Slashdot Mirror

An anonymous reader quotes a report from Motherboard: NASA wants humans and robots to work together as teams. To ensure that, the space agency's autonomous robotics group is currently developing new technology to improve how humans explore the solar system, and how robots can help. When NASA began working with remotely operated robots several years ago, Fong said the scientists needed a piece of software that would allow them to look at terrain and sensor data coming from autonomous robots. That led to the creation of VERVE, a "3D robot user interface," which allows scientists to see and grasp the three-dimensional world of remotely operated robots. VERVE has been used with NASA's K10 planetary rovers (a prototype mobile robot that can travel bumpy terrain), with its K-Rex planetary rovers (robot to determine soil moisture), with SPHERES (Synchronized Position Hold, Engage, Reorient, Experimental Satellites) on the International Space Station (ISS), and with the new robot Astrobee (a robot that can fly around the ISS). In 2013, NASA carried out a series of tests with astronauts on the ISS, during which astronauts who were flying 200 miles above Earth remotely operated the K10 planetary rover in California. Because of time delay, astronauts can't just "joystick a robot," said Maria Bualat, deputy lead of intelligent robotics group at the NASA Ames Research Center. "You need a robot that can operate on its own, complete tasks on its own," she said. "On the other hand, you still want the human in the loop, because the human brings a lot of experience and very powerful cognitive ability that can deal with issues that the autonomy's not quite ready to handle." That's why, according to NASA, human capabilities and robotic capabilities comprise a powerful combination.

An anonymous reader quotes Motherboard: A 21-year-old from Virginia plead guilty on Friday to writing and selling custom spyware designed to monitor a victim's keystrokes. Zachary Shames, from Great Falls, Virginia, wrote a keylogger, malware designed to record every keystroke on a computer, and sold it to more than 3,000 people who infected more than 16,000 victims with it, according to a press release from the U.S. Department of Justice.

Shames, who appears to be a student at James Madison University, developed the first version of the spyware while he was still a high school student in 2013, "and continued to modify and market the illegal product from his college dorm room," according to the feds... While the feds only vaguely referred to it as "some malicious keylogger software," it appears the spyware was actually called "Limitless Keylogger Pro," according to evidence found by a security researcher who asked to remain anonymous... According to what appears to be Shames Linkedin page, he was an intern for the defense contractor Northrop Grumman from May 2015 until August 2016.
The Department of Justice announced that he'll be sentenced on June 16, and faces a maximum of 10 years in prison.

An anonymous reader shares a Motherboard report: Motherboard has obtained 900 GB of data related to Cellebrite, one of the most popular companies in the mobile phone hacking industry. The cache includes customer information, databases, and a vast amount of technical data regarding Cellebrite's products. The breach is the latest chapter in a growing trend of hackers taking matters into their own hands, and stealing information from companies that specialize in surveillance or hacking technologies. Cellebrite is an Israeli company whose main product, a typically laptop-sized device called the Universal Forensic Extraction Device (UFED), can rip data from thousands of different models of mobile phones. That data can include SMS messages, emails, call logs, and much more, as long as the UFED user is in physical possession of the phone.

The U.S. Food and Drug Administration warned on Monday that pacemakers, defibrillators and other devices manufactured by St. Jude Medical, a medical device company based in Minnesota, could have put patients' lives at risk, as hackers could remotely access the devices and change the heart rate, administer shocks, or quickly deplete the battery. Thankfully, St. Jude released a new software patch on the same day as the FDA warning to address these vulnerabilities. Motherboard reports: St. Jude Medical's implantable cardiac devices are put under the skin, in the upper chest area, and have insulated wires that go into the heart to help it beat properly, if it's too slow or too fast. They work together with the Merlin@home Transmitter, located in the patient's house, which sends the patient's data to their physician using the Merlin.net Patient Care Network. Hackers could have exploited the transmitter, the manufacturer confirmed. "[It] could (...) be used to modify programming commands to the implanted device," the FDA safety communication reads. In an emailed response to Motherboard, a St. Jude Medical representative noted that the company "has taken numerous measures to protect the security and safety of our devices," including the new patch, and the creation of a "cyber security medical advisory board." The company plans to implement additional updates in 2017, the email said. This warning comes a few days after Abbott Laboratories acquired St. Jude Medical, and four months after a group of experts at Miami-based cybersecurity company MedSec Holding published a paper explaining several vulnerabilities they found in St. Jude Medical's pacemakers and defibrillators. They made the announcement at the end of August 2016, together with investment house Muddy Waters Capital.

An anonymous reader quotes a report from Motherboard: On December 30, the White House quietly released its Near-Earth Object Preparedness Strategy, a 25-page document outlining the United States' plans in the event that a giant asteroid is found to be on a collision course with Earth. Among the priorities outlined by the strategy are improving Near-Earth Object (NEO) detection, developing methods for deflecting asteroids, and developing interagency emergency procedures in the event of an NEO impact. Given the stakes, it's clear why NASA and the leading US defense and research agencies came together in January 2016 to form the Detecting and Mitigating the Impact of Earth-bound Near-Earth Objects (DAMIEN) working group to address the issues associated with killer asteroids. The DAMIEN group is behind the White House's new NEO strategy, and will be responsible for hashing out the specifics of the plan to save Earthlings from killer asteroids going forward. To assist in the search, the DAMIEN report calls for a space-based observatory dedicated to finding NEOs, which will work in cooperation with ground-based observatories. Since a telescope in space isn't limited by terrestrial weather conditions, it would greatly enhance Spaceguard's search capacity. The only plans currently underway for a space-based NEO telescope are being carried out by the non-profit B612 foundation whose Sentinel telescope was supposed to launch last December, but has been delayed due to difficulties securing the requisite $450 million in funding required for the project. NASA has also been considering the NEOCam, a space-based telescope that has received provisional funding for "detailed refinement." Unfortunately, during the latest round of budgeting for NASA's Discovery program, two other satellites were greenlit instead of NEOCam, but NASA said it would continue the asteroid-hunter's provisional funding, so there is still hope that NASA may go forward with a space-based NEO observatory in the future, especially in light of the recent White House strategy. In tandem, the report also recommends updating the capabilities of ground-based NEO observatories by endowing them with more powerful planetary radars and improved spectroscopy instruments (this would allow for more accurate determinations of the composition of an asteroid). But detection is only half the battle. In the event that an asteroid is found to be on an impact trajectory with Earth, NASA is also thinking about ways to deflect the killer asteroid. Some pretty far-out ideas have been proposed on this front, ranging from nukes in space to giant sun-powered lasers, but the most likely method is simply ramming into the asteroid to change its course. Finally, should all else fail, the report also considers what to do in an impact scenario.

An anonymous reader quotes a report from Motherboard: On December 30, the White House quietly released its Near-Earth Object Preparedness Strategy, a 25-page document outlining the United States' plans in the event that a giant asteroid is found to be on a collision course with Earth. Among the priorities outlined by the strategy are improving Near-Earth Object (NEO) detection, developing methods for deflecting asteroids, and developing interagency emergency procedures in the event of an NEO impact. Given the stakes, it's clear why NASA and the leading US defense and research agencies came together in January 2016 to form the Detecting and Mitigating the Impact of Earth-bound Near-Earth Objects (DAMIEN) working group to address the issues associated with killer asteroids. The DAMIEN group is behind the White House's new NEO strategy, and will be responsible for hashing out the specifics of the plan to save Earthlings from killer asteroids going forward. To assist in the search, the DAMIEN report calls for a space-based observatory dedicated to finding NEOs, which will work in cooperation with ground-based observatories. Since a telescope in space isn't limited by terrestrial weather conditions, it would greatly enhance Spaceguard's search capacity. The only plans currently underway for a space-based NEO telescope are being carried out by the non-profit B612 foundation whose Sentinel telescope was supposed to launch last December, but has been delayed due to difficulties securing the requisite $450 million in funding required for the project. NASA has also been considering the NEOCam, a space-based telescope that has received provisional funding for "detailed refinement." Unfortunately, during the latest round of budgeting for NASA's Discovery program, two other satellites were greenlit instead of NEOCam, but NASA said it would continue the asteroid-hunter's provisional funding, so there is still hope that NASA may go forward with a space-based NEO observatory in the future, especially in light of the recent White House strategy. In tandem, the report also recommends updating the capabilities of ground-based NEO observatories by endowing them with more powerful planetary radars and improved spectroscopy instruments (this would allow for more accurate determinations of the composition of an asteroid). But detection is only half the battle. In the event that an asteroid is found to be on an impact trajectory with Earth, NASA is also thinking about ways to deflect the killer asteroid. Some pretty far-out ideas have been proposed on this front, ranging from nukes in space to giant sun-powered lasers, but the most likely method is simply ramming into the asteroid to change its course. Finally, should all else fail, the report also considers what to do in an impact scenario.

An employee at Forza Horizon 3 developer Playground Games accidentally green-lighted the wrong update file for PC players, who found themselves downloading a whopping 53GB download that turned out to be an unencrypted future build (.37.2) of the entire game intended for developers. Motherboard reports: Naturally, players who'd managed to download it yesterday had a field day leaking the information within, right down to massive posts on Imgur showing all the new cars and forum threads detailing the Porsches thought to come in an future unannounced pack. Since Forza Horizon 3 requires a constant online connection and works off of a constantly refreshing save file, anyone who played the new patch on PC found themselves slapped with an error saying their Forza profiles were no longer available. Playing it with the new build would thus effectively mean starting a new game from scratch, even if they'd dumped dozens of hours into Forza Horizon 3 since its release last September. But starting over is exactly what players shouldn't have done. The best thing they could do was shut down the game, walk away, and wait for a fix. "PC players who completed the download of .37.2 and then started a new game save will have a corrupted saved game," wrote Brian Ekberg, Forza's community manager, in a forum post. "Avoid creating a new saved game on .37.2, and only play on .35.2 to avoid this issue. As long as you have an existing save and have not created a new one on .37.2, your saved game will work correctly once the update is available."

An anonymous reader quotes a report from Motherboard: When you think of North Korea, the first thing that springs to mind is probably not a well-featured tablet PC. But that's just what researchers at the Chaos Communication Congress hacking festival revealed on Tuesday. Called Woolim, this tablet is designed to limit the distribution of contraband media, track its users, and generally act as a propaganda platform for the Democratic People's Republic of Korea (DPRK). Woolim is a small, white Android device that looks like a fairly standard tablet. The hardware itself is made by Chinese manufacturer Hoozo, but the North Korean government has removed some components such as those for wi-fi and bluetooth, and put its own bespoke software on top. After the researchers presented work covering RedStar OS, North Korea's Linux-based operating system, a South Korean NGO offered the tablet to the group. Woolim is just one of several tablets designed for North Korea, but Woolim appears to be the most recent, likely dating from 2015. The tablet has PDFs on how to use it; various propaganda texts for users to read as well as the capability to play local TV and connect to the country's own internet, and it also comes with a slew of educational apps, such as French, Russian, and Chinese dictionaries. There's even an app for kids which teaches them how to type with a keyboard, and video games such as Angry Birds that have been lightly customized. The tablet only allows specific files to be used or played: users cannot just load whatever they want onto the device. Woolim also constantly keeps tabs on what its users are up to. Whenever a user opens an app, the tablet takes a screenshot. These screenshots are then available for viewing in another app, but they can't be deleted.

An anonymous reader quotes a report from Motherboard: When you think of North Korea, the first thing that springs to mind is probably not a well-featured tablet PC. But that's just what researchers at the Chaos Communication Congress hacking festival revealed on Tuesday. Called Woolim, this tablet is designed to limit the distribution of contraband media, track its users, and generally act as a propaganda platform for the Democratic People's Republic of Korea (DPRK). Woolim is a small, white Android device that looks like a fairly standard tablet. The hardware itself is made by Chinese manufacturer Hoozo, but the North Korean government has removed some components such as those for wi-fi and bluetooth, and put its own bespoke software on top. After the researchers presented work covering RedStar OS, North Korea's Linux-based operating system, a South Korean NGO offered the tablet to the group. Woolim is just one of several tablets designed for North Korea, but Woolim appears to be the most recent, likely dating from 2015. The tablet has PDFs on how to use it; various propaganda texts for users to read as well as the capability to play local TV and connect to the country's own internet, and it also comes with a slew of educational apps, such as French, Russian, and Chinese dictionaries. There's even an app for kids which teaches them how to type with a keyboard, and video games such as Angry Birds that have been lightly customized. The tablet only allows specific files to be used or played: users cannot just load whatever they want onto the device. Woolim also constantly keeps tabs on what its users are up to. Whenever a user opens an app, the tablet takes a screenshot. These screenshots are then available for viewing in another app, but they can't be deleted.

An anonymous reader quotes a report from Motherboard: According to research published Thursday in Science, physicists at Princeton University have designed a device that allows a single electron to pass its quantum information to a photon in what could be a big breakthrough for silicon-based quantum computers. The device designed by the Princeton researchers is the result of five years of research and works by trapping an electron and a photon within a device built by HRL laboratories, which is owned by Boeing and General Motors. It is a semi-conductor chip made from layers of silicon and silicon-germanium, materials that are inexpensive and already widely deployed in consumer electronics. Across the top of this wafer of silicon layers were laid a number of nanowires, each smaller than the width of a human hair, which were used to deliver energy to the chip. This energy allowed the researchers to trap an electron in between the silicon layers of the chip in microstructures known as quantum dots. The researchers settled on photons as the medium of exchange between electrons since they are less sensitive to disruption from their environment and could potentially be used to carry quantum information between quantum chips, rather than within the circuits on a single quantum chip. The ability to scale up this device would mean that photons could be used to pass quantum information from electron to electron in order to form the circuits for a quantum computer. "We now have the ability to actually transmit the quantum state to a photon," said Xiao Mi, a graduate student in Princeton's Department of Physics. "This has never been done before in a semiconductor device because the quantum state was lost before it could transfer its information."

An anonymous reader quotes a report from ZDNet: Earlier this year, we were sent a series of large, encrypted files purportedly belonging to a U.S. police department as a result of a leak at a law firm, which was insecurely synchronizing its backup systems across the internet without a password. Among the files was a series of phone dumps created by the police department with specialist equipment, which was created by Cellebrite, an Israeli firm that provides phone-cracking technology. We obtained a number of these so-called extraction reports. One of the more interesting reports by far was from an iPhone 5 running iOS 8. The phone's owner didn't use a passcode, meaning the phone was entirely unencrypted. The phone was plugged into a Cellebrite UFED device, which in this case was a dedicated computer in the police department. The police officer carried out a logical extraction, which downloads what's in the phone's memory at the time. (Motherboard has more on how Cellebrite's extraction process works.) In some cases, it also contained data the user had recently deleted. To our knowledge, there are a few sample reports out there floating on the web, but it's rare to see a real-world example of how much data can be siphoned off from a fairly modern device. We're publishing some snippets from the report, with sensitive or identifiable information redacted.

An anonymous reader quotes a report from Motherboard: The French postal service is beginning an experimental drone delivery program to deliver parcels on a nine mile route once a week. After the program gets approval from the French aviation regulatory authority, the federal postal service will be the first to ever use drone delivery on a regular route. The drones used in the French postal service experiment have the capacity to fly up to 12 miles carrying about two pounds maximum, going around 19 miles per hour. They are also equipped with parachutes for safe emergency landing in case something disrupts the flight. The eventual goal is to reach rural or mountainous regions that are otherwise difficult and expensive to get to using cars. The drone mail delivery program has been a project of the DPDgroup, Europe's second largest international parcel delivery network, operating as a subsidiary under the French national postal service. The DPDgroup had been working on this program with Atechsys, a French drone company, since 2014 in the south of France. "The first commercial line represents a new step in the program," DPDgroup said in a press release. With the testing phase now over, the experimentation phase is all set to begin. Currently, those participating in the experiment to receive parcels are non-residential, including over ten tech companies. The done routes stretch over the southeastern region of Provence, going between Saint-Maximin-La-Sainte-Beaume and Pourrieres.

An anonymous reader quotes a report from Motherboard: The Shadow Brokers -- a hacker or group of hackers that stole computer exploits from the National Security Agency -- has been quiet for some time. After their auction and crowd-funded approach for selling the exploits met a lukewarm reception, the group seemingly stopped posting new messages in October. But a newly uncovered website, which includes a file apparently signed with The Shadow Brokers' cryptographic key, suggests the group is trying to sell hacking tools directly to buyers one by one, and a cache of files appears to include more information on specific exploits. On Wednesday, someone calling themselves Boceffus Cleetus published a Medium post called "Are the Shadow Brokers selling NSA tools on ZeroNet?" Cleetus, who has an American flag with swastikas as their profile picture, also tweeted the post from a Twitter account created this month. The site includes a long list of supposed items for sale, with names like ENVOYTOMATO, EGGBASKET, and YELLOWSPIRIT. Each is sorted into a type, such as "implant," "trojan," and "exploit," and comes with a price tag between 1 and 100 bitcoins ($780 -- $78,000). Customers can purchase the whole lot for 1000 bitcoins ($780,000). The site also lets visitors download a selection of screenshots and files related to each item. Along with those is a file signed with a PGP key with an identical fingerprint to that linked to the original Shadow Brokers dump of exploits from August. This newly uncovered file was apparently signed on 1 September; a different date to any of The Shadow Brokers' previously signed messages.

An anonymous reader quotes a report from Motherboard: The Shadow Brokers -- a hacker or group of hackers that stole computer exploits from the National Security Agency -- has been quiet for some time. After their auction and crowd-funded approach for selling the exploits met a lukewarm reception, the group seemingly stopped posting new messages in October. But a newly uncovered website, which includes a file apparently signed with The Shadow Brokers' cryptographic key, suggests the group is trying to sell hacking tools directly to buyers one by one, and a cache of files appears to include more information on specific exploits. On Wednesday, someone calling themselves Boceffus Cleetus published a Medium post called "Are the Shadow Brokers selling NSA tools on ZeroNet?" Cleetus, who has an American flag with swastikas as their profile picture, also tweeted the post from a Twitter account created this month. The site includes a long list of supposed items for sale, with names like ENVOYTOMATO, EGGBASKET, and YELLOWSPIRIT. Each is sorted into a type, such as "implant," "trojan," and "exploit," and comes with a price tag between 1 and 100 bitcoins ($780 -- $78,000). Customers can purchase the whole lot for 1000 bitcoins ($780,000). The site also lets visitors download a selection of screenshots and files related to each item. Along with those is a file signed with a PGP key with an identical fingerprint to that linked to the original Shadow Brokers dump of exploits from August. This newly uncovered file was apparently signed on 1 September; a different date to any of The Shadow Brokers' previously signed messages.

An anonymous reader quotes a report from Motherboard: A little over a year ago, it was big news that thousands of people and hundreds of institutions controlling more than $2.6 trillion in total assets had pledged to remove their investments from stocks, mutual funds, and bonds that invest in fossil fuel companies. A year later, that number has doubled. According to a report by DivestInvest, a philanthropy helping to lead the movement, more than 688 institutions and 60,000 individual investors worth $5.2 trillion have pulled their investments from fossil fuel companies and have reinvested a portion of their assets into clean energy companies. In September 2015, 436 institutions and 2,040 individuals worth $2.6 trillion had divested. For comparison, the total net worth of investors who had pulled out of the fossil fuel market was just $52 billion in September 2014. Divestment is increasingly seen as one of the stronger moves that private citizens and companies can take to support the move to clean energy. The movement started in earnest in 2011 when college students began petitioning their institutions to remove their assets from stocks, bonds, and mutual funds that invest in fossil fuel companies. What was seen as a gimmick at the time appears to be gaining real momentum a year after the Paris Climate Treaty was signed.

An anonymous reader quotes a report from Motherboard: A little over a year ago, it was big news that thousands of people and hundreds of institutions controlling more than $2.6 trillion in total assets had pledged to remove their investments from stocks, mutual funds, and bonds that invest in fossil fuel companies. A year later, that number has doubled. According to a report by DivestInvest, a philanthropy helping to lead the movement, more than 688 institutions and 60,000 individual investors worth $5.2 trillion have pulled their investments from fossil fuel companies and have reinvested a portion of their assets into clean energy companies. In September 2015, 436 institutions and 2,040 individuals worth $2.6 trillion had divested. For comparison, the total net worth of investors who had pulled out of the fossil fuel market was just $52 billion in September 2014. Divestment is increasingly seen as one of the stronger moves that private citizens and companies can take to support the move to clean energy. The movement started in earnest in 2011 when college students began petitioning their institutions to remove their assets from stocks, bonds, and mutual funds that invest in fossil fuel companies. What was seen as a gimmick at the time appears to be gaining real momentum a year after the Paris Climate Treaty was signed.

From a report on Motherboard: On Tuesday, the UK is due to pass its controversial new surveillance law, the Investigatory Powers Act, according to the Home Office. The Act, which has received overwhelming support in both the House of Commons and Lords, formally legalizes a number of mass surveillance programs revealed by Edward Snowden in 2013. It also introduces a new power which will force internet service providers to store browsing data on all customers for 12 months. Civil liberties campaigners have described the Act as one of the most extreme surveillance laws in any democracy, while law enforcement agencies believe that the collection of browsing data is vital in an age of ubiquitous internet communications. "The Investigatory Powers Act 2016 will ensure that law enforcement and the security and intelligence agencies have the powers they need in a digital age to disrupt terrorist attacks, subject to strict safeguards and world-leading oversight," a statement from the Home Office reads. Much of the Act gives stronger legal footing to the UK's various bulk powers, including "bulk interception," which is, in general terms, the collection of internet and phone communications en masse. In June 2013, using documents provided by Edward Snowden, The Guardian revealed that the GCHQ taps fibre-optic undersea cables in order to intercept emails, internet histories, calls, and a wealth of other data. Update: "Snooper's charter" bill has become the law. The home secretary said:"The Investigatory Powers Act is world-leading legislation, that provides unprecedented transparency and substantial privacy protection. "The government is clear that, at a time of heightened security threat, it is essential our law enforcement and security and intelligence services have the power they need to keep people safe. The internet presents new opportunities for terrorists and we must ensure we have the capabilities to confront this challenge. But it is also right that these powers are subject to strict safeguards and rigorous oversight."

When it comes to VR ports of popular games, "Doom 3's fluid weapon handling, interactivity, and general creepiness put it in a different class entirely," writes Motherboard. An anonymous reader quotes their report: Using the graphically enhanced "BFG" version of 2004's Doom 3, the mod from "Codes4Fun" skillfully ports to game to the HTC Vive, generally making it look as though it was designed for the platform all along. Swedish YouTuber SweViver recently posted a video showing off his first spin with it... SweViver walks and runs about naturally using only the Vive controller's touchpad...the video shows him jumping and using the mod's impressive hand-tracking to handle his gun and flashlight separately as they float before him in place of the controllers in his hands. At one point, he even whips out virtual fists that let him pummel things with the controllers' left and right triggers.
His conclusion? "This is probably the first AAA game that actually works on the Vive."

Lawrence Lessig's new op-ed in the Washington Post argues against the idea "that the person who lost the popular vote this year must nonetheless become our president." (Paywalled version here, free version here.) Lessig points out that the electoral college results have already been ignored twice in U.S. history -- in 1824 and 1876. The Constitution says nothing about "winner take all." It says nothing to suggest that electors' freedom should be constrained in any way...They were to be citizens exercising judgment, not cogs turning a wheel.
Complaining that the electoral college weights the votes in Wyoming roughly four times as heavily as the votes in Michigan, Lessig argues that the popular vote should be respected, and that the authors of the U.S. Constitution "left the electors free to choose. They should exercise that choice by leaving the election as the people decided it: in Clinton's favor."

Meanwhile, Politico is reporting that six electors, "mostly former Bernie Sanders supporters who hail from Washington state and Colorado," are already urging electors pledged to Clinton and Trump to instead coalesce around "a consensus pick like Mitt Romney or John Kasich." And the ethics lawyers for both President Obama and President Bush both told one liberal site "that if Trump continues to retain ownership over his sprawling business interests by the time the electors meet on December 19, they should reject Trump." Finally, from the original submission:
Even Donald Trump has called the Electoral College a "total sham." Is it time for the Electoral College to reflect the popular vote?

Tuesday a Canadian journalist described his newest victory in his war on fake-science journals. An anonymous reader writes: In 2014, journalist Tom Spears intentionally wrote "the world's worst science research paper...a mess of plagiarism and meaningless garble" -- then got it accepted by eight different journals. ("I copied and pasted one phrase from a geology paper online, and the rest from a medical one, on hematology...and so on. There are a couple of graphs from a paper about Mars...") He did it to expose journals which follow the publish-for-a-fee model, "a fast-growing business that sucks money out of research, undermines genuine scientific knowledge, and provides fake credentials for the desperate."

But earlier this year, one such operation actually purchased two prominent Canadian medical journals, and one critic warns they're "on a buying spree, snatching up legitimate scholarly journals and publishers, incorporating them into its mega-fleet of bogus, exploitative, and low-quality publications.â So this summer, Spears explains to Vice, "I got this request to write for what looked like a fake journal -- of ethics. Something about that attracted me... one morning in late August when I woke up early I made extra coffee and banged out some drivel and sent it to them."
He's now publicizing the fact that this formerly-respectable journal is currently featuring his submission, which was "mostly plagiarized from Aristotle, with every fourth or fifth word changed so that anti-plagiarism software won't catch it. But the result is meaningless. Some sentences don't have verbs..."

Joseph Cox, reporting for Motherboard: In January, Motherboard reported on the FBI's "unprecedented" hacking operation, in which the agency, using a single warrant, deployed malware to over one thousand alleged visitors of a dark web child pornography site. Now, it has emerged that the campaign was actually several orders of magnitude larger. In all, the FBI obtained over 8,000 IP addresses, and hacked computers in 120 different countries, according to a transcript from a recent evidentiary hearing in a related case. The figures illustrate the largest ever known law enforcement hacking campaign to date, and starkly demonstrate what the future of policing crime on the dark web may look like. This news comes as the US is preparing to usher in changes that would allow magistrate judges to authorize the mass hacking of computers, wherever in the world they may be located.

Joseph Cox, reporting for Motherboard: In January, Motherboard reported on the FBI's "unprecedented" hacking operation, in which the agency, using a single warrant, deployed malware to over one thousand alleged visitors of a dark web child pornography site. Now, it has emerged that the campaign was actually several orders of magnitude larger. In all, the FBI obtained over 8,000 IP addresses, and hacked computers in 120 different countries, according to a transcript from a recent evidentiary hearing in a related case. The figures illustrate the largest ever known law enforcement hacking campaign to date, and starkly demonstrate what the future of policing crime on the dark web may look like. This news comes as the US is preparing to usher in changes that would allow magistrate judges to authorize the mass hacking of computers, wherever in the world they may be located.

An anonymous reader quotes a report from Motherboard: Israeli hacker Amihai Neiderman needed three days to hack into Tel Aviv's free public Wi-Fi. He only worked during the evenings, after he came home from his full-time job as a security researcher. The 26-year-old said the difficulty level was "a solid 5" on a scale from 1 to 10. The hack, performed in 2014 and recently explained in detail during the DefCamp conference in Bucharest, Romania, shows how vulnerable public networks can be and why we should encrypt our web traffic while accessing them. He hacked his city out of curiosity. One day, he was driving home from work and he noticed the "FREE_TLV" displayed on his smartphone. He had no idea what it was, but got intrigued. It turned out to be Tel Aviv's free municipal Wi-Fi network. The hacker connected to it and checked what his IP was, using http://whatismyip.com. This way, you usually find the address of the router that links you to the internet. To hack Tel Aviv, he needed to take control over this device. Neiderman got home and found out that the router had one port open. He tried it. This step allowed him to determine the manufacturer of the router. It turned out to be Peplink, a company he had never heard of. It made the mistake of having the administration interfaces online. At this point, he still didn't know what device he was connecting to. He compared different products displayed on the company's website and looked for additional clues in the messages sent to him by the unidentified device. He finally found out it was a high-end load balancing router. All he needed was a vulnerability to exploit. But breaking the firmware of the router seemed time consuming, as files were encrypted, so the hacker took a different approach. He found a less protected version of the firmware, used for a different device, and found a vulnerability there. To his luck, the same glitch was present in the version installed on the very devices that made up "FREE_TLV." He tested the hack at home, emulating the city's network, and it worked. A real-life test would had been illegal.

An anonymous reader quotes a report from Motherboard: In bitcoin-related investigations, authorities will often follow the digital trail of an illegal transaction or suspicious user back to a specific account at a bitcoin trading company. From here, investigators will likely subpoena the company for records about that particular user, so they can then properly identify the person suspected of a crime. The Internal Revenue Service, however, has taken a different approach. Instead of asking for data relating to specific individuals suspected of a crime, it has demanded bitcoin trading site Coinbase to provide the identities of all of the firm's U.S. customers who made transactions over a three year period, because there is a chance they are avoiding paying taxes on their bitcoin reserves. Coinbase has a total of millions of customers. According to court filings, which were first flagged by financial blogger Zerohedge on Twitter, the IRS has launched an investigation to determine the correct amount of tax that those who use virtual currencies such as bitcoin are obligated to pay. But according to the documents, the IRS is asking for the identities of any U.S. Coinbase customer who transferred crypto-currency with the service between 2013 and 2015. "The John Does whose identities are sought by the summons are United States persons who, at any time during the period January 1, 2013, through December 31, 2015, conducted transactions in a convertible virtual currency," reads a memorandum written by Department of Justice attorneys and filed on Thursday, November 17.

An anonymous reader quotes a report from Motherboard: A new tool makes it almost trivial for criminals to log onto websites as if they were you, and get access to your network router, allowing them to launch other types of attacks. Hackers and security researchers have long found ways to hack into computers left alone. But the new $5 tool called PoisonTap, created by the well-known hacker and developer Samy Kamkar, can even break into password-protected computers, as long as there's a browser open in the background. Kamkar explained how it works in a blog post published on Wednesday. And all a hacker has to do is plug it in and wait. PoisonTap is built on a Raspberry Pi Zero microcomputer. Once it's plugged into a USB port, it emulates a network device and attacks all outbound connections by pretending to be the whole internet, tricking the computer to send all traffic to it. Once the device is positioned in the middle like this, it can steal the victim's cookies, as long as they come from websites that don't use HTTPS web encryption, according to Kamkar. Security experts that reviewed Kamkar's research for Motherboard agreed that this is a novel attack, and a good way to expose the excessive trust that Mac and Windows computers have in network devices. That's the key of PoisonTap's attacks -- once what looks like a network device is plugged into a laptop, the computer automatically talks to it and exchanges data with it.

An anonymous reader quotes a report from Motherboard: What's that song? On your cellphone, the popular app Shazam is able to answer that question by listening for just a few seconds, as if it were magic. On Apple's computers, Shazam never turns the microphone off, even if you tell it to. When a user of Shazam's Mac app turns the app "OFF," the app actually keeps the microphone on in the background. For the security researcher who discovered that the mic is always on, it's a bug that users should know about. For Shazam, it's just a feature that makes the app work better. Patrick Wardle, a former NSA hacker who now develops free Mac security tools, discovered this issue thanks to his latest software OverSight, which is designed to alert users when apps use their webcam and microphone. After he released OverSight, Wardle received an email from a user who noticed that the security app alerted him that Shazam was still listening even after he had switched the toggle to "off." Curious about this discovery, and worried his own software might be issuing a false alarm, Wardle reverse engineered the Shazam app to figure out what was happening. After a few hours analyzing the code, Wardle found out that, in fact, Shazam never stops listening, as he explained in a blog post published on Monday. James Pearson, VP of global communications for Shazam, said in a statement to Motherboard: "There is no privacy issue since the audio is not processed unless the user actively turns the app 'ON.' If the mic wasn't left on, it would take the app longer to both initialize the mic and then start buffering audio, and this is more likely to result in a poor user experience where users 'miss out' on a song they were trying to identify."

Steven Levy writes at Backchannel that "Technology and science is a bigger story than Donald Trump," arguing that regardless of who's president, future generations "will primarily regard these times as the era during which tech changed everything." Remember, there have been economic crashes and horrible wars throughout history. But people carrying supercomputers in their pockets -- supercomputers that change their lives hundreds of times a day -- is new and earth shattering... we are doggedly optimistic about the future, and how technology, with all its black mirrors, will make life better.
He ultimately calls the rise of tech "the story of our time" (although in a semi-related development, American researchers are now worrying about federal funding cuts). And Motherboard warns that with Canada's new push to attract foreign tech workers, "there's a very real possibility that the U.S. could face a brain drain as some of its top science and tech talent moves to greener pastures."

"America's children have officially won the right to sue their government over global warming," reports Motherboard. An anonymous reader quotes their article: Thursday, a lawsuit filed by 21 youth plaintiffs was ruled valid by U.S. District Judge Ann Aiken in Eugene, Oregon. A group of citizens, whose ages range from nine to twenty, charged President Obama, the fossil fuel industry, and other federal agencies with violating their constitutional rights by declining to take action against climate change. "Federal courts too often have been cautious and overly deferential in the arena of environmental law, and the world has suffered for it," wrote Judge Aiken in her ruling. [PDF]
Several groups -- including the U.S. government and the American Petroleum Institute -- had asked the judge to throw out the case, but the judge ruled instead that climate change would "threaten plaintiffs' fundamental constitutional rights to life and liberty," calling man-made climate change an "undisputed" fact. In a related story, Slashdot reader devinp shares a new study which suggests "Global changes in temperature due to human-induced climate change have already impacted every aspect of life on Earth from genes to entire ecosystems, with increasingly unpredictable consequences for humans."

An anonymous reader quotes a report from Ars Technica: Federal investigators temporarily seized a Tor-hidden site known as Playpen in 2015 and operated it for 13 days before shutting it down. The agency then used a "network investigative technique" (NIT) as a way to ensnare site users. However, according to newly unsealed documents recently obtained by the American Civil Liberties Union, the FBI not only temporarily took over one Tor-hidden child pornography website in order to investigate it, the organization was in fact authorized to run a total of 23 other such websites. According to an FBI affidavit among the unsealed documents: "In the normal course of the operation of a web site, a user sends "request data" to the web site in order to access that site. While Websites 1-23 operate at a government facility, such request data associated with a user's actions on Websites 1-23 will be collected. That data collection is not a function of the NIT. Such request data can be paired with data collected by the NIT, however, in order to attempt to identify a particular user and to determine that particular user's actions on Websites 1-23." Security researcher Sarah Jamie Lewis told Ars that "it's a pretty reasonable assumption" that at one point the FBI was running roughly half of the known child porn sites hosted on Tor-hidden servers. Lewis runs OnionScan, an ongoing bot-driven analysis of the Tor-hidden darknet. Her research began in April 2016, and it shows that as of August 2016, there were 29 unique child porn related sites on Tor-hidden servers. That NIT, which many security experts have dubbed as malware, used a Tor exploit of some kind to force the browser to return the user's actual IP address, operating system, MAC address, and other data. As part of the operation that took down Playpen, the FBI was then able to identify and arrest the nearly 200 child porn suspects. (However, nearly 1,000 IP addresses were revealed as a result of the NIT's deployment, which could suggest that even more charges may be filed.)

An anonymous reader quotes a report from Motherboard: Donald Trump's presidential election victory could have dire consequences for U.S. internet freedom and openness, according to several tech policy experts and public interest advocates surveyed by Motherboard on Wednesday. The Republican billionaire will likely seek to roll back hard-won consumer protections safeguarding net neutrality, the principle that all internet content should be equally accessible, as well as a host of other policies designed to protect consumers, ensure internet freedom, and promote broadband access, these experts and advocates said. In the wake of Trump's election victory, FCC Chairman Wheeler is likely to step down before the billionaire reality TV star is inaugurated in January. Incoming presidents traditionally have the prerogative to select the leader of FCC, which has broad regulatory power over the nation's cable, phone and satellite companies. It's unclear whom Trump might nominate to lead the FCC, but Ajit Pai, the Kansas-born Republican FCC commissioner and former Verizon lawyer, is likely to be a contender. Trump has tapped Jeffrey Eisenach, a conservative scholar at the American Enterprise Institute, to lead his telecom policy transition team, according to Politico. Eisenach is a well-known figure in right-wing telecommunications policy circles, with a reputation as a "crusader against regulation." One immediate consequence of Trump's election is a dimmer outlook for ATT's proposed $85 billion buyout of entertainment giant Time Warner. Last month, Trump vowed to block the deal, warning that it would result in "too much concentration of power in the hands of too few." Trump's ignorance about tech and telecom policy was on full display throughout the election season. For example, Trump blithely compared net neutrality to the FCC's old Fairness Doctrine, a bizarre and ignorant assertion for which he was roundly mocked. The Fairness Doctrine, which was eliminated decades ago, required media outlets to afford a "reasonable opportunity" for the airing of opposing views on major issues. Net neutrality has nothing to do with the Fairness Doctrine, but rather ensures that consumers have open, unfettered access to the internet. Net neutrality can't be torpedoed overnight. The FCC rules prohibiting online fast lanes and discriminatory broadband practices are now U.S. policy, and they can't be dismantled at the whim of an authoritarian president. But a Trump-backed, Republican-led FCC could simply stop enforcing the net neutrality policy, rendering it essentially toothless. That could unleash the nation's largest cable and phone companies, including Comcast, AT&T and Verizon, to expand controversial practices like "zero-rating" that are designed to circumvent net neutrality.

Hours after Donald Trump won the Presidential Election, a group of hackers that is widely believed to be Russian and was involved in the breach of the Democratic National Committee launched a wave of attacks against dozens of people working at universities, think tanks, NGOs, and even inside the US government. From a report on Motherboard:Around 9 a.m. ET on Wednesday, the hackers sent a series of phishing emails trying to trick dozens of victims into opening booby-trapped attachments containing malware, and clicking on malicious links, according to security firm Volexity, which observed and reported the five attack waves. The targets work for organizations such as Radio Free Europe / Radio Liberty, the Atlantic Council, the RAND Corporation, and the State Department, among others. One of the phishing emails included a forwarded message appearing to be from the Clinton Foundation, apparently sent by a professor at Harvard. The email used the professor's real address, and according to Volexity's founder Steven Adair, it's likely that the professor got hacked and the attackers then used his account to send out the phishing emails. (The professor did not respond to a request for comment.) One of the targets, who shared the email she received with Motherboard, said she "almost fell for it."

An anonymous reader quotes a report from Motherboard: In 2013, the FBI received permission to hack over 300 specific users of dark web email service TorMail. But now, after the warrants and their applications have finally been unsealed, experts say the agency illegally went further, and hacked perfectly legitimate users of the privacy-focused service. "That is, while the warrant authorized hacking with a scalpel, the FBI delivered their malware to TorMail users with a grenade," Christopher Soghoian, principal technologist at the American Civil Liberties Union (ACLU), told Motherboard in an email. The move comes after the ACLU pushed to unseal the case dockets in September. The Department of Justice recently decided to publish redacted versions of related documents. In 2013, the FBI seized Freedom Hosting, a service that hosted dark web sites, including a large number of child pornography sites and the privacy-focused email service TorMail. The agency then went on to deploy a network investigative technique (NIT) -- a piece of malware -- designed to obtain the real IP address of those visiting Freedom Hosting sites. According to the new documents, the NIT was used against users of 23 separate websites. As for TorMail, officials have maintained that the government obtained a warrant to deploy the NIT against specific users of the service. Now, we do know that to be true: recently unsealed affidavits include a total of over 300 redacted TorMail accounts that the FBI wanted to target. All of these accounts were allegedly linked to child pornography-related crimes, according to court documents. Importantly, the affidavits say that the NIT would only be used to "investigate any user who logs into any of the TARGET ACCOUNTS by entering a username and password." But, according to sources who used TorMail and previous reporting, the NIT was deployed before the TorMail login page was even displayed, raising the question of how the FBI could have possibly targeted specific accounts.

An anonymous reader quotes a report from Motherboard: In 2013, the FBI received permission to hack over 300 specific users of dark web email service TorMail. But now, after the warrants and their applications have finally been unsealed, experts say the agency illegally went further, and hacked perfectly legitimate users of the privacy-focused service. "That is, while the warrant authorized hacking with a scalpel, the FBI delivered their malware to TorMail users with a grenade," Christopher Soghoian, principal technologist at the American Civil Liberties Union (ACLU), told Motherboard in an email. The move comes after the ACLU pushed to unseal the case dockets in September. The Department of Justice recently decided to publish redacted versions of related documents. In 2013, the FBI seized Freedom Hosting, a service that hosted dark web sites, including a large number of child pornography sites and the privacy-focused email service TorMail. The agency then went on to deploy a network investigative technique (NIT) -- a piece of malware -- designed to obtain the real IP address of those visiting Freedom Hosting sites. According to the new documents, the NIT was used against users of 23 separate websites. As for TorMail, officials have maintained that the government obtained a warrant to deploy the NIT against specific users of the service. Now, we do know that to be true: recently unsealed affidavits include a total of over 300 redacted TorMail accounts that the FBI wanted to target. All of these accounts were allegedly linked to child pornography-related crimes, according to court documents. Importantly, the affidavits say that the NIT would only be used to "investigate any user who logs into any of the TARGET ACCOUNTS by entering a username and password." But, according to sources who used TorMail and previous reporting, the NIT was deployed before the TorMail login page was even displayed, raising the question of how the FBI could have possibly targeted specific accounts.

An anonymous reader writes: Two Call of Duty games have been remastered for Windows 10, but if you buy them through the Windows 10 Store there's a problem. "Windows 10 Store players will be isolated from other PC versions of the game," reports the Windows Central site, noting a statement from Microsoft which implies that the decision was made by Activision.

"For unknown reasons, Windows 10 Store customers are segregated from customers who bought the game from Steam, which is by far the most popular platform on PC," reports Motherboard. "Call of Duty fans who made the unfortunate of mistake of giving Microsoft their cash are left sitting in lonely multiplayer lobbies waiting for games that'll never start."
Motherboard reports that at least one player successfully requested a refund, calling the situation "another black eye for a digital storefront that PC gamers already avoid like the plague."

An anonymous reader quotes a report from Motherboard: In what's a significant escalation in its censorship efforts, the Turkish government now wants to block the very same tools that tech-savvy citizens use to get around the government-imposed social media blocks. On Friday, the Turkish information technologies and communications authority, or BTK, ordered internet providers in the country to block Tor and several other censorship-circumvention Virtual Private Networks or VPNs, such as VPN Master, Hotspot Shield, Psiphon, Zenmate, TunnelBear, Zero, Vypr, Express, according to multiple local reports. Earlier in the day, the government had already blocked Twitter, Facebook and YouTube, and restrictions on messaging apps like WhatsApp and Skype were also reported. The independent monitoring organization TurkeyBlocks also reported throttling and other forms of censorship on Friday, linking the disruptions and blocks to the arrests of pro-Kurdish party leaders.

An anonymous reader quotes a report from Motherboard: It's a common assumption among tech geeks, and even cybersecurity experts, that if you are really paranoid, you should probably use an iPhone, and not Android. But the man responsible for securing the more than one billion Android users on the planet vehemently disagrees -- but of course he would. "For almost all threat models," Adrian Ludwig, the director of security at Android, referring to the level of security needed by most people, "they are nearly identical in terms of their platform-level capabilities." In a short interview after a talk at a security conference in Manhattan on Tuesday the talk, Ludwig said that, "for sure," there's no doubt that a Google Pixel and an iPhone are pretty much equal when it comes to security. Android, he added, will soon be better though. "In the long term, the open ecosystem of Android is going to put it in a much better place," he said, without mentioning that Android has already been around for more than eight years at this point. During his talk at the O'Reilly Security Conference Ludwig said that Android's built-in security product called "Safety Net" scans 400 million devices per day and checks a stunning 6 billions apps per day. The result of these security checks, coupled with the exploit mitigation measures baked into Android, mean that a really small number of Android devices has malware or, as Google calls it, "Potentially Harmful Applications" or PHAs, according to Ludwig. In fact, Ludwig said showing a graph, less than 1% of Android smartphone contain malware.

More than 100,000 people from around the world have checked in on Facebook at the site of Dakota Access Pipeline protests in North Dakota, in an effort they hope will help protesters avoid detection by police. From a report on Vice:A call went out for Facebook users over the weekend to falsely check in at Standing Rock to confuse the police regarding protester identities and numbers. But it isn't clear whether the directive came from organizers on the ground at the Camp of the Sacred Stone, who call themselves Water Protectors because of the purported threat that the planned pipeline poses to Standing Rock's water supply, or whether it's a hoax. Protesters have been camped out at Standing Rock since April in response to the planned Energy Transfers Pipeline, but tensions reached a boiling point last week when protesters clashed with police and several vehicles were set on fire. Scenes of standoffs between riot police and protesters linked arm-in-arm were broadcast online via Facebook Live. Law enforcement used a sound cannon in an attempt to disperse protesters. Protest leaders in North Dakota say they were surprised by the Facebook check-in effort, but they appreciate it.

The hacker (or a group of hackers) who call themselves The Shadow Brokers today published more files. From an article on Motherboard: This latest release comes while Hal Martin, an NSA contractor and, according to The Washington Post , the prime suspect in The Shadow Brokers case sits in detention after being arrested for allegedly stealing swaths of classified material. "TheShadowBrokers is having special trick or treat for Amerikanskis tonight," a message from the hackers posted to Medium reads. The message is signed with the same PGP key used to sign several previous posts, including the group's original announcement that came with links to a slew of NSA exploits. As for the files, The Shadow Brokers claim they reveal IP addresses linked to the Equation Group, a hacking unit widely believed to be tied to the NSA. "This is being equation group pitchimpair (redirector) keys, many missions into your network is/was coming from these ip addresses," The Shadow Brokers' post continues.The report adds that the dump contains 300 folders of files -- all corresponding to different domains and IP addresses. Security researcher who goes by the alias Hacker Fantastic the dump contains 306 domains and 352 IP addresses relating to 49 countries in total. "If accurate, victims of the Equation Group may be able to use these files to determine if they were potentially targeted by the NSA-linked unit."

Our current estimate about the global sea level is "way off" according to a new study. The study published in Geophysical Research Letters this month suggests that our historial sea level records have been off by an underestimation of five to 28 percent. From a report on Motherboard: Global sea level, the paper concluded, rose no less than 5.5 inches over the last century, and likely saw an increase of 6.7 inches. The reason for this discrepancy was uncovered by earth scientists at NASA's Jet Propulsion Laboratory and the University of Hawai'i at Manoa. By comparing newer climate models with older sea level measurements, the team discovered that readings from coastal tide gauges may not have been as indicative as we thought. These gauges, located at more than a dozen sites across the Northern Hemisphere, have been a primary data source for estimating sea level changes during the last several decades. "It's not that there's something wrong with the instruments or the data, but for a variety of reasons, sea level does not change at the same pace everywhere at the same time," said Philip Thompson, the study's lead author and associate director of the University of Hawa'i Sea Level Center, in a statement. "As it turns out, our best historical sea level records tend to be located where past sea level rise was most likely less than the true global average."

An anonymous reader writes: Jason Koebler via Motherboard has interviewed James Busch -- a radiologist and owner of "the first 10 Gbps residential connection in the United States" -- at a coffee shop in Chattanooga, Tennessee. Motherboard reports: "For reference, the Federal Communications Commission officially classifies 'broadband' as 25 Mbps. His connection is 400 times faster than that. Busch found a way to make good use of his 1 Gbps connection, and now he's found a use for 10 Gbps, too. 'An X-ray averages around 200 megabytes, then you have PET scans and mammograms -- 3D mammograms are 10 gig files, so they're enormous,' Busch said. 'We go through terabytes a year in storage. We've calculated out that we save about 7 seconds an exam, which might seem like, 'Who cares,' but when you read 20,000 or 30,000 exams every year, it turns out to be something like 10 days of productivity you're saving just from a bandwidth upgrade.' While 10 gig connections sound excessive at the moment, Busch says his family quickly started using all of its 1 gig bandwidth. 'We ballooned into that gig within eight or nine months. With my kids watching Netflix instead of TV, with me working, we did utilize that bandwidth,' he said. 'There were situations where my daughter would be FaceTiming and the others would be streaming on the 4K TVs and they'd start screaming at each other about hogging the bandwidth. We don't see that at 10 gigs.' So why does Busch have a 10 Gbps and the rest of us don't? For one, 10 Gbps offerings are rare and scattered in mostly rural communities that have decided to build their own internet networks. Most companies that have the technology offer gigabit connections (a still cutting-edge technology only available in a handful of cities) at affordable prices and 10 Gbps connections at comparatively exorbitant ones. In Chattanooga, 1 gig connections are $69.99 per month; 10 gig connections are $299. Thus far, 10 Gbps connections are available in Chattanooga; parts of southern Vermont; Salisbury, North Carolina; and parts of Detroit and Minneapolis. But besides Busch, I couldn't find any other people in the United States who have signed up for one. EPB, the Chattanooga government-owned power utility that runs the network, confirmed that Busch is the city's only 10 Gbps residential customer. Rocket Fiber, which recently began offering 10 Gbps in Detroit, told me that it has 'no customers set in stone,' but that it's in talks with prospective ones. Representatives for U.S. Internet in Minneapolis and Fibrant in Salisbury did not respond to my requests for comment. Michel Guite, president of the Vermont Telephone Company, told me his network has no 10 Gbps customers, either."

An anonymous reader quotes a report from Motherboard: Some have put forth a perhaps desperate -- and certainly illegal -- solution to stop massive internet outages, like the one on Friday, from happening: Have white-hat vigilante hackers take over the insecure Internet of Things that the Mirai malware targets and take them away from the criminals. Several hackers and security researchers agree that taking over the zombies in the Mirai botnet would be relatively easy. After all, if the "bad guys" Mirai can do it, a "good guys" Mirai -- perhaps even controlled by the FBI -- could do the same. The biggest technical hurdle to this plan, as F-Secure chief research officer Mikko Hypponen put it, is that once it infects a device, Mirai "closes the barn door behind it." Mirai spreads by scanning the internet for devices that have the old-fashioned remote access telnet protocol enabled and have easy to guess passwords such as "123456" or "passwords." Then, once it infects them, it disables telnet access, theoretically stopping others from doing the same. The good news is that the code that controls this function actually doesn't at times work very well, according to Darren Martyn, a security researcher who has been analyzing the malware and who said he's seen some infected devices that still have telnet enabled and thus can be hacked again. Also, Mirai disappears once an infected device is rebooted, which likely happens often as owners of infected cameras and DVRs try to fix their devices that suddenly have their bandwidth saturated. The bad news is that the Mirai spreads so fast that a rebooted, clean, device gets re-infected in five minutes, according to the estimates of researchers who've been tracking the botnets. So a vigilante hacker has a small window before the bad guys come back. The other problem is what a do-gooder hacker could do once they took over the botnet. The options are: brick the devices, making them completely unusable; change the default passwords, locking out even their legitimate owners; or try to fix their firmware to make them more resistant to future hack attempts, and also still perfectly functioning. The real challenge of this whole scenario, however, is that despite being for good, this is still illegal. "No one has any real motivation to do so. Anyone with the desire to do so, is probably afraid of the potential jail time. Anyone not afraid of the potential jail time...can think of better uses for the devices," Martyn told Motherboard, referring to criminals who can monetize the Mirai botnet.

On Thursday, the Ontario Provincial Police (OPP) will send text messages to anybody who was in the vicinity of a murder in the hopes that one of them will have information that can help catch the culprit. One of the recipients may even be the killer. Others may wonder how the police obtained their phone number in the first place, or knew where they were on the day in question. From a Motherboard report: The OPP is ramping up its efforts to find the murderer of 65-year-old hitchhiker John Hatch, who was found dead near Erin, Ontario, on December 17, 2015. He was last seen alive the day before, outside Ottawa. Now, the OPP has announced what it's describing as a "new investigative technique" for the force: obtaining the phone numbers of everyone who was in the area where and when Hatch was last seen alive, via a court order, and sending each person a text message directing them to a police website. If they follow those instructions, they'll be asked a series of online questions. According to digital privacy lawyer David Fraser, this technique is known as a "tower dump" -- essentially asking telecom companies for information about everyone who connected to a certain cellphone tower, at a given time. If the police plan on using this technique again, its future uses could have unintended effects, Frasier said.

An anonymous reader quotes a report from Motherboard: Cellebrite, an Israeli company that specializes in digital forensics, has dominated the market in helping law enforcement access mobile phones. But one apparent reseller of the company's products is publicly distributing copies of Cellebrite firmware and software for anyone to download. Although Cellebrite keeps it most sensitive capabilities in-house, the leak may still give researchers, or competitors, a chance to figure out how Cellebrite breaks into and analyzes phones by reverse-engineering the files. The apparent reseller distributing the files is McSira Professional Solutions, which, according to its website, "is pleased to serve police, military and security agencies in the E.U. And [sic] in other parts of the world." McSira is hosting software for various versions of Cellebrite's Universal Forensic Extraction Device (UFED), hardware that investigators can use to bypass the security mechanisms of phones, and then extract data from them. McSira allows anyone to download firmware for the UFED Touch, and a PC version called UFED 4PC. It is also hosting pieces of Cellebrite forensic software, such as the UFED Cloud Analyzer. This allows investigators to further scrutinize seized data. McSira is likely offering downloads so customers can update their hardware to the latest version with as little fuss as possible. But it may be possible for researchers to take those files, reverse-engineer them, and gain insight into how Cellebrite's tools work. That may include what sort of exploits Cellebrite uses to bypass the security mechanisms of mobile phones, and weaknesses in the implementation of consumer phones that could be fixed, according to one researcher who has started to examine the files, but was not authorised by his employer to speak to the press about this issue.

"Wondering which IoT device types are part of the Mirai botnet causing trouble today? Brian Krebs has the list," tweeted Trend Micro's Eric Skinner Friday, sharing an early October link which identifies Panasonic, Samsung and Xerox printers, and lesser known makers of routers and cameras. An anonymous reader quotes Fortune: Part of the responsibility should also lie with lawmakers and regulators, who have failed to create a safety system to account for the Internet-of-Things era we are now living in. Finally, it's time for consumers to acknowledge they have a role in the attack too. By failing to secure the internet-connected devices, they are endangering not just themselves but the rest of the Internet as well.
If you're worried, Motherboard is pointing people to an online scanning tool from BullGuard (a U.K. anti-virus firm) which checks whether devices on your home network are listed in the Shodan search engine for unsecured IoT devices. But earlier this month, Brian Krebs pointed out the situation is exacerbated by the failure of many ISPs to implement the BCP38 security standard to filter spoofed traffic, "allowing systems on their networks to be leveraged in large-scale DDoS attacks..."

Several popular websites and services are down right now for many users. The affected sites include Twitter, SoundCloud, Spotify, and PayPal among others. The cause appears to be a sweeping outage of DNS provider Dyn -- which in turn is under DDoS attack, according to an official blog post. From a TechCrunch report:Other sites experiencing issues include Box, Boston Globe, New York Times, Github, Airbnb, Reddit, Freshbooks, Heroku and Vox Media properties. Users accessing these sites might have more or less success depending on where they're located, as some European and Asian users seem not to be encountering these issues. Last month, Bruce Schneier warned that someone was learning how to take down the internet. Update: 10/21 14:41 GMT by M : Dyn says that it has resolved the issue and sites should function normally. Update: 10/21 17:04 GMT by M : Department of Homeland Security says it is aware of the first DDoS attack on Dyn today and "investigating all potential causes." Dyn says it is still under DDoS attack. News outlet The Next Web says it is also facing issues. Any website that uses Dyn's service -- directly or indirectly -- is facing the issue. Motherboard has more details. Update: 10/21 17:57 GMT by M : It seems even PlayStation Network is also hit. EA Sports Games said it is aware of the issues in live-play. Dyn says it is facing a second round of DDoS attacks.

Update: 10/21 18:45 GMT by M : U.S. government probing whether east coast internet attack was a 'criminal act' - official.

Editor's note: the story is being updated as we learn more. The front page was updated to move this story up. Are you also facing issues? Share your experience in the comments section below.

Ecuadorian government said earlier this week that it did cut off Julian Assange's internet connection. They noted that Assange's continued interference in the U.S. election campaign was the reason why they decided to disconnect Assange from the internet. But it appears some people are going to great lengths to beam internet connectivity to Mr. Assange. This week 4chan urged people to head to the embassy to set up mobile Wi-Fi hotspots, and many are doing just that. From a Motherboard report:"We are now calling all BRITS to get their ass down to the embassy and stand around in mass, taking shifts with wifi-hotspots on hand!" reads the post. "Give Assange constant network and morale support all while streaming it live for the world to see." Are people actually going to try this? Motherboard UK visited the Ecuadorian embassy in London, where WikiLeaks founder Julian Assange has claimed political asylum since August 2012, today to find out. Admittedly, on a late October afternoon, things were rather quiet on the street outside the embassy. Nevertheless, I found my guy. "Marco" was loitering outside the embassy, turning on and off his mobile hotspot. I approached him, and while tentative at first, Marco finally started explaining how he was hoping to aid Assange.

An anonymous reader quotes a report from Motherboard: On March 19 of this year, Hillary Clinton's campaign chairman John Podesta received an alarming email that appeared to come from Google. The email, however, didn't come from the internet giant. It was actually an attempt to hack into his personal account. In fact, the message came from a group of hackers that security researchers, as well as the U.S. government, believe are spies working for the Russian government. At the time, however, Podesta didn't know any of this, and he clicked on the malicious link contained in the email, giving hackers access to his account. The data linking a group of Russian hackers -- known as Fancy Bear, APT28, or Sofacy -- to the hack on Podesta is also yet another piece in a growing heap of evidence pointing toward the Kremlin. And it also shows a clear thread between apparently separate and independent leaks that have appeared on a website called DC Leaks, such as that of Colin Powell's emails; and the Podesta leak, which was publicized on WikiLeaks. All these hacks were done using the same tool: malicious short URLs hidden in fake Gmail messages. And those URLs, according to a security firm that's tracked them for a year, were created with Bitly account linked to a domain under the control of Fancy Bear. The phishing email that Podesta received on March 19 contained a URL, created with the popular Bitly shortening service, pointing to a longer URL that, to an untrained eye, looked like a Google link. Inside that long URL, there's a 30-character string that looks like gibberish but is actually the encoded Gmail address of John Podesta. According to Bitly's own statistics, that link, which has never been published, was clicked two times in March. That's the link that opened Podesta's account to the hackers, a source close to the investigation into the hack confirmed to Motherboard. That link is only one of almost 9,000 links Fancy Bear used to target almost 4,000 individuals from October 2015 to May 2016. Each one of these URLs contained the email and name of the actual target. The hackers created them with with two Bitly accounts in their control, but forgot to set those accounts to private, according to SecureWorks, a security firm that's been tracking Fancy Bear for the last year. Bitly allowed "third parties to see their entire campaign including all their targets -- something you'd want to keep secret," Tom Finney, a researcher at SecureWorks, told Motherboard. Thomas Rid, a professor at King's College who studied the case extensively, wrote a new piece about it in Esquire.

An anonymous reader quotes a report from Motherboard: First the headphone jack, now the USB port? Rumor has it that Apple may get rid of the USB 3.0 port and the Magsafe port (where the charger plugs in) on the next generation of MacBooks. Japanese tech site Macotakara, which accurately predicted that Apple would kill the headphone jack on the iPhone 7, now also claims that the USB port is on the way out. The move would be similar to Apple's latest 12-inch MacBook and its streamlined profile. There's also word that Apple may discontinue the 11-inch MacBook Air to focus instead on the 13-inch laptop. Discontinuing the 11-inch MacBook Air would also potentially boost sales on the 12-inch MacBook. If these rumors are in fact true, then the new MacBooks will have only a USB-C and Thunderbolt 3 ports. Both of these ports are about the size of the part of an iPhone charger that plugs into the phone. But since most laptop accessories still plug in via the USB port, Apple owners might have to use an adaptor, or upgrade their technology. Meanwhile, the new MacBooks would likely be charged through the USB-C port or Thunderbolt 3 port. Currently, Apple already sells a USB-C dock with other USB and HDMI ports for $79. The USB-C port uses USB 3.1 Standard, according to PCWorld, which will connect to a wide variety of accessories, such as external hard drives, cameras, and printers. The USB 3.1 can also transfer data between the host computer and the peripheral accessories at a speed of 10 gigabits per second, which is twice as fast as the USB 3.0. Apple is expected to reveal the new Macs at an October 27th event in Cupertino, California.

An anonymous reader quotes a report from Motherboard: Samsung's Galaxy Note 7 troubles are continuing -- the company was just hit with a class action lawsuit in New Jersey focused on recovering cell phone contract fees for customers who were left with an unusable phone for several weeks. The suit has three initial plaintiffs, who say that they were left without a phone for the several weeks between when Samsung and the U.S. Consumer Product Safety Commission originally issued a recall and told consumers to "power down" their devices (September 9), and when the company began offering replacement devices (September 21). It also notes that Samsung didn't make enough replacement devices immediately available -- which is probably a good thing considering that the company ultimately had to recall those as well. "Samsung informed consumers they would have to wait several days, and even weeks in many cases, before receiving a replacement smartphone," the suit alleges. "During this time, and as a result of Defendant failing to provide consumers with an adequate replacement, consumers continued to incur monthly device and plan charges from their cellular carriers for phones they could not safely use." The total recall and destruction of Galaxy Note 7 phones is unprecedented for a modern smartphone, so there isn't much to look at in order to project whether the case will succeed. "Samsung has agreed to recall and reimburse the cost of the device, but their customers have had to continue to pay on their data and voice plans during the time they had to make their device inoperative until they received their replacement device," Richard McCune, one of the lawyers representing the class, told me. "That is the loss that the case is focused on."

Something unique and (in some way) unprecedented happened earlier today. The start of the invasion of Mosul, a city held by ISIS in Iraq, was live-streamed on Facebook and YouTube, and thousands of people around the world watched it. There were several streams that got popular, but one shared by Kurdish outlet Rudaw was getting the most traction -- it was re-posted by major outlets like the Washington Post and Channel 4 in the United Kingdom. Motherboard adds: While some viewers commented on the merits of the offensive, for others, the livestream itself was the most startling thing. As angry cartoon faces and "Wow!" emoticons floated over top of live images of war, viewers noted that it all seemed like a bit too much like a sci-fi fever dream about a war-obsessed culture. For most English-language viewers watching these streams, there was no explanation, no given context, no subtitles or translation -- merely images of a mostly-barren foreign landscape peppered with men and trucks, idling and standing around, sparsely punctuated by violence. But in 2016, decades after Lessons of Darkness was completed and on social media instead of in a darkened arthouse theatre, the void spits out something other than deep, metaphysical understanding about human nature. Instead, in the comments, people ask for money. They talk about porn. They quote Green Day lyrics. They call people "cucks." To be fair, however, not everyone reacted this way. But a lot of people did. "There's journalistic value in the livestream,"