Start Up No.1,055: the 5G threat, a new Chinese IoT vulnerability, fining Facebook, the climate change number, Google bans Baidu spinoff’s apps, and more

Swine fever has led to the slaughter of millions of pigs in China; expect pork prices to rise. CC-licensed photo by angieandsteve on Flickr.

You can sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 11 links for you. No spoilers! I’m @charlesarthur on Twitter. Observations and links welcome.

The terrifying potential of the 5G network • The New Yorker

Sue Halpern:


A totally connected world will also be especially susceptible to cyberattacks. Even before the introduction of 5G networks, hackers have breached the control center of a municipal dam system, stopped an Internet-connected car as it travelled down an interstate, and sabotaged home appliances. Ransomware, malware, crypto-jacking, identity theft, and data breaches have become so common that more Americans are afraid of cybercrime than they are of becoming a victim of violent crime. Adding more devices to the online universe is destined to create more opportunities for disruption. “5G is not just for refrigerators,” Spalding said. “It’s farm implements, it’s airplanes, it’s all kinds of different things that can actually kill people or that allow someone to reach into the network and direct those things to do what they want them to do. It’s a completely different threat that we’ve never experienced before.”

Spalding’s solution, he told me, was to build the 5G network from scratch, incorporating cyber defenses into its design. Because this would be a massive undertaking, he initially suggested that one option would be for the federal government to pay for it and, essentially, rent it out to the telecom companies. But he had scrapped that idea. A later draft, he said, proposed that the major telecom companies—Verizon, AT+T, Sprint, and T-Mobile—form a separate company to build the network together and share it. “It was meant to be a nationwide network,” Spalding told me, not a nationalized one. “They could build this network and then sell bandwidth to their retail customers. That was one idea, but it was never that the government would own the network. It was always about, How do we get industry to actually secure the system?”


unique link to this extract

P2P weakness exposes millions of IoT devices • Krebs on Security

Brian Krebs:


The security flaws involve iLnkP2P, software developed by China-based Shenzhen Yunni Technology. iLnkP2p is bundled with millions of Internet of Things (IoT) devices, including security cameras and Webcams, baby monitors, smart doorbells, and digital video recorders.

iLnkP2P is designed to allow users of these devices to quickly and easily access them remotely from anywhere in the world, without having to tinker with one’s firewall: Users simply download a mobile app, scan a barcode or enter the six-digit ID stamped onto the bottom of the device, and the P2P software handles the rest.

But according to an in-depth analysis shared with KrebsOnSecurity by security researcher Paul Marrapese, iLnkP2P devices offer no authentication or encryption and can be easily enumerated, allowing potential attackers to establish a direct connection to these devices while bypassing any firewall restrictions.

Marrapese said a proof-of-concept script he built identified more than two million vulnerable devices around the globe (see map above). He found that 39% of the vulnerable IoT things were in China; another 19% are located in Europe; 7% of them are in use in the United States.


You might say “why would you trust Chinese P2P software?” but the problem is that it’s often embedded in the device, and you don’t really get a chance to query it. And Chinese software is notoriously bad. There’ll be a botnet using these within a few days, at a guess.
unique link to this extract

If a $5bn fine is chump change, how do you punish Facebook? • The New York Times

Charlie Warzel:


That the FTC is negotiating what appears to be a trivial fine, suggests that the organization isn’t just deferential to Facebook, but that it doesn’t truly understand the company’s power.

“We don’t have a good regulatory framework [for Facebook] because this kind of scale and impact is unprecedented. And our ideas for remedies, things like fines, are based on an outdated view of how markets work,” the Glitch CEO and longtime developer, Anil Dash, told me.

“The FTC is based on the premise of markets where consumers have choice,” Mr. Dash continued. “As long as their remedies are conceived of within that outdated framework, it will remain structurally impossible for them to hold any major platform accountable in any meaningful way.”

Don’t believe the critics? Then just ask the market. As BuzzFeed News pointed out on Wednesday, in just one hour of after-hours trading after signaling its impending $3bn to $5bn fine, Facebook’s market capitalization increased by $40bn.

Which means that most fines likely to be considered by the FTC might amount to what Matt Stoller, a fellow at the Open Markets Institute, described to me as “a parking ticket and a news release.”

Some with insider experience disagree. A former FTC consumer protection official told me Thursday that if the numbers they’d heard around the fine are real, “they might not be transformative to the bottom line” but would be “symbolic of the gravity.” Similarly, they believed the organization could add requirements that “change the way Facebook handles and shares data. I’d be very surprised if Facebook didn’t continue in the same general lines of business, but operating with more restrictions,” they said.


Nope, that’s not going to be what they do. They’ll just plough on.
unique link to this extract

Chinese hog farms ‘panic’ as swine virus continues roiling herds • Bloomberg



China, which produces about half the world’s pork, has seen its biggest ever drop in the number of hogs over the past few months, said Wang. The country’s productive sow herds slumped 21% on year in March after a 19% drop in February, ministry data showed. As well as leading to a surge in pork prices, the epidemic could also cut demand for soybeans, an animal feed ingredient, where China is the world’s largest importer.

Lack of bio-security measures at many of small farms, coupled with a large number of live hogs being transported long distances, are to blame for the spread of the disease, said Wang. The outbreak in Hainan on Sunday follows the occurrence at two farms confirmed Friday by the Ministry of Agriculture.

China’s soybean imports in the year to September may fall to 85-86 million tons, said Chen Gang, vice chairman of the China Vegetable Oil Industry Association, below the US Department of Agriculture’s 88 million ton forecast.

The decline in the pig herd will reduce demand for soymeal, a product of soy crushing, for the first time in years, said Chen, whose association overseas the major crushers including those run by state-owned Cofco.


Expect the price of pork to go up. It’s also going to wallop soy farmers when demand goes down.
unique link to this extract

The one number you need to know about climate change • MIT Technology Review

David Rotman:


It’s the social cost of carbon… For most of us, it’s a way to grasp how much our carbon emissions will affect the world’s health, agriculture, and economy for the next several hundred years. Maximilian Auffhammer, an economist at the University of California, Berkeley, describes it this way: it’s approximately the damage done by driving from San Francisco to Chicago, assuming that about a ton of carbon dioxide spits out of the tailpipe over those 2,000 miles.

Common estimates of the social cost of that ton are $40 to $50. The cost of the fuel for the journey in an average car is currently around $225. In other words, you’d pay roughly 20% more to take the social cost of the trip into account.

The number is contentious, however. A US federal working group in 2016, convened by President Barack Obama, calculated it at around $40, while the Trump administration has recently put it at $1 to $7. Some academic researchers cite numbers as high as $400 or more…

…the researchers have found that climate change will kill far more people than once thought. Michael Greenstone, a University of Chicago economist who co-directs the Climate Impact Lab with Hsiang, says that previous mortality estimates had looked at seven wealthy cities, most in relatively cool climates. His group looked at data gleaned from 56% of the world’s population. It found that the social cost of carbon due to increased mortality alone is $30, nearly as high as the Obama administration’s estimate for the social cost of all climate impacts. An additional 9.1 million people will die every year by 2100, the group estimates, if climate change is left unchecked (assuming a global population of 12.7 billion people).


I’d have gone for the $400 figure. Straight off, you need to get people to realise the gravity of what’s ahead. It’s so ironic that the Avengers: Endgame film is pulling in more than $1bn at the box office, and its baddie basically does what climate change does. But faster.
unique link to this extract

Google is banning a Play Store developer with more than half a billion app installs and ties to Baidu • Buzzfeed News

Craig Silverman:


As of today, 46 apps from DO Global, which is partly owned by internet giant Baidu, are gone from the Play store. BuzzFeed News also found that DO Global apps no longer offer ad inventory for purchase via Google’s AdMob network, suggesting the ban has also been extended to the internet giant’s ad products.

Google would not comment specifically on the removals, but a source with knowledge of the action said the company was moving to ban DO Global overall, and that more app removals would follow.

“We actively investigate malicious behavior, and when we find violations, we take action, including the removal of a developer’s ability to monetize their app with AdMob or publish on Play,” a Google spokesperson said.

Prior to the app removals, DO Global had roughly 100 apps in the Play store with over 600 million installs. Their removal from the Play store marks one of the biggest bans, if not the biggest, Google has ever instituted against an app developer. DO Global was a subsidiary of Baidu until it was spun out last summer; Baidu retains a 34% stake.

After this story was published. DO Global issued a statement to BuzzFeed News that acknowledged and apologized for “irregularities” in its apps, and said it accepts Google’s decision.


Hooray for curated app stores, I guess, and users (and journalists) who keep a close eye on them.
unique link to this extract

Facebook admits it ran hundreds of Trump campaign ads that violate Facebook rules • Popular

Judd Legum:


Melania Trump’s birthday is April 26. For weeks, the Trump campaign has used the First Lady’s big day — she’ll be 49 — to build their email list. They’ve run thousands of ads urging Facebook users to sign a “card to wish Melania a Happy Birthday!”

But today the Trump campaign is doing something different. It has produced hundreds of ads targeting women in practically every city in Texas.

These ads, accessible through the Facebook political ad library, go on and on and on. The campaign appears to be leaning on Melania to bolster Trump’s low support with women. Focusing on Texas, which some Democrats believe is the next swing state, is also an interesting choice.

But these ads also explicitly violate Facebook’s ad guidelines because they include “prohibited content.” Facebook’s rules prohibit ads that reference the “personal attributes” of the people being targeted.

“Ads must not contain content that asserts or implies personal attributes” Facebook’s rules state, including “direct or indirect assertions or implications about a person’s… gender identity.” The phrase “Attention Ladies” at the beginning of each of these ads violates the guidelines…

…Asked what Facebook is doing to prevent political ads that violate its policies from running in the first place, a spokesperson said, “we’re always looking to improve our enforcement, which is never perfect.” The company acknowledges that the ads were “subject to Facebook’s ad review system, which relies primarily on automated tools to check ads against these policies.”


So basically nothing at all, especially if it misses “Attention Ladies”.
unique link to this extract

Glitz, glamour, now guilty: spectacular fall of New York’s socialite scammer • The Guardian

Edward Helmore:


[Anna] Sorokin, a would-be art collector with plans to open a members-only arts club, carried out a lengthy and elaborate fraud on New York’s glitziest social strata under the name of Anna Delvey.

On Thursday, the Russian-born 28-year-old dubbed the “Soho grifter” was found guilty of swindling hotels, restaurants, a private jet operator and banks out of more than $200,000. She faces up to 15 years in prison.

But some of the charges in a case that has transfixed Manhattan society didn’t hold, including an alleged attempt to fraudulently obtain a $22m (£17m) loan, and an accusation that she had swindled $60,000 from a friend who had paid for a lavish trip to Morocco.

But for the most part, a jury agreed that Sorokin had fraudulently manoeuvred herself into “the best position to take money” from a social milieu that exists in a twilight of openings and events on the periphery of a tight-knit world of wealthy art collectors, dealers and auctioneers…

“‘Fake it until you make it,’” lawyer Todd Spodek said during opening statements in her trial last month. Spodek conceded that his client’s practice was unethical but, he claimed, not illegal because she planned to pay everyone back. “Any millennial will tell you,” he said, “it is not uncommon to have delusions of grandeur.”


I thought I had linked to The Cut’s coverage of this from May 2018, but apparently not. It’s fascinating.
unique link to this extract

Things got weird for the stablecoin Tether – Bloomberg

Matt Levine:


A month later, according to Bitfinex’s and Tether’s lawyers, they started to worry that the money at Crypto Capital had maybe already been stolen, and that the $625 million that Bitfinex transferred to Tether in their Crypto Capital accounts might be worthless. A month later! As I put it on Twitter, “Bitfinex took $625m in real money at a real bank from Tether, and in exchange gave Tether back $625m in fake money at a fake bank.” Or as the attorney general’s office put it:


That “credit” was illusory, though, since Bitfinex knew at the time that Crypto Capital was refusing or unable to process withdrawals or return funds. In effect, in November 2018 Respondents fraudulently shifted most or all of Bitfinex’s risk of loss of several hundred million dollars onto Tether’s balance sheet, but continued to represent to the market that tethers were fully “backed” by US dollars sitting safely in a bank account. They were not.


Now, to be fair, Bitfinex and Tether deny that the money at Crypto Capital was stolen. Bitfinex put out a statement this morning saying that “the New York Attorney General’s court filings were written in bad faith and are riddled with false assertions, including as to a purported $850m ‘loss’ at Crypto Capital”:


On the contrary, we have been informed that these Crypto Capital amounts are not lost but have been, in fact, seized and safeguarded. We are and have been actively working to exercise our rights and remedies and get those funds released.


Also, to be fair, after they “grew concerned” about Crypto Capital in December, Bitfinex and Tether re-papered this transaction, reversing the $625m Crypto Capital transfer and instead characterizing the money that Bitfinex took from Tether as a loan (that Bitfinex will have to pay back with real money rather than with a ledger entry at Crypto Capital). On the other hand they also expanded the size of the loan to let Bitfinex take even more money from Tether.


This is absolutely stunning, though completely expected. Tether has looked to me either like a money-laundering scheme or a scam or both for months. Seems like it might be the latter.
unique link to this extract

Managing editor, news • Amazon Jobs



The Managing Editor, News will work on an exciting new opportunity within Ring to manage a team of news editors who deliver breaking crime news alerts to our neighbors. This position is best suited for a candidate with experience and passion for journalism, crime reporting, and people management.


The suitable candidate, besides having around five years’ experience in a breaking news environment, will have a “deep and nuanced knowledge of American crime trends”.

I’m guessing, since they’ll be working in Amazon’s Ring (video doorbell) business, that they’re not going to be delivering the latest about impeachment or Paul Manafort getting banged up; it’ll be about Prowlers Reported In Your Area. News to scare people into buying (or loving) your product. What a world.
unique link to this extract

Apple held talks with Intel about buying its smartphone-modem chip business • WSJ

Tripp Mickle, Cara Lombardo and Dana Cimilluca:


The talks started around last summer and continued for months before halting recently, around the time Apple reached a multiyear supply agreement for modems from Intel rival Qualcomm Inc., QCOM +1.85% some of the people said.

Intel is now exploring strategic alternatives for its modem chip business, including a possible sale—to Apple or another acquirer, the people said. It has already received expressions of interest from a number of parties and has hired Goldman Sachs Group Inc. to manage the process, which is in an early stage. Should there be a deal, it could yield as much as a few billion dollars for Intel, some of the people said.

The Intel-Apple talks, which haven’t been previously reported, reflect growing openness by the iPhone maker toward the idea of big acquisitions, people familiar with the company’s operations said. The talks also are part of broader tumult in the smartphone sector as sales growth has stalled, squeezing the iPhone business that has long driven Apple’s profits…

…Selling the modem business would allow Intel to unload a costly operation that was losing about $1bn annually, according to another person familiar with its performance. Any sale would likely include staff, a portfolio of patents and modem designs related to multiple generations of wireless technology, said Patrick Moorhead, principal at Moor Insights & Strategy, a technology firm.


Entirely predictable that Apple would look at buying this. It probably decided just to hire all the useful staff instead. (Interesting that the story has a cast-of-thousands byline. Most stories like this have a single writer.)
unique link to this extract

Errata, corrigenda and ai no corrida: none notified

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.