones and then to watch as that same data is used against us or shared by hackers? Yes, frankly. We’re doomed. Equifax Inc. sure won’t save us. Do we trust Congress to bring change? Do we trust Congress to plug in a phone charger? I’ll be overjoyed to find out I’m wrong. In the meantime, turn on two-factor authentication everywhere (ideally using a hardware dongle like a YubiKey), invest in a password manager, and hold on tight.

The word “leak” is right. Our sense of control over our own destinies is being challenged by these leaks. Giant internet platforms are poisoning the commons. They’ve automated it. Take a non-Facebook case: YouTube. It has users who love conspiracy videos, and YouTube takes that love as a sign that more and more people would love those videos, too. Love all around! In February an ex-employee tweeted: “The algorithm I worked on at Google recommended [InfoWars personality and lunatic conspiracy-theory purveyor] Alex Jones’ videos more than 15,000,000,000 times, to some of the most vulnerable people in the nation.”

The head of YouTube, Susan Wojcicki, recently told a crowd at SXSW that YouTube would start posting Wikipedia’s explanatory text next to conspiracy videos (like those calling a teen who survived the Parkland, Fla., shooting a “crisis actor”). Google apparently didn’t tell Wikipedia about this plan.

The activist and internet entrepreneur Maciej Ceglowski once described big data as “a bunch of radioactive, toxic sludge that we don’t know how to handle.” Maybe we should think about Google and Facebook as the new polluters. Their imperative is to grow! They create jobs! They pay taxes, sort of! In the meantime, they’re dumping trillions of units of toxic brain poison into our public-thinking reservoir. Then they mop it up with Wikipedia or send out a message that reads, “We take your privacy seriously.”

Given that the federal government is currently one angry man with nuclear weapons and a Twitter account, and that it’s futile to expect reform or self-regulation from internet giants, I’d like to propose something that will seem impossible but I would argue isn’t: Let’s make a digital Environmental Protection Agency. Call it the Digital Protection Agency. Its job would be to clean up toxic data spills, educate the public, and calibrate and levy fines.

How might a digital EPA function? Well, it could do some of the work that individuals do today. For example, the website of Australian security expert Troy Hunt, haveibeenpwned.com (“pwned” is how elite, or “l33t,” hackers, or “hax0rs,” spell “owned”), keeps track of nearly 5 billion hacked accounts. You give it your email, and it tells you if you’ve been found in a data breach. A federal agency could and should do that work, not just one very smart Australian—and it could do even better, because it would have a framework for legally exploring, copying, and dealing with illegally obtained information. Yes, we’d probably have to pay Booz Allen or Accenture or whatever about $120 million to get the same work done that Troy Hunt does on his own, but that’s the nature of government contracting, and we can only change one thing at a time.

When it comes to toxic data spills, it’s hard to know just how exposed you are. Literally all of us have been hacked—hard and a lot and mostly behind our backs. At least we could start to understand how bad it is. We could teach high school students to check the DPA site, to manage their own breaches. You’d go to the website to get good information about recovering from identity theft or a new social security number (we should also get rid of social security numbers as identification, but that’s another subject). It would have the forms you need to restore your identity, assert that you’d been hacked, and protect yourself. A nice thing for a government to do.

Let’s keep going! Imagine ranking banks and services by the number of data breaches they’ve experienced. Or a national standard for disclosure of how our private information is shared. (These ideas have been floated before in lots of different forms; the point is, how nice would it be if there was one government agency insisting on it in the same way that we have nutrition labels and calorie counts on our packaged foods?) The Consumer Financial Protection Bureau was headed in this direction—if it can survive the current maelstrom, maybe its mandate could be expanded.

So: Lots of helpful information, plenty of infographics, a way to track just how badly you’ve been screwed, and, ideally, some teeth—the DPA needs to be able to impose fines. I’m sure there’d be some fuss and opposition, but, come on. The giants have so much money it would hardly matter. And consider this from their perspective: How much better will it be to have your lawyers negotiate with the DPA’s lawyers instead of being hauled before Congress every time someone blows a whistle on your breaches?

The EPA’s budget is more than $8 billion, a little on the high side for the digital version. You could pull this off with $15 million or $20 million for tech infrastructure and to support a team—four engineers to build the platform, some designers, and then a few dozen graphic artists to make the charts and tables. Add on $2 billion for management and lawyers, and you’ve got yourself a federal agency.

I know that when you think of a Superfund site, you think of bad things, like piles of dead wildlife or stretches of fenced-off, chemical-infused land or hospital wings filled with poisoned families. No one thinks about all the great chemicals that get produced, or the amazing consumer products we all enjoy. Nobody sets out to destroy the environment; they just want to make synthetic fibers or produce industrial chemicals. The same goes for our giant tech platforms. Facebook never expected to be an engine that destroys America. Lots of nice people work there. Twitter didn’t expect to become the megaphone of despots and white nationalists. But the simple principles of “more communication is better” and “let’s build community” and “we take your privacy seriously” didn’t stand a chance under the pressure of hypergrowth and unbelievable wealth creation.

Unfortunately, ethics don’t scale as well as systems. We’ve poisoned ourselves, and more than a little. Given the money and power at stake, it’s going to be hard to get everyone to admit we’re sick. But we owe ourselves—and, cliché though it may be, we owe our children—to be more pragmatic about treating the symptoms.

With Increase in Pentagon Budget, Can U.S. Compete with Russia/China?

WASHINGTON — Hours after Russian President Vladimir Putin claimed his military has successfully tested a hypersonic cruise missile, the head of the Pentagon’s high-tech workshop says the U.S. is on track for a series of hypersonic prototype tests in the coming years, thanks to a big spending increase in the fiscal year 2019 budget request.

Even with that funding boost, Steven Walker, the director of the Pentagon’s DARPA, warned that it is time for America to come to grips with the fact that a national push is needed if the U.S. is to keep pace with competitors in the hypersonic realm.

Hypersonic flight going Mach 5, or five times the speed of sound — has been a dream of military planners for years, for obvious reasons. Any weapon system able to move that quickly would be able to avoid conventional missile and air defenses, and would have benefits both for manned or unmanned systems.

The X-51A Waverider, a U.S. Air Force test program, has successfully shown hypersonic flight is possible. But Russia may have passed the U.S. in this crucial technology. (U.S. Air Force graphic)

“We have lost our technical advantage in hypersonics,” Selva said Jan. 30 at an event hosted by the Defense Writers’ Group. “We haven’t lost the hypersonics fight.”

Whereas both those nations threw a ton of money at developing a specific capability, the U.S. has invested to “come up with a family of hypersonic systems that work without necessarily trying to close all the technology pieces at the front end,” Selva said. “We’re going to start flying these systems in 2019, you’ll see lots of flight tests, and we’re excited that these will be systems that will be very capable that we can use from standoff” range, Walker said. “These are not going to be just flying propulsion concepts through the air.” More here.

***

Michael D. Griffin, the undersecretary of defense for research and engineering, today spoke to more than 500 senior leaders from the U.S. government and defense industry to explore the impact of integrating directed energy capabilities into the national security enterprise at the 2018 Directed Energy Summit at the Ronald Reagan Building and International Trade Center here.

Directed energy weapon systems employ lasers, microwaves and particle beams against enemy targets.

Griffin has been in this arena since the 1980s and worked for the first three directors of the original missile defense agency.

“Directed energy was then in our view an important part of our future portfolio because only directed energy could offer the kind of extended magazine, if you will, the extended range, speed of light delivery of the kill,” Griffin said. “It was the only way that in the long run you could see yourself competing with the threat and coming out on top.”

Directed energy has gone through a lot of evolutions over the years, Griffin added.

Air Force has directed energy weapons; now comes the hard part photo

Superpower Competition

Griffin said there’s a recognition that superpower competition is again on the rise, and the United States must modernize its military if it wants to maintain its position of global preeminence.

“We will not win in a man-to-man fight,” Griffin said. “We have to have the technological leverage. That realization was responsible for the creation of my office, to elevate the role of technology maturation and deployment and I believe it is responsible for the renewed interest in directed energy weapons.”

And, directed energy is more than big lasers, the undersecretary said.

The undersecretary asked his audience to consider directed energy systems such as high-power microwaves, different laser designs and particle beam weapons.

“Each of these systems has its own advantages and each has its own disadvantages,” he said. “We should not lose our way as we come out of the slough of despondence in directed energy into an environment that is more welcoming of our contributions. We should not lose our way with some of the other technologies that were pioneered in the ’80s and early-’90s and now stand available for renewed effort.”

In his capacity as undersecretary for research and engineering, Griffin said he is going to be very welcoming of other approaches that may not have had a lot of focus in recent years or decades.

Directed Energy Venues

There are four venues, he said, in which directed energy can serve: land, air, sea and space.

He urged the audience to not forget that because the technologies are fundamental and can be applied across those domains, all of which are important to them.

The basing strategies, the warfighting tactics, techniques, procedures, the logistics support requirements, the manpower that is needed for support, all of these things are different and are required to be different because of the different venues in which they will have to operate, he added. More here.

 

Assassinations of Russians, a Trend or Long Game?

A registry of foreign agents to Russia, compiled by the Justice Department, includes many of Washington’s most powerful legal, communications and lobbying firms, including Sidley Austin, Venable, APCO and White & Case. A review of those records, by the Center for Responsive Politics, found 279 registrations of Russian agents in the United States. More here.

***

“Putin’s inner circle is already subject to personal U.S. sanctions, imposed over Russia’s 2014 annexation of Ukraine’s’ Crimea region,” the Reuters news agency points out. … “But the so-called ‘oligarchs’ list’ that was released on Tuesday … covers many
people beyond Putin’s circle and reaches deep into Russia’s business elite.”

Prime Minister Dmitry Medvedev is among the 114 senior political figures in Russia’s government who made the list, along with 42 of Putin’s aides, Cabinet ministers such as Foreign Minister Sergey Lavrov, and top officials in Russia’s leading spy agencies, the FSB and GRU. The CEOs of major state-owned companies, including energy giant Rosneft and Sberbank, are also on the list.

So are 96 wealthy Russians deemed “oligarchs” by the Treasury Department, which said each is believed to have assets totaling $1 billion or more. Some are the most famous of wealthy Russians, among them tycoons Roman Abramovich and Mikhail Prokhorov, who challenged Putin in the 2012 election. Aluminum magnate Oleg Deripaska, a figure in the Russia investigation over his ties to former Trump campaign chairman Paul Manafort, is included.

Russian Deputy Prime Minister Arkady Dvorkovich dismissed the list as simply a “who’s who” of Russian politics. He told Russian news agencies Tuesday he wasn’t surprised to find his name on the list, too, saying that it “looks like a ‘who’s who’ book.” Dvorkovich stopped short of saying how Russia would react to it, saying the Kremlin would “monitor the situation.” More here.

*** So when there are murder cases of Russian asylees in Britain, what are the agencies in the United States thinking?

Putin foe shot dead on Moscow street | New York Post photo

photo

Litvinenko: Not first Putin critic to end up dead - CNN.com photo

Well there was Mikhail Lesin, a former friend of Putin found dead in his hotel in Dupont Circle, Washington DC. Then there was Operation Ghost Stories, the massive spy swap.

Imagine what the context and case reference is for the FBI when it comes to Russian operations in the United States and in allied countries.Or how many planes have been shot out of the sky where clues and evidence point to Russia? More explained in video below.

Beyond the attempted assassination of Skripal and his daughter in Salisbury two weeks ago, there was yet another confirmed death.

Whoever is behind the murder of a prominent Russian exile, who believed he was on a Kremlin hit list, managed to get inside his home without breaking in, police believe.

Nikolai Glushkov, 68, was found dead at home last week at his home in southwest London, and officers are now hunting for the culprits. His official cause of death is “compression to the neck.”

Before his death, Glushkov warned that a close friend of his had been murdered, and that he would be next.

In a Monday morning update on the investigation, the Metropolitan Police said they examined Glushkov’s house and found no signs of forced entry.

*** How bad is this trend?

Genocide of White Farmers in S. Africa

A White Farmer Is Killed Every Five Days in South Africa and Authorities Do Nothing about It, Activists Say

*** The world is silent on this….question is why?

In 2017:

The couple, who had lived in the area for 20 years, were tied up, stabbed, and tortured with a blowtorch for several hours. The masked men stuffed a plastic bag down Mrs Howarth’s throat, and attempted to strangle her husband with a bag around his neck.

The couple were bundled into their own truck, still in their pyjamas, and driven to a roadside where they were shot. Mrs Howarth, 64, a former pharmaceutical company executive, was shot twice in the head. Mr Lynn, 66, was shot in the neck.

Miraculously he survived, and managed to flag down a passer-by early on Sunday morning. Mrs Howarth, who police said was “unrecognisable” from her injuries, had multiple skull fractures, gunshot wounds and “horrific” burns to her breasts.

“Sue was discovered amongst some trees, lying in a ditch,” writes Jana Boshoff, reporter for the local Middelburg Observer newspaper. “Her rescuers managed to find her by following her groans of pain and then noticing drag marks from the road into the field.

In any other country, such a crime would be almost unthinkable. But in South Africa, these kinds of farm attacks are happening nearly every day. This year so far, there have been more than 70 attacks and around 25 murders in similar attacks on white farmers.

Earlier this month, for example, 64-year-old Nicci Simpson was tortured with a power drill during an attack involving three men at her home on a farm in the Vaal area, about two hours drive from Johannesburg.

When paramedics arrived, they found three dead dogs, and the woman lying in a pool of blood, spokesman Russel Meiring told News24. “They used a drill to torture her,” police spokesman Lungelo Dlamini said.

Read more here.

Citigroup Pentagon Payment Portal 1.3 Million Weekend Hack Attempts

There are 47 pages of regulations for Department of Defense personnel using Citigroup credit cards while traveling.

Pentagon confirms hack attempt against Defense Department credit card holders

  • The Pentagon on Thursday confirmed that there was a hacking attempt against an online financial services portal that Citigroup manages for the Defense Department.
  • Citigroup had told CNBC that a “malicious actor” attempted to gain access to several Citi credit card accounts tied to the Department of Defense.
  • The attack, which included 1.3 million attempts, occurred over this past weekend.

The Pentagon on Thursday confirmed that there was a hacking attempt this past weekend against an online financial services portal that Citigroup manages for Defense Department credit card holders.

The confirmation comes a day after Citigroup told CNBC that a “malicious actor” attempted to gain access to information for Pentagon-linked credit card accounts.

The bank had responded to CNBC’s inquiry regarding an attempted hack this past weekend. The Pentagon, citing information from Citigroup, confirmed to CNBC on Thursday that there was an attack over the weekend of March 10.

Pentagon Paying For Transgender Soldier's - One News Page ...

The bank told the Defense Department that the attack came from a computer system that was randomly guessing cardholder account usernames and passwords.

The program hit Citigroup’s Pentagon online account application more than 1.3 million times. The hackers did successfully guess 318 Pentagon cardholders’ usernames and passwords, but they did not get past a secondary layer of account authentication.

“No data compromise occurred,” Citi told the Pentagon.

Citi provides financial services for the Government Travel Charge Card, or GTCC, which is used by Department of Defense personnel to pay for authorized expenses when on official travel.

CitiManager is the online portal used by the Defense Department to view statements online, make payments and confirm account balances.

The Pentagon’s Defense Travel Management Office oversees the processing of the GTCC.

*** Back in 2016, there was a hacker contest held by the Pentagon under Secretary Ash Carter….guess they missed that payment portal vulnerability possibility.

When the Pentagon announced the “Hack the Pentagon” event back in March, many wondered what kinds of vulnerabilities hackers would find when checking government websites for bugs. Now we know.

According to Defense Secretary Ash Carter, more than 250 participants out of the 1,400 submitted at least one vulnerability report, with 138 of those vulnerabilities determined to be “legitimate, unique and eligible for a bounty,” he said. The bounties ranged per person from $100 to around $15,000 if someone submitted multiple bugs.

The pilot program, which ran from April 18 to May 12, cost about $150,000, with around half of that going to participants. The results were released on Friday, according to the Department of Defense’s website.

“Hack the Pentagon” was deemed a cost-effective way to scour five of the US defense departments’ websites (defense.gov, dodlive.mil, dvidshub.net, myafn.net and dimoc.mil, according to a DoD spokesman) for security bugs. Instead of going to outside security firms, which would’ve cost upwards of $1 million, the government instead recruited amateur hackers to do it for much less, some who were only in high school.

In addition to reporting on the number of bugs, Carter also said that the government has worked with HackerOne, a bug bounty platform, to fix the vulnerabilities and that the department has “built stronger bridges to innovative citizens who want to make a difference to our defense mission.” Carter wants the “bug bounty” program to extend to other areas of the government and wants to ensure that hackers and researchers can report bugs without a dedicated program.

“When it comes to information and technology, the defense establishment usually relies on closed systems,” he said. “But the more friendly eyes we have on some of our systems and websites, the more gaps we can find, the more vulnerabilities we can fix, and the greater security we can provide to our warfighters.”

Many website already have bug bounty programs in place, but it was the first time the federal government had come up with such a program. It’s good experience for young hackers and security fiends who want to try and hack a government agency, although that’s a small amount of money for their time.