Slashdot Mirror

An anonymous reader quotes a report from Motherboard: Turkish investigative journalist Baris Pehlivan spent 19 months in jail, accused of terrorism based on documents found on his work computer. But when digital forensics experts examined his PC, they discovered that those files were put there by someone who removed the hard drive from the case, copied the documents, and then reinstalled the hard drive. The attackers also attempted to control the journalist's machine remotely, trying to infect it using malicious email attachments and thumb drives. Among the viruses detected in his computer was an extremely rare trojan called Ahtapot, in one of the only times it's been seen in the wild. Pehlivan went to jail in February of 2011, along with six of his colleagues, after electronic evidence seized during a police raid in 2011 appeared to connect all of them to Ergenekon, an alleged armed group accused of terrorism in Turkey. A paper recently published by computer expert Mark Spencer in Digital Forensics Magazine sheds light into the case after several other reports have acknowledged the presence of malware. Spencer said no other forensics expert noticed the Ahtapot trojan in the OdaTV case, nor has determined accurately how those documents showed up on the journalist's computer. However, almost all the reports have concluded that the incriminating files were planted. "We are not guilty," Baris Pehlivan told Andrada Fiscutean via Motherboard. "The files were put into our computers by a virus and by [attackers] entering the OdaTV office secretly. None of us has seen those documents before the prosecutor showed them to us." (OdaTV is the website Pehlivan works for and "has been critical of the government and the Gulen Movement, which was accused by Turkish president Recep Tayyip Erdogan of orchestrating the recent attempted coup.") In regard to the report, senior security consultant at F-Secure, Taneli Kaivola, says, "Yes, [the report] takes an impressive level of conviction to locally attack a computer four times, and remotely attack it seven times [between January 1, 2011, and February 11, 2011], as well as a certain level of technical skill to set up the infrastructure for those attacks, which included document forgery and date and time manipulation."

Reader derekmead writes: Some Tor users are very unhappy with the way the project has been run in recent months, and are calling for a blackout on September 1st. They are asking users to not use Tor, for developers to stop working on Tor, and for those who run parts of the network's infrastructure to shut it down. The disgruntled users feel that Tor can no longer be fully trusted after a brief hiring of an ex-CIA official and the internal sexual misconduct investigation against activist Jacob Appelbaum.

Slashdot reader iONiUM quotes an article from Vice that calls attention to the fact that record-setting temperatures in July are just part of the story: On Wednesday, the US National Oceanic and Atmospheric Administration announced that July was the hottest month ever recorded on our planet, since modern record-keeping began in 1880. NASA has reached the same conclusion. July smashed all previous records... "We should be absolutely concerned," [NOAA climatologist] Sanchez-Lugo said. "We need to look at ways to adapt and mitigate. If we don't, temperatures will continue to increase"...

But the truth is that record-breaking temperatures, month after month, year after year, are starting to look less like an exception, more like the norm.
In fact, CityLab reports that the earth has now experienced 14 consecutive months of unprecedented hotness. Although July stands out, Vice notes that "each consecutive month in 2016 has broken its own previous record (May was the hottest May, April the hottest April, etc.)..."

Eleven days after its release, No Man's Sky already has over 100 unofficial mods by fans intent on improving the game. "We don't have time to wait for official dev tools to fix what can be fixed by us," one modder told Motherboard. "We definitely want the official tools ASAP but honestly, the players need a game that actually launches and plays at decent FPS first." An anonymous Slashdot reader quotes the article: In an email to one customer, Hello Games revealed that it will be releasing patches this week and next which will "help to improve the experience further for players" but it is unlikely that the promised official modding tools will be released in the near future...

Among the [unofficial] mods available for anyone to download are ones to...replace the system font with one from Star Trek, disable annoying audio warnings, and replace a "Units Received" alert with "the Rick 'Wubba Lubba Dub Dub' sound bite from Rick and Morty"... The Instagram Filter Remover mod is among the most popular on the No Man's Sky Mods website promising to remove "the stupid Instagram filter from the game"...making everything sharper and clearer.
That last mod has been downloaded 17,655 times so far, and by Friday the site had almost 800,000 views and 60,000 downloads. There's two other mods that add Dr. Who sound clips into the game, and the article notes fans are clamoring for more, "including one request to replace all the voice lines in the game with William Shatner quotes."

blottsie writes: The NSA and FBI are both expected to investigate the leak of NSA-linked cyberweapons this week by an entity calling itself the Shadow Brokers, experts with knowledge of the process tell the Daily Dot. However, multiple experts say any retaliation by the U.S. will likely remain secret to keep the tactical advantage. Meanwhile, Motherboard reports that some former NSA staffers believe the leak is the work of a "rogue NSA insider." "First, the incident will be investigated by the National Security Agency as it tracks down exactly what went so wrong that top-secret offensive code and exploits ended up stolen and published for the world to see," reports Daily Dot. "An FBI counterintelligence investigation will likely follow, according to experts with knowledge of the process. [...] Following the investigation, the NSA and other entities within the United States government will have to decide on a response." The response will depend on a lot of things, such as whether or not an insider at the NSA is responsible for the breach -- a theory that is backed by a former NSA staffer and other experts. "The process is called an IGL: Intelligence Gain/Loss," reports Daily Dot. "Authorities suss out a pro and con list for various reactions, including directly and publicly blaming another country. [Chris Finan, a former director of cybersecurity legislation in the Obama administration and now CEO of the security firm Manifold Technology, said:] 'Some people think about responding in kind: A U.S. cyberattack. Doing that gives up the asymmetric response advantage you have in cyberspace.' Finan urged authorities to look at all tools, including economic sanctions against individuals, companies, groups, governments, or diplomatic constraints, to send a message through money rather than possibly burning a cyberwar advantage. Exactly if and how the U.S. responds to the Shadow Brokers incident will depend on the source of the attack. Attribution in cyberwar is tricky or even impossible much of the time. It quickly becomes a highly politicized process ripe with anonymous sources and little solid fact."

blottsie writes: The NSA and FBI are both expected to investigate the leak of NSA-linked cyberweapons this week by an entity calling itself the Shadow Brokers, experts with knowledge of the process tell the Daily Dot. However, multiple experts say any retaliation by the U.S. will likely remain secret to keep the tactical advantage. Meanwhile, Motherboard reports that some former NSA staffers believe the leak is the work of a "rogue NSA insider." "First, the incident will be investigated by the National Security Agency as it tracks down exactly what went so wrong that top-secret offensive code and exploits ended up stolen and published for the world to see," reports Daily Dot. "An FBI counterintelligence investigation will likely follow, according to experts with knowledge of the process. [...] Following the investigation, the NSA and other entities within the United States government will have to decide on a response." The response will depend on a lot of things, such as whether or not an insider at the NSA is responsible for the breach -- a theory that is backed by a former NSA staffer and other experts. "The process is called an IGL: Intelligence Gain/Loss," reports Daily Dot. "Authorities suss out a pro and con list for various reactions, including directly and publicly blaming another country. [Chris Finan, a former director of cybersecurity legislation in the Obama administration and now CEO of the security firm Manifold Technology, said:] 'Some people think about responding in kind: A U.S. cyberattack. Doing that gives up the asymmetric response advantage you have in cyberspace.' Finan urged authorities to look at all tools, including economic sanctions against individuals, companies, groups, governments, or diplomatic constraints, to send a message through money rather than possibly burning a cyberwar advantage. Exactly if and how the U.S. responds to the Shadow Brokers incident will depend on the source of the attack. Attribution in cyberwar is tricky or even impossible much of the time. It quickly becomes a highly politicized process ripe with anonymous sources and little solid fact."

Reader Jason Koebler writes: Manufacturers that threaten to void the warranties of consumers who jailbreak or root their phones are violating federal law.
Under the Magnuson-Moss Warranty Act of 1975, manufacturers cannot legally void your hardware warranty simply because you altered the software of an electronic device. In order to void the warranty without violating federal law, the manufacturer must prove that the modifications you made directly led to a hardware malfunction.
"They have to show that the jailbreak caused the failure. If yes, they can void your claim (not your whole warranty—just the things which flowed from your mod)," Steve Lehto, a lemon law attorney in Michigan, wrote in an email. "If not, then they can't."

An anonymous reader writes:Fancy some super nerdy bedtime reading? NASA has announced that it will now provide public access to all journal articles on research funded by the agency. Any scientists publishing NASA-funded work will be required to upload their papers to a free, online database called PubSpace within a year of publication. PubSpace is managed by the National Institutes of Health (NIH) PubMed Central, which archives biomedical research. You can see NASA-funded studies here, with recent examples including a paper on cardiovascular disease in Apollo astronauts and one on Martian tsunamis caused by meteor impacts. NASA explains that the new web portal is a response to a 2013 government request for federally-funded research to be more accessible. There are a few obvious exceptions to what's included, such as and material that's related to national security or affected by export controls. NASA's openness follows a trend to make science results more accessible outside of published, often paywalled journals.

An anonymous reader writes:Fancy some super nerdy bedtime reading? NASA has announced that it will now provide public access to all journal articles on research funded by the agency. Any scientists publishing NASA-funded work will be required to upload their papers to a free, online database called PubSpace within a year of publication. PubSpace is managed by the National Institutes of Health (NIH) PubMed Central, which archives biomedical research. You can see NASA-funded studies here, with recent examples including a paper on cardiovascular disease in Apollo astronauts and one on Martian tsunamis caused by meteor impacts. NASA explains that the new web portal is a response to a 2013 government request for federally-funded research to be more accessible. There are a few obvious exceptions to what's included, such as and material that's related to national security or affected by export controls. NASA's openness follows a trend to make science results more accessible outside of published, often paywalled journals.

An anonymous reader writes:Fancy some super nerdy bedtime reading? NASA has announced that it will now provide public access to all journal articles on research funded by the agency. Any scientists publishing NASA-funded work will be required to upload their papers to a free, online database called PubSpace within a year of publication. PubSpace is managed by the National Institutes of Health (NIH) PubMed Central, which archives biomedical research. You can see NASA-funded studies here, with recent examples including a paper on cardiovascular disease in Apollo astronauts and one on Martian tsunamis caused by meteor impacts. NASA explains that the new web portal is a response to a 2013 government request for federally-funded research to be more accessible. There are a few obvious exceptions to what's included, such as and material that's related to national security or affected by export controls. NASA's openness follows a trend to make science results more accessible outside of published, often paywalled journals.

Reader blottsie writes: A group of hackers identifying themselves as theShadow Brokers claims to have hacked the NSA's Equation Group, a team of American hackers that have been described as both "omnipotent" and "the most advanced" threat cyberspace has ever seen. On the Shadow Brokers' website, the group has shared a sample of data that some cybersecurity experts say lends credibility to the breach. The the hackers' asking price for what they claim is a cache of NSA-built cyberweapons. Motherboard's take on this is here.

Motherboard is reporting that Australian authorities hacked Tor users in the United States as part of a child pornography investigation. The revelation comes through recently-filed US court documents. The incident underscores a trend where law enforcement around the world are increasingly pursuing targets overseas using hacking tools, raising legal questions around agencies' reach. From the report: In one case, Australian authorities remotely hacked a computer in Michigan to obtain the suspect's IP address. "The Love Zone" was a prolific dark web child abuse site, where users were instructed to upload material at least once a month to maintain access to the forum. By July 2014, the site had over 29,000 members, according to US court documents, constituting what the US Department of Justice described as a "technologically sophisticated conspiracy." In 2014, Queensland Police Service's Task Force Argos, a small, specialised unit focused on combating child exploitation crimes, identified the site's Australian administrator in part because of a localized greeting he signed messages with. The unit quietly took over his account, and for months ran the site in an undercover capacity, posing as its owner. Task Force Argos' logo includes a scorpion, and the tagline "Leave No Stone Unturned." Because The Love Zone was based on the dark web, users typically connected via the Tor network, masking their IP addresses even from the law enforcement agents who were secretly in control of the site. Task Force Argos could see what the users were viewing, and what pages they were visiting, but not where they were really connecting from.

The Edmonton Police Service has admitted to Motherboard that it owns a Stingray and that it used the [surveillance] device in the past during investigations. After Vancouver cops admitted to using the phone tracker to investigate an abduction in 2007, Motherboard called up other local police stations in Canada to ask if they had also previously used one. As you can imagine, the other stations kept mum. In the US, Stingrays are a regular part of government and law enforcement agencies' surveillance arsenal. But Vancouver's and Edmonton's police services are the first law enforcement offices in Canada to confirm that they've used the device. Motherboard adds: According an emailed statement from police spokesperson Anna Batchelor, Edmonton's cops have "used the device in the past during investigations," but would not release any additional details in order to "to protect [Edmonton Police Service] operations." Until now, the only law enforcement in the country known to use the devices was the Royal Canadian Mounted Police, the country's analogue to the US Federal Bureau of Investigation. These suitcase-sized surveillance tools have been used in the past by the Vancouver and Toronto police, but the Vancouver police have said they borrowed the Stingray from the RCMP, and in Toronto an RCMP technician was on hand, at least in that incident. The Edmonton police's comment to Motherboard is the first time a local police department in Canada has publicly admitted to owning a Stingray device.

An anonymous reader quotes a report from Engadget: Tor has published what it calls a "Social Contract" comprised of promises to users and the principles the team believes in. Whatever the reason is, its social contract contains one interesting pledge: "We will never implement front doors or back doors into our projects," the team wrote. Tor's ability to keep users anonymous made it the go-to browser of people looking for drugs, illegal firearms, hitmen, child porn and other things you won't find on eBay or YouTube. If there's a browser law enforcement agencies would want a backdoor to, it's Tor, especially since its main source of funding is the U.S. government. That's right -- the famous anonymizing network gets most of its money from a government known for conducting mass surveillance on a global scale. Loudly proclaiming that it will never build a backdoor into its services might not even matter, though. The government already proved once that it's capable of infiltrating the dark web. If you'll recall, the FBI identified 1,500 users of a child porn website called "Playpen" by deploying a Tor hacking tool. It led to numerous court battles that opened up the discussion on the validity of evidence obtained without warrant through malware. "We believe that privacy, the free exchange of ideas, and access to information are essential to free societies. Through our community standards and the code we write, we provide tools that help all people protect and advance these rights," Tor writes in the contract.

An anonymous reader writes: What do spies use to chat online? A terribly ugly Windows programme. At least, that's what the Five Eyes intelligence alliance (made up of the US, UK, Australia, New Zealand and Canada) was using back in 2003, according to a newly released Snowden document. "The Five-Eyes SIGINT [signals intelligence] Directors will soon be using a new tool to enhance their collaboration on subjects ranging from current intelligence objectives to future collection planning," reads an issue of SID Today, the NSA's internal newsletter, dating from September 2003. InfoWorkSpace (IWS), as the tool is called, allowed text chat, audio conferencing, shared screen views, and virtual whiteboards, the newsletter explains. It adds that, at the time, some 4,000 NSA and Five Eyes employees were already using IWS to work on a number of topics, such as international terrorism, real-time collection coordination, and Operation Enduring Freedom, the term given to operations in Afghanistan from 2001 to 2014. The newsletter announcement refers to SIGINT Directors gaining access to the tool. Another Snowden document published by The Intercept notes that senior officials held their first virtual meeting with IWS around December 2003, but that "GCHQ was unable to attend due to a computer failure."

Joseph Cox, writing for Motherboard: Last week, Apple finally joined other technology giants and announced a bug bounty programme, where hackers can submit details of previously unknown vulnerabilities in Apple systems and devices, and get paid for sharing them with the company. But Apple is not going to be without competition. On Wednesday, established bug-hunting company Exodus Intelligence launched its own new acquisition programme for both vulnerabilities and exploits. And when it comes to iOS bugs, the company is offering up to more than double Apple's maximum payout. While Apple's highest bounty is $200,000, Exodus is advertising a maximum of $500,000 for vulnerabilities affecting iOS 9.3 or above. Exodus provides details of vulnerabilities and working exploits to customers who pay a subscription fee of around $200,000 per year, according to Time. Those customers could be on the defensive side -- such as antivirus vendors who want to plug newly discovered holes -- or part of an offensive team using the exploit to target systems themselves. On its site, Exodus emphasises the former, writing that it "works with the research community to find these attacks first and make them available to security vendors and enterprises, allowing them to deploy defenses before their adversaries can attack."

Jordan Pearson, writing for Motherboard: For years, Canadian police have successfully kept their use of controversial and indiscriminate surveillance devices called IMSI catchers a secret. Today, for the first time, and thanks to a year-long effort by a coalition of civil rights organizations and Vancouver-based Pivot Legal Society, we know that at least one local police force in Canada has used an IMSI catcher, also referred to as a "Stingray": the Vancouver PD. According to the BC Civil Liberties Association, which posted a blog announcing the news on Monday, the Vancouver police used an IMSI catcher once, nearly a decade ago, and without a warrant. "We sent a letter asking the Vancouver police if they'd ever used one of the RCMP's IMSI catchers, and if they would again," said Micheal Vonn, policy director for the BCCLA. "The answer to both questions was yes." The police force claimed that the surveillance device was used under "exigent circumstances," Vonn said, meaning that there was an imminent threat that couldn't wait for a warrant to be dealt with. Despite this, or perhaps because of it, the Vancouver police maintained in May of this year that they possess no records relating to their use of IMSI catchers.

schwit1 quotes a report from Motherboard: By itself, the ability to instantly identify anyone just by seeing their face already creates massive power imbalances, with serious implications for free speech and political protest. But more recently, researchers have demonstrated that even when faces are blurred or otherwise obscured, algorithms can be trained to identify people by matching previously-observed patterns around their head and body. In a new paper uploaded to the ArXiv pre-print server, researchers at the Max Planck Institute in Saarbrucken, Germany demonstrate a method of identifying individuals even when most of their photos are un-tagged or obscured. The researchers' system, which they call the "Faceless Recognition System," trains a neural network on a set of photos containing both obscured and visible faces, then uses that knowledge to predict the identity of obscured faces by looking for similarities in the area around a person's head and body. As for the accuracy of the system, "even when there are only 1.25 instances of the individual's fully-visible face, the system can identify an obscured face with 69.6 percent accuracy; if there are 10 instances of an individual's face, it increases to as high as 91.5 percent."

Lorenzo Franceschi-Bicchierai, writing for Motherboard: One day, your thermostat will get hacked by some cybercriminal hundreds of miles away who will lock it with malware and demand a ransom to get it back to normal, leaving you literally in the cold until you pay up a few hundred dollars. This has been a scenario that security experts have touted as one of the theoretical dangers of the rise of the Internet of Things, internet-connected devices that are often insecure. On Saturday, what sounds like a Mr. Robot plot line came one step closer to being reality, when two white hat hackers showed off the first-ever ransomware that works against a "smart" device, in this case, a thermostat. Luckily, Andrew Tierney and Ken Munro, the two security researchers who created the ransomware, actually have no ill intention. They just wanted to make a point: some Internet of Things devices fail to take simple security precautions, leaving users in danger. "We don't have any control over our devices, and don't really know what they're doing and how they're doing it," Tierney told Motherboard. "And if they start doing something you don't understand, you don't really have a way of dealing with it." Tierney and Munro, who both work UK-based security firm Pen Test Partners, demonstrated their thermostat ransomware proof-of-concept at the hacking conference Def Con on Saturday, fulfilling the pessimistic predictions of some people in security world.

An anonymous Slashdot reader quotes a report from Motherboard: It's been just over a year since amateur aviation sleuths first revealed the FBI's secret aerial surveillance of the civil unrest in Baltimore, Maryland. Now, in response to a FOIA request from the ACLU, the Bureau has released more than 18 hours of aerial footage from the Baltimore protests captured by their once-secret spy planes, which regularly fly in circles above major cities and are commonly registered to fake companies.

The cache is likely the most comprehensive collection of aerial surveillance footage ever released by a US law enforcement agency... The footage shows the crowds of protesters captured in a combination of visible light and infrared spectrum video taken by the planes' wing-mounted FLIR Talon cameras. While individual faces are not clearly visible in the videos, it's frighteningly easy to imagine how cameras with a slightly improved zoom resolution and face recognition technology could be used to identify protesters in the future.
The FBI says they're only using the planes to track specific suspectds in serious crime investigations, according to the article, which adds that "The FBI flew their spy planes more than 3,500 times in the last six months of 2015, according to a Buzzfeed News analysis of data collected by the aircraft-tracking site FlightRadar24."

The director for the Cybercrime Lab at the Department of Justice urged a roomful of 100 federal judges to use Tor to protect their computers, remembers judge Robert J. Bryan. An anonymous reader quotes a report from Vice: While the US is the biggest funder of the non-profit that maintains the software, law enforcement bodies such as the FBI are exploiting Tor browser vulnerabilities on a huge scale to identify criminal suspects. To add to that messy, nuanced mix, one Department of Justice official recently personally recommended Tor to a room of over a hundred federal judges...

"I almost felt like saying, 'That's not a good way to protect your stuff, because the FBI can go through it like eggshells,'" Bryan continues. Of course, this isn't really true: although the FBI has had some notable successes at identifying criminal suspects on the dark web with technological means, it is not the norm. It's worth remembering Carroll is not the only Justice Department or US law enforcement official to endorse Tor...one FBI agent was also an advocate of Tor.

The director for the Cybercrime Lab at the Department of Justice urged a roomful of 100 federal judges to use Tor to protect their computers, remembers judge Robert J. Bryan. An anonymous reader quotes a report from Vice: While the US is the biggest funder of the non-profit that maintains the software, law enforcement bodies such as the FBI are exploiting Tor browser vulnerabilities on a huge scale to identify criminal suspects. To add to that messy, nuanced mix, one Department of Justice official recently personally recommended Tor to a room of over a hundred federal judges...

"I almost felt like saying, 'That's not a good way to protect your stuff, because the FBI can go through it like eggshells,'" Bryan continues. Of course, this isn't really true: although the FBI has had some notable successes at identifying criminal suspects on the dark web with technological means, it is not the norm. It's worth remembering Carroll is not the only Justice Department or US law enforcement official to endorse Tor...one FBI agent was also an advocate of Tor.

"We can now hack the monitor and you shouldn't have blind trust in those pixels coming out of your monitor..." a security researcher tells Motherboard. "If you have a monitor, chances are your monitor is affected." An anonymous Slashdot reader quotes Motherboard's article: if a hacker can get you to visit a malicious website or click on a phishing link, they can then target the monitor's embedded computer, specifically its firmware...the computer that controls the menu to change brightness and other simple settings on the monitor. The hacker can then put an implant there programmed to wait...for commands sent over by a blinking pixel, which could be included in any video or a website. Essentially, that pixel is uploading code to the monitor. At that point, the hacker can mess with your monitor...

[T]his could be used to both spy on you, but also show you stuff that's actually not there. A scenario where that could dangerous is if hackers mess with the monitor displaying controls for a power plant, perhaps faking an emergency. The researchers warn that this is an issue that could potentially affect one billion monitors, given that the most common brands all have processors that are vulnerable...
"We now live in a world where you can't trust your monitor," one researcher told Motherboard, which added "we shouldn't consider monitors as untouchable, unhackable things."

An anonymous Slashdot reader writes: This week the Washington Post ran a long profile of Ahmed Mohamed, the 14-year-old boy whose home-made clock got him arrested after school officials and the local police mistook it for a bomb last summer. The Justice Department is currently investigating the incident -- while the school district is suing the Texas attorney general, and the boy's family is suing the school district. But Ahmed has just returned back to Texas, and spoke to the press -- including a local Fox news affiliate which later broadcast a commentary saying his family was obsessed with fame and plotted the arrest.

Over the last year Ahmed's read everything that appeared online about him, but never responds because he doesn't want to give in to anger. The Post writes that while some kids at school called him ISIS Boy, "Sympathetic crowdfunders raised $18,000 for his education. He visited the White House, the Google Science Fair and the president of his home country of Sudan (a wanted war criminal, but Mohamed said it would be rude not to accept the invitation)." Though he'd like to return to the U.S. someday for college, he's been living in Qatar, where a government organization paid for private schooling for him and his sister. But the Post says he still sometimes imagines what his life might've been like if the incident had never happened. "By now he could have invented something new -- not just a clock that only took him a few minutes to put together from parts in his family's garage, which was full of '90s-era electronics from when his uncle ran a chain called Beeper Warehouse."

Joseph Cox, reporting for Motherboard: On Friday, activist group Privacy International and five internet and communications providers lodged an application before the European Court of Human Rights to challenge the UK's use of bulk hacking powers abroad. "The European Court of Human Rights has a strong track record of ensuring that intelligence agencies act in compliance with human rights law. We call on the Court to hold GCHQ accountable for its unlawful bulk hacking practices," Scarlet Kim, legal officer at Privacy International, said in a statement. The application has been made with UK-based non-profit GreenNet, the Chaos Computer Club from Germany, Jibonet from South Korea, US internet service provider May First, and communications provider Rise Up. In 2014, Privacy International filed a complaint over the country's bulk hacking powers with the UK's Investigatory Powers Tribunal, a court which determines if public authorities have unlawfully used covert techniques. In February of this year, the IPT concluded that GCHQ's hacking was legal under the UK's Intelligence Service Act 1994. Privacy International is now challenging whether the UK's interpretation of the Intelligence Service Act for using bulk hacking powers complies with the European Convention of Human Rights (ECHR).

Alex Pearlman, reporting for Motherboard: As the biotech revolution accelerates globally, the U.S. could be getting left behind on key technological advances: namely, human genetic modification. A Congressional ban on human germline modification has "drawn new lines in the sand" on gene editing legislation, argues a paper published today in Science by Harvard law and bioethics professor I. Glenn Cohen and leading biologist Eli Adashi of Brown University. They say that without a course correction, "the United States is ceding its leadership in this arena to other nations." Germline gene modification is the act of making heritable changes to early stage human embryos or sex cells that can be passed down to the next generation, and it will be banned in the US. This is different from somatic gene editing, which is editing cells of humans that have already been born. The ban, added by the House of Representatives as a rider to the fiscal year 2016 budget, could have far-reaching implications if it continues to be annually renewed, according to the authors. It "undermines ongoing conversations on the possibility of human germline modification" and also affects "ongoing efforts by the FDA [Food and Drug Administration] to review the prevention of mitochondrial DNA diseases," including some kinds of hearing and vision impairments, among other serious illnesses that tend to develop in young children.

An anonymous reader quotes Vice:I always feel a little dirty when I look at leaked footage of any kind, but rarely so much as when I brought up Pornhub yesterday to check out a video featuring the hyped space exploration game No Man's Sky... I had to go to Pornhub, as this corner of the web was the only place I'd been able to find the footage after it'd been yanked off of DailyMotion, YouTube, and almost every other video hosting site...

The PornHub video shows 21 minutes of footage with awful resolution, and none of it's particularly exciting to watch (which may say something about the game)...
On July 7, when the game was ready to ship, No Man's Sky creator Sean Murray posted on Twitter "I'm so incredibly proud of this tiny team. 4 years of emotions," then addressed the leaked footage on Friday, tweeting "We've spent years filling No Man's Sky with surprises. You've spent years waiting. Please don't spoil it for yourself..." A later Twitter post added "Take a break from reading about it, and picking vids apart. You can experience for yourself so soon."

"The Russians are top notch," says Chris Finan, an ex-director at DARPA for cyberwar research, now a CEO at security firm Manifold Technology, and a former director of cybersecurity legislation in the Obama administration. "They are some of the best in the world... " Slashdot reader blottsie quotes an article which argues the DNC hack "may simply be the icing on the cyberwar cake": In a flurry of action over the last decade, Russia has established itself as one of the world's great and most active cyber powers. The focus this week is on the leak of nearly 20,000 emails from the Democratic National Committee... The evidence -- plainly not definitive but clearly substantial -- has found support among a wide range of security professionals. The Russian link is further supported by U.S. intelligence officials, who reportedly have "high confidence" that Russia is behind the attack...

Beyond the forensic evidence that points to Russia, however, is the specter of President Vladimir Putin. Feeling encircled by the West and its expanding NATO alliance, the Kremlin's expected modus operandi is to strike across borders with cyberwar and other means to send strong messages to other nations that are a real or perceived threat.
The article notes the massive denial of service attack against Estonia in 2007 and the "historic and precedent-setting" cyberattacks during the Russian-Georgian War. "Hackers took out Georgian news and government websites exactly in locales where the Russian military attacked, cutting out a key communication mode between the Georgian state and citizens directly in the path of the fight."

The British spy agency GCHQ used a custom URL shortener and Twitter sockpuppets to influence and infiltrate activists during the Iran revolution of 2009 and the Arab Spring of 2011, reports Motherboard, citing leaked documents by Edward Snowden. From the article: The GCHQ's special unit, known as the Joint Threat Research Intelligence Group or JTRIG, was first revealed in 2014, when leaked top secret documents showed it tried to infiltrate and manipulate -- using "dirty trick" tactics such as honeypots -- online communities including those of Anonymous hacktivists, among others. The group's tactics against hacktivists have been previously reported, but its influence campaign in the Middle East has never been reported before. I was able to uncover it because I was myself targeted in the past, and was aware of a key detail, a URL shortening service, that was actually redacted in Snowden documents published in 2014. A now-defunct free URL shortening service -- lurl.me -- was set up by GCHQ that enabled social media signals intelligence. Lurl.me was used on Twitter and other social media platforms for the dissemination of pro-revolution messages in the Middle East.

The White House on Tuesday issued new instructions on how government agencies should respond to major cyber security attacks, in an attempt to combat perceptions that the Obama administration has been sluggish in addressing threats from sophisticated hacking adversaries, Reuters reports. The announcement comes amid reports that hackers working for Russia may have engineered the leak of emails stolen from the Democratic National Committee in an attempt to influence the outcome of the upcoming presidential election. Motherboard adds: George W. Bush's Homeland Security Advisory System -- the color-coded terrorism "threat level" indicator that became a symbol of post-9/11 fear mongering -- is getting its spiritual successor for hacking: the "Cyber Incident Severity Schema." President Obama announced a new policy directive Tuesday that will codify how the federal government will respond to hacking incidents against both the government and private American companies. [...] The Cyber Incident Severity Schema ranges from white (an "unsubstantiated or inconsequential event") to black (a hack that "poses an imminent threat to the provision of wide-scale critical infrastructure services, national government stability, or to the lives of U.S. persons") , with green, yellow, orange, and red falling in between. Any hack or threat of a hack rated at orange or above is a "significant cyber incident" that will trigger what the Obama administration is calling a "coordinated" response from government agencies. As you might expect, there are many unanswered questions here, and the federal government has announced so many cyber programs in the last few years that it's hard to know which, if any of them, will actually make the US government or its companies any safer from hackers.

An anonymous reader quotes a report from USA Today: [Recent rules from the Federal Aviation Administration mean delivery by drone is years away in the United States, but packages may be winging their way to customers sooner rather than later in the United Kingdom, where Amazon just got permission to begin a new trial of its delivery drones.] The U.K. Civil Aviation Authority gave Amazon permission to test several key drone delivery parameters. They include sending drones beyond the line of sight of their operator in rural and suburban areas, testing sensor performance to make sure the drones can identify and avoid obstacles and allowing a single operator to manage multiple highly-automated drones. U.S. rules are outlined in a 624-page rulebook from the Federal Aviation Administration. They allow commercial drones weighing up to 55 pounds to fly during daylight hours. The aircraft must remain within sight of the operator or an observer who is in communication with the operator. The operators must be pass an aeronautics test every 24 months for a certificate as well as a background check by the Transportation Security Administration. The rules govern commercial flights, such as for aerial photography or utilities inspection. Amazon's goal is to use drones to deliver packages up to 5 pound to customers in 30 minutes or less. Amazon released a statement today detailing its partnership with the UK Government that may one day turn its Prime Air drone delivery service into reality.

It's no secret that ransomware hackers are in the business to make money. But a new business arrangement hitting the news today may surprise many. Vice's Motherboard, citing research and investigation (PDF) from security firm F-Secure, is reporting that a Fortune 500 company, the name of which hasn't been unveiled, hired a ransomware gang to hack its competitors. From the article: In an exchange with a security researcher pretending to be a victim, one ransomware agent claimed they were working for a Fortune 500 company. "We are hired by [a] corporation to cyber disrupt day-to-day business of their competition," the customer support agent of a ransomware known as Jigsaw said, according to a new report by security firm F-Secure. "The purpose was just to lock files to delay a corporation's production time to allow our clients to introduce a similar product into the market first."In a statement to Motherboard, Mikko Hypponen said, "If this indeed was a case where ransomware was used on purpose to disrupt a competitor's operation, it's the only case we know of." F-Secure adds that the consumer representative noted that "politicians, governments, husbands, wives -- people from all walks of life contract [them] to hack computers, cell phones."

Reader schwit1 writes: The state department's release of Hillary emails may be over, but that of Wikileaks is just starting. Moments ago, Julian Assange's whistleblower organization released over 19,000 emails and more than 8,000 attachments from the Democratic National Committee. This is part one of their new Hillary Leaks series, Wikileaks said in press release.:"Today, Friday 22 July 2016 at 10:30am EDT, WikiLeaks releases 19,252 emails and 8,034 attachments from the top of the US Democratic National Committee -- part one of our new Hillary Leaks series. The leaks come from the accounts of seven key figures in the DNC: Communications Director Luis Miranda (10770 emails), National Finance Director Jordon Kaplan (3797 emails), Finance Chief of Staff Scott Comer (3095 emails), Finance Director of Data & Strategic Initiatives Daniel Parrish (1472 emails), Finance Director Allen Zachary (1611 emails), Senior Advisor Andrew Wright (938 emails) and Northern California Finance Director Robert (Erik) Stowe (751 emails). The emails cover the period from January last year until 25 May this year."
The emails released Friday cover a period from January 2015 to May 2016. They purportedly come from the accounts of seven key DNC staffers: Andrew Wright, Jordon Kaplan, Scott Comer, Luis Miranda, Robert Stowe, Daniel Parrish and Allen Zachary.

A quick scan of the emails focus on Bernie Sanders and dealing with the fallout of many Democrats opposing Hillary Clinton and calling the system "rigged." Many of the emails exchanged between top DNC officials are simply the text of news articles concerning how establishment democrats can "deal" with the insurgent left-winger. Update: 07/22 17:41 GMT by M :Guccifer 2.0 has claimed responsibility for the leak.

HughPickens.com writes: Mid-range prostitution is a relatively new market, enabled by technology. Before the internet, it was hard for escorts to find customers: They had to either walk the streets searching for customers, rely on word-of-mouth, or work with agencies. The internet changed all that as Allison Schrager writes at Quartz that if you work at Goldman Sachs in NYC and you want to tie up a woman and then have sex with her, you'll first have to talk to Rita. Rita will "insist on calling your office, speaking to the switchboard operator, and being patched through to your desk. Then she will want to check out your profile on the company website and LinkedIn. She'll demand you send her message from your work email, and require a scan of either your passport or driver's license." Though some escorts rely on sex work-specific sites that maintain "bad date" lists of potentially dangerous clients, others make use of more mainstream sources to gather information about and verify the identities of potential johns. Rita is addressing a problem that every business, both legal and illegal, has. Before the internet, more commerce occurred locally -- customers knew their merchants or service providers and went back to them repeatedly. As technology has expanded our transactional networks, it must also offer new ways of building trust and reputation. "The lesson here is that, while you'd think all the technological options for finding customers would make Rita's job as a madam obsolete, it has actually made her services more critical," says Schrager. "One step ahead of the mainstream economy, Rita's thriving business shows that some jobs won't disappear. They just need to be recast in a way that capitalizes on what made them valuable in the first place."

Madison Margolin, reporting for Motherboard: A glitch in Google Maps has turned the small fishing town of Sokcho, South Korea, into a Pokemon Go tourist haven. The globally popular mobile game hasn't launched yet in South Korea, but that hasn't stopped clever gamers from finding a way to play it anyways. The city of Sokcho is taking full advantage of it, according to this video by the Wall Street Journal. Because of Cold War era laws preventing North Korea from obtaining maps of the country, the use of Google Maps is restricted in South Korea, the WSJ reports. However, a fluke in the system allows it to work in Sokcho, in the northeast corner of the country, just outside the DMZ (demilitarized zone) between North and South Korea. Sokcho is outside the range of indexing grids that Pokemon Go developers used for mapping restrictions of South Korea and other countries.

An article on Motherboard today investigates the reasons why people didn't go "oh-my-god, that was awesome" looking at the CGI-based scenes in the recent movies such as Independence Day: Resurgence, Batman v Superman and X-Men: Apocalypse. Though the article acknowledges that this could be the result of some poor-acting, spotty storyline, or bad editing, it also underscores the possibility that this could be the aftermath of a "deeper mechanism that is draining all substance from our cinematic imaginary worlds?" The author of the article, Riccardo Manzotti to make his case stronger adds that the original Alien movie was able to impress us because what we saw was strongly linked to actual life. From the article: The humongous spaceship Nostromo -- a miniature model -- provoked awe and respect. When the creature erupted from Kane's abdomen -- a plaster model encased in fake blood and animal entrails -- people were horrified. The shock was registered on the faces of the actors, who, per Ridley Scott's direction, weren't told ahead of time that the moment would include a giant splatter of blood. "That's why their looks of disgust and horror are so real," producer and co-writer David Giler said. Manzotti further argues that some of the modern movies haven't left us awe-inspired because there is just too much CGI content. Compared to 430 computerized shots in the original Independence Day movie, for instance, the new one has 1,750 digitized shots. "People have been looking at pixels for much too long," the author argues, adding: Our imaginary world has been diluted and diluted to the point that, so to speak, there is no longer even a stain of real blood, love, and pain. Nowadays, when spectators see blood, they see pixels. [...] VR and augmented reality and the steady pace of CGI have pushed the process of substitution of reality to a higher level. At least, movies were once made using real stunts and real objects. Now, the actual world is no longer needed. The actual world, which is the good money, is no longer required. The virtual world, the bad money, is taking over. Yet, it lacks substance. The author makes several more compelling arguments, that are worth mulling.

An article on Motherboard today investigates the reasons why people didn't go "oh-my-god, that was awesome" looking at the CGI-based scenes in the recent movies such as Independence Day: Resurgence, Batman v Superman and X-Men: Apocalypse. Though the article acknowledges that this could be the result of some poor-acting, spotty storyline, or bad editing, it also underscores the possibility that this could be the aftermath of a "deeper mechanism that is draining all substance from our cinematic imaginary worlds?" The author of the article, Riccardo Manzotti to make his case stronger adds that the original Alien movie was able to impress us because what we saw was strongly linked to actual life. From the article: The humongous spaceship Nostromo -- a miniature model -- provoked awe and respect. When the creature erupted from Kane's abdomen -- a plaster model encased in fake blood and animal entrails -- people were horrified. The shock was registered on the faces of the actors, who, per Ridley Scott's direction, weren't told ahead of time that the moment would include a giant splatter of blood. "That's why their looks of disgust and horror are so real," producer and co-writer David Giler said. Manzotti further argues that some of the modern movies haven't left us awe-inspired because there is just too much CGI content. Compared to 430 computerized shots in the original Independence Day movie, for instance, the new one has 1,750 digitized shots. "People have been looking at pixels for much too long," the author argues, adding: Our imaginary world has been diluted and diluted to the point that, so to speak, there is no longer even a stain of real blood, love, and pain. Nowadays, when spectators see blood, they see pixels. [...] VR and augmented reality and the steady pace of CGI have pushed the process of substitution of reality to a higher level. At least, movies were once made using real stunts and real objects. Now, the actual world is no longer needed. The actual world, which is the good money, is no longer required. The virtual world, the bad money, is taking over. Yet, it lacks substance. The author makes several more compelling arguments, that are worth mulling.

An anonymous Slashdot reader quotes a report from Vice: On Saturday night astronomers at the South African MeerKAT radio telescope array fired up 16 of its recently completed dishes and released the first ever image from what is slated to become the world's most powerful radio telescope. The initial results were incredibly promising: operating with only one quarter of the 64 dishes that will eventually comprise MeerKAT, the telescope was able to find 1300 galaxies in a small corner of the universe where only 70 galaxies were known to exist previously.
Slashdot reader schwit1 quotes a report Agence France-Presse: MeerKAT's full contingent of 64 receptors will be integrated next year into a multi-nation Square Kilometer Array (SKA) which is is set to become the world's most powerful radio telescope. The images produced by MeerKAT "are far better that we could have expected," the chief scientist of the SKA in South Africa, Fernando Camilo said at the site of the dishes near the small town of Carnarvon, 600 kilometres north of Cape Town. When fully up and running in the 2020s, the SKA... will have a discovery potential 10,000 times greater than the most advanced modern instruments and will explore exploding stars, black holes, dark energy and traces of the universe's origins some 14 billion years ago.

HughPickens.com writes: Christopher Ingraham writes in the Washington Post that a new study shows that painkiller abuse and overdose are significantly lower in states with medical marijuana laws and that when medical marijuana is available, pain patients are increasingly choosing pot over powerful and deadly prescription narcotics. The researchers "found that, in the 17 states with a medical-marijuana law in place by 2013, prescriptions for painkillers and other classes of drugs fell sharply compared with states that did not have a medical-marijuana law... In medical-marijuana states, the average doctor prescribed 265 fewer doses of antidepressants each year, 486 fewer doses of seizure medication, 541 fewer anti-nausea doses and 562 fewer doses of anti-anxiety medication. But most strikingly, the typical physician in a medical-marijuana state prescribed 1,826 fewer doses of painkillers in a given year."

[P]ainkiller drug companies "have long been at the forefront of opposition to marijuana reform, funding research by anti-pot academics and funneling dollars to groups, such as the Community Anti-Drug Coalitions of America, that oppose marijuana legalization..."

An anonymous reader writes: Null Island is one of the world's most visited places for directional data that doesn't exist in real life. The Wall Street Journal reports (Warning: source may be paywalled): "In the world of geographic information systems, the island is an apparition that serves a practical purpose. It lies at 'zero-zero,' a mapper's shorthand for zero degrees latitude and zero degrees longitude. By a programming quirk introduced by developers, those are the default coordinates where Google maps and other digital Global Positioning System applications are directed to send the millions of users who make mistakes in their searches. [About seven years ago, Mr. Kelso, who had heard the phrase used by other cartographers, encoded Null Island as the default destination for mistakes into a widely used public-domain digital-mapping data set called Natural Earth, which has been downloaded several million times. On a whim, he made the location at zero-zero appear as a tiny outcrop one-meter square. In no time at all, other mappers gave the 'island' its own natural geography, created a website, and designed T-shirts and a national flag.]" If you're feeling cognitively lazy, you can watch the short animated YouTube video explaining Null Island.

An anonymous reader writes: A sophisticated piece of government-made malware, designed to do reconnaissance on energy grid's system ahead of an eventual cyberattack on critical infrastructure, was found on a dark web hacking forum. SentinelOne's researchers believe the malware was created by a team of hackers working for a government, likely from eastern Europe, according to a report published on Tuesday. Udi Shamir, chief security officer at SentinelOne, said that it's normal to find reused code and malware on forums because "nobody tries to reinvent the wheel again and again and again." But in this case, "it was very surprising to see such a sophisticated sample" appear in hacking forums, he told Motherboard in a phone interview.

Joseph Cox, reporting for Motherboard: An FBI agent has brought up an interesting question about the nature of digital evidence: Does decrypting encrypted data "fundamentally alter" it, therefore contaminating it as forensic evidence? According to a hearing transcript filed last week, FBI Special Agent Daniel Alfin suggested just that. The hearing was related to the agency's investigation into dark web child pornography site Playpen. In February 2015, the FBI briefly assumed control of Playpen and delivered its users a network investigative technique (NIT) -- or a piece of malware -- in an attempt to identify the site's visitors. [...] According to experts called by the defense in the affected case, the fact that the data was unencrypted means there is a chance that sensitive, identifying information of people who had not been convicted of a crime was being sent over the internet, and could have been manipulated. (Alfin paints this scenario as unlikely, saying that an attacker would have to know the IP address the FBI was using, have some sort of physical access to the suspect's computer to learn his MAC address, and other variables.)

Motherboard has an article in which it argues that PC gaming is still way too hard. The author of the article claims that for one to build a gaming PC, they need an "unreasonable" amount of disposable income, and also have an unreasonable amount of time to "research, shop around, and assemble parts" for their computer. The author adds that a person looking into making one such gear also needs to always have to keep investing time and money in as long as they want to stay at the cutting edge or recommended specifications range for new PC games. The author has shared the experience he had building his own gaming PC. An excerpt from it: The process of physically building a PC is filled with little frustrations, and mistakes can be costly and time consuming. I have big, dumb, sausage fingers, so mounting the motherboard into the case, and screwing in nine (!) tiny screws to keep it in place in a cramped space, in weird angles, where dropping the screwdriver can easily break something expensive -- it's just not what I'd call "consumer-friendly." This is why people buy from Apple. It designs everything from the trackpad to the box the computer comes in, which unfolds neatly to reveal everything you need. Apple reduces friction to the point where even my mom could upgrade the RAM on her iMac, and it can do this because it controls everything that goes in that box.That's accurate. But it also means -- at least as of today -- that the current Apple computer -- MacBook Air, MacBook, iMac, Mac Mini you purchase packs in at least three-year-old components.

Motherboard has an article in which it argues that PC gaming is still way too hard. The author of the article claims that for one to build a gaming PC, they need an "unreasonable" amount of disposable income, and also have an unreasonable amount of time to "research, shop around, and assemble parts" for their computer. The author adds that a person looking into making one such gear also needs to always have to keep investing time and money in as long as they want to stay at the cutting edge or recommended specifications range for new PC games. The author has shared the experience he had building his own gaming PC. An excerpt from it: The process of physically building a PC is filled with little frustrations, and mistakes can be costly and time consuming. I have big, dumb, sausage fingers, so mounting the motherboard into the case, and screwing in nine (!) tiny screws to keep it in place in a cramped space, in weird angles, where dropping the screwdriver can easily break something expensive -- it's just not what I'd call "consumer-friendly." This is why people buy from Apple. It designs everything from the trackpad to the box the computer comes in, which unfolds neatly to reveal everything you need. Apple reduces friction to the point where even my mom could upgrade the RAM on her iMac, and it can do this because it controls everything that goes in that box.That's accurate. But it also means -- at least as of today -- that the current Apple computer -- MacBook Air, MacBook, iMac, Mac Mini you purchase packs in at least three-year-old components.

Joseph Cox, reporting for Motherboard: Medium has become the go-to home for extended blog posts from researchers, CEOs, and even the President of the United States. Now, one hacker has found a way to edit or delete any post on the publishing platform. "I tried to think of different possibilities or testing cases on how can I delete a story of any user. And fortunately, I found a severe bug," Philippines-based freelance penetration test and bug bounty hunter Allan Jay Dumanhug told Motherboard in an email. The trick, Dumanhug explained in a blog post published at the end of last month, centres around Medium's "Publications" feature. Users can create their own publications -- perhaps a page dedicated to infosec news, for example -- and then request to add other users' posts to it. Each post on Medium is given its own unique, 12-character identifier code. The person who authored the post has to approve that request, otherwise their story doesn't go anywhere. But Dumanhug found that while adding his own story to his own publication, he could intercept the HTTP request and simply change the identifier to that of another post.

Since its release Wednesday night, Pokemon Go has already gone on to become the top-grossing game in the three countries where it's available, and Forbes contributor Tero Kuittinen calls it "the first example of an AR product becoming a national obsession." An anonymous Slashdot reader writes: Some fans are now tweeting about playing the game while driving, and the Chicago Tribune quotes one user who says "Pokemon Go put me in the ER last night... Not even 30 minutes after the release...I slipped and fell down a ditch." In Australia the game has been leading some players to their local police station, and a woman in Wyoming reports that the game actually led her to a dead body floating in a river. And at least one Pokemon Go screenshot has gone viral. It shows a man capturing a Pokemon while his wife gives birth.
The app's popularity has created lagging servers and forced Niantic to delay its international roll-out, meaning "Those who have already downloaded the game in the U.S., Australia and New Zealand can still play it, while those in the U.K., the Netherlands and other countries will have to wait." Meanwhile, Motherboard warns that a malicious sideloaded version of Pokemon Go is being distributed that actually installs a backdoor on Android devices, and also reports that some players are already spoofing their GPS coordinates in order to catch Pokemon without leaving their house.

Since its release Wednesday night, Pokemon Go has already gone on to become the top-grossing game in the three countries where it's available, and Forbes contributor Tero Kuittinen calls it "the first example of an AR product becoming a national obsession." An anonymous Slashdot reader writes: Some fans are now tweeting about playing the game while driving, and the Chicago Tribune quotes one user who says "Pokemon Go put me in the ER last night... Not even 30 minutes after the release...I slipped and fell down a ditch." In Australia the game has been leading some players to their local police station, and a woman in Wyoming reports that the game actually led her to a dead body floating in a river. And at least one Pokemon Go screenshot has gone viral. It shows a man capturing a Pokemon while his wife gives birth.
The app's popularity has created lagging servers and forced Niantic to delay its international roll-out, meaning "Those who have already downloaded the game in the U.S., Australia and New Zealand can still play it, while those in the U.K., the Netherlands and other countries will have to wait." Meanwhile, Motherboard warns that a malicious sideloaded version of Pokemon Go is being distributed that actually installs a backdoor on Android devices, and also reports that some players are already spoofing their GPS coordinates in order to catch Pokemon without leaving their house.

An anonymous reader writes from a report via Schneier on Security: Two researchers have discovered over 100 Tor nodes that are spying on hidden services. Cory Doctorow from Boing Boing reports: "These nodes -- ordinary nodes, not exit nodes -- sorted through all the traffic that passed through them, looking for anything bound for a hidden service, which allowed them to discover hidden services that had not been advertised. These nodes then attacked the hidden services by making connections to them and trying common exploits against the server-software running on them, seeking to compromise and take them over. The researchers used 'honeypot' .onion servers to find the spying computers: these honeypots were .onion sites that the researchers set up in their own lab and then connected to repeatedly over the Tor network, thus seeding many Tor nodes with the information of the honions' existence. They didn't advertise the honions' existence in any other way and there was nothing of interest at these sites, and so when the sites logged new connections, the researchers could infer that they were being contacted by a system that had spied on one of their Tor network circuits. No one knows who is running the spying nodes: they could be run by criminals, governments, private suppliers of 'infowar' weapons to governments, independent researchers, or other scholars (though scholarly research would not normally include attempts to hack the servers once they were discovered)." The Tor project is aware of the attack and is working to redesign its system to try and block it. Security firm Bitdefender has issued an alert about a malicious app called EasyDoc that hands over control of Macs to criminals via Tor.

A police standoff with a suspect in the killing of five police officers in Dallas came to an abrupt end on Friday morning in an unusual way. The police said that negotiations broke down, an exchange of gunfire happened, but then they had no option but to use "bomb robot and place a device on its extension for it to detonate where the suspect was." Motherboard explains the unprecedented shift in policing. From an article: Peter W. Singer, an expert in military technology and robot warfare at the New America Foundation, tweeted that this is the first known incident of a domestic police force using a robot to kill a suspect. Singer tweeted that in the wars in Iraq and Afghanistan, soldiers have strapped claymore mines to the $8,000 MARCbot using duct tape to turn them into jury-rigged killing devices. Singer says all indications are that the Dallas Police Department did something similar in this case -- it improvised to turn a surveillance robot into a killing machine. Improvised device or not, the concerns here mirror a debate that's been going on for a few years now: Should law enforcement have access to armed drones, or, for that matter, weaponized robots? In 2013 Kentucky Senator Rand Paul staged a 13-hour filibuster that was focused entirely on concerns about the use of armed drones on US soil. Last year, North Dakota became the first state to legalize nonlethal, weaponized drones for its police officers. [...] The ability for police to remotely kill suspects raises due process concerns. If a shooter is holed up and alone, can they be qualified as an imminent threat to life? Are there clear protocols about when a robot can be used to engage a suspect versus when a human needs to engage him or her? When can the use of lethal force be administered remotely?

Minutes after a police shooting took place in the Falcon Heights suburbs of Minnesota, a Facebook Live video was published on the social juggernaut website. The death of Philando Castile, 32, was documented in harrowing detail thanks to the live streaming tool offered by the social media giant. The 10-minute video was streamed via smartphone by a woman identified in media reports as Diamond Reynolds. She narrates the video with a mix of eerie calm and anguish. The video was removed from Facebook due to, as company says, a "technical glitch." The video has since been restored, but with a "Warning -- Graphic Video," disclaimer. Motherboard notes that Facebook has become the de-facto platform for such controversial videos, and that there's a pattern in these so called glitches -- as they happen very often time after a questionable content is streamed. This makes one wonder whether it is up to Facebook to decide which kind of controversial videos one should be able to watch The publication writes: As Facebook continues to build out its Live video platform, the world's most popular social network has become the de-facto choice for important, breaking, and controversial videos. Several times, Facebook has blocked political or newsworthy content only to later say that the removal was a "technical glitch" or an "error." Nearly two-thirds of Americans get their news from social media, and two thirds of Facebook users say they use the site to get news. If Facebook is going to become the middleman that delivers the world's most popular news events to the masses, technical glitches and erroneous content removals could be devastating to information dissemination efforts. More importantly, Facebook has become the self-appointed gatekeeper for what is acceptable content to show the public, which is an incredibly important and powerful position to be in. By censoring anything, Facebook has created the expectation that there are rules for using its platform (most would agree that some rules are necessary). But because the public relies on the website so much, Facebook's rules and judgments have an outsized impact on public debate.