Start Up No.1585: REvil’s ransomware attack intensifies, the reality of climate apocalypse, gamers v scientists in beating fraud, and more


Get used to it: climate change is showing up as real effects right now, with people dying from heat exhaustion in the continental US. CC-licensed photo by Felton Davis on Flickr.

You can sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 11 links for you. A holiday, you say? I’m @charlesarthur on Twitter. Observations and links welcome.

REvil is increasing ransoms for Kaseya ransomware attack victims • Bleeping Computer

Lawrence Abrams on the (suspected) Russian group behind the attack on VSA, which provides remote login software for thousands of companies, via a zero-day exploit. Timed for Friday evening in the US, just as people headed off to the three-day weekend:

»

When conducting an attack against a business, ransomware gangs, such as REvil, typically research a victim by analyzing stolen and public data for financial information, cybersecurity insurance policies, and other information.

Using this information, the number of encrypted devices, and the amount of stolen data, the threat actors will come up with a high-ball ransom demand that they believe, after negotiations, the victim can afford to pay.

However, with Friday’s attack on Kaseya VSA servers, REvil targeted the managed service providers and not their customers. Due to this, the threat actors could not determine how much of a ransom they should demand from the encrypted MSP customers.

As a solution, it seems the ransomware gang created a base ransom demand of $5 million for MSPs and a much smaller ransom of $44,999 for the MSP’s customers who were encrypted. [But] in numerous negotiation chats shared with and seen by BleepingComputer, the ransomware gang is not honouring these initial ransom demands.

…For victims of the Kaseya ransomware incident, REvil is doing things differently and demanding between $40,000 and $45,000 per individual encrypted file extension found on a victim’s network.

…Since the attacks on Friday, Kaseya has been working on releasing a patch for the zero-day vulnerability exploited in the REvil attack.

This zero-day was discovered by DIVD researchers who disclosed the t to Kaseya and helping test the patch.

Unfortunately, REvil found the vulnerability simultaneously and launched their attack on Friday before the patch was ready, just in time for the US Fourth of July holiday weekend.

It is believed that over 1,000 businesses have been affected by the attack, including attacks on the Swedish Coop supermarket chain, which had to close approximately 500 stores, a Swedish pharmacy chain, and the SJ transit system.

«

There’s no obvious end to this, unless Russia starts getting hit by ransomware groups, perhaps based in the US. That would either means an arms race, or a truce. Given current conditions, the former feels more likely.
unique link to this extract


May 2018: Explainer: six ideas to limit global warming with solar geoengineering • Carbon Brief

Daisy Dunne, writing in May 2018:

»

Scientists agree that cutting global greenhouse emissions as soon as possible will be key to tackling global warming. But, with global emissions still on the rise, some researchers are now calling for more research into measures that could be taken alongside emissions cuts, including – controversially – the use of “solar geoengineering” technologies.

Solar geoengineering is a term used to describe a group of hypothetical technologies that could, in theory, counteract temperature rise by reflecting more sunlight away from the Earth’s surface.

From sending a giant mirror into space to spraying aerosols in the stratosphere, the range of proposed techniques all come with unique technical, ethical and political challenges.

Carbon Brief spoke to the scientists who are pioneering research into these techniques to find out more about their potential uses, shortfalls and overall feasibility.

«

They’re ambitious. Three years on, none of them is being tried. Meanwhile millions of dollars of venture capital have been sunk into companies that at best don’t make things any better.
unique link to this extract


Drought’s toll on US agriculture points to even-higher food prices • WSJ

Danny Dougherty and Peter Santilli:

»

The Southwest is suffering through one of its worst droughts on record amid a critical reduction in the amount of water from snowpack runoff.

Roughly 9.8% of the US is currently in what climate experts refer to as exceptional drought, the most severe designation, which is characterized by widespread crop and pasture losses and shortages in reservoirs, streams and wells amounting to water emergencies. About 44% of the nation is experiencing some level of drought, with a further 13% currently affected by drier-than-normal conditions.

Reduced snowmelt is one of several factors that contribute to drought conditions, along with dry weather, warmer temperatures and population growth, which puts added strain on water resources.

The current drought is on pace to be one of the worst ever. One of the hardest-hit states is California, home to about 70,000 farms and ranches with a combined output of about $50bn a year. The dairy industry accounts for the largest chunk of the state’s agricultural revenue, followed by almonds and grapes.

The agricultural industry throughout the West has suffered in the past decade from a number of climate-related disasters, including a severe drought in 2014-15. US Agriculture Secretary Tom Vilsack has said federal support and relief programs “need to be redesigned to meet the reality of longer-term weather incidents and climate-related incidents that create not just a month, or two- or six-month, problem, but create years of problems and potentially decades worth of problems.”

«

unique link to this extract


Gamers are better than scientists at catching fraud • The Atlantic

Stuart Ritchie:

»

Two weeks before Dream’s confession [to having used special software in order to complete a record-breaking speed run in Minecraft], and halfway around the world, another fraud scandal had just come to a conclusion. Following a long investigation, Japan’s Showa University released a report on one of its anesthesiology researchers, Hironobu Ueshima. Ueshima had turned out to be one of the most prolific scientific frauds in history, having partly or entirely fabricated records and data in at least 84 scientific papers, and altered data and misrepresented authorship on dozens more. Like Dream, Ueshima would eventually come clean and apologize—but only after a data sleuth had spotted strange anomalies in his publications. Many of his papers have already been expunged from the scientific literature.

If you haven’t heard about this historic low point for scientific publishing, I don’t blame you. Aside from the specialist website Retraction Watch, which exists to document these kinds of events, not one English-language media outlet covered it. (There were a few stories in the Japanese press.) The case garnered little social-media interest; there was no debate over the lessons learned for science.

Does it strike you as odd that so many people tuned in to hear about a doctored speedrun of a children’s video game, while barely a ripple was made—even among scientists—by the discovery of more than 80 fake scientific papers? These weren’t esoteric papers, either, slipped into obscure academic journals. They were prominent medical studies, the sort with immediate implications for real-life patients in the operating room. Consider two titles from Ueshima’s list of fraudulent or possibly fabricated findings: “Investigation of Force Received at the Upper Teeth by Video Laryngoscopy” and “Below-Knee Amputation Performed With Pericapsular Nerve Group and Sciatic Nerve Blocks.” You’d hope that the mechanisms for purging fake studies such as these from the literature—and thus, from your surgeon’s reading list—would be pretty strong.

Alas, that’s often not the case.

…Science has its own advanced fraud-detection methods; in theory, these could be used to clean out the Augean stables of research publishing. For example, one such tool was used to show that the classic paper on the psychological phenomenon of “cognitive dissonance” contained numbers that were mathematically impossible. Yet that paper remains in the literature, garnering citations, without so much as a note from the journal’s editor.

«

unique link to this extract


Journal retracts study that claimed widespread Covid-19 vaccine deaths • Gizmodo

Ed Cara:

»

It wasn’t long before scientists associated with the journal Vaccines began to protest the study’s publication. Within days, prominent scientists such as Katie Ewer, a member of the Oxford University team who helped create their now widely used covid-19 vaccine, resigned from the journal’s editorial board. A day after her resignation, the journal placed an expression of concern on the paper, meant to alert readers of the many criticisms it had received, and announced it would investigate the matter. The announcement didn’t seem to stop the bleeding, though; at last count, according to the publication Science, at least six scientists in total have resigned from positions as associate or section editors with the journal.

Finally, just today, Vaccines’ remaining editors came back with their verdict, announcing that the paper would be retracted. In their notice, they pointed to “several errors that fundamentally affect the interpretation of the findings,” including the misrepresentation of the Netherlands’ vaccine safety data. The editors also noted that the authors were asked to respond to the criticisms made of their paper, but “were not able to do so satisfactorily.” The paper was then retracted under their protest.

“The paper was deeply, fundamentally flawed, comparing two numbers that were poorly conceived and incorrect in numerous ways. It should not have been published, but at least it is now retracted,” Gideon Meyerowitz-Katz, an epidemiologist from the University of Wollongong in Australia who earlier wrote a detailed criticism of the paper, told Gizmodo.

«

The study claimed that anyone who died after being vaccinated died as a result of the vaccine. Amazing how people who have been claiming for months that the Covid death count isn’t correct because “it includes people who didn’t die actually OF Covid” should now sing hurrahs for a study using the opposite argument.

Also puts peer review in a very poor light. You’d have hoped that one of the readers could have done better than, well, half the internet.
unique link to this extract


GM to source US-based lithium for next-generation EV batteries through closed-loop process with low carbon emissions • General Motors

»

General Motors has agreed to form a strategic investment and commercial collaboration with Controlled Thermal Resources to secure local and low-cost lithium. This lithium will be produced through a closed-loop, direct extraction process that results in a smaller physical footprint, no production tailing and lower carbon dioxide emissions when compared to traditional processes like pit mining or evaporation ponds.

Lithium is a metal crucial to GM’s plans to make more affordable, higher mileage electric vehicles.

The relationship between GM and CTR is expected to accelerate the adoption of lithium extraction methods that cause less impact to the environment. A significant amount of GM’s future battery-grade lithium hydroxide and carbonate could come from CTR’s Hell’s Kitchen Lithium and Power development in the Salton Sea Geothermal Field, located in Imperial, California. With the help of GM’s investment, CTR’s closed-loop, direct extraction process will recover lithium from geothermal brine.

As an anticipated part of its $35bn global commitment to EVs and autonomous vehicles , GM will be the first company to make a multi-million dollar investment in CTR’s Hell’s Kitchen project.

«

According to this article from last November, geothermal brine extraction is incredibly efficient compared to other methods, particularly above-ground mining.
unique link to this extract


In video, Exxon lobbyist describes efforts to undercut climate action • The New York Times

Hiroko Tabuchi:

»

The veteran oil-industry lobbyist was told he was meeting with a recruiter. But the video call, which was secretly recorded, was part of an elaborate sting operation by an individual working for the environmental group Greenpeace UK.

During the call, Keith McCoy, a senior director of federal relations for Exxon Mobil, described how the oil and gas giant targeted a number of influential United States senators in an effort to weaken climate action in President Biden’s flagship infrastructure plan. That plan now contains few of the ambitious ideas initially proposed by Mr. Biden to cut the burning of fossil fuels, the main driver of climate change.

Mr. McCoy also said on the recording that Exxon’s support for a tax on carbon dioxide was “a great talking point” for the oil company, but that he believes the tax will never happen. He also said that the company has in the past aggressively fought climate science through “shadow groups.”

On Wednesday, excerpts from the conversation were aired by the British broadcaster Channel 4. The affiliate of Greenpeace that recorded the video, Unearthed, also released excerpts.

In a statement, Darren Woods, Exxon’s chief executive, said the comments “in no way represent the company’s position on a variety of issues, including climate policy, and our firm commitment that carbon pricing is important to addressing climate change.”

«

So, nothing about actually doing anything about it.
unique link to this extract


How to cope with the climate apocalypse • Financial Times

Simon Kuper:

»

More existentially, adopt the outlook that almost all humans had until about the 1950s: don’t make any presumptions about your future. Don’t structure your life around distant pay-offs. Which entity will be able to pay your pension in 2050?

Then there’s the moral question: do you want to be part of a climate-destroying system? It’s tempting to shove all the blame on the fossil-fuels industry, but almost everyone with a job in a developed country is complicit — shop assistants, hotel staff and journalists whose newspapers are funded by readers from carbon-intensive industries.

Anyone with gas heating, a car and the occasional plane ticket lives off climate destruction. Almost everything we call “progress” or “growth” makes things worse. Our children probably won’t admire our careers.

The stereotype of the apocalyptic survivalist is the lunatic in a tinfoil hat with an AK-47 on a mountaintop. (The upscale version is a mansion in New Zealand.) But there are more social ways of opting out. I witnessed one when I moved into the crumbling Prenzlauer Berg neighbourhood in East Berlin in 1990, just after the fall of communism.

Many of my new neighbours were young East Germans who had rejected what they considered the evil communist system. They had no official employment, or worked in low-status jobs as librarians or nurses or, like the young Angela Merkel, in non-communist professions such as physics. Some lived off grid, without telephones, perhaps with stolen electricity. Their little community was riddled with informers, yet people helped each other, expecting nothing of the future. Oddly, they may have been our future.

«

unique link to this extract


Climate change has turned deadly. It will get worse • The Washington Post

Sarah Kaplan:

»

If we continue to burn fossil fuels at the current rate, studies suggest, the Earth could be 3 to 4 degrees Celsius hotter by the end of the century. The Arctic will be free of ice in summertime. Hundreds of millions of people will suffer from food shortages and extreme drought. Huge numbers of species will be driven to extinction. Some regions will become so hot and disaster-prone they are uninhabitable.

“It’s a very different planet at those levels,” Wehner said. “This is really serious. As a society, as a species, we’re going to have to learn to adapt to this. And some things are not going to be adaptable.”
Extreme heat is likely to be one of those things. Studies of heat waves suggest that a half a degree Celsius increase in summertime temperatures can lead to a 150% increase in the number of heat waves that kill 100 people or more. Research published last year in the journal Science found that the human body can’t tolerate temperatures higher than 95 degrees when combined with 100% humidity.

The scene in emergency departments across the Northwest this week underscores that science. Wait times at the OHSU emergency department were 5 to 7 hours, Tanski said. At Swedish Health Services — Cherry Hill in Seattle, doctors were seeing patients in hallways because all the rooms were full.

“I’ve never seen anything like this,” said David Markel, an emergency physician at the Seattle hospital. During an overnight shift on Monday, he treated 12 patients for heat illness. Some were so sick their kidneys and livers were failing, their muscles starting to break down.

“I don’t claim to be an expert in climate change or environmental science,” Markel said. “But I definitely care for people who are impacted by the extremes of climate. … And it’s like, the more crises we face the more clear it is.”

«

unique link to this extract


‘They said I don’t exist. But I am here’ – one woman’s battle to prove she isn’t dead • The Guardian

Kim Willsher:

»

The trouble began in 2016. When Jeanne Pouchain’s passport application was declined, she was annoyed – but assumed she must have forgotten an important piece of paperwork.

Several weeks later, at a doctor’s appointment in her town of Saint-Joseph, outside Lyon in south-east France, both Pouchain, then 53, and her GP were perplexed when his computer spat out her carte vitale, the green card that gives access to the French public health system. Pouchain put it down to a technical blip. She assumed that was also the reason her pharmacy suggested she would have to pay in full for her diabetes drugs.

It seemed like a series of annoying coincidences; the kind of red tape many in France find themselves tangled up in at one time or another in a country notorious for bureaucracy. It was irritating but would, she assumed, eventually be resolved.

But when the former cleaning company boss received her bank statement and discovered her business account had been plunged into the red, even though she had paid in dozens of cheques, she started to become seriously concerned. “I knew money should have been going into my account, but there was nothing in it. So I went to the bank. It’s only a small branch; I’ve been with them for 27 or so years and they all know me,” she says. “The director came out and told me, ‘I’m sorry, you don’t exist.’ I said: ‘But I am here, you know me.’ He told me: ‘I don’t have an explanation for this. But what can I do?’ He said there was no record of a Jeanne Pouchain and no accounts in that name.

«

An amazing story.
unique link to this extract


How they shot the wrong-way car chase in ‘To Live and Die in L.A.’ • Film School Rejects

Meg Shields:

»

William Friedkin‘s take no prisoners attitude is the stuff of legend. This is the man who shoots blank guns on set and films without permits while speeding through New York City at ninety miles per hour. The New Hollywood shenanigans bracket is competitive. But Friedkin is outrageous, passionate, and willing to go to great lengths to get what he wants.

It’s not a huge stretch to compare the director to Richard Chance, the hot-blooded cop played by William Petersen in Friedkin’s cat and mouse neo-noir To Live and Die in L.A. In the film, a fearless federal agent obsessively purses the counterfeiter (Willem Dafoe) who killed his partner, endangering himself and others in the process.

In many ways, To Live and Die in L.A. epitomizes Friedkin’s interest in the thin line between the cop and the criminal. Chance’s drive to seek and destroy leads him to commit reckless acts. Acts that rival those of the very man he’s hunting. You know, like speeding the wrong way down a Los Angeles freeway during rush hour.

«

I had always had a suspicion about how they did this, because “they’re driving into oncoming traffic!” has become a trope of car chases; that suspicion is confirmed in this piece. It’s worth reading though to find out how the chase in French Connection was done (hint: don’t do it like that).
unique link to this extract


Errata, corrigenda and ai no corrida: none notified


It’s a good day to
order Social Warming, my new book.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.