Faxes and email: Old technology slows COVID-19 response

May 13, 2020

By FRANK BAJAK

On April 1, a researcher at the Centers for Disease Control and Prevention emailed Nevada public health counterparts for lab reports on two travelers who had tested positive for the coronavirus. She asked Nevada to send those records via a secure network or a “password protected encrypted file” to protect the travelers’ privacy.

The Nevada response: Can we just fax them over?

You’d hardly know the U.S. invented the internet by the way its public health workers are collecting vital pandemic data. While health-care industry record-keeping is now mostly electronic, cash-strapped state and local health departments still rely heavily on faxes, email and spreadsheets to gather infectious disease data and share it with federal authorities.

This data dysfunction is hamstringing the nation’s coronavirus response by, among other things, slowing the tracing of people potentially exposed to the virus. In response, the Trump administration set up a parallel reporting system run by the Silicon Valley data-wrangling firm Palantir. Duplicating many data requests, it has placed new burdens on front-line workers at hospitals, labs and other health care centers who already report case and testing data to public health agencies.

READ MORE

Review: ‘Missionaries’ sees our forever wars as vocation

By FRANK BAJAK
Oct. 5, 2020

Phil Klay’s “Redeployment” was a masterwork in mostly spare prose, its tonal range from laugh-out-loud, Joseph Heller-esque absurdity to soul-crushing bleakness. It may be our best literary window into the Iraq war.

A young Marine veteran’s literary debut, the short story collection won a 2014 National Book Award.

“Missionaries,” out Oct. 6 from Penguin Press, is Klay’s next act. A big, ambitious novel, it spans a few decades and continents and plumbs U.S. forever wars’ psychic imprint on peripatetic American warriors, militarism as a way of being and the consequences of ill-conceived foreign meddling.

Two U.S. Special Forces vets of Afghanistan and Iraq — transitioned to mercenary and a military attaché — have fought “in enough murky war zones to lack the near-religious faith in democracy that the war was sold on.” Their next stop is Colombia, where Washington’s targeting-killing apparatus, first turned on leftist insurgents, now hunts drug-trafficking warlords.

MORE

Secretive, never profitable Palantir makes market debut

By FRANK BAJAK
September 30, 2020

BOSTON (AP) — Seventeen years after it was born with the help of CIA seed money, the data-mining outfit Palantir Technologies is finally going public in the biggest Wall Street tech offering since last year’s debut of Slack and Uber.

Never profitable and dogged by ethical objections for assisting in the Trump administration’s deportation crackdown, Palantir forged ahead Wednesday with a direct listing of its stock, gaining 31% in its first trading day.

The big question for both investors and company management: Can Palantir successfully transition from a business built on the costly handholding of government customers to serving corporate customers at scale? The company is a hybrid provider of software and consulting services that often embeds its own engineers with clients.

MORE

Germany seizes server hosting pilfered US police files

By FRANK BAJAK
July 9, 2020

BOSTON (AP) — At the behest of the U.S. government, German authorities have seized a computer server that hosted a huge cache of files from scores of U.S. federal, state and local law enforcement agencies obtained in a Houston data breach last month.

The server was being used by a WikiLeaks-like data transparency collective called Distributed Denial of Secrets to share documents — many tagged “For Official Use Only” — that shed light on U.S. police practices.

The data, dating back to 1996, include emails, audio and video files and police and FBI intelligence reports. DDoSecrets founder Emma Best said the data, dubbed “BlueLeaks,” comes from more than 200 agencies. It has been stripped of references to sexual assault cases and references to children, but names, phone numbers and emails of police officers were not redacted, said Best, who uses they/their pronouns.

MORE

Reliability of pricey new voting machines questioned

By FRANK BAJAK
February 23, 2020

Nearly 1 in 5 U.S. voters will cast ballots this year on devices that look and feel like the discredited paperless voting machines they once used, yet leave a paper record of the vote. But computer security experts are warning that these so-called ballot-marking devices still pose too much of a risk.

Ballot-marking machines were initially developed not as primary vote-casting tools but as “accessible” alternatives for the disabled. They print out paper records that are scanned by optical readers that tabulate the vote.

They cost at least twice as much as hand-marked paper ballots, which computer scientists prefer because paper can’t be hacked. That’s an important consideration as U.S. intelligence officials warn that malicious meddling in this year’s presidential contest could be worse than in 2016.

The machines have been vigorously promoted by the trio of privately held voting equipment vendors that control 88 percent of the U.S. market and are nearly unregulated at the federal level. They are expected to be used by some 40 million eligible voters more than in the 2018 midterm elections.

MORE

Book Review: An electronic Pearl Harbor is closer than you think







Book Review: An electronic Pearl Harbor is closer than you think

“Sandworm,” Doubleday, by Andy Greenberg

The Obama administration did not issue a single public rebuke after hackers knocked sections of Ukraine’s power grid offline on frigid December nights in 2015 and 2016. The unprecedented cyberattacks on civilian populations presaged the most devastating malware attack to date _ the June 2017 onslaught of NotPetya, which also targeted Ukraine but went further. Hobbled, too, were international business partners including Danish shipping multinational Maersk and pharmaceutical giant Merck. Damage was in the billions. In the U.S., hospital surgeries were impacted.

In “Sandworm,” Andy Greenberg sets out to track down the hackers behind those attacks, and his page-turning narrative sounds the alarm: We have failed to adequately confront a looming, existential threat. Our largely unquestioning dependence on digital technologies compounds the threat of a digital doomsday. The more reliant we become, the greater the potential peril. Power generation, health care and other vital services are at risk. Foreign agents have penetrated vital U.S. infrastructure, though the U.S. could also threaten global stability if its cyber-capabilities are carelessly loosed.

The 316-page real-life thriller takes the reader to the front lines of global cyberconflict, where U.S., Ukrainian and other computer security researchers painstakingly work to solve the authorship riddle. It concludes that the culprits _ initially dubbed ‘Sandworm’ by researcher John Hultquist after his team finds a reference to the Frank Herbert novel “Dune” in their code _ are the same state-backed hackers who wreaked havoc on the 2016 U.S. presidential elections, stealing and exposing Democratic National Committee emails and breaking into voter registration databases in at least two states.

andygreenbergThe military-backed Kremlin cyber-agents, it turns out, were also behind hacking of global anti-doping agencies and the U.S. power grid _ and knocked 2018 Winter Olympics networks offline during opening ceremonies.

When he gets technical _ no way around it, really _ Greenberg, a senior writer at ‘Wired,’ keeps the geek jargon to a minimum. His previous book, “This Machine Kills Secrets,” explores how digital tech and the global Internet _ where we are all publishers _ have transformed whistleblowing and leaking, keying off the WikiLeaks saga.

In “Sandworm,” Greenberg exposes the still uncharted world of global cyber-competition _ a perilous new front in warfighting that lacks norms and rules of engagement where human casualties seem inevitable. He describes, for one, how a nation’s own espionage tools can be dangerously turned against it and its allies, how programs written by U.S. National Security Agency uber-hackers to break into computers running on Microsoft operation systems wound up being exploited by Russian military hackers. Were they pilfered? Or leaked? That remains unclear.

“Sandworm” ranks with the multiple books by James Bamford and with Clifford Stoll’s 1989 “The Cuckoo’s Egg” as essential reading for grasping digital technology’s role in the evolution of global conflict.  It takes us well past the intrigue of cyber-espionage to contemplate _ now that the Trump administration has endorsed the use of offensive cyber operations _ how a global digital arms race might spiral out of control.

“Permanent Record” By Edward Snowden

Headline: Snowden memoir: The spy who came out and told
(On AP: Abridged version)

By FRANK BAJAK
Oct. 28, 2019

Edward Snowden is mostly self-invented, the fruit of his own ingenuity. He’s a community college dropout, but he’s no layabout. If hacking, purely defined, consists in devising the simplest, most elegant way of getting what you want then Snowden has always excelled at it, beginning when he set back every clock in the house at age 6 in order to stay up late.

The memoir “Permanent Record” from this computer whiz who exposed secret U.S. government mass domestic surveillance six years ago is already a headline. The government has sued to try to deny Snowden royalties for not allowing it pre-publication review. But I didn’t find any secrets he hasn’t already revealed.

A former CIA and National Security Agency systems engineer, Snowden is now a committed digital privacy activist with 4 million Twitter followers, charged with Espionage Act violations for which he says his conscience offered no other option. Civil disobedience is a long, proud tradition with practioners including the republic’s founders, Snowden reminds, and the book does at times read like a manifesto.

If anyone grew on the internet, it was Ed, who was intoxicated with its seemingly limitless potential for good. Snowden waxes poetic on the magic of the two-modem handshake when going online meant tying up the family phone line, which he did incessantly.

Before innocence was lost, the internet represented America’s true values to Snowden. Dorkishly, he read the U.S. Constitution cover to cover when it was offered free at work. Patriotism was ingrained in his upbringing. His parents quietly exercised it when clocking in daily at work. Dad was a Coast Guard techie. Mom held various government jobs.

The North Carolina-born Snowden hacked his way through adolescence in the shadow of Fort Meade, Maryland, the NSA’s home. His scheme for skating through high school with minimum effort _ calculating what it took to get passing grades and doing no more _ worked until Honest Ed explained it to a teacher.

Coming-of-age memoirs like Snowden’s typically recount personal journeys of moral and psychological discovery. That is the book’s strength. Others, most notably journalist Glenn Greenwald and filmmaker Laura Poitras, have already better chronicled the white-knuckled drama of how the most famous whistleblower since Daniel Ellsberg persuaded them to meet him in Hong Kong in 2013 so he could lift the lid on the NSA’s mass surveillance of U.S. citizens _ the 21st century’s biggest scoop.

What Snowden does well, aided by novelist Joshua Cohen, his ghostwriter, is define the promise and dangers of digital technology and the wacky alchemy that grants system architects and administrators like him extraordinary power over people’s lives. His clearcut explanations of complicated yet vital phenomena like the TOR privacy browser and encryption are especially instructive.

Looking back, Snowden most regrets his atavistic reaction to 9/11, how the 18-year-old Ed became “a willing vehicle of vengeance.” He enlists in the Army, hoping to join the Special Forces _ only to break his leg in basic training. He’d been at Fort Meade the day of the attacks, coding for an employer who lived on the base, and joined the vehicular exodus as thousands fled the NSA’s gleaming black towers.

Engrossing is Snowden’s description of how he used his programming skills to create a repository of classified in-house jots on the NSA’s global snooping _ and built a backup system for agency data he called EPICSHELTER. Reading through the repository _ and through his research during a short stint as a briefer on Asian cyberthreats _ Snowden begins to understand just how badly the government was stomping on its citizens’ civil liberties. The “bulk collection” program was called STELLARWIND.

Snowden became sullen. “I felt more adult than ever, but also cursed with the knowledge that all of us had been reduced to something like children, who’d been forced to live the rest of their lives under omniscient parental supervision. I felt like a fraud.”

The rest is history: Snowden’s aborted flight from Hong Kong to Ecuador, stymied when the U.S. canceled his passport, stranding him in Moscow, where he lives in forced exile with longtime girlfriend, now wife, Lindsay Mills. If that relationship was ever tested Snowden is not saying. He turns the book over to Mills for a late chapter taken from her diaries when he disappears without a trace _ then shows up on everyone’s TV screen _ and the FBI is on her like flypaper. By then, the narrative has gone thin.

Snowden says he came to realize, in 2011 as he was deciding to blow the whistle on the NSA, that it wasn’t just the government that was endangering our liberty by amassing and categorizing our data. Back in the U.S. from Japan, he meets his first Internet-equipped ‘smart fridge.’ He is aghast.

Here he was, getting all exercised about U.S. government snooping while surveillance capitalists similarly spied on acquiescent consumers, rendering them a product that “corporations sold to other corporations, data brokers and advertisers.” Worse, people were being persuaded to surrender control of their data to corporations for storage “in the cloud.”

Snowden, at age 28, had soured on his beloved internet. “The Internet that had raised me was disappearing. And with it, so was my youth. The very act of going online, which had once seemed like a marvelous adventure, now seemed like a fraught ordeal.”

“Every transaction was a potential danger.”

Two years later, he’d share his discoveries with the rest of us.

‘Erratic’ online handle apt for Capital One hack suspect







August 1, 2019

By GENE JOHNSON and FRANK BAJAK

SEATTLE (AP) — The 33-year-old former Amazon software engineer accused of hacking Capital One made little attempt to hide her attack. In fact, she effectively publicized it.

It’s one of many riddles swirling around Paige Thompson, who goes by the online handle “erratic.” Well-known in Seattle’s hacker community, Thompson has lived a life of tumult, with frequent job changes, reported estrangement from family and self-described emotional problems and drug use.

FBI agents arrested Thompson Monday for allegedly obtaining personal information from more than 100 million Capital One credit applications, including roughly 140,000 Social Security numbers and 80,000 bank account numbers. There is no evidence the data was sold or distributed to others.

Thompson, in federal custody pending an Aug. 15 detention hearing, wasn’t reachable. Her public defender, Mohammad Hamoudi, did not return an emailed request for comment.

But her online behavior suggested that she may have been preparing to get caught. More than six weeks before her Monday arrest, Thompson had discussed the Capital One hack online with friends in chats and in a group she created on the Slack messaging service.

Those chats and the recollections of others offer a sketch of someone talented and troubled, grappling with what friends and her own posts indicate was an especially bumpy crossroads in her life.

Friends and associates described Thompson as a skilled programmer and software architect whose career and behavior — oversharing in chat groups, frequent profanity, expressions of gender-identity distress and emotional ups and downs — mirror her online handle.

MORE

 

Whistleblower vindicated in Cisco cybersecurity case







August 1, 2019

By FRANK BAJAK

BOSTON (AP) — A computer security expert who has won a trailblazing payout in a whistleblower lawsuit over critical security flaws he found in October 2008 in Cisco Systems Inc. video surveillance software thought his discovery would be a career-boosting milestone.

James Glenn imagined at the time that Cisco would credit him on its website. The software was, after all, used at major U.S. international airports and multiple federal agencies with sensitive missions

“I mean, this was a pretty decent accomplishment,” Glenn said Thursday in a phone interview.

Instead, he was fired by the Cisco reseller in Denmark that employed him, which cited cost-cutting needs. And Cisco kept the flaws in its Video Surveillance Manager system quiet for five years.

Only Wednesday, when an $8.6 million settlement was announced and the lawsuit he filed in 2011 under the federal False Claims Act unsealed, was Glenn’s ordeal revealed — along with the potential peril posed by Cisco’s long silence.

MORE

 

Activists worry about potential abuse of face scans for ICE







July 9, 2019

By FRANK BAJAK

BOSTON (AP) — Civil rights activists complained Monday of the potential for widespread abuse following confirmation that at least three states have scanned millions of driver’s license photos on behalf of Immigration and Customs Enforcement without the drivers’ knowledge or consent.

Public records obtained by the Georgetown Law Center on Privacy and Technology provided the first proof that ICE had sought such scans, which were conducted in Utah, Vermont and Washington.

All three states — which offer driving privileges to immigrants who are in the U.S. illegally — agreed to the ICE requests, according to documents shared with The Associated Press on Monday and first reported by The Washington Post .

“States asked undocumented people to come out of the shadows to get licenses. Then ICE turns around and uses that to find them,” Alvaro Bedoya, the center’s director, said Monday.

ICE spokesman Matthew Bourke did not directly address written questions, including whether the agency used the scans to arrest or deport anyone.

MORE