Weekly Axis Of Easy #40
Aloha from Oahu… In this issue:
- Have you checked your credit report since the Equifax hack?
- FBI pays Geeksquad to inform on its customers
- Researcher discovers “Killswitch” to neutralize the memcache DDoS
- Google’s AI is helping military drones get better at their job
- Why the DoD works with Hollywood to shape narrative about the military
- Big banks want to weaken encryption protocol for convenience
- China’s “social obedience” platform a harbinger of our collective future
This item affects our US readers more than in Canada (where Equifax claims the number of Canadians affected by their catastrophic data breach to be under 10,000). But I have seen numerous colleagues and participants of the myriad security lists I’m on, reporting (fairly matter-of-factly) on being victims of identity fraud owing to their data being leaked in the big Equifax hack.
Brian Krebs reminds all to make sure you check your credit activity with Equifax to make sure it hasn’t happened to you, or to get out in front of it, if it has.
After a case in California where it was revealed that the FBI paid a Geeksquad facility to report illegal content found during repairs, the EFF filed a Freedom of Information Act (FOIA) request to find out the exact extent of this practice. Turns out the FBI has been working with Geeksquad, using them to collect information and report their findings for at least ten years.
Last week we reported on a new DDoS vector called “memcache reflection” which was setting new records in the “Largest DDoS Ever” category, with attacks exceeding 1.2 TB/sec. To make matters worse, proof-of-concept exploit code was released into the wild last week making such attacks available to “script kiddies”. Fortunately, security researchers from Corero Network Security have found a “killswitch” that shuts down vulnerable memcache servers.
MIT technology review reports that Google is working with the U.S Department of Defence to improve military drones. Google’s “TensorFlow” artificial intelligence to analyze drone footage utilizing machine learning in operations against ISIS. Not everybody at the “don’t be evil” company is thrilled about the weaponization of company code.
Speaking of the Department of Defense, did you know that the US military “has a long-standing relationship with Hollywood? In fact, it’s been working with filmmakers for nearly 100 years with a goal that’s two-fold: to accurately depict military stories and make sure sensitive information isn’t disclosed.” In fact, the US military participation in Hollywood goes all the way back to the very first Academy Awards.
The IETF meets this month to plan the specification for TLS 1.3, the next iteration of the Transport Layer Security (which is the successor encryption protocol to SSL). One draft of the proposal tabled by the Financial Services Roundtable wants to add an option for “option for negotiation of visibility in the datacenter”, which is a method that would allow banks to more easily conduct packet inspection on traffic traversing their networks. Critics call it “weakened” encryption at best and “a back door” at worst.
Ever seen Black Mirror’s “Nosedive” episode? The one where everybody rates each other all the time, for everything and if your score dips too low you start to lose your position and privileges within society? Well China already does that. It’s a system called “Sesame Credit” which gamifies “obedience to the State”. Participation is voluntary now, but becomes compulsory in 2020.
It would totally suck to be a citizen of China then, huh? Well don’t get too comfortably smug. John Harris writes in The Guardian that this is just a hint of what’s to come for all of us. And while here in The West it may not look like Sesame Credit in China, it will have definitive hallmarks of “The Tyranny of Algorithms”.