Start Up No.1764: EU DMA moves on, how Ukraine targets Russian tanks, Grimes the hacker?, Sweden’s Covid mistakes, and more

Spycraft is evolving – the FBI in Washington is using tightly geographically targeted social media ads to target dissatisfied Russian diplomats. CC-licensed photo by JBrazitoJBrazito on Flickr.

You can sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 11 links for you. Still unregulated. I’m @charlesarthur on Twitter. Observations and links welcome.

EU negotiators agree new rules to rein in tech giants • POLITICO

Samuel Stolton:


“The Digital Markets Act puts an end to the ever-increasing dominance of Big Tech companies,” lead MEP Andreas Schwab said. “From now on, Big Tech companies must show that they also allow for fair competition on the internet.”

“The new rules will help enforce that basic principle. The time of long antitrust cases is over during which the authorities were lagging behind the big tech companies. Europe is thus ensuring more competition, more innovation and more choice for users.”

The new rules for so-called gatekeeper platforms, derived from years of antitrust enforcement in the digital economy, include restrictions on combining personal data from different sources, mandates to allow users to install apps from third-party platforms, prohibitions on bundling services, and a prohibition on self-preferencing practices.

Parliament also succeeded in convincing the Council of interoperability requirements for messaging services, meaning outfits such as WhatsApp, Facebook Messenger or iMessage will have to open up and interoperate with smaller messaging platforms. For group chats, this requirement will be rolled out over a period of four years.

Penalties for breaching the rules can be up to 10% of annual worldwide turnover in the case of first infringements, and even up to 20% in the case of repeated infringements.

Parliament was also successful in its call to get web browsers and virtual assistants into the scope of core platform services.


The interoperability requirements alone are going to be a colossal headache for messaging companies, unless what is meant is that you can export your data and contacts and import them into another messaging service. Making WhatsApp and iMessage somehow interlocked would be most bizarre.

We’ll see how this pans out; many a slip between cup and lip.
unique link to this extract

FBI recruits Russian spies outside Russian embassy in D.C. • The Washington Post

Devlin Barrett:


The FBI is trying a novel strategy to recruit Russian-speaking individuals upset about the country’s invasion of Ukraine: aiming social media ads at cellphones located inside or just outside the Russian Embassy in Washington.

The ads, which appear on Facebook, Twitter and Google, are carefully geographically targeted. A Washington Post reporter standing next to the embassy’s stone walls on Wednesday morning received the ad in their Facebook feed. But the ads did not appear in the feed when the reporter stood on the other side of Wisconsin Avenue NW, in the District’s Glover Park neighborhood.

The ads are designed to capitalize on any dissatisfaction or anger within Russian diplomatic or spy services — or among Russian emigres to the United States — over the invasion of Ukraine, an event that counterintelligence experts call a huge opportunity for the US intelligence community to recruit new sources.

The unlikely star of the campaign is Russian President Vladimir Putin, whose own words are used to encourage people working in or visiting the embassy to talk to the FBI. The ad quotes Putin at a meeting last month where he publicly chastised his intelligence chief, Sergey Naryshkin, correcting the spy boss’s position on Russian policy toward the separatist eastern regions of Ukraine. Naryshkin, the director of Russia’s Foreign Intelligence Service, or SVR, stammered at the meeting and seemed unsure of what Putin wanted him to say.

The FBI’s ad quotes Putin saying, in Russian, “speak plainly, Sergey Yevgenyevich” Naryshkin, reminding any SVR officers working at the embassy that Putin humiliated their boss. The FBI then uses Putin’s words to make its own appeal — also in Russian: “Speak plainly … We’re ready to listen.”


Seems to have upset the Russian Embassy there, which called it an attempt to “sow confusion and organise desertion among [embassy] staff”. Well, yes, and your point is? Very neat use of very tight geotargeting, which must be done by zip code, at a guess.
unique link to this extract

Russia fights against time • New Lines Magazine

John Sweeney, veteran reporter, who is out in Kyiv:


Now, Julia says, the Russians are surrounded by the Ukrainian army. I start to think about these Russian kids telling “zombie lies” — the phrase comes from the chief rabbi of Kyiv’s Brodsky Synagogue, Moshe Azman — sitting in their metal boxes, waiting to die.

The Ukrainians have put up a drone video armed with thermal imaging. It’s so chilly out there that the Russian tank crews sit with their engines running through the night. As the Ukrainian drone hovers over the woods in the blackness, it picks out the Russian tanks hiding in the cold. Each Russian exhaust spills its presence, white on black. Then Ukrainian artillery, pinpointed by the drone, moves in for the kill and takes out each white dot, one by one.

For the Russian soldiers, there are times when it must feel like they are being broken by warriors from the future, ghost spirits that can take them out while they hide in the thickest of forests. They are fighting time itself.

We leave for Kyiv at 1 pm, and the journey back is grim. This time we are traveling with refugees, and our plodding progress is slowed further when the Ukrainian police stop us to check my British passport against the national database. The police officer, sporting a balaclava and automatic rifle, returns it, saying: “Have a nice day!”

In Kyiv, they have closed one of the bridges across the Dnieper River, so Vlad, who lives on the east bank, leaves us and we walk across the bridge in the dusk at 7pm, hoping to make it back before curfew begins in an hour’s time.

From the distance, artillery shuffles its furniture.


John is self-funding his work out there. He’s crowdfunding a podcast, and has a Patreon. Please support him if you can.
unique link to this extract

Grimes says she orchestrated cyberattack that shut down ‘Hipster Runoff’ • Vice

Samantha Cole:


Hipster Runoff was a one-man blog that ran from 2007 to 2013, specializing in sardonic criticism of culture and music. Beloved by internet readers and hated by its high-profile targets, the site mysteriously went down in 2012, and although it came back for a while, it never quite recovered and was eventually sold. 

The mystery of Hipster Runoff’s original downfall might be solved, however, as Claire Boucher, aka Grimes, recently claimed she hacked the site and destroyed its backups after photos of her at a party appeared on the site and went viral.    

In 2012, Hipster Runoff ran a photo of Grimes kissing another woman, which she claims was leaked. This apparently pissed her off enough to attack the site and shut it down, she said in an interview last month with Vanity Fair.

“Back in the day, like before the woke era, I actually got canceled for this,” she said in the interview, referring to the photo. “I was trying to be like, all integrity, and start my career, and it was like ‘Grimes Gone Wild’ or something, and it was just this like, super wack, mean story, and it was like this meme which was going all over the internet,” she says. She’d just released her breakout album Visions a few months prior, which won a bunch of awards. 

Grimes claims in the interview that a friend, who worked for a video game company, helped her issue a DDOS attack against Hipster Runoff (a method for overwhelming a website’s servers with fake traffic until it stops working) and “basically blackmail them,” she said. “We were like, we’re not gonna let you put your site back up until you take the story down. And he did in fact take the story down, and it was like, my coolest hacker moment.” 


It’s sort of multi-instrumental, I guess? Given how the people who run sites like that would take delight in not taking down pictures (think: revenge porn) there’s a certain DIY aesthetic to her response.
unique link to this extract

Google says it thwarted North Korean cyberattacks in early 2022 • Engadget

Andrew Tarantola:


Google’s Threat Analysis Group announced on Thursday that it had discovered a pair of North Korean hacking cadres going by the monikers Operation Dream Job and Operation AppleJeus in February that were leveraging a remote code execution exploit in the Chrome web browser. 

The blackhatters reportedly targeted the US news media, IT, crypto and fintech industries, with evidence of their attacks going back as far as January 4th, 2022, though the Threat Analysis Group notes that organizations outside the US could have been targets as well.

“We suspect that these groups work for the same entity with a shared supply chain, hence the use of the same exploit kit, but each operate with a different mission set and deploy different techniques,” the Google team wrote on Thursday. “It is possible that other North Korean government-backed attackers have access to the same exploit kit.”

Operation Dream Job targeted 250 people across 10 companies with fraudulent job offers from the likes of Disney and Oracle sent from accounts spoofed to look like they came from Indeed or ZipRecruiter. Clicking on the link would launch a hidden iframe that would trigger the exploit. 

Operation AppleJeus, on the other hand targeted more than 85 users in the cryptocurrency and fintech industries using the same exploit kit. That effort involved “compromising at least two legitimate fintech company websites and hosting hidden iframes to serve the exploit kit to visitors,” Google’s security researchers found. “In other cases, we observed fake websites — already set up to distribute trojanized cryptocurrency applications — hosting iframes and pointing their visitors to the exploit kit.”


Targeting crypto. The North Koreans know where the weaknesses are.
unique link to this extract

Evaluation of science advice during the COVID-19 pandemic in Sweden • Nature

Nele Brusselaers et al:


In 2014, the Public Health Agency merged with the Institute for Infectious Disease Control; the first decision by its new head (Johan Carlson) was to dismiss and move the authority’s six professors to Karolinska Institute. With this setup, the authority lacked expertise and could disregard scientific facts.

The Swedish pandemic strategy seemed targeted towards “natural” herd-immunity and avoiding a societal shutdown. The Public Health Agency labelled advice from national scientists and international authorities as extreme positions, resulting in media and political bodies to accept their own policy instead.

The Swedish people were kept in ignorance of basic facts such as the airborne SARS-CoV-2 transmission, that asymptomatic individuals can be contagious and that face masks protect both the carrier and others. Mandatory legislation was seldom used; recommendations relying upon personal responsibility and without any sanctions were the norm.

Many elderly people were administered morphine instead of oxygen despite available supplies, effectively ending their lives.

If Sweden wants to do better in future pandemics, the scientific method must be re-established, not least within the Public Health Agency. It would likely make a large difference if a separate, independent Institute for Infectious Disease Control is recreated.

We recommend Sweden begins a self-critical process about its political culture and the lack of accountability of decision-makers to avoid future failures, as occurred with the COVID-19 pandemic.


The morphine/oxygen detail is utterly shocking. After this, perhaps we’ve heard the end of people holding Sweden up as the example of what should have been done. (Perhaps a vain hope.)
unique link to this extract

Lapsus$: Oxford teen accused of being multi-millionaire cyber-criminal • BBC News

Joe Tidy:


A 16-year-old from Oxford has been accused of being one of the leaders of cyber-crime gang Lapsus$.

The teenager, who is alleged to have amassed a $14m (£10.6m) fortune from hacking, has been named by rival hackers and researchers. City of London Police say they have arrested seven teenagers in relation to the gang but will not say if he is one. The boy’s father told the BBC his family was concerned and was trying to keep him away from his computers.

Under his online moniker “White” or “Breachbase” the teenager, who has autism, is said to be behind the prolific Lapsus$ hacker crew, which is believed to be based in South America.

Lapsus$ is relatively new but has become one of the most talked about and feared hacker cyber-crime gangs, after successfully breaching major firms like Microsoft and then bragging about it online.

The teenager, who can’t be named for legal reasons, attends a special educational school in Oxford. City of London Police said: “Seven people between the ages of 16 and 21 have been arrested in connection with an investigation into a hacking group. They have all been released under investigation. Our inquiries remain ongoing.”

The boy’s father told the BBC: “I had never heard about any of this until recently. He’s never talked about any hacking, but he is very good on computers and spends a lot of time on the computer. I always thought he was playing games.”


There’s also a Bloomberg report:


The group suffers from poor operational security, according to two of the researchers, allowing cybersecurity companies to gain intimate knowledge about the teenage hackers.

“Unlike most activity groups that stay under the radar, DEV-0537 doesn’t seem to cover its tracks,” Microsoft said in a blog post. “They go as far as announcing their attacks on social media or advertising their intent to buy credentials from employees of target organizations. DEV-0537 started targeting organizations in the United Kingdom and South America but expanded to global targets, including organizations in government, technology, telecom, media, retail and health-care sectors.”

The teenage hacker in England has had his personal information, including his address and information about his parents, posted online by rival hackers.

At an address listed in the leaked materials as the teen’s home near Oxford, a woman who identified herself as the boy’s mother talked with a Bloomberg reporter for about 10 minutes through a doorbell intercom system. The home is a modest terraced house on a quiet side street about five miles from Oxford University.


Guess we were overdue for the next LulzSec. Doxxed and living at home: a story as old as Unix time.
unique link to this extract

Lack of support for low-income families will see 1.3 million people pushed into absolute poverty next year • Resolution Foundation


Key findings from the overnight analysis [of the UK Chancellor’s spring statement] include:

• Families face £1,100 income losses. The scale of the cost of living squeeze is such that typical working-age household incomes are to set to fall by 4% in real-terms next year (2022-23), a loss of £1,100, while the largest falls will be among the poorest quarter of households where incomes are set to fall by 6%
• Absolute poverty rises by 1.3 million. The scale and distribution of the cost of living squeeze, coupled with the lack of support for low-income families, means that a further 1.3 million people are set to fall into absolute poverty next year, including 500,000 children – the first time Britain has seen such a rise outside of recessions
• Tax rises for seven-in-eight workers. Considering all income tax changes to thresholds and rates announced by Rishi Sunak, only those earning between £49,100 and £50,300 will actually pay less income tax in 2024-25, and only those earning between £11,000 and £13,500 will pay less tax and National Insurance (NI). Of the 31 million people in work, around 27 million (seven-in-eight workers) will pay more in income tax and NI in 2024-25
• A £11,500 wage loss. With real wages in the midst of a third major fall in a little over a decade, average weekly earnings are on course to rise by just £18 a week between 2008 and 2027, compared to £240 a week had they continued on their pre-financial crisis path. This lost growth is equivalent to a £11,500 annual wage loss for the average worker
• A parliament of pain. Typical household incomes are forecast to fall by 2% across the parliament as a whole (2019-20 to 2024-25), making this parliament the worst on record for living standards, beating the 1% income fall over the course of the 2005-05 to 2010-11 parliament.


Just worth remembering that there is still a lot for technology to solve. Biggest of all is the energy crisis. If we could generate far more energy than we needed at low cost without carbon emissions, the world would be a very, very different place.
unique link to this extract

Building games and apps entirely through natural language using OpenAI’s code-davinci model • @AndrewMayne

Andrew Mayne:


OpenAI has a new code generating model that’s improved in a number of ways and can handle nearly two times as much text (4,000 tokens.) I built several small games and applications without touching a single line of code. There are limitations, and coding purely by simple text instructions can stretch your imagination, but it’s a huge leap forward and a fun experiment. All the demos can be played with here:


They’re pretty basic as games go, but the fact that he could do this without actually writing any code (it’s done in HTML, CSS and Javascript) is very impressive.
unique link to this extract

Larger 15in MacBook Air expected in 2023 • MacRumors

Juli Clover:


Display Supply Chain Consultants analyst Ross Young provided a bit of color on what can be expected. Apple is working on a MacBook Air that’s somewhere around 15in in size, with the machine set to debut alongside a “slightly larger” 13in MacBook Air .

According to Young, the larger-sized 15in MacBook Air is slated for release in 2023, but a specific launch date unknown. This is not the first time that we’ve heard about a 15in MacBook Air , as Bloomberg’s Mark Gurman said last year that Apple was working on a larger MacBook Air with a 15in display size.

At the time, Gurman said that Apple had “considered” building a larger version of the MacBook Air , but decided not to move forward with it “for the next generation.” Gurman did not mention whether Apple had nixed the idea all together, but it appears that the larger MacBook Air project has not been abandoned.

Internal Apple emails that came out during the Epic Games v. Apple trial also indicate that Apple considered a larger 15in MacBook Air as early as 2008, but instead went with the smaller 13in model.


Apple has never made a consumer 15in laptop. John Gruber suggests that there’s a pricing gap starting at around $1500 – above the 13in MacBook Air, below the 15in MacBook Pro – which this could fill.

Though I’d absolutely love this to be true, I don’t see why Apple would be so cooperative. At present, anyone who really wants a 15in screen but doesn’t need pro power is still obliged to buy the Pro (🙋‍♂️) even though they’re overserved by the Pro, and probably don’t ever hit its processing limits. Apple coins it from those buyers.

The others buy a MacBook Air, but wish they had the bigger screen, so they become a potential future upsell. I’d bet more than half of the 15in-wanters buy the Pro, which means Apple would (marginally) lose money if it introduced a 15in MacBook (Air).
unique link to this extract

The problem with YouTube and food videos!!! • YouTube

Sonny Side has a team that makes food videos. Presently he’s in Rwanda, making videos about how people in villages make their food – which, yes, includes slaughtering livestock which will become part of the meal. (It’s not gory, he insists.) But YouTube keeps blocking them. His assertion is that YouTube has a culture problem: everything is compared against an American reference point, and anything that diverges from that is subject to weird censorship.

(It certainly chimes with points I made in Social Warming: why is it OK to show people waving guns around, perhaps even shooting people, but not a nipple?)

(Thanks Chris R for the link.)
unique link to this extract

• Why do social networks drive us a little mad?
• Why does angry content seem to dominate what we see?
• How much of a role do algorithms play in affecting what we see and do online?
• What can we do about it?
• Did Facebook have any inkling of what was coming in Myanmar in 2016?

Social Warming, my latest book, and find answers – and more.

Errata, corrigenda and ai no corrida: none notified

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.