Leading Egyptian opposition politician targeted with spyware, researchers find

Sept. 24, 2023

By FRANK BAJAK

BOSTON (AP) — A leading Egyptian opposition politician was targeted with spyware multiple times after announcing a presidential bid — including with malware that automatically infects smartphones, security researchers have found. They say Egyptian authorities were likely behind the attempted hacks.

Discovery of the malware last week by researchers at Citizen Lab and Google’s Threat Analysis Group prompted Apple to rush out operating system updates for iPhones, iPads, Mac computers and Apple Watches to patch the associated vulnerabilities.

Citizen Lab said in a blog post that attempts beginning in August to hack former Egpytian lawmaker Ahmed Altantawy involved configuring his phone’s connection to the Vodaphone Egypt mobile network to automatically infect it with Predator spyware if he visited certain websites not using the secure HTTPS protocol.

Citizen Lab said the effort likely failed because Altantawy had his phone in “lockdown mode,” which Apple recommends for iPhone users at high risk, including rights activists, journalists and political dissidents in countries like Egypt.

Prior to that, Citizen Lab said, attempts were made beginning in May to hack Altantawy’s phone with Predator via links in SMS and WhatsApp messages that he would have had to click on to become infected.

Once infected, the Predator spyware turns a smartphone into a remote eavesdropping device and lets the attacker siphon off data.

Given that Egypt is a known customer of Predator’s maker, Cytrox, and the spyware was delivered via network injection from Egyptian soil, Citizen Lab said it had “high confidence” Egypt’s government was behind the attack

MORE

Book Review: Novelist and blogger Cory Doctorow pens a manual for destroying Big Tech

Sept. 12, 2023

By FRANK BAJAK

As a leading blogger in the pre-Substack era, novelist and public-interest technologist Cory Doctorow often warned that Big Tech was rendering of cyberspace a polluted, dystopian, crassly commercial and often hostile world of limited options.

Now it’s happened. Facebook, Instagram and other walled fiefdoms of surveillance capitalism distract discourse with scrolls of targeted ads and trending video reels. More genteel competitors were long ago muscled out.

Hateful trolls, violent speech and addictive algorithms thrive. And when a user account is mistakenly or unjustly shuttered, platform automation means the aggrieved will encounter callous indifference. It’s gotten to where anti-Big Tech initiatives enjoy bipartisan backing in an otherwise teetering U.S. democracy.

“There is no fixing Big Tech,” Doctorow, who blogged for years on the website “Boing Boing,” writes in his new book “The Internet Con: How To Seize The Means of Computation.” The breezily written 173-page manifesto is for people who want to destroy it.

MORE

Don’t expect quick fixes in ‘red-teaming’ of AI models. Security was an afterthought

By FRANK BAJAK

Aug. 13, 2023

BOSTON (AP) — White House officials concerned by AI chatbots’ potential for societal harm and the Silicon Valley powerhouses rushing them to market are heavily invested in a three-day competition ending Sunday at the DefCon hacker convention in Las Vegas.

Some 2,200 competitors tapped on laptops seeking to expose flaws in eight leading large-language models representative of technology’s next big thing. But don’t expect quick results from this first-ever independent “red-teaming” of multiple models.

Findings won’t be made public until about February. And even then, fixing flaws in these digital constructs — whose inner workings are neither wholly trustworthy nor fully fathomed even by their creators — will take time and millions of dollars.

Current AI models are simply too unwieldy, brittle and malleable, academic and corporate research shows. Security was an afterthought in their training as data scientists amassed breathtakingly complex collections of images and text. They are prone to racial and cultural biases, and easily manipulated.

MORE

Ransomware criminals are dumping kids’ private files online after school hacks

BY FRANK BAJAK, HEATHER HOLLINGSWORTH AND LARRY FENN

July 5, 2023

The confidential documents stolen from schools and dumped online by ransomware gangs are raw, intimate and graphic. They describe student sexual assaults, psychiatric hospitalizations, abusive parents, truancy — even suicide attempts.

“Please do something,” begged a student in one leaked file, recalling the trauma of continually bumping into an ex-abuser at a school in Minneapolis. Other victims talked about wetting the bed or crying themselves to sleep.

Complete sexual assault case folios containing these details were among more than 300,000 files dumped online in March after the 36,000-student Minneapolis Public Schools refused to pay a $1 million ransom. Other exposed data included medical records, discrimination complaints, Social Security numbers and contact information of district employees.

Rich in digitized data, the nation’s schools are prime targets for far-flung criminal hackers, who are assiduously locating and scooping up sensitive files that not long ago were committed to paper in locked cabinets. “In this case, everybody has a key,” said cybersecurity expert Ian Coldwater, whose son attends a Minneapolis high school.

MORE

Microsoft admits Outlook, cloud platform disruptions were cyberattacks

By FRANK BAJAK

June 17, 2023

BOSTON (AP) — In early June, sporadic but serious service disruptions plagued Microsoft’s flagship office suite — including the Outlook email and OneDrive file-sharing apps — and cloud computing platform. A shadowy hacktivist group claimed responsibility, saying it flooded the sites with junk traffic in distributed denial-of-service attacks.

Initially reticent to name the cause, Microsoft has now disclosed that DDoS attacks by the murky upstart were indeed to blame.

But the software giant has offered few details — and did not immediately comment on how many customers were affected and whether the impact was global. A spokeswoman confirmed that the group that calls itself Anonymous Sudan was behind the attacks. It claimed responsibility on its Telegram social media channel at the time. Some security researchers believe the group to be Russian.

Microsoft’s explanation in a blog post Friday evening followed a request by The Associated Press two days earlier. Slim on details, the post said the attacks “temporarily impacted availability” of some services. It said the attackers were focused on “disruption and publicity” and likely used rented cloud infrastructure and virtual private networks to bombard Microsoft servers from so-called botnets of zombie computers around the globe.

MORE

Musk deputy’s words on Starlink ‘weaponization’ vex Ukraine

By FRANK BAJAK

Feb. 9, 2023

BOSTON (AP) — Ukrainians reacted Thursday with puzzlement and some ire to comments by a top Starlink official that their country has “weaponized” the satellite internet service, which has been pivotal to their national survival.

President Gwynne Shotwell of SpaceX, which runs Starlink, was also reported to have said at the same venue Wednesday that the Elon Musk-controlled company has taken unspecified action to prevent Ukraine’s military from using Starlink technology against Russian invaders.

The network of low-orbiting satellites has been crucial to Ukraine’s use of battlefield drones — a central fixture of the year-old war — and the country’s defenders have no viable alternative. The satellite links help Ukrainian fighters locate the enemy and target long-range artillery strikes.

Onstage at a conference in Washington, D.C., Shotwell said: “We were really pleased to be able to provide Ukraine connectivity and help them in their fight for freedom. It was never intended to be weaponized. However, Ukrainians have leveraged it in ways that were unintentional and not part of any agreement.”

MORE

Drone advances in Ukraine could augur dawn of killer robots

By FRANK BAJAK and HANNA ARHIROVA
January 3, 2023

KYIV, Ukraine (AP) — Drone advances in Ukraine have accelerated a long-anticipated technology trend that could soon bring the world’s first fully autonomous fighting robots to the battlefield, inaugurating a new age of warfare.

The longer the war lasts, the more likely it becomes that drones will be used to identify, select and attack targets without help from humans, according to military analysts, combatants and artificial intelligence researchers.

That would mark a revolution in military technology as profound as the introduction of the machine gun. Ukraine already has semi-autonomous attack drones and counter-drone weapons endowed with AI. Russia also claims to possess AI weaponry, though the claims are unproven. But there are no confirmed instances of a nation putting into combat robots that have killed entirely on their own.

Experts say it may be only a matter of time before either Russia or Ukraine, or both, deploy them.

MORE

Review: The digital sleuths who demystified cryptocurrency

By FRANK BAJAK
December 5, 2022

“Tracers In The Dark” by Andy Greenberg (Doubleday)

The year was 2011. Cryptocurrency was a little-understood novelty, and Sen. Chuck Schumer called a news conference to vent outrage over a one-stop online shop for illegal drugs whose technology made sellers “virtually untraceable.”

The New York lawmaker’s description of Silk Road helped seed a persisting myth that technology reporter Andy Greenberg exhaustively dispels in “Tracers in the Dark,” that transactions of Bitcoin and other cryptocurrencies can’t be tracked.

Greenberg sketches the evolution of a wholly new discipline in the surprisingly lively real-life police procedural, following law officers and programmers who invent and deploy cryptocurrency-tracking tools to catch a new breed of criminal. They take down Silk Road and other “dark web” markets and merchants, finger crypto money launderers and snare the sysadmin and users of Welcome to Video, a major South-Korea-based distributor of child sexual abuse material.

Best of the action are two takedown dramas. A young Quebecois behind the AlphaBay dark web market, Alexandre Cazes, lives large in Thailand, rocketing around in a Lamborghini, running up $12,000 restaurant bills and boasting of adulterous sexploits online. The other takedown is of a DEA agent and a Secret Service agent who illegally enriched themselves off Silk Road while investigating it – each wholly on their own.

MORE

Twitter risks fraying as engineers exit over Musk upheaval

By FRANK BAJAK
November 18, 2022

Elon Musk’s managerial bomb-throwing at Twitter has so thinned the ranks of software engineers who keep the world’s de-facto public square up and running that industry insiders and programmers who were fired or resigned this week agree: Twitter may soon fray so badly it could actually crash.

Musk ended a very public argument with nearly two dozen coders over his retooling of the microblogging platform earlier this week by ordering them fired. Hundreds of engineers and other workers then quit after he demanded they pledge to “extremely hardcore” work by Thursday evening or resign with severance pay.

The newest departures mean the platform is losing workers just at it gears up for the 2022 FIFA World Cup, which opens Sunday. It’s one of Twitter’s busiest events, when tweet surges heavily stress its systems.

“It does look like he’s going to blow up Twitter,” said Robert Graham, a veteran cybersecurity entrepreneur. “I can’t see how the lights won’t go out at any moment” — although many recently departed Twitter employees predicted a more gradual demise.

Three engineers who left this week described for The Associated Press why they expect considerable unpleasantness for Twitter’s more than 230 million users now that well over two-thirds of Twitter’s pre-Musk core services engineers are apparently gone. While they don’t anticipate near-term collapse, Twitter could get very rough at the edges — especially if Musk makes major changes without much off-platform testing.

MORE

High-risk Colombians say GPS devices only add to dangers

By FRANK BAJAK

August 1, 2022

The bulletproof vehicles that Colombia’s government assigns to hundreds of high-risk individuals are supposed to make them safer. But when an investigative reporter discovered they all had GPS trackers, she only felt more vulnerable — and outraged.

No one had informed Claudia Julieta Duque — or apparently any of the 3,700-plus journalists, rights activists and labor and indigenous leaders who use the vehicles — that the devices were keeping constant tabs on their whereabouts. In Duque’s case, it happened as often as every 30 seconds. The system could also remotely cut off the SUV’s engine.

Colombia is among the world’s most dangerous countries for human rights defenders — with more than 500 killed since 2016. It is also a country where right-wing extremists have a track record of infiltrating national security bodies. For Duque, the GPS revelation was chilling: Movements of people already at risk of political assassination were being tracked with technology that bad actors could weaponize against them.

“It’s something super invasive,” said Duque, who has been a persistent target of rogue security agents. “And the state doesn’t seem to care.”

The government agency responsible has said the trackers were installed to help prevent theft, to track the bodyguards who often drive the vehicles and to help respond to dangerous situations.

For a decade, Colombia had been installing trackers in the armored vehicles of at-risk individuals as well as VIPs, including presidents, government ministers and senators. The agency’s director made that disclosure after Duque learned last year through a public records request that the system was recording her SUV’s location an average of five times an hour.

The director dismissed privacy concerns and called the practice “fundamental” to guaranteeing security.

Considering the tracker a danger to her and her sources, Duque pressed for details on its exact features. But the National Protection Unit, known as UNP in Spanish, offered little. She then demanded the agency remove the device. It refused. So in February, Duque returned the vehicle, left the country and filed a legal challenge.

Now back in Bogotá, she is hoping for satisfaction when Gustavo Petro, Colombia’s first leftist president, takes office Aug. 7.

MORE