Weekly Axis Of Easy #167
- In this issue:
- Robinhood accounts hacked and looted, support AWOL
- Microsoft and US Cybercommand both attack trickbot
- German giant Software AG’s internal network offline in ransomware attack
- Google delists then relists call to end lockdown
- Mathematicians against AI and predictive policing
- IRS investigated for using location data without warrant
- Tired: Anti-Copyright, Wired: Post-Copyright
Robinhood accounts hacked and looted, support AWOL
Details are emerging on how multiple RobinHood users are seeing their accounts get hacked, their positions liquidated and then their money withdrawn. To make matters worse, they are waiting this happen in slow motion, as it takes time for a withdrawal to complete.
But RobinHood has no emergency support contact, and from the sounds of it, no live phone support (which is, I guess, what you should expect when the platform is free to use).
Emails to support reporting fraud are met with an auto-responder informing the user that the company investigates these matters, over a period of weeks. Of course, by the time that happens, the money is long gone.
It appears as though the attack vector is credential stuffing. That’s when people reuse their email userids and passwords between sites. When some other site gets hacked, and stores the passwords in plain text (or encrypted them poorly, like ROT26), those credential breaches get distributed on the dark web. Don’t re-use passwords between sites!
Microsoft and US Cybercommand both attack trickbot
We’ve mentioned Trickbot in these pages before, usually in connection with a ransomware attack. It forms a massive, global botnet which is, in the words of security journalist Brian Krebs “a global menace that has infected millions of computers and is used to spread ransomware”
This week at least two entities did battle with the botnet, apparently to thwart it from being able to interfere with the US elections next month.
The first was the US Cyber-Command division of US DoD was the head of the National Security Agency, which got inside the Trickbot C&C (Command and Control) network on at least two occasions, and sent orders to all infected Windows computers to disconnect from the network. They also flooded the Trickbot database with millions of bogus records on new, fake, victims.
While on another front, Microsoft resorted to legal means, specifically trademark law, and had a Virginia court granted an order giving Microsoft control over numerous internet servers worldwide, which it then executed in conjunction with numerous telecoms.
Microsoft is no stranger to legal tactics such as these. In 2014 they obtained a court order from a Reno, Nevada court to seize 22 domain names operated by No-IP, a dynamic DNS provider based in that state (run by a really nice guy named Dan Durrer). Microsoft’s order overshot big time, and caused enormous collateral damage and they eventually backed off and admitted their error. Hopefully they learned from that experience and didn’t overstep the scope this time.
German giant Software AG’s internal network offline in ransomware attack
Hackers penetrated the company’s internal network on Oct 3rd and encrypted everything, demanding $20 million for the decryption key. The company attempted to negotiate with the attackers, a ransomware group called “Clop” and seemingly failed. The attackers then started posting screenshots of internal corporate data to a dark web leak site.
On Monday Oct 5, the company announced that it was experiencing internal outages due to a malware attack, but that no customer facing services were impacted. Two days later, on the 7th they disclosed being made aware of data theft in connection with the attack.
The $20 million ransom is one of the highest amounts disclosed in an attack of this type.
Google delists then relists call by medical practitioners to end lockdowns
On Oct 4th a group of epidemiologists and public health scientists released a petition known as the Great Barrington Declaration (after the city where the think-tank that sponsored it is based). It called for “focused protection” approach to battling the Coronavirus pandemic as opposed to lockdowns.
To date it claims over 8,700 medical and health scientist signatories, over 22,000 medical practitioners and nearly 400,000 concerned citizens (at the time of writing).
The mainstream media was quick to paint it with a brush of quackery and climate denialism (despite the credentials of the declaration’s authors).
It also seemed to be “memory-holed” by Google. When internet searchers looked for “Great Barrington Declaration,” alternative search engines like DuckDuckGo and Bing returned the main website and the Wikipedia entry as the top hits. Which is normal for, well, pretty well anything.
Not so for Google, which instead listed a number of attack pieces as top news hits, while the Wikipedia entry and GBD homepage were, in most of my tests, pushed down to page 4 or 5. Google users opened support threads with Google wondering why the site, which seemingly was indexed normally in Google the day before, was suddenly missing.
About a day after the curious absence began circulating on social media, the Google results suddenly reverted to normal. While it’s entirely possible that there is an innocuous explanation for the anomaly, the moderators of the two largest subreddits dealing with Coronavirus, /r/COVID-19 and /r/Coronavirus explicitly removed the threads discussing the declaration.
Meanwhile, in the intervening time since the Great Barrington Declaration came out, the World Health Organization’s Special Envoy on COVID-19, David Nabarro, stated in an interview with UK’s Spectator TV that governments worldwide should not be continuing to use lockdowns and advocated a “middle way” which sounded in the same ballpark as The Great Barrington Declaration’s “Focused Protection.”
Also, former FDA director Scott Gottlieb appeared on CNBC on Oct 11th and said that while the lockdowns in the early innings were understandable, due to lack of awareness of what would happen, there is little reason to continue with lockdowns now.
I seem to remember a couple of California doctors who said exactly this back in April, who were deplatformed and reviled for saying it.
All of this to say: when people and entities attempt to squelch dialogue and manipulate the narrative, bad outcomes happen.
Speaking of letters and declarations, over 2,000 data scientists and mathematicians have signed a joint letter calling for a cessation of collaboration with police forces.
“They are organizing a wide base of mathematicians in the hopes of cutting off police technologies at their source. The letter’s authors cite “deep concerns over the use of machine learning, AI, and facial recognition technologies to justify and perpetuate oppression.”
With increasing calls to “defund the police,” one of the unintended consequences may be increased usage of AI and so-called “predictive policing.” The latter, according to critics, is fraught with inherent bias and racial profiling.
The Letter is available here.
IRS investigated for using location data without warrant
Back in AxisOfEasy 151 we ran a piece on the US Internal Revenue Service having purchased smartphone location data from a company called Venntel for use in criminal investigations. They did not find what they were looking for in that data and discontinued use.
Despite that, the move seems to have earned them scrutiny from the US Inspector General’s Office after Senators Ron Wyden (D – Oregon) and Elizabeth Warren (D – Mass.) demanded an investigation.
It looks like the IRS Criminal Investigations unit purchased and used that data without a warrant, and you’re kinda supposed to have one of those before you go doing stuff like that, apparently.
As for Venntel, they’re one of those companies we talked about in AxisOfEasy 158. They release “free” SDKs to software developers who use them to bootstrap their development timelines, but the trade off is those SDKs gather data through all of those apps that use it, and sell it to clients like government agencies.
Their SDK is used in harmless looking apps like games, weather and shopping, while their paying clients are furnished a utility that enables them to see which devices are in a specific house or address.
One bit of administrivia error correction is that in the last AxisOfEasy Salon I mistakenly said Ron Wyden was a Republican senator, obviously wrong on that one.
Tired: Anti-Copyright, Wired: Post-Copyright
This week on the AxisOfEasy Salon #25, Jesse, Charles and myself ended up talking a lot about copyright and what it means to be a content creator in this environment. Ironically, after splicing in a nod to the late, great Eddie Van Halen at the end of the show, Youtube went beyond the usual demonetization and actually blocked access to the video entirely (AxisOfEasy routinely gets demonetized, not that it matters, since we don’t make any money at it anyway).
After a quick edit to remove the reference to the venerable Eddie, we got it up.