Monday, 19 June 2017

Estonia Ranked Best In Europe Cyber Security

Estonia ranked number 1 in cybersecurity in Europe

Estonia’s cyber security efforts have been ranked first in Europe and fifth in the rest of the world. The announcement for cyber excellence for Estonia was announced at the World Summit on Information Security Forum on Thursday. The country has largely been seen as a big innovator in the Internet-enabled government.

The International Telecommunication Union also announced the latest GCI (Global Security Index) where it called the cybersecurity commitment of Estonia and other countries commendable. They were referring especially to a series of cyber security attacks in 2007 which took down many Estonian websites.

Read more details

The post Estonia Ranked Best In Europe Cyber Security appeared first on Cyber Security Portal.

from Estonia Ranked Best In Europe Cyber Security

Tuesday, 13 June 2017

Palo Alto Will Colaborate With Girl Scouts For Cyber Security Badges

Palo Alto and Girl Scouts will provide girls with cyber security badges

Palo Alto Networks, best known for being one of the best next generation of cyber security companies is joining up with the Girl Scouts of USA to deliver country’s first ever national girl scout cybersecurity badges for girls that are in the grade K-12.

These badges will be earned by girls and they will then display it on their uniforms to show their mastery on a given topic. The initiative will be led by cybersecurity experts and advisers from the Palo Alto Networks and GSUSA. The first series will see 18 cybersecurity badges being rolled out.

Read more details

The post Palo Alto Will Colaborate With Girl Scouts For Cyber Security Badges appeared first on Cyber Security Portal.

from Palo Alto Will Colaborate With Girl Scouts For Cyber Security Badges

Tuesday, 30 May 2017

Cybersecurity businesses are getting busy, guess why?

are cybersecurity businesses taking advantage of the wannacry ransomware attack?

If you haven’t heard already, last 2 weeks have been chaotic in the business world because of the Wannacry malware attack that took down as many as 200,000 machines in just a few days.

Now some cybersecurity companies are cashing on the attack by raising the prices of their services because right now the demand for cyber security is so high that it is almost impossible for businesses to not seek out help from professionals.

But do businesses really need to rely on cyber security companies or should they be more concerned about their own cybersecurity culture inside the business?

read more details

The post Cybersecurity businesses are getting busy, guess why? appeared first on Cyber Security Portal.

from Cybersecurity businesses are getting busy, guess why?

Wednesday, 17 May 2017

11 Year old boy hacked cyber security professionals Bluetooth devices to control teddy bear

11 year old boy took control of a robotic teddy bear

An 11-year-old boy shocked an audience consisting of cyber security experts by hacking into their devices with Bluetooth to control a robot teddy bear. With this, he proved that interconnected smart toys can easily be weaponized.

Reuben Paul is just in 6th grade in an Austin, Texas-based school and his toy teddy bear is the reason why so many people were wowed that day.

Whatever he did, it does confirm that whether it’s a plane or a car, anything that is connected to the internet of things can be manipulated and easily hacked to use against its owner.

Read more details 

The post 11 Year old boy hacked cyber security professionals Bluetooth devices to control teddy bear appeared first on Cyber Security Portal.

from 11 Year old boy hacked cyber security professionals Bluetooth devices to control teddy bear

Monday, 8 May 2017

Is AI The Future of cybersecurity

Artificial Intelligence is the future of cybersecurity

As AI becomes more capable and intelligent, it could become the future of cyber security by fighting back automated and sophisticated social engineered cyber attacks. The same could be said in reverse.

With AI becoming more powerful and accessible, even cyber criminals could use to create a wave of cyber attacks such as data hacks, thefts, and penetrations. So experts believe our best defense against such attacks would be to use AI.

Even today in some large corporations with big cybersecurity budgets are using AI to defend against sophisticated attacks. This points out to a viable future of AI in cyber security which isn’t too far behind now.

Read more details

The post Is AI The Future of cybersecurity appeared first on Cyber Security Portal.

from Is AI The Future of cybersecurity

Thursday, 27 April 2017

New Buy Only American Rule Could Seriously Hurt Pentagon Tech Buying

Cybersecurity firm has enough evidence to believe Chinese hackers tried to hack US-built missiles

Ex-officials from the Pentagon are warning that newly tightened ‘Buy American’ rules that ask the government to buy U.S made only products could seriously hurt the military’s ability to buy technology which is often not necessarily made in America.

The issue was raised at the house hearing about Pentagon’s IT operations. The hearing took place one week after President Donald Trump revealed his Buy American and Hire American order.

This could seriously limit the ability to get the best weapon systems for the warfighters. The hearing mostly agreed on the fact that it could seriously hamper technology buying at the Pentagon.

Read more details 

The post New Buy Only American Rule Could Seriously Hurt Pentagon Tech Buying appeared first on Cyber Security Portal.

from New Buy Only American Rule Could Seriously Hurt Pentagon Tech Buying

Monday, 17 April 2017

Argus Cyber Security Shocks The World After They Successfully Hack A Car

cyber security for cars is in question

Argus Cyber Security is well known in the automotive industry. The company revealed that it was able to successfully hack into a car’s internal system through the internet communication system by using a simple device that is installed by insurance companies that track driving patterns. This device is specially added in the car for enabling in-car Wi-Fi.

Argus Cyber Security disabled the fuel pump as soon as it hacked into the car. The fuel pump only goes off in an event of an accident. Although Argus did not reveal which vehicle it hacked successfully, it did raise a lot of questions when it comes to the security of cars.

Read more details 

The post Argus Cyber Security Shocks The World After They Successfully Hack A Car appeared first on Cyber Security Portal.

from Argus Cyber Security Shocks The World After They Successfully Hack A Car

Thursday, 30 March 2017

What is the best defence against ransomware?

protect yourself against ransomware

Ransomware has quickly become one of the most damaging and powerful malicious software that is responsible for downtime in systems of a business. Ransomware is so dangerous that if you become a victim of it, there is no way out of it until you have paid the ransom.

The only way to save your system from ransomware is to backup your data. Here are a couple of ways how you can secure your system from getting infected with ransomware in the first place:

You have to make sure that you have backup administrator accounts made on every system in your business or home. This is because hackers are aware that people are backing up their data and they are now mostly targeting backups first before going for the actual data. This can only be done if they get access to administrative rights on the system.

You need to have some sort of cloud service to help upload and manage different versions of your backup data. You should ideally back up your important data one file at a time because it takes time to get data file by file. If a folder is uploaded, anyone can simply get access and quickly download all the files.

To fully prevent your system from getting ransomware infection, you must be able to put up preventative methods in place. This includes as mentioned above, regular backups of your data on different systems and administrative accounts. Also, back up your data off the system on an external drive to double up your preventative measures.

With these security measures in place, even if ransomware somehow locks your data, you’ll always have a backup to restore.

Moreover, most ransomware makes their way into your system through the internet. If you regularly browse random websites on the internet, make sure you never click on things that you are not familiar with.

The post What is the best defence against ransomware? appeared first on Cyber Security Portal.

from What is the best defence against ransomware?

Wednesday, 22 March 2017

How Mignon Clyburn, the FCC’s Lone Democrat, Is Fighting to Save Net Neutrality

As President Trump's Republican Federal Communications Commission chief Ajit Pai moves to roll back a variety of Obama-era initiatives, the agency's sole remaining Democrat, Mignon Clyburn, is mounting a vigorous defense of the FCC's pro-consumer policies.

With Republicans now in charge of the FCC, Clyburn faces the unfamiliar situation of being in the minority at an agency where she spent years working with her Democratic colleagues to craft the most progressive FCC policies in a generation, including newly-threatened rules protecting net neutrality, the principle that all internet content should be equally accessible to consumers.

During a wide-ranging interview with Motherboard this week, Clyburn vowed to continue fighting to advance net neutrality, as well as her other signature priorities, including expanding affordable broadband access for low-income and underserved communities, and addressing what she calls the "extreme market failure" that forces prison inmates and their families to pay wildly exorbitant phone rates just to stay in touch with their loved ones.

"I'm no longer in the majority, but my mission and my objectives are the same," said Clyburn. "I came here almost eight years ago to ensure that the voices that have not been traditionally heard will have a person representing them. And as long as I'm here, I'll be a voice for those who deserve one."

Clyburn, a 55-year-old South Carolina native who earlier in her career spent more than a decade serving on her home state's Public Service Commission, was appointed to the FCC by former President Obama in 2009. Since then, Clyburn has built a reputation as a passionate advocate for the public interest and a tireless champion of policies designed to close the nation's "digital divide" between those who enjoy internet access and those who lack it.

"Mignon Clyburn is fast achieving heroic status, her voice ringing out in defense of consumer and citizen rights," former FCC commissioner Michael Copps, who now serves as a special adviser at DC-based public interest group Common Cause, told Motherboard. "Whether the issue is protecting the open internet, safeguarding our right to online privacy, or championing broadband for every American, Commissioner Clyburn leads the way."

"I know because I worked alongside her at the FCC and have watched her since," Copps added. "We should all be grateful for her dedicated service."

Clyburn is well aware that she has limited tools at her disposal to resist the Republican effort to roll back many of the FCC's consumer protections. Trump's pick to lead the agency, former Verizon lawyer Ajit Pai, has broad latitude to set the FCC's agenda. That's one reason why Clyburn has taken to Twitter to rally grassroots support for her public interest philosophy using the hashtag #ConsumersFirst.

"Mignon Clyburn's passion for ensuring that communications networks are open, universally accessible and affordable is unmatched," said Gigi Sohn, a top counselor to former FCC Chairman Tom Wheeler. "In every action she has taken since she joined the FCC in 2009, the public interest has come first."

For Clyburn, affordable broadband access is not a luxury item like cable television—as some conservative Republicans have suggested—but a necessity of modern life that's essential for economic growth, free speech and citizen empowerment.

"Not having access to the internet is very disabling, it's crippling honestly, for anyone who needs to know what's happening in their community and wants to improve their lives," Clyburn told Motherboard. "If you are unable to have access to the most empowering, liberating, and open platform of our time, meaning the internet, then you will increasingly be behind the information eightball."

Last year, Clyburn led the FCC's push to modernize the agency's Reagan-era Lifeline phone-subsidy program to include broadband access for low-income people, in a move hailed by public interest advocates as a much-needed step toward closing the digital divide. But new FCC Chairman Pai has already begun chipping away at Lifeline by informing nine telecom companies that they won't be able to offer affordable broadband service to low-income people under the program.

Pai's action drew a strong rebuke from Clyburn, who has pledged to continue fighting Republican attempts to undermine the Lifeline program. "Taking steps to ensure that the digital and opportunities divide is closed, has always been a top priority for me," she said at a telecom policy event this week. "That will never change. But what I hope will change, is for affordable communications to be a priority for us all."

"We should not stand silent as consumer protections 'go gentle into that good night.'"

In 2015, Clyburn joined her Democratic colleagues, former FCC Chairman Tom Wheeler and former FCC Commissioner Jessica Rosenworcel, in approving the agency's landmark Open Internet order, which established strong rules protecting net neutrality by barring internet service providers (ISPs) from blocking legal internet content or creating online fast lanes.

The FCC's net neutrality safeguards are now under threat from agency chief Ajit Pai, who has made no secret of his intention to torpedo the rules. (He recently called the FCC's net neutrality policy "a mistake.") Last month, Pai took the first step toward rolling back the rules by voting to eliminate open internet transparency protections for millions of consumers.

In response to that setback, Clyburn vowed to fight to preserve the FCC's net neutrality policy. "This represents yet another in a series of steps being taken to jettison pro-consumer initiatives, and we should not stand silent as consumer protections 'go gentle into that good night,'" she said at the agency's February open meeting, quoting the Welsh poet Dylan Thomas.

Net neutrality is an essential safeguard for free speech in the digital age, in order to protect the First Amendment rights of journalists, political organizers and everyday citizens from government pressure on ISPs to stifle online freedom of expression, according to Clyburn. (Public interest advocates say that's particularly true under President Trump, who has launched multiple attacks on the press, including calling news organizations "the enemy" of the American people.)

Clyburn knows what's she talking about—after all, she used to be a journalist herself. Clyburn launched her career in the mid-1980's working for The Coastal Times, a weekly newspaper in Charleston, South Carolina, where she would eventually hold the roles of editor, general manager, and publisher during more than a decade in journalism.

"I take pride in our nation's respect for its media as a necessary check and balance on all of us," Clyburn told Motherboard. "And I would not have been a part, even a small part, of the media landscape if I did not respect what the media stands for and what its sole purpose is in a fully functional democracy."

"I will continue to press forward to ensure that inmates and their families receive just, reasonable, and fair phone rates."

Perhaps no issue is more closely identified with Clyburn than inmate calling reform. Incarcerated people in state and federal correctional facilities nationwide have long faced astronomical calling rates—in some cases more than $20 for a 15-minute call, according to Clyburn—thanks to what criminal justice reform advocates call "usurious" practices by two companies, Securus Technologies and Global Tel*Link, that control the $1.2 billion prison phone market.

"The inmate calling regime is the greatest and most distressing form of injustice I have witnessed in my 18 years as an industry regulator," Clyburn testified before Congress earlier this month.

Last October, the FCC approved caps on inmate calling rates of 11 cents to 22 cents per minute on both interstate and in-state calls from prisons. (The agency later revised those caps to 13 cents to 31 cents per minute.) Securus and Global Tel*Link promptly sued the FCC, objecting to the rate caps. Securus CEO Richard Smith went so far as to claim that the rate caps would cause "jail unrest."

The case is currently pending in the DC Circuit Court of Appeals. Last month, in one of FCC Chairman's Pai's first actions, the agency dismayed prison reform advocates by announcing that it would no longer defend the in-state rate caps. Pai has long argued that the in-state caps exceed the FCC's legal authority. Thus, it now falls to third-party advocates to defend the caps.

But Clyburn is not giving up on her years-long quest to ease the burden of exorbitant prison phone rates on incarcerated people and their loved ones. "Regardless of how the court rules, I will continue to press forward to ensure that inmates and their families receive just, reasonable, and fair phone rates," said Clyburn. "Justice demands it, and so do I."

from How Mignon Clyburn, the FCC’s Lone Democrat, Is Fighting to Save Net Neutrality

Google Street View Cars Are Mapping Methane Leaks in US Cities

Contrary to what Scott Pruitt thinks, carbon dioxide is a primary contributor to climate change. But it's not the most potent greenhouse gas. That's methane. And small leaks of it are spilling out of gas lines all over the country.

Finding the leaks, however, is another problem. So researchers from Colorado State University (CSU), in partnership with Google Earth Outreach, have equipped Google Street View cars with infrared methane detectors to find leaks in cities around the country so they can be repared.Their project is described in a new paper published in Environmental Science and Technology.

Methane is emitted from natural gas, and has 80 times the warming power of carbon over a 20 year timeframe. Gas line leaks in cities are particularly pernicious, because they lie underground and can go unnoticed for decades. If only 8 percent of the largest leaks in the US were fixed, methane emissions would fall nationwide by 30 percent. But most utility companies and local governments don't have the resources and time to find them.

"That's where we come in," said Joe von Fischer, lead researcher and biologist at CSU in a statement. "Our goal is to make it faster, cheaper and easier to find and measure methane leaks from natural gas lines to help accelerate crucial repairs."

The Google Street View cars "see" methane plumes in real time using an infrared laser methane analyzer. Methane shows up like fog clouds in the infrared spectrum. The four equipped cars currently underway have already mapped 11 cities, including Boston, Chicago, Los Angeles and Staten Island, NYC. Boston and Staten Island, with their old corrosive pipelines, were the most flatulent.

It's interesting that the project is using greenhouse gas emitting vehicles to find leaks of greenhouse gas emissions, but at least they're making use of cars already out on the road and not new ones.

from Google Street View Cars Are Mapping Methane Leaks in US Cities

The Fight to Protect This Swath of Wilderness Is Going to Canada’s Supreme Court

Congrats if You Wanted the New 'Power Rangers' Movie to Be a Young Adult Saga

Let me sing a few praises for the Power Rangers movie. Not the new one, Power Rangers, but the first feature film from 1995, released during the original craze and directed by Bryan Spicer, who also directed the 1997 movie based on McHale's Navy. It has six karate kids fighting a giant puppet dinosaur skeleton. It has a mightily winking subplot about parents turning into consumer zombies because of a gooey toy their kids have made a fad. And it has Australian actress Gabrielle Fitzpatrick dressed up like Jill of the Jungle before turning into an owl.

It's not a very good movie, but it knew who was sitting in the theater: kids who wanted to see television's rainbow warriors fight slime robots on the big screen, and parents dragged along with them. Children's fare diced up with coy remarks and exposed skin like the glamorous mermaids in the original Peter Pan productions. By comparison, I have no idea who 2017's Power Rangers movie is intended for.

It has been more than 10,000 years since the evil Rita Repulsa was free. Defeated by the same asteroid that doomed the dinosaurs, which was summoned by Zordon (a nude Bryan Cranston) in desperation, the space witch was a corpse floatin' in the ocean for millions of years before being unceremoniously caught in a fish net. As Repulsa (Elizabeth Banks) relaunches her campaign to destroy the universe, a breakfast club led by disgraced quarterback Jason (Dacre Montgomery) and mineral nerd Billy (RJ Cyler) discover magical stones that give them superpowers and color coordination. The rest is a young adult MadLib, limitless teen angst with all the nouns and adverbs filled in with "the pit," "morph" and "Putties." Most of the film is spent in a literal hole or looking at photos stuck to a fridge.

Everyone has a contemporary personal issue and about four minutes to talk about it.

Power Rangers is a little bit Transformers, but it's a lot a bit Twilight. They've relocated Angel Grove from the rollerskating California to the husked out Pacific Northwest, a better bittersweet setting for airing anxieties about the future, broken homes and a passing cameo by sexuality. Everyone has a contemporary personal issue and about four minutes to talk about it. Played straight, it would have been a droll two hours mimicking a genre that until recently was money in the bank. The funniest fucking thing in the world is that not everyone got the memo.

Elizabeth Banks seems to be acting out of protest; her Rita Repulsa is from a better movie. She treats the role as anyone who was told their name is "Rita Repulsa" would, like they're in a karate movie for children. Instead of playing to the high school confidential tone like most of the film, she's constantly yelling about gold and Krispy Kreme (the donut shop plays a pivotal role in the film).

In the same sequence where the Rangers sit around a campfire and talk about their insecurities and which parents among the dead and dying they miss the most, we also jump to Repulsa looting a jewelry store. She barges in with a staff made out of teeth, eats several necklaces and gives a cop a googly eyed stare that befits her better than it did Jared Leto in Suicide Squad. By the time it's a free-for-all between melty goop monsters and robot dinosaurs, she's the only one who doesn't feel completely out of place in weekday afternoon wackyland.

It's a square peg movie. The original, millennial consumer base of the 90s series won't appreciate waiting through two hours for a victorious Megazord instead of 18 minutes. The tweenage consumer base for young adult cinema has better, more dystopian places to be. The kids, the main audience for Power Rangers until now, don't even get scraps.

Bring back sweaty actors doing karate in foam costumes.

from Congrats if You Wanted the New 'Power Rangers' Movie to Be a Young Adult Saga

Is the dark really making me sad?

Red-light camera grace period goes from 0.1 to 0.3 seconds, Chicago to lose $17M

Tuesday, 21 March 2017

Amid boycott, Google changes ad policy to give advertisers more control

A Court Will Decide if a GIF Can Be Considered a ‘Deadly Weapon'

On Monday, a suspect faced federal charges in a Dallas County court for allegedly sending a strobing GIF that triggered a seizure in Kurt Eichenwald, a Newsweek writer with epilepsy, late last year.

Light-induced seizures have been fought with lawsuits and TV bans in the past. But like something out of Black Mirror, they've had their day in what's likely the first criminal trial over a seizure induced via the internet.

The case has similarities with previous complaints over videos, often with bright flashing lights, that triggered seizures. For example, a scene from a 1997 episode of Pokémon, in which Pikachu launches a lightning attack, reportedly hospitalized some 685 children.

Eichenwald, who has been vocal about his epilepsy in the past, allegedly suffered an eight-minute seizure in December after opening a tweet containing the flashing GIF and a message that read: "you deserve a seizure for your posts." Eichenwald's wife found him and called 911. The FBI later arrested one John Rivello, who has been charged with cyberstalking and aggravated assault with a deadly weapon.

"The implications I think are very simple, that several law enforcement authorities will not tolerate people attacking journalists even if they're using new technological tools like a Twitter message," Eichenwald's lawyer, Steven Lieberman, told Motherboard.

Read more: So How Exactly Does a GIF Cause a Seizure?

Cases like this have strong implications for the roughly 10,000 people with photosensitive epilepsy in the US. For this small percentage of the 2.7 million total Americans who suffer epilepsy, innocent-seeming everyday activities can pose a danger.

"There are potential environmental threats everywhere: theaters, dance clubs, rock concerts, the Internet, the street and at home," warns the nonprofit Epilepsy Foundation. Certain light colors and speeds may be more harmful than others.

Lawsuits have plagued video game creators since at least 1991, when Douglas L. Webster, a Michigan lawyer, sued Nintendo after a 15-year-old girl had a seizure. And in 2004, Nintendo was accused of knowing that its games caused seizures.

Eichenwald's case has been met with some skepticism, given the journalist's track record of somewhat misleading reporting. Some have questioned why his wife would take the time to tweet as her husband was having a seizure.

Part of the doubt may come from sheer surprise that just a GIF could put someone in danger. Though counterintuitive, studies have chronicled light's effect on this small portion of those with epilepsy.

Eichenwald's case has less to do with expression and more to do with any physical harm he suffered.

"This doesn't even get in the door of the First Amendment," Danielle Citron, a legal scholar at the University of Maryland, told the Washington Post. "It doesn't have expressive value… It doesn't express someone's autonomy of views and opinions."

The video, to the prosecution, was far from accidental. "It's very clear that he knew he had epilepsy," Lieberman said. "Here they saw a special vulnerability and they exploited it."

Videos like the one that Rivello allegedly sent Eichenwald are easy to find on the internet; Eichenwald claimed that he had been sent at least 40 last year.

In 2008, the Epilepsy Foundation had to shut down a forum after trolls posted seizure-inducing imagery. RyAnne Fultz, who suffers from a type of epilepsy that is triggered by patterns, clicked the wrong link. Bright flashing colors filled the screen. "It was a spike of pain in my head," she told Wired at the time. "And the lockup, that only happens with really bad ones. I don't think I've had a seizure like that in about a year," she said.

Some countries have made special protections. Eighteen people reported seizures from an animation of the 2012 London Olympics logo, prompting the United Kingdom to adopt television guidelines. Japan created similar guidelines following the Pokemon incident.

On Monday, a grand jury referral increased Rivello's charges, accusing him of assault with "a deadly weapon, to wit: a tweet and a graphics interchange format (GIF) and an electronic device and hands during the commission of the assault."

Editor's Note: Here is a tool to test your GIF for sensitivity.

from A Court Will Decide if a GIF Can Be Considered a ‘Deadly Weapon'

GitHub Uses Broken Cryptography, But It Has a Plan

In February, Google shocked the cryptography community by effectively breaking the stalwart SHA-1 hashing algorithm, making hypothetical concerns about the security of SHA-1 concrete for the first time.

While most folks have moved on from SHA-1 already, there's one place on the web that has the algorithm at its core: GitHub, the nerve centre of every open source project from bitcoin, to government-owned elections software, to the weekend projects of most DIY-minded developers. So, yeah, not good.

Thankfully, on Monday GitHub implemented a system that automatically detects when someone is trying to use an SHA-1 hack, and rejects it.

GitHub stores user data as "objects" that all have a unique SHA-1 hash, which the site uses as ID to keep track of them. This was more or less fine, because SHA-1 is designed so that it is extremely unlikely for two hashes to ever be identical—what's known as a "collision." Google demonstrated a highly specialized method for generating an SHA-1 collision in February, opening the possibility for someone to replace innocent code on GitHub with malicious code, using an identical SHA-1 hash.

According to a company blog post, Google's method of generating an SHA-1 collision "[leaves] a pattern in the bytes" that GitHub can detect. If the alarm bells go off, then GitHub will automatically abort the operation, the blog states.

If all of this seems like a big old bandaid to you, that's because it is. But, according to the blog, GitHub is looking for a more permanent solution.

"The Git project is also developing a plan to transition away from SHA-1 to another, more secure hash algorithm, while minimizing the disruption to existing repository data," the blog states. "As that work matures, we plan to support it on GitHub."

Subscribe to pluspluspodcast , Motherboard's new show about the people and machines that are building our future.

Correction: An earlier version of this article had the headline "GitHub Uses Broken Encryption, But It Has a Plan." SHA-1 is a cryptographic algorithm, not an encryption tool. This article's headline has been updated to reflect this, and Motherboard regrets the error. 

from GitHub Uses Broken Cryptography, But It Has a Plan

The EFF’s Eva Galperin Keeps Activists Safe Online

Watch Live: Sci-Fi Author Kim Stanley Robinson on Climate Change And Staying Afloat in a Drowned New York

Don’t Worry About ‘Cyber Pearl Harbor,’ But Hackers Are Already Targeting Our Critical Infrastructure

In the last few years, several government officials have made a series of alarmist claims, warning that the United States would soon be hit a "Cyber Pearl Harbor." That analogy indicates a theoretical cyber attack that shuts down the power grid, or causes real world, physical damage by hitting critical infrastructure like a nuclear power plant or a reservoir. It's definitely a scary scenario, and one that's fueled some Hollywood flicks.

But according to cybersecurity experts that actually work on industrial control systems, or ICS, we shouldn't worry about a "Cyber Pearl Harbor" so much. Yet, there are real threats to critical infrastructure that are being wrongly ignored and underestimated.

Read more: How Drones Could Help Hackers Shut Down Power Plants

For example, infrastructure cyber defenders are not taking the threat of targeted malware seriously enough, according to Robert Lee, the founder of security firm Dragos and a former Air Force cyberwarfare officer.

"We don't have grid-ending stuff going on. It's not like all this stuff is going to fail, it's not like a random piece of malware in a power system or water system or even a nuclear system is going to cause anything bad to happen. It might impact operations, and it's not good. But it's not life ending and it's not a safety issue at all," Lee told Motherboard in a phone call. 

"But at the same time we do have obviously targeted efforts by adversaries that are seemingly increasing year on year and we can at least show that there's dozens of them that we found and that speaks to the level of needing to do better," Lee added.

"It's not life ending and it's not a safety issue at all."

Lee and his team looked at real world malware targeting ICS and found a dozen cases where hackers sent malware to critical infrastructure facilities, malware that was tailored to compromise them, as opposed to random old malware that somehow finds its way to ICS networks.

In an upcoming paper that Lee is previewing at an infrastructure hacking conference on Tuesday, he will reveal two new malware samples and campaigns found targeting ICS facilities. One used a PDF of a document about nuclear material management, which was laced with malware; and the second one pretends to be legitimate software to target Siemens programmable logic controllers, or PLCs, essentially the computers that control how industrial control systems operate. The malicious Siemens malware infected 10 sites across the world, mostly in the United States but also Europe and China, according to Lee.

It's important to note that these two kinds of malware don't appear to have the goal of manipulating how the target's industrial system work, but are likely espionage efforts.

Lee, who last year warned that the ICS world is woefully ignorant of the actual risks of hacking infrastructure, is just trying to raise awareness of real world threats that are already out there.

"No, it's not raining," Lee said, "but that doesn't mean we shouldn't build the roof."

Subscribe to pluspluspodcast, Motherboard's new show about the people and machines that are building our future.

from Don’t Worry About ‘Cyber Pearl Harbor,’ But Hackers Are Already Targeting Our Critical Infrastructure

Trump FCC Honcho Ajit Pai: I Love the Press! (Kinda, Sorta)

Now that wasn't so tough, was it?

President Trump's newly-installed Federal Communications Commission chief Ajit Pai does not believe that news organizations are "the enemy of the American people," as Trump recently claimed.

Pai clarified his stance on the matter in a tight-lipped letter to Sen. Bill Nelson, the Florida Democrat, after the FCC honcho annoyed lawmakers during a recent Capitol Hill hearing in which Pai refused to say under oath whether he agreed with Trump's incendiary assertion.

Pai's evasion alarmed free speech advocates, who questioned why it was so difficult for the nation's top media regulator to clearly and unequivocally state whether he agreed with Trump's rhetorical jihad against news organizations. (Pai justified his non-answer by saying he didn't want to "wade into the larger political debates.")

In response, a group of Democratic senators sent Pai a letter demanding that he answer several questions about his First Amendment views, including: "Do you believe the media is the 'enemy' of the American people?"

Pai's answer, contained in a letter to Sen. Nelson released Monday, was short and sweet. "No."

But Pai couldn't just leave it at that, and felt compelled to offer an odd caveat to his response. "I should note that at the hearing, I was asked if I agreed with the President that the media was the 'enemy' of the people," Pai said. "However, the President has made clear that he was referring to 'fake news.'"

A FCC spokesperson told Motherboard on Monday that Pai was referring to Trump's recent comments at the Conservative Political Action Conference, in which the president said: "The dishonest media did not explain that I called the fake news the enemy of the people. The fake news. They dropped off the word 'fake.' And all of a sudden the story became the media is the enemy."

But Trump's statement was itself misleading. It's worth noting that the full text of Trump's tweet, issued before CPAC, was: "The FAKE NEWS media (failing @nytimes, @NBCNews, @ABC, @CBS, @CNN) is not my enemy, it is the enemy of the American People!"

As Glenn Kessler of The Washington Post pointed out: "Trump listed five mainstream media organizations—the New York Times, NBC, ABC, CBS and CNN—as the 'FAKE NEWS media' and declared that they are the enemy of the American people. By listing major media organizations as the enemy, Trump was clearly making a statement about the broader news media."

It's unclear whether Pai believes that the "failing" New York Times, NBC News, ABC News, CBS News, and CNN—five of the most prominent news organizations in the country—are "fake news." The FCC spokesperson declined to comment on that question.

If this entire episode strikes you as juvenile, dear reader, you are not alone. It is inexplicable why it is so difficult for Pai to answer a simple question without some sort of equivocation or qualification. Last month, Trump announced that he had renominated Pai for a second five-year term at the agency.

In any event, Pai clearly wants to move on. "As Chairman of the FCC, I take my oath to defend and protect the Constitution seriously," Pai wrote in his letter. "And the preservation of the First Amendment is the foundation of that commitment."

Good to know.

from Trump FCC Honcho Ajit Pai: I Love the Press! (Kinda, Sorta)

This Black Hole Ripped Up a Star Then Pummelled It With Its Own Remains

Hackers: We Will Remotely Wipe iPhones Unless Apple Pays Ransom

A hacker or group of hackers is apparently trying to extort Apple over alleged access to a large cache of iCloud and other Apple email accounts.

The hackers, who identified themselves as 'Turkish Crime Family', demanded $75,000 in Bitcoin or Ethereum, another increasingly popular crypto-currency, or $100,000 worth of iTunes gift cards in exchange for deleting the alleged cache of data.

"I just want my money and thought this would be an interesting report that a lot of Apple customers would be interested in reading and hearing," one of the hackers told Motherboard.

The hackers provided screenshots of alleged emails between the group and members of Apple's security team. One also gave Motherboard access to an email account allegedly used to communicate with Apple.

"Are you willing to share a sample of the data set?" an unnamed member of Apple's security team wrote to the hackers a week ago, according to one of the emails stored in the account. (According to the email headers, the return-path of the email is to an address with the domain).

The hackers also uploaded a YouTube video of them allegedly logging into some of the stolen accounts. The hacker appears to access an elderly woman's iCloud account, which includes backed-up photos, and the ability to remotely wipe the device.

"We firstly kindly request you to remove the video that you have uploaded on your YouTube channel as it's seeking unwanted attention, second of all we would like you to know that we do not reward cyber criminals for breaking the law," a message allegedly from a member of Apple's security team reads. (Motherboard only saw a screenshot of this message, and not the original). The alleged Apple team member then says archived communications with the hacker will be sent to the authorities.

Read more: This Is Apple's Mysterious 'iPhone Calibration Machine'

Now, the hackers are threatening to reset a number of the iCloud accounts and remotely wipe victim's Apple devices on April 7, unless Apple pays the requested amount.

According to one of the emails in the accessed account, the hackers claim to have access to over 300 million Apple email accounts, including those use @icloud and @me domains. However, the hackers appear to be inconsistent in their story; one of the hackers then claimed they had 559 million accounts in all. The hackers did not provide Motherboard with any of the supposedly stolen iCloud accounts to verify this claim, except those shown in the video.

By reading other emails included in the account, it appears the hackers have approached multiple media outlets. This may be in an attempt to put pressure on Apple; hackers sometimes feed information to reporters in order to help extortion efforts.

Apple did not respond to multiple requests for comment.

from Hackers: We Will Remotely Wipe iPhones Unless Apple Pays Ransom

Meet the Republican Mayor Fighting for Renewable Energy in Louisiana

Facebook Is the Latest Port of Call for Soccer Fans Who Pirate Live Streams

Soccer being illegally streamed has been around for so long that I've heard Premier League games commentated on in every language imaginable. Though there's a new form of online piracy that no one seems to be talking about, which is odd, as it has a global audience of 1.86 billion people.

Facebook introduced Facebook Live, the social network's live streaming service, at the beginning of 2016, beginning the slow but inevitable transition of the company into an all-video platform. In that time, the service has been used to stream just about everything from presidential debates to relationship spats involving famous sports stars that you were probably not meant to see.

One of the side effects of Facebook Live is piracy. A quick Google search of "facebook live streaming soccer" will return you results for a plethora of Facebook pages that host live streams of soccer matches. It's pretty trivial to set up your own , with a number of apps and gadgets out there that will capture footage from your computer to stream live on Facebook, in the same way that someone captures footage of a video game to stream on Twitch.

A big part of why streaming has caught on—particularly in the United Kingdom—is the eye-wateringly high price packages consumers are paying. In 2015, Sky and BT paid a combined £5.136 billion (more than $7.8 billion at the time) for Premier League TV rights for the next three seasons. The cheapest Sky Sports package is currently £27.50 (about $34) per month, which still only gets you one sports channel. As seen with the proliferation of illegal streams, many fans simply cannot afford to pay these prices any more.

But what is Facebook doing to combat the expanding chaos of illegal streaming? In April 2016, Product Manager Analisa Tamayo Keef discussed their Rights Manager tools on their Facebook blog: "We check every Facebook Live video stream against files in the Rights Manager reference library, and if a match surfaces, we'll interrupt that live video."

That software being used is Audible Magic, used to check for content recognition, and giving rights holders online reporting tools for submitting copyright and trademark infringement reports. Think of it as fingerprint scanning but for audio.

I asked Mike Edwards, General Manager for Audible Magic, on how this applies to live sport: "Live presents technical issues. It is possible to recognize live TV, but if you are looking at audio, it isn't that good for recognizing live streaming of sports." He continued: "The reason being that there may be one feed from either Sky or BT, but that feed will be fed to several different hundred broadcasters—all that have different commentaries and all have their own different soundtrack."

But even audio and video fingerprint recognition on recorded content found on YouTube has its flaws, as people have developed tricks to bypass these barriers using pitch shifting, rotating the video, or minimizing the copyrighted part of the video so it goes unnoticed.

Within Keef's blog post, she also mentions that Facebook was adding additional resources to address copyright issues, allowing rights holders to report videos while live. 

The Premier League did not reply to a Motherboard request for comment.

All of this is not to say that Facebook is opposed to the idea of streaming soccer. The company recently announced 22 matches from the MLS will stream on the Univision Deportes Facebook page, including fan Q&A and polling features that engage directly with the Facebook-specific commentators. In August 2016, Manchester United and Wayne Rooney streamed a charity soccer match between the club and Everton the first match to be broadcast over Facebook in the UK. Elsewhere in the world, Univision announced that 46 games of Liga MX (the highest division in Mexican soccer) would be broadcast on the social network, though the financial terms of this have not been announced. And the February 17 match between Granada and Real Betis was the first of what will be a weekly live stream of the Friday night fixture in Spain's top flight division.

This is not only the case with soccer, as Major League Baseball is reportedly in talks with Facebook to stream one game per week during its upcoming season.

Will the Premier League follow suit? As US soccer executives attempt to expand the reach of the growing MLS, building on a relationship with Facebook makes sense. However, the sheer amount of money that BT and Sky Sports have invested in the Premier League means such a relationship seems unlikely in the near future.

from Facebook Is the Latest Port of Call for Soccer Fans Who Pirate Live Streams

There and back again: SpaceX to make history by re-flying orbital rocket


We don't have an official launch date yet for SpaceX's historic rocket re-launch just yet, but it could come as soon as March 29th. During this flight, which will deliver the SES-10 satellite to geostationary orbit, the company plans to reuse the Falcon 9 first stage booster it successfully landed on a drone ship last April. That landing came after the Falcon 9 lifted a cargo ship toward the International Space Station.

Here's what we know so far about the upcoming launch: It can occur no earlier than March 29th, because the launch of an Atlas V rocket has slipped to March 27th, and it requires about 48 hours for the Air Force to reconfigure its downrange tracking system for a launch from a different pad. Further changes to the Atlas launch schedule could push the SpaceX launch into early April.

Read 3 remaining paragraphs | Comments

from There and back again: SpaceX to make history by re-flying orbital rocket

Need booze or bandages immediately? Alexa can get it for you with Prime Now

Minor iPhone bump turns the 7 and 7 Plus red, gives iPhone SE more storage


In addition to a new midrange iPad, Apple also announced a handful of minor updates for the iPhone via press release this morning.

Apple is also releasing a new Product Red version of the iPhone 7 and 7 Plus—like the name implies, it's got a bright red matte finish with blended antenna lines and a silver Apple logo on the back. It contrasts strikingly with the other iPhone colors Apple has offered in the past, but otherwise it doesn't differ from current iPhone 7 models. It will be available in 128GB and 256GB capacities, starts at $749, and will be available beginning on March 24.

Read 2 remaining paragraphs | Comments

from Minor iPhone bump turns the 7 and 7 Plus red, gives iPhone SE more storage

Apple’s new $329 9.7-inch iPad replaces Air 2, has no Pro features


Apple quietly announced via press release this morning that it would not be replacing any of its top-end iPads, just its two-year-old midrange iPad Air 2. The company's new mainstream 9.7-inch tablet, called simply "iPad," includes an Apple A9 SoC (not an A9X), but its most exciting feature is its starting price of $329, $70 less than the previous starting price of the Air 2. The tablet will be available to order starting March 24 and will begin shipping next week.

At that price, it actually appears that you take a step back from the design used for the Air 2 and the 9.7-inch iPad Pro. At 1.03 pounds (469g) and 0.29-inches (7.5mm) thick, the tablet is actually almost identical in size to the original iPad Air, not the Air 2. Hopefully this doesn't also mean that the screen or any other aspect of the tablet is also taking a step backward, but we'll have to wait to get one in our hands to know for sure.

Read 4 remaining paragraphs | Comments

from Apple’s new $329 9.7-inch iPad replaces Air 2, has no Pro features

TSA explains why it won’t allow electronics on some USA-bound flights

Monday, 20 March 2017

Trump's Social Media Plan: Problematic Law and Policy, Pointless Security

A month ago, the legislative text of “Visa Investigation and Social Media Activity Act of 2017” (VISA Act) was released. The bill requires, among other things, that background checks for visa applications of alien admission to the U.S. include “a review of the alien’s publically available interactions on and posting of material to the Internet (including social media services).”

The legislation, on its face, is markedly less aggressive than what the White House had reportedly been considering. During the Administration’s first week, CNN reported that the “White House is discussing asking foreign visitors to disclose all websites and social media they visit, and to share the contacts in their cell phones.” In more recent congressional testimony, DHS Secretary John Kelly doubled down on the proposal, noting that foreign travelers to the U.S. could be required to provide the government with passwords to their social media accounts before entering the U.S.

The VISA Act does not directly address the obligation to provide passwords, but does include a provision indicating that when DHS or a consular officer requests “additional information” in relation to the application, it may not be approved unless all of the additional information is “provided in a complete form” before the deadline. This would seem to open the door for consular officers to demand passwords and deny requests for entry until such information was provided.  

Senator Ron Wyden had previously sent a letter to the DHS Secretary expressing the Senator’s alarm over “reports of Americans being detained by U.S. Customs and Border Protection (CBP) and pressured to give CBP agents access to their smartphone PIN numbers or otherwise provide access to locked mobile devices.” Wyden intends to introduce legislation to require law enforcement obtain a warrant prior to searching devices and “prohibiting the practice of forcing foreign travelers to” disclose online account information and passwords.

Wyden’s proposal could close any loopholes created by the VISA Act by banning coercive practices like requiring the provision of a password to proceed with an application. Notably, the Obama Administration had floated a similar proposal back in August, albeit one that was far more limited in scope and emphasized the genuine voluntariness of providing the information.

It is worthwhile considering the combined effects of the proposed legislation and executive action—to effectively mandate disclosure of passwords by visa applicants and tourists—since implementing the password and tourism requirements at the executive policy level is entirely consistent with the VISA Act. Put simply, this legislation could serve as a step towards that policy and not a step back, despite the more reserved language in the legislation.

During my years as an NSA lawyer, I regularly reviewed data-gathering proposals that could support the country’s counterterrorism efforts. If I had been asked to approve this proposal, I would have said no. There are numerous potential legal issues and it is both bad policy and an unwise use of resources unlikely to produce usable intelligence information.


The Proposal Raises Legal Issues

There are many differences between the world of immigration law and intelligence operations, but there is enough similarity that the constraints on NSA are a useful framework for comparison.  In that vein, I’ll offer a few thoughts on the reported EO from the perspective of a former intelligence community lawyer. While it is impossible to undertake comprehensive legal analysis without knowing the precise ways it will be implemented, even the scant information available here raises a number of red flags.

First, there are problems to the extent the government action relies on legal consent. When the White House says it plans to “ask” foreign visitors to share their password information, the term is a euphemism.   According to CNN reporting, White House policy advisor Steven Miller has said that, “If the foreign visitor declines to share such information, he or she could be denied entry,” which means that this is a condition of entry. Indeed, if the VISA Act codified anything, it is the non-voluntariness of the request for a password. If asked, an alien can either provide the password or terminate the immigration process.  The same would, presumably, be true of the foreign tourist ready to pass through border control.

Then there is the question of legal authority. The President has broad authority to secure the border, particularly as it relates to non-citizens. Senator Wyden notes, however, that there are reports of U.S. persons being asked to produce information related to passwords or PIN codes. In determining the legality of any program, the first question government lawyers ask is, “Where is my grant of authority?” The second is, “How is that authority constrained?” Senator Wyden’s letter asks this of DHS directly. First, authority: “What legal authority permits CBP to ask for or demand, as a condition of entry, that a U.S. person disclose their social media or email account password?” And second, constraint: “How is CBP use of a traveler’s password to gain access to data stored in the cloud consistent with the Constitution or with statutory constraints such as the Computer Fraud and Abuse Act?”

Although the President’s authority to secure the border is broad, it is hard to conceive that it is broad enough to cover collection of intrusive information from the 77 million people who travel to U.S. each year.  The Ninth Circuit’s recent opinion in Washington v. Trump makes clear that restrictions on travel are reviewable by courts.  A program of this scope would, in practice, almost certainly be carried out in ways that implicate First and Fourth Amendment rights for at least some of those travelers.  (It could also, depending on how it was implemented, implicate the First and Fourth Amendment rights of other individuals whose information is swept up in this collection.)

These, of course, are only the threshold issues. Executive Order or policy guidance will raise further questions related to the application of the First and Fourth Amendments and the legal thicket related to properly storing, handling, and minimizing information once it has been collected.


The Proposal Raises Policy Issues

Beyond the legal obstacles, there are a number of reasons why requiring all visitors to the US to provide this kind of information would have seriously detrimental policy effects. This kind of aggressive program sends a message to foreign countries that can have significant negative consequences.

It would likely strain foreign relations and threaten to heighten diplomatic tension between the U.S. and its allies around the world.  Because it represents a measure beyond the norms of international legal principles and because it would be widely viewed as a rather shocking intrusion on privacy, foreign governments may be compelled to take a stand against it.

It could chill the relationships among the international intelligence community. U.S. intelligence and law enforcement communities work closely with foreign partners to identify, assess, and address transnational threats. If those relationships come under additional strain, the U.S. could receive less intelligence information from foreign allies to the detriment of our own national security.

The program would undermine the business interests of U.S. multinational corporations. It will be viewed as confirmation of longstanding concerns in the European Union that U.S. laws do not adequately safeguard individual privacy, particularly when it comes to foreigners. This has been a sticking point in international commerce for years, heralding the collapse of Safe Harbor in 2015.  Transatlantic commerce has only recently recovered from the Safe Harbor collapse with the new agreement on Privacy Shield. If this travel search proposal offers additional ammunition to the legal challenges to Privacy Shield, it will have significant economic consequences for U.S. companies.

Finally, these sorts of intrusive programs undermine public trust. The U.S. national security community already has a monumental task in gaining and preserving the trust of the American people regarding the integrity of national security work that remains, by necessity, largely out of sight. When the policies that are visible are both unwise and contrary to basic U.S. values, they undermine the credibility of the government’s claims that it only intrudes where necessary and legal; they further complicate the public dialogue; and they make it harder for the intelligence and law enforcement communities to do legitimately important work.

Critically importantly, as discussed below, all of these problems arise without producing any significant intelligence information in return.


The Proposal Will Waste Time and Resources

At NSA, I learned firsthand that good intelligence law and good intelligence practice are frequently aligned. There is not a lot of value in having all the information; what intelligence professionals need is the right information. There are two basic methods to pursue that: collect a lot of information and search for the nuggets, or only collect on a more targeted basis.

The first approach is more in line with what the White House has proposed thus far.  Although bulk data collection is sometimes viable when it is coupled with strict access and usage controls, in this case, it is unlikely to be effective as proposed. The legislation governing visa applications and executive action governing non-visa travel would, taken together, allow for indiscriminate collection of all web browsing, social media, and contact information of some 200,000 visitors every day—a quantity of information that would drown useful analysis. Intelligence analysis is often compared to searching for a needle in a haystack. A program such as the one the administration has proposed would increase the size of the haystack by several orders of magnitude, but if the additional hay consists of online shopping and cat videos, it only makes the task of finding the needles more difficult.

Consider for a moment what that kind of data-gathering this proposal would entail and the practical steps required to accomplish it. Web browsing includes every search associated with any one of multiple digital profiles. Social media activity includes not only broadcast items like tweets or public posts but also the information listed behind access-limited Facebook pages or other profiles. The contacts in a phone will include not only frequent and close interlocutors, but also some larger number of passing acquaintances. Multiple the scope of all this data by even a fraction of the 77 million, the number of people who visited the United States in 2014 alone, and you are left with far too much noise to find a signal.

Human review of this data would be uninformed, time-consuming, and likely fruitless. No consular official or border crossing agent could possibly be expected to have the scope of knowledge needed to quickly assess this material. The VISA Act seems to anticipate this by directing DHS to prepare a plan for the “use of advanced analytics software” to detect immigration fraud and national security threats. But when applied to the volume of daily entry to the United States, it just isn’t realistic to think that sophisticated technology or comprehensive databases can do on-the-spot intake and processing of such an enormous quantity of unstructured data – data that will necessarily include countless unknown entities – to flag every potential human trafficker, arms dealer, or terrorist. The capabilities don’t exist to support an immediate-response program of this scope and scale. Consequently, we are talking about one of two options: human review of laptops and mobile phones, or long-term storage of the data for later automated and human review. The first would means massive staffing increases, constipated travel, and negligible odds of any useful intelligence insights.  The second would more squarely implicate First and Fourth Amendment concerns.

Collecting lots of irrelevant information doesn’t just create more data to wade through, it also increases the occurrences of false positives. Running down false leads diverts resources needed to do meaningful intelligence work. Even the government has finite resources: limits on the number of people, the amount of money, and the computing resources that it can devote to any given problem. Diverting resources to unhelpful programs like this one necessarily detracts available resources from meaningful programs and make it harder, not easier, to detect real threats to the U.S.

Two final notes.  First, The Economist reported recently that searches for travel to the U.S. have already dropped by 17%, and that the Global Business Travel Association is already pointing to a 3.4% drop in a business sector that pumps $246 billion into the U.S. economy each year.  So, in addition to privacy concerns, the economic damage likely to result from this proposal is very real.

Second, the proposal seems to work against the Administration’s own stated purpose. According to Jake Tapper’s reporting, Steven Miller has “argued that the government needs to do a better job of making sure the people who come into the U.S. embrace American values.” America’s core values start with its Constitution and our Bill of Rights, where freedom of expression, association, and religion are enshrined as principle number one, and constraints on unreasonably intrusive overreach by the government follow not far after.  It’s the proposed searches, not the travelers, that are at odds with American values.

from Trump's Social Media Plan: Problematic Law and Policy, Pointless Security

The FBI Says It Doesn’t Need Encryption for Unclassified Evidence

Encryption can protect data from all sorts of threats: it can stop sensitive information from being read after it is intercepted, or may thwart attackers from getting at data stored on a device.

But according to a procurement document published by the FBI, the agency says it doesn't need to use encryption for protecting unclassified audio or video evidence.

The snippet is included in a 2016 document laying out the technical requirements for a smartphone recording app that the FBI requested be developed. According to the document, the app would allow both overt and covert recording and streaming.

As the agency points out, any evidence that is then going to be presented in court will need to have a traceable "chain of custody;" that is, parties can verify the route a piece of evidence has taken, from collection onwards, that the data has not been tampered with in any way.

The smartphone app would do this, in part, by using a hash. A hash is a cryptographic representation of a file or piece of data―if someone has fiddled with the data, the hash will change too, setting off alarm bells. But the app doesn't need to encrypt data, the document continues, meaning that it may still be open to tampering in the first place.

"The app shall contain technical safeguards designed to protect stored evidence. While authentication hash is required, encryption is not necessary, as the recorders do not store classified information," it reads. It's not totally clear if this is concerning encryption designed to protect the data in transit, or if it concerns data at rest on the device: although the phrasing seems to imply the latter, the smartphone app would also need to send recordings to a remote server, according to the document. (A later part of the document does ask for encryption when transferring files, but only when an agent transit the files themselves via USB onto a computer).

This stance is generally consistent with previous FBI comments on encryption and evidence, though. In a case involving a piece of FBI malware, Special Agent Dan Alfin argued that decrypting data "fundamentally alters" evidence. Jonathan Zdziarski, a forensics expert who has recently gone to work at Apple, previously told Motherboard he disagreed with this position, saying it held "no water at all."

from The FBI Says It Doesn’t Need Encryption for Unclassified Evidence

So How Exactly Does a GIF Cause a Seizure?

Very few people will ever have to suffer the terrible effects that strobes and flashing lights have on those diagnosed with photosensitive epilepsy.

But for Newsweek journalist Kurt Eichenwald, who last year suffered from a debilitating photosensitive seizure after viewing a strobing GIF sent by a Twitter troll, the dangers of flashing lights are all too real. "You deserve a seizure for your post," the suspect, John Rayne Rivello, said to Eichenwald, just before he sent the GIF.

This isn't the first time that people diagnosed with photosensitive epilepsy have been maliciously targeted over the internet, though. In 2008 the Epilepsy Foundation had to temporarily shut down its website after hackers plastered the Foundation's forums with flashing images.

In the vast majority of cases, photosensitive epilepsy is a genetic condition that affects just three percent of all of those diagnosed with some form of epilepsy. Recent research, led by scientists at Imperial College London, suggested that an 'epileptic network' of some 320 genes, dubbed M30, is responsible for the condition. When this network malfunctions, epilepsy is triggered, concluded the paper.

But what's the science behind photosensitive seizures? While many of the triggers have been identified and can be avoided, such as the frequency of the flashing lights or the intensity of a light source (two factors that were prominent in the Eichenwald attack), doctors and scientists still poorly understand the actual mechanics of a seizure, according to the Epilepsy Society.

A number of recent medical journals do paint a clearer picture of the effects of light on the brain, however.

In a 2014 study published by the Austin Journal of Clinical Neurology, three Japanese researchers linked strobe lights to eliciting peak regional cerebral blood flow in the visual cortex, which then has a knock on effect on the central nervous system.

"High-temporal-frequency visual stimuli can yield hazardous responses in the central nervous system," explained Masaaki Tanaka, Akira Ishii, and Yasuyoshi Watanabe. The three researchers also linked the increase of oxygenated blood in the cerebral cortex to certain frequencies of flashing light, another contributing factor to seizures.

At the heart of this current research in determining exactly why the brain reacts as it does is a process called Magnetoencephalography (MEG).

Read more: Neuroscientists Uncover More Evidence Linking Epileptic Seizures and Music

MEG works in much the same way as MRI, scanning the brain for electrical currents firing off inside neurons. These electrical currents create magnetic fields that can give researchers valuable information about neural activity, especially when it comes studying the process of a seizure, and for localizing areas of the brain that can benefit from epilepsy surgery.

Using MEG techniques, the Japanese researchers behind the 2014 paper even suggested that seizures may be linked to a system in the central nervous system that is susceptible to certain frequency of vibrations ultimately caused by strobe lighting.

"The existence of a fundamental frequency suggests the presence of a periodic system in the central nervous system," said the researchers. "Every periodic system exhibits some degree of sympathetic vibration. The wind induced structural collapse of Tacoma Narrows Bridge in WA in 1940 is a famous example of the hazardous nature of this type of vibration."

The researchers concluded that strobe light stimuli may indeed affect such a periodic system in the brain, with seizures and other neuropsychological abnormalities acting as the results to such systems being compromised.

Subscribe to pluspluspodcast, Motherboard's new show about the people and machines that are building our future.

from So How Exactly Does a GIF Cause a Seizure?

A Soviet Film Predicted Our Robot Apocalypse—In 1977

Forty years ago, Soviet Union produced a breakthrough short animation film that anticipated many of the most heated debates our military, policy and scientific establishments are having today.

Polygon begins on a remote ocean island, where a military crew is finishing preparations for what looks like a firing range — cutting down palm trees, leveling sand, kicking out the natives.

A tall, bearded man clad in white approves the construction from the crew that tell him that the next closest island is five kilometers away, and the land they are on is far away from major shipping lanes and airways.

The next shot depicts the man in white standing next to what looks like a tank or a self-propelled howitzer. As soon he puts his hand on the armor plating, the viewers are treated to a flashback — a younger version of the character watches as his son runs toward him from the family house.

He picks up the boy and playfully tosses him. Mid-air, the boy transforms into a soldier parachuting down with a gun. Bullets rip the parachute to shreds. Now the man is back in the present on the island. "Tomorrow, the committee arrives," he says ominously.

Russian president Vladimir Putin has called for "effective development of military autonomous robotic complexes." Although behind the curve in building and fielding such systems compared to the United States, Israel, NATO countries or even China, Russia is undertaking a major effort to build unmanned combat ground systems.

Polygon predicted this ... in 1977. Classified as "adult viewing" owing to its controversial content, the film was seldom shown to Soviet audiences. The main character — "the professor," everyone calls him — has built an A.I.-driven tank.

The tank reacts to the desire to destroy it, the "hatred impulse," by catching biological currents — the thoughts and intentions of the enemy — and quickly reacting to them. "In that sense, the enemy essentially controls the tank's movements without realizing it," the professor explains as the military committee watches the robotic tank dodge incoming artillery and missile fire.

But the truly devious side of the machine is its offensive mode, the professor admits. He flips a switch on the tank's side panel, briefly exposing the viewer to complex electronics that eavesdrop on the committee members as they discuss the weather and beer.

The tank needs "a fear impulse," the professor explains. "The enemy, fearing his destruction, will communicate to the machine its weak points and vulnerabilities, prompting the tank to launch advance attack."

The debate over whether man can — or should — cede decision-making to autonomous systems has been going on for some time. Future wars may notallow meaningful human control over fast-acting drones that could populate the battlefield.

As "Polygon" continues, the professor keeps seeing flashbacks to his son's death in "the colonies" during a conflict the military officers keep alluding to. "This is war," the senior officer says nonchalantly. "And in war there are casualties."

"Yes," the professor replies, "this is war. You like to fight? You like my new weapon? You will test it on yourselves. Try not to think of danger — the tank will read your thoughts. I have nothing to fear — I have no one left on this earth."

The tank is on "fear" mode. It takes out the terrified committee members one by one. One officer tries to control his thoughts and almost survives. Ultimately, his fear overpowers his control.

The professor walks up to the dying senior officer, who pleads for help. The professor hands the officer the medal that his son won posthumously.

In the final flashback sequence, the professor tells his son that he has taken revenge for his death — but fear and uncertainty have crept into his mind, as well. Back in the present, the tank senses the professor's terror. The film ends with island's native children playing on top of a tank buried in the sand.

This article was originally published on War Is Boring.

from A Soviet Film Predicted Our Robot Apocalypse—In 1977

Website That Simulates How Speech Works in Your Mouth Is So Weird and Cool

I can't stop giggling uncontrollably at this web application. It's not even the name, "Pink Trombone," that's getting to me. It's something about manipulating a disembodied mouth to sound as delightfully ridiculous as possible.

It's the creation of Neil Thapen, a researcher at the Institute of Mathematics of the Academy of Sciences of the Czech Republic.

The app is built to explore how speech is formed in the throat and mouth, from the sound generated at the glottis to each part of the soft palate, hard palate, lips, tongue and nasal cavity. Depending on where you click or press, the mouth lets out a steady, slightly bored scream, or a nasally babble that almost sounds like words (though I still haven't been able to make it say anything distinct—motivation to keep trying!). Moving the tongue and pitch around produces vowels, while touching the lips and oral cavity produces consonant.

What are you trying to say, Pink Trombone? Muh-ma-OOwahoooOOOa? Got it.

Subscribe to pluspluspodcast, Motherboard's new show about the people and machines that are building our future.

from Website That Simulates How Speech Works in Your Mouth Is So Weird and Cool

This Is What 1970s Motion Capture Tech Looked Like

Re-Exposure is an occasional Motherboard feature where we look back on delightful old tech photos from wire service archives.

In February 1969, the creators of Rowan & Martin's Laugh-In, George Schlatter and Ed Friendly, thought it'd be great to put a computer in charge of making a variety show. At least that's what they said, anyway.

That was the conceit of Turn-On, an ABC series that replaced a laugh track with a Moog soundtrack and loaded the result with raunchy jokes. In his autobiography What's So Funny?: My Hilarious Life, initial guest host Tim Conway explained what viewers were tuning into:

To give you an idea of what Turn-On was like, in one sketch I was arrested and brought to a police station where I was allowed to make one phone call. I picked up the receiver and made an obscene call.

Surrealistic and context-free in the culture of 1969, it quickly became one of the most infamous examples of a show cancelled after its first episode. According to Conway, it was infamously removed from the air mid-broadcast in Cleveland, and many West Coast stations decided not to air it at all.

It's more tall tale than series at this point; actual video of on the show is hard to find. The only clip of the show even on the internet is of a short, voiced-over part of its unaired second episode that showed up on ABC News nearly two decades later. But we know that it included a whole lot of wacky technology—the Moog was still brand-new, and the animation was ambitiously ahead of its time.

Which brings us to the above photo. The shot shows a Turn-On dancer wearing a very primitive motion capture system that's controlling a character Pixar would never touch, but if you look closer, you'll notice that the motion capture system is built from Tinkertoys. Tinkertoys!

Here's the crazy part about this: It looks like it's fake, but it's totally real. It relies on a technology called Scanimate, a "data suit" that a developer named Lee Harrison III first built in 1960s. The Tinkertoys held in place potentiometers, which picked up signs of movement that were then controlled by a nearby computer.

According to a 1998 Medialab article from IEEE, Harrison's technology won a 1972 National Academy of Television Arts and Sciences award, was involved in building the slick animated TV logos of the 1970s, and helped inspire the much more advanced technology that followed—which is in pretty much every Hollywood movie.

So even if we can't find the first episode of Turn-On, its fingerprints are pretty much everywhere else.

from This Is What 1970s Motion Capture Tech Looked Like