A SIM swap hack is being blamed for Arron Banks’s Twitter account being hacked. CC-licensed photo by Karl Baron on Flickr.
You can sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.
A selection of 9 links for you. A-ha! I’m @charlesarthur on Twitter. Observations and links welcome.
Arron Banks’s Twitter account has been hacked and the entire private message history of the Leave.EU founder uploaded to the internet, in what appears to be a targeted attack that has been reported to the police.
The founder of the pro-Brexit campaign group, who has been the subject of questions about the source of his group’s funding and rule breaches during the EU referendum, confirmed the hack and accused Twitter of leaving his personal data available for anyone to access for almost 24 hours.
Leave.EU spokesman, Andy Wigmore, told the Guardian the hack had been reported to the police and they were investigating possible breaches of the Computer Misuse Act.
“The police told us pretty quickly that it was a simswap,” he said, referring to the tactic where control of a phone number is obtained by a hacker, enabling them to gain access to the account.
The attack appears to have involved gaining access to Banks’s email address, which was registered to an expired campaign website. Someone else appears to now own the domain for that site, which directs users to pornography.
Wigmore said he and Banks had been unable to download the hacked messages due to a lack of technical skills. However, they had been sent some by others who had managed to download them. Wigmore dismissed the content as “gossip” rather than revelations. He also criticised Twitter for the time it took the social media platform to respond to the data breach.
Wigmore tried to claim that anyone accessing the file (uploaded to mega.nz and others) would be breaching the Computer Misuse Act, and that Twitter would know who had accessed it. Neither true, of course. Be interesting to see what stories appear in the next few days from it.
link to this extract
Questions for the Record from the Honorable David N. Cicilline, Chairman, Subcommittee on Antitrust, Commercial and Administrative Law of the Committee on the Judiciary: Questions for Mr. Kyle Andeer, Vice President, Corporate Law, Apple, Inc.:
18. What types of repairs does Apple prevent its authorized technicians from making on Apple devices and what are the reasons for doing so?
AASPs [Apple Authorised Service Providers] conduct the exact same repairs that Apple Retail Stores offer. There are a very limited number of repairs that require special fixtures or equipment, necessitating that those repairs be done at an Apple Repair Center. In these cases, neither an Apple Retail Store nor an AASP will be permitted to conduct the repair. But they can mail the device to the closest Apple Repair Center to do the repair and then ship it back to the customer.
19. Does Apple take any actions to block consumers from seeking out or using repair shops that offer a broader range of repairs than those offered by authorized technicians? If yes, describe each action that Apple takes and the reason for doing so.
Apple does not take any actions to block consumers from seeking out or using repair shops that offer a broader range of repairs than those offered by Apple’s authorized technicians. Customers are free to obtain repairs from any repair shop of their choice.
20. How many repair technicians does Apple employ in the United States?
There are tens of thousands of Apple-authorized repair technicians working at Apple Retail Stores and third-party retailers.
21. For each year since 2009, please identify the total revenue that Apple derived from repair services.
For each year since 2009, the costs of providing repair services has exceeded the revenue generated by repairs.
That last one is going to surprise folks a little. It’s quite evasive in parts (“Apple has spent billions of dollars on Apple Maps”, and so on). There might be plenty more from a careful read.
link to this extract
Jonathan Albright, who runs the Digital Forensic Research unit at Columbia’s Tow Center, says that his research shows that many of the same disinformation strategies from the 2016 election—aimed at reinforcing polarization and institutional distrust—are being leveraged this time around, too. As before, the focus is on religion, immigration, health, and climate change. When it comes to political advertising, Albright says, fact-checking wouldn’t be sufficient to confront the scope of the problem—even if Facebook did allow for it. “We need a [Federal Election Commission]-style portal on how citizen data is used in political campaigns, not separate platform political ad APIs,” he argues. Baybars Örsek, of the International Fact-Checking Network, says that Facebook’s decision not to fact-check political ads is a mistake: “I think fact-checkers should be able to flag not only political advertisements but also political claims and statements on Facebook.”
Rampant disinformation may seem like a modern crisis, but Kelly Weill, of The Daily Beast, points out that “the US is a country that’s always held conspiratorial thinking close to its heart. The signers of the Declaration of Independence believed a number of falsehoods about plots by King George III against America.” Conspiratorial thinking often comes with new communication methods, Weill adds: the Flat Earth movement got its start in the United Kingdom in the mid-1840s, when newspapers became widely available. Renee DiResta, of the Stanford Internet Observatory, says that disinformation is “a chronic condition, and we’re now in the process of figuring out the best way to manage it.”
the company’s transparency report published this week included the claim that Labour spent just £50 on adverts in the week beginning 27 October, when the election was called, and nothing at all in the week following. That would mean that, for the week immediately following the dissolution of parliament, Labour ran no adverts on Google Search or YouTube, or on the company’s wider ad network.
In fact, Labour was advertising heavily in that period, spending tens of thousands of pounds on adverts on Google Search results for terms including “Brexit party” and “Brexit”.
The correct figures were disclosed by Google in a previous version of its transparency report, no longer available on its website: the party spent £63,900 in two weeks, at least 1,000 times more than the amount reported by Google.
A similar, though smaller, discrepancy exists in the spend reported for the Conservative party. Originally, the Tory spend was reported as £12,450, but in the latest version of the report that is downgraded to £9,900.
When the Guardian highlighted the discrepancy, Google admitted that this week’s report was incorrect, and that the figures published last week were the accurate ones. The company initially said it had no plans to update the public version of the report with the correct figures until next Tuesday, but shortly before publication said it would fix any errors “as soon as possible”. In the meantime, the incorrect information is still available on the site for download.
Google getting data wrong? It’s like there’s a rift in the universe.
link to this extract
Air pollution is a very big deal. Its adverse effects on numerous health outcomes and general mortality are widely documented. However, our understanding of its cognitive costs is more recent and those costs are almost certainly still significantly under-emphasized…
• Chess players make more mistakes on polluted days: “We find that an increase of 10 µg/m³ raises the probability of making an error by 1.5 percentage points, and increases the magnitude of the errors by 9.4%. The impact of pollution is exacerbated by time pressure. When players approach the time control of games, an increase of 10 µg/m³, corresponding to about one standard deviation, increases the probability of making a meaningful error by 3.2 percentage points, and errors being 17.3% larger.” – Künn et al 2019.
A 3.26x (albeit with very wide CI) increase in Alzheimer’s incidence for each 10 µg/m³ increase in long-term PM2.5 exposure? “Short- and long-term PM2.5 exposure was associated with increased risks of stroke (short-term odds ratio 1.01 [per µg/m³ increase in PM2.5 concentrations], 95% CI 1.01-1.02; long-term 1.14, 95% CI 1.08-1.21) and mortality (short-term 1.02, 95% CI 1.01-1.04; long-term 1.15, 95% CI 1.07-1.24) of stroke. Long-term PM2.5 exposure was associated with increased risks of dementia (1.16, 95% CI 1.07-1.26), Alzheimer’s disease (3.26, 95% 0.84-12.74), ASD (1.68, 95% CI 1.20-2.34), and Parkinson’s disease (1.34, 95% CI 1.04-1.73).” – Fu et al 2019. Similar effects are seen in Bishop et al 2018: “We find that a 1 µg/m³ increase in decadal PM2.5 increases the probability of a dementia diagnosis by 1.68 percentage points.”
• A study of 20,000 elderly women concluded that “the effect of a 10 µg/m³ increment in long-term [PM2.5 and PM10] exposure is cognitively equivalent to ageing by approximately two years”.
Amazing how many negatives fossil fuels turn out to have.
link to this extract
The vulnerabilities themselves (CVE-2019-2234) allowed a rogue application to grab input from the camera, microphone as well as GPS location data, all remotely.
The implications of being able to do this are serious enough that the Android Open Source Project (AOSP) specifically has a set of permissions that any application must request from the user and be approved before enabling such actions.
What the Checkmarx researchers did was to create an attack scenario that abused the Google Camera app itself to bypass these permissions. They did so by creating a malicious app that exploited one of the most commonly requested permissions: storage access. “A malicious app running on an Android smartphone that can read the SD card,” Yalon said, “not only has access to past photos and videos, but with this new attack methodology, can be directed to take new photos and videos at will.”
…[security expert Ian] Thornton-Trump is happy that Google issued a fix and issued it quickly, but says that, based upon the severity and comprehensive nature of the vulnerabilities, “it’s time for Google to apply perhaps some of the “Project Zero” capability to dig deeply into the Android OS itself.” There’s little doubt that the high number of Android vulnerabilities being disclosed is hurting the Android brand.
At will. But it was patched in July, with the coordination of Samsung and Google. And I’m not sure about this “little doubt” over the Android brand and vulnerabilities.
link to this extract
he digital revolution greatly expanded human knowledge and wealth much as the industrial revolution did 150 years earlier when new technologies, notably the combustion engine, brought about extraordinary economic growth. And much like the building of great railways and interstate highways allowed people to connect, the creation of tools that allow anyone to be their own publisher has made it possible for new voices to reach large audiences around the world.
But if the price of the industrial revolution was planetary destruction on an unimaginable scale, the digital revolution may be costly in a different but similarly destructive way. William Randolph Hearst owned the means of production and was free to publish made up stories to sell papers and stoke the Spanish-American war. Today, everyone is free to be their own propagandist.
When the scientists behind the Doomsday clock published their yearly assessment of how close we are to planetary doom, they added a new dimension to the dual threats of nuclear proliferation and climate change, namely “the intentional corruption of the information ecosystem on which modern civilization depends”.
What we’ve seen in recent years isn’t just the collapse of informational authority. It is the destruction of the pact between the purveyors of quality information and the businesses that wanted to reach the consumers of that information.
…That world is a very dangerous one for humans in general, but it poses special and serious risks for businesses. Without facts, what are contracts? Without facts, what are laws? A world without facts is as dangerous for companies as it is for citizens.
Heliogen, a clean energy company that emerged from stealth mode on Tuesday, said it has discovered a way to use artificial intelligence and a field of mirrors to reflect so much sunlight that it generates extreme heat above 1,000 degrees Celsius.
Essentially, Heliogen created a solar oven — one capable of reaching temperatures that are roughly a quarter of what you’d find on the surface of the sun.
The breakthrough means that, for the first time, concentrated solar energy can be used to create the extreme heat required to make cement, steel, glass and other industrial processes. In other words, carbon-free sunlight can replace fossil fuels in a heavy carbon-emitting corner of the economy that has been untouched by the clean energy revolution.
“We are rolling out technology that can beat the price of fossil fuels and also not make the CO2 emissions,” Bill Gross, Heliogen’s founder and CEO, told CNN Business. “And that’s really the holy grail.”
Not very clear where it’s doing this, but it looks mid-American. Also using AI to achieve it.
Coffee houses gave men somewhere to congregate other than in homes, mosques or markets, providing a place for them to socialise, exchange information, entertain – and be educated. Literate members of society read aloud the news of the day; janissaries, members of an elite cadre of Ottoman troops, planned acts of protest against the Sultan; officials discussed court intrigue; merchants exchanged rumours of war. And the illiterate majority listened in. In the coffee houses they were introduced to ideas that spelled trouble for the Ottoman state: rebellion, self-determination and the fallibility of the powerful.
It wasn’t long before the authorities began to regard the kahvehane [public coffee houses] as a threat. Some sultans installed spies in coffee houses to gauge public opinion; others, like Murad IV, an early-18th-century sultan, tried shutting them down altogether. But they were too profitable. When simmering nationalist movements came to a boil throughout Ottoman lands in the 19th century, the popularity of coffee houses burgeoned. Ethnic groups in European regions of the empire with an Eastern Orthodox Christian majority started agitating for independence. Nationalist leaders planned their tactics and cemented alliances in the coffee houses of Thessaloniki, Sofia and Belgrade. Their caffeine-fuelled efforts succeeded with the establishment of an independent Greece in 1821, Serbia in 1835, and Bulgaria in 1878. The reign of kahve was over.
Nowadays coffee houses are just used to show off optimistic projections of growth for vague startups.
link to this extract
Errata, corrigenda and ai no corrida: none notified