For years, an enduring mystery has surrounded the Stuxnet virus attack that targeted Iran’s nuclear program: How did the U.S. and Israel get their malware onto computer systems at the highly secured uranium-enrichment plant?

The first-of-its-kind virus, designed to sabotage Iran’s nuclear program, effectively launched the era of digital warfare and was unleashed some time in 2007, after Iran began installing its first batch of centrifuges at a controversial enrichment plant near the village of Natanz.

The courier behind that intrusion, whose existence and role has not been previously reported, was an inside mole recruited by Dutch intelligence agents at the behest of the CIA and the Israeli intelligence agency, the Mossad, according to sources who spoke with Yahoo News.

An Iranian engineer recruited by the Dutch intelligence agency AIVD provided critical data that helped the U.S. developers target their code to the systems at Natanz, according to four intelligence sources. That mole then provided much-needed inside access when it came time to slip Stuxnet onto those systems using a USB flash drive.

Source: Yahoo News

Hundreds of millions of phone numbers linked to Facebook  accounts have been found online. The exposed server contained more than 419 million records over several databases on users across geographies, including 133 million records on U.S.-based Facebook users, 18 million records of users in the U.K., and another with more than 50 million records on users in Vietnam. But because the server wasn’t protected with a password, anyone could find and access the database. Each record contained a user’s unique Facebook ID and the phone number listed on the account. A user’s Facebook ID is typically a long, unique and public number associated with their account, which can be easily used to discern an account’s username.

But phone numbers have not been public in more than a year since Facebook restricted access to users’ phone numbers. TechCrunch verified a number of records in the database by matching a known Facebook user’s phone number against their listed Facebook ID. We also checked other records by matching phone numbers against Facebook’s own password reset feature, which can be used to partially reveal a user’s phone number linked to their account.
Some of the records also had the user’s name, gender and location by country.

Source: TechCrunch

A federal judge ruled on Wednesday that a federal government database that compiles people deemed to be “known or suspected terrorists” violates the rights of American citizens who are on the watchlist, calling into question the constitutionality of a major tool the F.B.I. and the Department of Homeland Security use for screening potential terrorism suspects.

Being on the watchlist can restrict people from traveling or entering the country, subject them to greater scrutiny at airports and by the police, and deny them government benefits and contracts. In a 32-page opinion, Judge Anthony J. Trenga of United States District Court for the Eastern District of Virginia said the standard for inclusion in the database was too vague.

“The court concludes that the risk of erroneous deprivation of plaintiffs’ travel-related and reputational liberty interests is high, and the currently existing procedural safeguards are not sufficient to address that risk,” Judge Trenga wrote.

Source: The New York Times

On june 22nd there was an alleged coup attempt in Ethiopia. The army chief of staff was murdered, as was the president of Amhara, one of the country’s nine regions. Ordinary Ethiopians were desperate to find out what was going on. And then the government shut down the internet. By midnight some 98% of Ethiopia was offline.

“People were getting distorted news and were getting very confused about what was happening…at that very moment there was no information at all,” recalls Gashaw Fentahun, a journalist at the Amhara Mass Media Agency, a state-owned outlet. He and his colleagues were trying to file a report. Rather than uploading audio and video files digitally, they had to send them to head office by plane, causing a huge delay.

Source: The Economist

It’s already getting tough to discern real text from fakegenuine video from deepfake. Now, it appears that use of fake voice tech is on the rise too.
That’s according to the Wall Street Journal, which reported the first ever case of AI-based voice fraud — aka vishing (short for “voice phishing”) — that cost a company $243,000.

In a sign that audio deepfakes are becoming eerily accurate, criminals sought the help of commercially available voice-generating AI software to impersonate the boss of a German parent company that owns a UK-based energy firm.
They then tricked the latter’s chief executive into urgently wiring said funds to a Hungarian supplier in an hour, with guarantees that the transfer would be reimbursed immediately.

The company CEO, hearing the familiar slight German accent and voice patterns of his boss, is said to have suspected nothing, the report said.
But not only was the money not reimbursed, the fraudsters posed as the German CEO to ask for another urgent money transfer. This time, however, the British CEO refused to make the payment.

As it turns out, the funds the CEO transferred to Hungary were eventually moved to Mexico and other locations. Authorities are yet to determine the culprits behind the cyber-crime operation.

The firm was insured by Euler Hermes Group, which covered the entire cost of the payment. The incident supposedly happened in March, and the names of the company and the parties involved were not disclosed, citing ongoing investigation.
AI-based impersonation attacks are just the beginning of what could be major headaches for businesses and organizations in the future.
In this case, the voice-generation software was able to successfully imitate the German CEO’s voice. But it’s unlikely to remain an isolated case of a crime perpetrated using AI.

On the contrary, they are only bound to increase in frequency if social engineering attacks of this nature prove to be successful.

As the tools to mimic voices become more realistic, so is the likelihood of criminals using them to their advantage. By feigning identities on the phone, it makes it easy for a threat actor to access information that’s otherwise private and exploit it for ulterior motives.

Back in July, Israel National Cyber Directorate issued warning of a “new type of cyber attack” that leverages AI technology to impersonate senior enterprise executives, including instructing employees to perform transactions such as money transfers and other malicious activity on the network.
The fact that an AI-related crime of this precise nature has already claimed its first victim in the wild should be a cause for concern, as it complicates matters for businesses that are ill-equipped to detect them.

Last year, Pindrop — a cyber-security firm that designs anti-fraud voice software — reported a 350 percent jump in voice fraud from 2013 through 2017, with 1 in 638 calls reported to be synthetically created.

To safeguard companies from the economic and reputational fallout, it’s crucial that “voice” instructions are verified via a follow-up email or other alternative means.

The rise of AI-based tools has its upsides and downsides. On one hand, it gives room for exploration and creativity. On the other hand, it also allows for crime, deception, and nearly (unfortunately) damn competent fraud.

Source: TNW

If the government doesn’t use it against you, scammer will do. Personally, I’m still waiting for the good use cases of artificial intelligence.

People hate you more if you’re successful. And they will do anything to make you feel bad and guilty for being successful. As you can’t just shoot them in the head to get rid of them, you try to discuss things and find a solution everyone can be happy with. Just like intelligent people do. Let me tell you, that it doesn’t work. Stupidity is like a desease which can’t be cured. Arguing with the stupid is a waste of your valuable lifetime. They drag you down to their level and beat you with experience. And in the end you’re the bad guy, that everyone hates, even though you didn’t do anything wrong.

Luckily there’s a third solution: Changing your social environment, like relocating or emigrating, right? No, it’s not! I did that several times and ended up with different people who’re the same assholes that I wanted to shake off.

As you get older, suddenly you realize that everything you do in your life is meaningless. You waste your whole life working and arguing with people giving you the needle until you die some day. Everyone elses life will go on. But not yours. Yours is over and nobody will care about you or your personal achievements, because everyone hates you for being you.

Think about it and use your lifetime wisely in order to have the time of your life.

2019-08-09 @ 08:11: Agile software development Coding

… means to fiddle around with something until it fits the use case. Documentation “will be done later” and structured programming “just happens by accident”.

The prosecutor and the judge said it was because I had a lot of USB flash drives, — a lot of computers and a lot of books, they said that these were suspicious.

Source: Ola Bini

I guess, we’re all just one step away from being jailed.

I know, you may think I am deluded. How could life in an Embassy with a cat and a skateboard ever amount to torture? That’s exactly what I thought, too, when Assange first appealed to my office for protection. Like most of the public, I had been subconsciously poisoned by the relentless smear campaign, which had been disseminated over the years. So it took a second knock on my door to get my reluctant attention. But once I looked into the facts of this case, what I found filled me with repulsion and disbelief.

Read more …
2019-06-24 @ 07:56: déjà vus Personal

Lately I’m experiencing many déjà vus. Since I’m already used to that, it feels like falling down the rabbit hole most time. Maybe there’s a glitch in the matrix.


  • About

    We never asked for this.