Start Up No.1227: Saudis ‘hacked Bezos phone’, Apple’s unencrypted iCloud, blocking the credit card scammer, coronavirus reaches US, and more


Plastic straws: China is going to ban them by the end of the year. This year. CC-licensed photo by Stock Catalog on Flickr.

You can sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 9 links for you. Ooh, have they sent a video? I’m @charlesarthur on Twitter. Observations and links welcome.

Amazon boss Jeff Bezos’s phone ‘hacked by Saudi crown prince’ • The Guardian

Stephanie Kirchgaessner:

»

The Amazon billionaire Jeff Bezos had his mobile phone “hacked” in 2018 after receiving a WhatsApp message that had apparently been sent from the personal account of the crown prince of Saudi Arabia, sources have told the Guardian.

The encrypted message from the number used by Mohammed bin Salman is believed to have included a malicious file that infiltrated the phone of the world’s richest man, according to the results of a digital forensic analysis.

This analysis found it “highly probable” that the intrusion into the phone was triggered by an infected video file sent from the account of the Saudi heir to Bezos, the owner of the Washington Post.

The two men had been having a seemingly friendly WhatsApp exchange when, on 1 May of that year, the unsolicited file was sent, according to sources who spoke to the Guardian on the condition of anonymity.

Large amounts of data were exfiltrated from Bezos’s phone within hours, according to a person familiar with the matter. The Guardian has no knowledge of what was taken from the phone or how it was used.

The extraordinary revelation that the future king of Saudi Arabia may have had a personal involvement in the targeting of the American founder of Amazon will send shockwaves from Wall Street to Silicon Valley.

It could also undermine efforts by “MBS” – as the crown prince is known – to lure more western investors to Saudi Arabia, where he has vowed to economically transform the kingdom even as he has overseen a crackdown on his critics and rivals.

The disclosure is likely to raise difficult questions for the kingdom about the circumstances around how US tabloid the National Enquirer came to publish intimate details about Bezos’s private life – including text messages – nine months later.

«

Note that it carefully doesn’t say it was MBS’s phone; but his number. That can be spoofed or duplicated, though you’d need to know it to copy it. What’s the Saudi animus against Bezos, though?
unique link to this extract


Exclusive: Apple dropped plan for encrypting backups after FBI complained – sources • Reuters

:

»

More than two years ago, Apple told the FBI that it planned to offer users end-to-end encryption when storing their phone data on iCloud, according to one current and three former FBI officials and one current and one former Apple employee.

Under that plan, primarily designed to thwart hackers, Apple would no longer have a key to unlock the encrypted data, meaning it would not be able to turn material over to authorities in a readable form even under court order.

In private talks with Apple soon after, representatives of the FBI’s cyber crime agents and its operational technology division objected to the plan, arguing it would deny them the most effective means for gaining evidence against iPhone-using suspects, the government sources said.

When Apple spoke privately to the FBI about its work on phone security the following year, the end-to-end encryption plan had been dropped, according to the six sources. Reuters could not determine why exactly Apple dropped the plan.

“Legal killed it, for reasons you can imagine,” another former Apple employee said he was told, without any specific mention of why the plan was dropped or if the FBI was a factor in the decision.

That person told Reuters the company did not want to risk being attacked by public officials for protecting criminals, sued for moving previously accessible data out of reach of government agencies or used as an excuse for new legislation against encryption.

“They decided they weren’t going to poke the bear anymore,” the person said, referring to Apple’s court battle with the FBI in 2016 over access to an iPhone used by one of the suspects in a mass shooting in San Bernardino, California.

«

Which puts the decision time at post-2016. Another possibility, raised by an ex-Apple employee in the staffer, is that people would have locked themselves out of their data too often. Which is feasible. But it sounds much more like Apple decided that the balance was fine as it was.
unique link to this extract


How I stopped a credit card thief from ripping off 3,537 people – and saved our nonprofit • freecodecamp

Quincy Larson:

»

I’d been up until 2 a.m. finishing the announcement for our new #AWSCertified Challenge. [He’d slept and been woken up again.]

And so far, the launch was going well. Our new Twitter bot was tweeting, and our Discord chatroom was abuzz with ambitious developers eager to earn their AWS certifications.

I was getting ready to meet with my team when I noticed two strange emails – both of which arrived within minutes of one another.

“Your a fraud” read one of the emails in typo-riddled English. “That’s exactly what I’m thinking since I see a charge on my financial institution from you and since I’ve never heard of you. Yes you need to resolve this.”

The other email was… well, let’s just say it was also an angry letter and let’s leave it at that.

freeCodeCamp is a donor-supported nonprofit, and we have thousands of people around the world who donate to us each month. Once in a while, there are misunderstandings – usually when one family member donates without telling the other. But this felt different.

So I tabbed over to Stripe, the credit card processing service our nonprofit uses for donations. On a typical day, we’d have 20 or 30 new donors. But here’s what I saw instead:

Stripe’s dashboard showing 11,000 new customers and $60,000 in revenue for a single 24 hour period.

It took me a moment to process what was happening. Our nonprofit – which operates on an annual budget of less than $400,000 – had just received more than $60,000 in 24 hours – and from thousands of donors.

«

It’s a fascinating story, told at speed, which grabs from the outset.
unique link to this extract


Mnuchin warns UK and Italy over digital-tax plans • WSJ

Greg Ip and Paul Hannon:

»

Italy and Britain will face U.S. tariffs if they proceed with a tax on digital companies such as Alphabet’s Google and Facebook, U.S. Treasury Secretary Steven Mnuchin warned.

Mr. Mnuchin issued the warning after France agreed to delay the imposition of its own digital tax in the face of threats of steep U.S. tariffs on French exports. Mr. Mnuchin said French President Emmanuel Macron agreed to hold off on the tax through the end of the year while the two countries work out a permanent resolution.

The truce is “the beginning of a solution,” Mr. Mnuchin said an interview with The Wall Street Journal at a Journal-sponsored event on the sidelines of the World Economic Forum in Davos.

France announced the tax last year as a way of collecting revenue from web-based companies that pay little or no tax on substantial sales in France. Italy’s parliament passed a similar tax last year that was set to take effect this year. Britain is scheduled to implement a similar tax this year.

Mr. Mnuchin said the U.S. was clear it thought France’s digital tax was an unfair levy on gross revenue and hoped Britain and Italy would suspend their plans. “If not they’ll find themselves faced with President Trump’s tariffs. We’ll be having similar conversations with them.”

«

unique link to this extract


June 2019: Leading scientists set out resource challenge of meeting net zero emissions in the UK by 2050 • Natural History Museum

»

A letter authored by Natural History Museum Head of Earth Sciences Prof Richard Herrington and fellow expert members of SoS MinErals (an interdisciplinary programme of NERC-EPSRC-Newton-FAPESP funded research) has today been delivered to the Committee on Climate Change

The letter explains that to meet UK electric car targets for 2050 we would need to produce just under two times the current total annual world cobalt production, nearly the entire world production of neodymium, three quarters the world’s lithium production and at least half of the world’s copper production.

A 20% increase in UK-generated electricity would be required to charge the current 252.5 billion miles to be driven by UK cars.

Last month, the Committee on Climate Change published a report ‘Net Zero: The UK’s Contribution to Stopping Global Warming’ which concluded that ‘net zero is necessary, feasible and cost effective.’

«

Again, it’s from June 2019, but nothing will have changed since then. The letter is pretty devastating in terms of the impossibility that it envisions.
unique link to this extract


First case of coronavirus in US detected in traveller from China • NPR

Merrit Kennedy:

»

The first case of an infection with a new coronavirus has been discovered in the United States.

A man from Washington state returned home after a trip to Wuhan, China, on Jan. 15, sought medical attention on Jan. 19 and now is in isolation at Providence Regional Medical Center in Everett, Washington.

State health officials say his condition is quite good and even referred to him as “healthy.” But testing from the Centers for Disease Control and Prevention on the 20th confirm that he is infected with the Wuhan coronavirus. The man arrived back in the U.S. prior to the implementation of screening at three domestic airports on Friday.

About 300 cases of the virus and six deaths have been reported in China, and health officials there and around the world are ramping up precautions to stem the spread.

Chinese authorities are trying to control the flow of people in and out of the eastern city of Wuhan, where a strain of the coronavirus was discovered last month. Wuhan’s mayor has asked residents to stay in the city to try to prevent the spread of the virus, which can cause respiratory symptoms such as pneumonia.

«

So that’s a plane flight, plus four days of him noodling around. Guess we’ll find out how infectious it is.
unique link to this extract


Ozone-depleting substances caused half of late 20th-century Arctic warming, says study • EurekAlert! Science News

»

A study published today in Nature Climate Change by researchers at Columbia University examines the greenhouse warming effects of ozone-depleting substances and finds that they caused about a third of all global warming from 1955 to 2005, and half of Arctic warming and sea ice loss during that period. They thus acted as a strong supplement to carbon dioxide, the most pervasive greenhouse gas; their effects have since started to fade, as they are no longer produced and slowly dissolve.

Ozone-depleting substances, or ODS, were developed in the 1920s and ’30s and became popularly used as refrigerants, solvents and propellants. They are entirely manmade, and so did not exist in the atmosphere before this time. In the 1980s a hole in Earth’s stratospheric ozone layer, which filters much of the harmful ultraviolet radiation from the sun, was discovered over Antarctica. Scientists quickly attributed it to ODS.

The world sprang into action, finalizing a global agreement to phase out ODS. The Montreal Protocol, as it is called, was signed in 1987 and entered into force in 1989. Due to the swift international reaction, atmospheric concentrations of most ODS peaked in the late 20th century and have been declining since. However, for at least 50 years, the climate impacts of ODS were extensive, as the new study reveals.

«

unique link to this extract


YouTube’s algorithms might radicalise people – but the real problem is we’ve no idea how they work • The Conversation

Chico Q. Camargo is a postdoctoral research in data science at the University of Oxford:

»

trying to write laws to regulate what algorithms should or shouldn’t do becomes a blind process or trial and error. This is what is happening with YouTube and with so many other machine learning algorithms. We are trying to have a say in their outcomes, without a real understanding of how they really work. We need to open up these patented technologies, or at least make them transparent enough that we can regulate them.

One way to do this would be for algorithms to provide counterfactual explanations along with their decisions. This means working out the minimum conditions needed for the algorithm to make a different decision, without describing its full logic. For instance, an algorithm making decisions about bank loans might produce an output that says that “if you were over 18 and had no prior debt, you would have your bank loan accepted”. But this might be difficult to do with YouTube and other sites that use recommendation algorithms, as in theory any video on the platform could be recommended at any point.

Another powerful tool is algorithm testing and auditing, which has been particularly useful in diagnosing biased algorithms. In a recent case, a professional resume-screening company discovered that its algorithm was prioritising two factors as best predictors of job performance: whether the candidate’s name was Jared, and if they played lacrosse in high school. This is what happens when the machine goes unsupervised.

In this case, the resume-screening algorithm had noticed white men had a higher chance of being hired, and had found correlating proxy characteristics (such as being named Jared or playing lacrosse) present in the candidates being hired. With YouTube, algorithm auditing could help understand what kinds of videos are prioritised for recommendation – and perhaps help settle the debate about whether YouTube recommendations contribute to radicalisation or not.

«

“You’d have been shown a nicer video if you weren’t such an inherently nasty person”, perhaps?
unique link to this extract


China to ban single-use plastic bags and straws • Deutsche Weld

Deutsche Welle (www.dw.com):

»

China, one of the world’s biggest producers of plastic waste, is set to introduce a ban on all non-degradable plastic bags and single-use straws in major cities.

As part of a plan to drastically reduce plastic pollution, China’s government said the production and sale of disposable foam and plastic tableware, often used for takeout, and single-use plastic straws used in the catering industry will be banned by the end of the year.

Disposable plastic products should not be “actively provided” by hotels by 2022.

The changes were outlined in a document released on Sunday by China’s National Development and Reform Commission and the Environment Ministry. The changes are part of a move to achieve a 30% reduction in non-degradable, disposable tableware for takeout in major cities within five years.

Postal delivery outlets are also targeted in the new guidelines with a ban on non-degradable plastic packaging and disposable plastic woven bags by the end of 2022.

China produced 215 million tons of trash in 2017, according to World Bank figures, which warns that could soar to 500 million tons annually by 2030. However recently Beijing has taken environmental issues more seriously.

«

That’s a pretty big step; makes everyone else’s look unambitious.
unique link to this extract


Errata, corrigenda and ai no corrida: none notified

6 thoughts on “Start Up No.1227: Saudis ‘hacked Bezos phone’, Apple’s unencrypted iCloud, blocking the credit card scammer, coronavirus reaches US, and more

  1. Re Apple backups:
    1- It’s kind of weird to have a private company control how users do their backups worldwide. I’m not sure The Vanguard Group, Berkshire Hattaway, Blakcrock Fund and SSgA Fund Management should be the ones to control how I do my backups. There should be user choice, as on Android.
    2- It’s suspicious this news item suddenly pops up very widely. There clearly is no reason to not encrypt backups, almost all backups are encrypted. I’d bet Apple soon announces their cloud backups will be encrypted too as they could/should always have been, and today’s PR activity is to reframe that not as “we’re dunces for not doing it up to now” but as “Courage ! Privacy !”. Unless there’s pressure not from toothless FBI but from toothy China.

    • 1. You can do an encrypted or unencrypted backup to your local computer via iTunes. You don’t have to do an iCloud backup. Apple doesn’t “control” that. No idea why you’re bringing hedge funds etc into it.
      2. Joseph Menn, who’s an enormously experienced security writer, got the exclusive, and then everyone copied him. That’s how “it pops up very widely” – everyone saw it was an interesting story. Your paranoia is showing. If you want a deeper analysis, read John Gruber today. (I’ll link to it for tomorrow, but his analysis feels correct to me, based on what I know of how news stories are acquired – I have some experience there – and the shape of this story.)

      • 1- those are Apple’s biggest shareowners. Probably have input in a decision to piss off China or not.
        2- Apple controls whether cloud backups are encrypted or not. Why are you trying to confuse the issue with local backups, which require a Mac and are a small minority of backups ?
        3- Apple won’t let users do backups using anything but their tool
        4- as a point of reference, it seems Google (absent from China) does encrypt Android cloud backups. Also, Apple’s China servers are hosted on a government-controlled platform (not the actual servers, but all the paths leading to them)
        5- we’ll know about my paranoia in a few months, maybe. The issue of not-encrypted backups has been known for a while, with zero publicity. Discovering it’s to not piss off governments isn’t a huge surprise. The total lack of a China angle, when it’s pretty much the only difference between Google who encrypts and Apple who doesn’t, is.

      • Once again, there’s more detail to come, which will be in Friday’s links.
        My point about local backups was that there is a capability to create encrypted backups of an iPhone. But no, it’s not a cloud backup.
        Your complaint that Apple “won’t let users do backups using anything but their tool” doesn’t make a lot of sense, in the broader context of Apple wanting to protect users from potentially malicious software that might want to extract data from them. That’s simply not how Apple functions. As you keep demonstrating again and again, your thinking comes from the old priesthood that simultaneously demands that (1) everyone should understand every detail of their device (and so carry every risk from getting that wrong), and that (2) device and software makers should abdicate all responsibility to save their users from screwing up because of (1). Google’s on a different part of the scale than Apple when it comes to that – it’s more laissez-faire. But you think that any variation from the priesthood view (which you then impose on the people around you – hence your boasting about people you’ve got to change from one model to another, regardless of whether it’s necessarily best for them personally) is a flaw.
        It’s quite boring to deal with, to be honest.

    • True. Maybe it was a sort of fishing expedition – see if there’s some dirt they can get on Bezos to make him pressure the WaPo not to investigate the Khashoggi story so much. That didn’t work out so well for them, though, and now they’ve compounded the error.

Leave a Reply to charlesarthur Cancel reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.