Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
precedence: bulk
Subject: Risks Digest 32.03

RISKS-LIST: Risks-Forum Digest  Wednesday 24 June 2020  Volume 32 : Issue 03

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
  <http://catless.ncl.ac.uk/Risks/32.03>
The current issue can also be found at
  <http://www.csl.sri.com/users/risko/risks.txt>

  Contents:
Vehicle Attacks Rise As Extremists Target Protesters (npr.org)
Chrome extensions with 33 million downloads slurped sensitive user data
   (Ars Technica)
Millions of documents from >200 US police agencies published in BlueLeaks
  trove (Ars Technica)
Wrongfully Accused by an Algorithm (NYTimes)
If T-Mobile's giant outage affected you, now's your chance to tell the FCC
  (Ars Technica)
This sneaky malware goes to unusual lengths to cover its tracks (ZDNet)
Masked arsonist might've gotten away with it if she hadn't left Etsy review
  (Jon Brodkin)
Crooks abuse Google Analytics to conceal theft of payment card data
  (Ars Technica)
Bot mafias have wreaked havoc in World of Warcraft Classic (WiReD)
The Pentagon's Bottomless Money Pit (RollingStone)
Testing, testing, testing (Rob Slade)
Coronavirus misinformation, and how scientists can help to fight it
  (Dave Farber)
Wirecard, a Payments Firm, Is Rocked by a Report of Missing $2B (NYTimes)
Social Media Giants Support Racial Justice. Their Products Undermine It.
  (NYTimes)
Square, Jack Dorsey's Pay Service, Is Withholding Money Merchants Say They
  Need (NYTimes)
Many Medical Decision Tools Disadvantage Black Patients
Why Obsessive K-Pop Fans Are Turning Toward Political Activism (NYTimes)
Re: TikTok Teens and K-Pop Fans Say They Sank Trump Rally (William Bader)
Re: Silicon Valley Can't Be Neutral (John Levine)
Abridged info on RISKS (comp.risks)

----------------------------------------------------------------------

Date: Mon, 22 Jun 2020 10:16:32 +0800
From: Richard Stein <rmstein@ieee.org>
Subject: Vehicle Attacks Rise As Extremists Target Protesters (npr.org)

https://www.npr.org/2020/06/21/880963592/vehicle-attacks-rise-as-extremists-target-protesters

That a kill switch cannot be prophylacticly applied to all non-emergency
vehicles in the vicinity of a protest exposes pedestrian marchers to heinous
and violent reprisals. A localized kill switch won't halt a '63 Chevy
Impala.

Kill switch vulnerabilities have appeared repeatedly in comp.risks:

https://catless.ncl.ac.uk/Risks/27/11#subj3.1
https://catless.ncl.ac.uk/Risks/27/84#subj10.1
https://catless.ncl.ac.uk/Risks/28/24#subj12.1
https://catless.ncl.ac.uk/Risks/28/25#subj5.1
https://catless.ncl.ac.uk/Risks/30/29#subj4.1

In https://catless.ncl.ac.uk/Risks/28/25#subj5.1, Jonathan Zittrain
<zittrain@law.harvard.edu> states:

  "I know I've long inveighed against vendor (and, by proxy, government)
  control over consumer technology, and I still think that's a central
  threat to both open code and free speech. But all of that
  otherwise-worrisome tech applied to weapons seems to invert the equities."

Given that kill switches are not readily viable solutions: Laying traffic
spikes across intersections and at start/end points traversed by protesters
might suppress vehicle ramming incidents.

Public safety offices require advanced notification to deploy traffic spikes
given a march route and duration estimate. Protest planning forbearance
reduces flash-mob spontaneity, but can enhance pedestrian safety that
appears absent today.

------------------------------

Date: Tue, 23 Jun 2020 18:49:30 -0400
From: Monty Solomon <monty@roscom.com>
Subject: Chrome extensions with 33 million downloads slurped sensitive user
  data (Ars Technica)

https://arstechnica.com/information-technology/2020/06/chrome-extensions-with-33-million-downloads-slurped-sensitive-user-data/

The extensions, which Google removed only after being privately notified of
them, actively siphoned data such as screenshots, contents in device
clipboards, browser cookies used to log in to websites, and keystrokes such
as passwords, researchers from security firm Awake told me. Many of the
extensions were modular, meaning once installed, they updated themselves
with executable files, which in many cases were specific to the operating
system they ran on. Awake provided additional details in this report.

https://cdn2.hubspot.net/hubfs/3455675/wp-the-internets-new-arms-dealers-malicious-domain-registrars.pdf

------------------------------

Date: Tue, 23 Jun 2020 18:34:10 -0400
From: Monty Solomon <monty@roscom.com>
Subject: Millions of documents from >200 US police agencies published in
  BlueLeaks trove (Ars Technica)

Document dump comes almost 4 weeks after murder by police of George Floyd.

https://arstechnica.com/tech-policy/2020/06/blueleaks-airs-private-data-from-more-than-200-us-police-agencies/

------------------------------

Date: Wed, 24 Jun 2020 14:49:41 -0400
From: Monty Solomon <monty@roscom.com>
Subject: Wrongfully Accused by an Algorithm (NYTimes)

In what may be the first known case of its kind, a faulty facial recognition
match led to a Michigan man's arrest for a crime he did not commit.

https://www.nytimes.com/2020/06/24/technology/facial-recognition-arrest.html

------------------------------

Date: Tue, 23 Jun 2020 18:32:41 -0400
From: Monty Solomon <monty@roscom.com>
Subject: If T-Mobile's giant outage affected you, now's your chance to tell
  the FCC (Ars Technica)

FCC asks public to describe experiences during last week's 13-hour outage.

https://arstechnica.com/tech-policy/2020/06/if-t-mobiles-giant-outage-affected-you-nows-your-chance-to-tell-the-fcc/

------------------------------

Date: Wed, 24 Jun 2020 14:20:40 -1000
From: geoff goodfellow <geoff@iconia.com>
Subject: This sneaky malware goes to unusual lengths to cover its tracks
  (ZDNet)

*Glupteba creates a backdoor into infected Windows systems - and researchers
think it'll be offered to cyber criminals as an easy means of distributing
other malware.*

A malware campaign which creates a backdoor providing full access to
compromised Windows PC, while adding them to a growing botnet, has developed
some unusual measures for staying undetected.

Glupteba first emerged in 2018 and started by gradually dropping more
components into place on infected machines in its bid to create a backdoor
to the system.

The malware is continuously in development and in the last few months it
appears to have been upgraded with new techniques and tactics to coincide
with a new campaign which has been detailed by cybersecurity researchers at
Sophos.
<https://www.zdnet.com/article/what-is-malware-everything-you-need-to-know-about-viruses-trojans-and-malicious-software/>

The paper <https://news.sophos.com/en-us/?p=67447> describes Glupteba as
"highly self-defending malware" with the cyber criminal group behind it
paying special attention to "enhancing features that enable the malware to
evade detection".

However, its method of distribution is relatively simple: it's bundled in
pirated software, including cracked versions of commercial applications, as
well as illegal video game downloads. The idea is simply to get as many
users to download compromised applications which contain the Glupteba
payload as possible.

To ensure the best possible chance of a successful compromise, the malware
is gradually dropped, bit-by-bit onto the system to avoid detection by any
anti-virus software the user may have installed. The malware also uses the
EternalBlue SMB vulnerability to help it secretly spread across networks.
<https://www.zdnet.com/article/why-the-fixed-windows-eternalblue-exploit-wont-die/>

But that isn't where the concealment and self-defence ends, because even
after installation Glupteba goes out of its way to stay undetected. [...]
https://www.zdnet.com/article/this-sneaky-malware-goes-to-unusual-lengths-to-cover-its-tracks/

------------------------------

Date: Sun, 21 Jun 2020 17:00:58 -0600
From: Jim Reisert AD1C <jjreisert@alum.mit.edu>
Subject: Masked arsonist might've gotten away with it if she hadn't left
  Etsy review (Jon Brodkin)

Jon Brodkin, Ars Technica, 18 Jun 2020
Woman who burned two police cars IDed by tattoo and Etsy review of her
T-shirt.

  To some extent, every Internet user leaves a digital trail. So when a
  masked arsonist was seen on video setting fire to a police car on the day
  of a recent protest in Philadelphia, the fact that her face was hidden
  didn't prevent a Federal Bureau of Investigation agent from tracking down
  the suspect. The keys ended up being a tattoo and an Etsy review the
  alleged arsonist had left for a T-shirt she was wearing at the scene of
  the crime, according to the FBI.

https://arstechnica.com/tech-policy/2020/06/masked-arsonist-mightve-gotten-away-with-it-if-she-hadnt-left-etsy-review/

------------------------------

Date: Tue, 23 Jun 2020 18:37:40 -0400
From: Monty Solomon <monty@roscom.com>
Subject: Crooks abuse Google Analytics to conceal theft of payment card data
  (Ars Technica)

Ecommerce site's blind trust makes the service a perfect place to dump data.

https://arstechnica.com/information-technology/2020/06/google-analytics-trick-allows-crooks-to-hide-card-skimming/

------------------------------

Date: Tue, 23 Jun 2020 18:39:21 -0400
From: Monty Solomon <monty@roscom.com>
Subject: Bot mafias have wreaked havoc in World of Warcraft Classic (WiReD)

Blizzard has suspended or closed over 74,000 accounts in the last month.

https://www.wired.com/story/world-of-warcraft-classic-russian-bots/

------------------------------

Date: Mon, 22 Jun 2020 15:32:39 -0500
From: <bmeacham01@earthlink.net>
Subject: The Pentagon's Bottomless Money Pit (RollingStone)

When the Defense Department flunked its first-ever fiscal review, one of our
government's greatest mysteries was exposed: Where does the DoD's $700
billion annual budget go?

Contains numerous mentions of huge IT project failures.

https://www.rollingstone.com/politics/politics-features/pentagon-budget-myst
ery-807276/

Just over 50 years ago, Dwight Eisenhower gave his famous farewell address
warning of the power of the "military-industrial complex." The former war
commander bemoaned the creation of a "permanent armaments industry of vast
proportions," and said the "potential for the disastrous rise of misplaced
power exists and will persist."

Eisenhower's warning is celebrated by the left as a caution against the
overweening political power of war-makers, but as we're now seeing, it was
predictive also as a fiscal conservative's nightmare vision of the future.
The military has become an unstoppable mechanism for hoovering up taxpayer
dollars and deploying them in the most inefficient manner possible.

------------------------------

Date: Mon, 22 Jun 2020 11:24:04 -0700
From: Rob Slade <rmslade@shaw.ca>
Subject: Testing, testing, testing

Recently, a certain national leader has directed that testing for the
SARS-CoV-2 virus be "slowed" so that the numbers of new cases of the disease
will be reduced.  This is, of course, flatly ridiculous.  Testing does not
cause problems, it just reveals existing problems.  And the lack of testing
doesn't prevent problems, it only blinds you to the scope of the problem.  I
have told my "testing" story before ...

Oh, well, what the hey:

I am reminded of a situation where sales and marketing was supposed to carry
out virus scans before they installed our product. They had previously been
using an inferior product, and I mandated that they using a more accurate
product.  At one point a machine was brought in as a problem. First step in
my process was to scan the machine, and, sure enough, it was infected.

"Did you scan it?"

"Yes."

"Did you use the right scanner?"

"Well, no, we used the old one."

"Why did you use the old scanner, when I've specified that you have to use
the new one?"

"Well, when we use the one you told us to, it finds viruses ..."

------------------------------

Date: Tue, 23 Jun 2020 10:29:33 +0900
From: Dave Farber <farber@gmail.com>
Subject: Coronavirus misinformation, and how scientists can help to fight it

https://www.nature.com/articles/d41586-020-01834-3?utm_source=Nature+Briefing&utm_campaign=761bed091d-briefing-dy-20200622&utm_medium=email&utm_term=0_c9dfd39373-761bed091d-43758197

------------------------------

Date: Tue, 23 Jun 2020 08:10:03 -0400
From: Monty Solomon <monty@roscom.com>
Subject: Wirecard, a Payments Firm, Is Rocked by a Report of Missing $2B
  (NYTimes)

The German company's share price has plunged 80 percent, and its longtime
chief executive has resigned.

https://www.nytimes.com/2020/06/19/business/wirecard-scandal.html

------------------------------

Date: Tue, 23 Jun 2020 08:13:18 -0400
From: Monty Solomon <monty@roscom.com>
Subject: Social Media Giants Support Racial Justice. Their Products
  Undermine It. (NYTimes)

Shows of support from Facebook, Twitter and YouTube don't address the way those platforms have been weaponized by racists and partisan provocateurs.

https://www.nytimes.com/2020/06/19/technology/facebook-youtube-twitter-black-lives-matter.html

------------------------------

Date: Tue, 23 Jun 2020 09:16:55 -0400
From: Monty Solomon <monty@roscom.com>
Subject: Square, Jack Dorsey's Pay Service, Is Withholding Money Merchants
  Say They Need (NYTimes)

Small businesses say the Twitter chief's other company is holding on to 30 percent of their customers' payments during the pandemic.

https://www.nytimes.com/2020/06/23/technology/square-jack-dorsey-pandemic-withholding.html

------------------------------

Date: Tue, 23 Jun 2020 09:22:30 -0400
From: Monty Solomon <monty@roscom.com>
Subject: Many Medical Decision Tools Disadvantage Black Patients (NYTimes)

Doctors look to these digital calculators to make treatment decisions, but
they can end up denying black patients access to certain specialists, drugs
and transplants.

https://www.nytimes.com/2020/06/17/health/many-medical-decision-tools-disadvantage-black-patients.html

------------------------------

Date: Tue, 23 Jun 2020 07:47:12 -0400
From: Monty Solomon <monty@roscom.com>
Subject: Why Obsessive K-Pop Fans Are Turning Toward Political Activism
  (NYTimes)

After claiming some credit for the fizzling of President Trump's rally in
Oklahoma, the online armies of Korean pop music listeners are feeling
prepared and empowered.

https://www.nytimes.com/2020/06/22/arts/music/k-pop-fans-trump-politics.html

------------------------------

Date: Sun, 21 Jun 2020 22:21:24 +0100
From: William Bader <william.bader@gmail.com>
Subject: Re: TikTok Teens and K-Pop Fans Say They Sank Trump Rally
  (PGN comment in RISKS-32.02)

> The title Monty sent me is the one online, which says `Stans' instead of
> `Fans'.

"A crazed and or obsessed fan. The term comes from the song Stan by eminem.
The term Stan is used to describe a fan who goes to great lengths to obsess
over a celebrity." https://www.urbandictionary.com/define.php?term=Stan

  [Thanks to at least a dozen readers for helping my education.  I stans
  corrected.  But I remember Stan Laurel and Oliver Hardy, whom all but the
  oldest RISKS readers probably don't.  PGN]

------------------------------

Date: June 24, 2020 6:22:20 JST
From: John Levine <johnl@iecc.com>
Subject: Re: Silicon Valley Can't Be Neutral (Via Dave Farber)

In article <566E5F5C-2B19-4E1E-AF1D-0F1194EDC43B@keio.jp> you write:

> Silicon Valley Can't Be Neutral in the U.S.-China Cold War --
> https://foreignpolicy.com/2020/06/22/zoom-china-us-cold-war-unsafe

> In other words, Zoom is rolling out a ``one-company, two-systems model'' --
> participants in China would be subject to censorship, but those outside of
> China would not.

I agree this is pretty creepy, but how is this fundamentally different from
the way that EU laws like right to be forgotten make search engines results
in Europe omit stuff that is included other places?

If you're going to operate in a country at all, you have to follow the
country's rules. I expect I would have a different answer to whether I'd
operate in China.

------------------------------

Date: Mon, 1 Jun 2020 11:11:11 -0800
From: RISKS-request@csl.sri.com
Subject: Abridged info on RISKS (comp.risks)

 The ACM RISKS Forum is a MODERATED digest.  Its Usenet manifestation is
 comp.risks, the feed for which is donated by panix.com as of June 2011.
=> SUBSCRIPTIONS: The mailman Web interface can be used directly to
 subscribe and unsubscribe:
   http://mls.csl.sri.com/mailman/listinfo/risks

=> SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line that
   includes the string `notsp'.  Otherwise your message may not be read.
 *** This attention-string has never changed, but might if spammers use it.
=> SPAM challenge-responses will not be honored.  Instead, use an alternative
 address from which you never send mail where the address becomes public!
=> The complete INFO file (submissions, default disclaimers, archive sites,
 copyright policy, etc.) is online.
   <http://www.CSL.sri.com/risksinfo.html>
 *** Contributors are assumed to have read the full info file for guidelines!

=> OFFICIAL ARCHIVES:  http://www.risks.org takes you to Lindsay Marshall's
    searchable html archive at newcastle:
  http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
  Also,  ftp://ftp.sri.com/risks for the current volume
     or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
  If none of those work for you, the most recent issue is always at
     http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-32.00
  ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
 *** NOTE: If a cited URL fails, we do not try to update them.  Try
  browsing on the keywords in the subject line or cited article leads.
  Apologies for what Office365 and SafeLinks may have done to URLs.
==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
    <http://www.acm.org/joinacm1>

------------------------------

End of RISKS-FORUM Digest 32.03
************************