I'm too verbose for twitter...
7877 stories
·
31 followers

Chinese Hackers Used U.S. Government-Mandated Wiretap Systems

1 Share
A shadowy hacker, in a hood, working on a laptop against the backdrop of an American flag, partially rendered in streams of binary code. | DPST/Newscom

For as long as law enforcement has sought a way to monitor people's conversations—though they'd only do so with a court order, we're supposed to believe—privacy experts have warned that building backdoors into communications systems to ease government snooping is dangerous. A recent Chinese incursion into U.S. internet providers using infrastructure created to allow police easy wiretap access offers evidence, and not for the first time, that weakening security for anybody weakens it for everybody.

Subverted Wiretapping Systems

"A cyberattack tied to the Chinese government penetrated the networks of a swath of U.S. broadband providers, potentially accessing information from systems the federal government uses for court-authorized network wiretapping requests," The Wall Street Journal reported last week. "For months or longer, the hackers might have held access to network infrastructure used to cooperate with lawful U.S. requests for communications data."

Among the companies breached by the hacker group, dubbed "Salt Typhoon" by investigators, are Verizon, AT&T, and Lumen Technologies. The group is just one of several linked to the Chinese government that has targeted data and communications systems in the West.

While the Journal report doesn't specify, Joe Mullin and Cindy Cohn of the Electronic Frontier Foundation (EFF) believe the wiretap-ready systems penetrated by the Chinese hackers were "likely created to facilitate smooth compliance with wrong-headed laws like CALEA." CALEA, known in full as the Communications Assistance for Law Enforcement Act, dates back to 1994 and "forced telephone companies to redesign their network architectures to make it easier for law enforcement to wiretap digital telephone calls," according to an EFF guide to the law. A decade later it was expanded to encompass internet service providers, who were targeted by Salt Typhoon.

"That's right," comment Mullin and Cohn. "The path for law enforcement access set up by these companies was apparently compromised and used by China-backed hackers."

Ignored Precedents

This isn't the first time that CALEA-mandated wiretapping backdoors have been exploited by hackers. As computer security expert Nicholas Weaver pointed out for Lawfare in 2015, "any phone switch sold in the US must include the ability to efficiently tap a large number of calls. And since the US represents such a major market, this means virtually every phone switch sold worldwide contains 'lawful intercept' functionality."

Two decades ago, that mandatory wiretapping capability was subverted by hackers targeting Vodafone Greece. They intercepted phone conversations of the country's prime minister and high political, law enforcement, and military officials, among others.

Which is to say that nobody appears to have learned anything between the 2004 hacking of government-mandated wiretapping capabilities at a Greek telecom and the 2024 hacking of government-mandated wiretapping capabilities at U.S. internet service providers. Well, unless we're counting the Chinese hackers. They seem to have learned quite a bit from the earlier experience.

It should be needless to say, but let's say it anyway: this was all predictable and preventable.

'The Problem With Backdoors'

"The problem with backdoors is known—any alternate channel devoted to access by one party will undoubtedly be discovered, accessed, and abused by another," David Ruiz of the internet security firm Malwarebytes Labs wrote in 2019. He noted that cybersecurity researchers had been making that argument for years. They've been repeating themselves for years because their warnings appear to fall on deaf ears.

Even some believers in backdoors on specific devices concede that building wiretapping into whole communications systems is too dangerous to contemplate. A 2019 paper from the Carnegie Endowment for Peace's Encryption Working Group thought "some forms of access to encrypted information, such as access to data at rest on mobile phones, should be further discussed," but cautioned that compromising the security of what it called "data in motion" (communications networks) "would create a massive target for criminal and foreign intelligence adversaries."

Such foreign intelligence adversaries, for instance, as hackers sponsored by the Chinese government to penetrate U.S. internet firms.

So, just how dangerous was the Salt Typhoon hack?

'A Potentially Catastrophic Breach'

"The widespread compromise is considered a potentially catastrophic security breach," adds The Wall Street Journal. "It appeared to be geared toward intelligence collection."

China's state-sponsored hackers are continuously targeting U.S. infrastructure, including water-treatment facilities and the electricity grid. They've also penetrated pipeline systems. "The PRC's targeting of our critical infrastructure is both broad and unrelenting," FBI Director Christopher Wray warned in April, referring to the People's Republic of China.

The U.S. Cybersecurity and Infrastructure Security Agency cautions that "PRC state-sponsored cyber actors are seeking to pre-position themselves on information technology (IT) networks for disruptive or destructive cyberattacks against U.S. critical infrastructure in the event of a major crisis or conflict with the United States."

And yes, the U.S. government is probably returning the favor by hacking systems in China and elsewhere. But that will be cold comfort if the lights go out here because the feds essentially rolled out the red carpet for foreign infiltration of American networks.

The debate over information security has raged for years with people like Edward Snowden pointing out that law enforcement agencies can't be trusted with access to our communications, or to abide by the rules that theoretically define when and how they can snoop. Now we know that they aren't competent custodians of wiretapping systems that privacy advocates warned were open invitations to bad actors.

Salt Typhoon may have done enormous damage to American security by penetrating internet systems relied on by private individuals, businesses, utilities, and government agencies. If it leads to the end of government-mandated backdoors that offer easy access to hackers, some good could come of this.

The post Chinese Hackers Used U.S. Government-Mandated Wiretap Systems appeared first on Reason.com.

Read the whole story
kazriko
3 days ago
reply
Colorado Plateau
Share this story
Delete

Microsoft plans to restart the Three Mile Island nuclear plant that narrowly avoided disaster

1 Comment

Microsoft is in the midst of a deal that would bring the infamous Three Mile Island nuclear power plant back to life, according to reporting by The Washington Post. If the name sounds familiar, it’s because the Pennsylvania plant was home to a partial meltdown of one of its reactors back in 1979.

The deal would make Microsoft the plant’s sole customer for 20 years, meaning it’ll hoover up 100 percent of the power all for itself. Why does the company need so much juice? You can guess. It’s for AI, which is notoriously power hungry. Look, if it takes an entire nuclear power plant so we can ask Bing to whip up an image of Steve Urkel in space riding a skateboard, then we gotta do it. It’s the future… or whatever.

Let’s break it down further. If this deal is approved by regulators, Three Mile Island will provide Microsoft with enough energy to power 800,000 homes. Again, no homes will be getting that energy, but don’t worry. Microsoft will be able to hold a live streaming event to show off some ghoulish new AI video generation tools or something.

I know I’m coming off as a real troglodyte here, but there is a silver lining. This could help Microsoft meet its pledge to power AI development with zero emissions electricity. It’s not as if these companies would give up on AI if there wasn’t a decommissioned nuclear power plant sitting around, so this move could help alleviate some of the strain that’s already being placed on our power grid due to ye olde artificial intelligence.

If approved, this would be a first-of-its-kind deal for a couple of reasons. A commercial power plant has never worked exclusively for one client before. It’ll also be the very first time a decommissioned power plant has come back online. It’s worth noting that the plant shut down five years ago for economic reasons, which has nothing to do with the partial meltdown from 1979. The current plan is for it to resume operations by 2028.

“The energy industry cannot be the reason China or Russia beats us in AI,” said Joseph Dominguez, chief executive of Constellation, the company that owns the plant. I’d take his jingoistic language with a grain of salt, however, as Constellation stands to make an absolute boatload of cash from this deal.

Let’s do some math. Yearly profits from a nuclear power plant averages $470 million. Microsoft will be the exclusive buyer of this energy for 20 years, which totals $9.4 billion. Constellation is spending $1.6 billion to get the plant going again, along with federal subsidies and tax breaks provided by the Inflation Recovery Act. This leaves $7.8 billion in sweet, sweet profit. That’s just a guesstimate, but you get the gist. The company does promise $1 million in "philanthropic giving to the region" over the next five years. That's $200,000 a year.  

This isn’t a done deal. There are many regulatory hurdles that Constellation will have to jump over. This includes intensive safety inspections from the federal Nuclear Regulatory Commission, which has never authorized a plant reopening. There’s also likely to be an inquiry into those aforementioned tax breaks, as all of the energy is going to one private company and not serving entire communities. But come on. Steve Urkel on a skateboard in space.

On the plus side, Constellation will need around 600 employees to run the plant, according to the New York Times. Jobs are good. Also, the company says it won’t be seeking any additional subsidies from Pennsylvania. The Palisades nuclear plant in Michigan is also looking to reopen for business, but it plans on servicing the local grid and not the gaping maw of AI. 

This article originally appeared on Engadget at https://www.engadget.com/ai/microsoft-plans-to-restart-the-three-mile-island-nuclear-plant-that-narrowly-avoided-disaster-161256442.html?src=rss



Read the whole story
kazriko
22 days ago
reply
Misleading headlines on nuclear as usual. It didn't narrowly avert a disaster. Almost everything that COULD go wrong with that style of plant, DID go wrong. That was about the worst disaster you could have without completely losing external power and not being able to keep the cooling system going. The safeties on US plants work, there was never any chance of a Chernobyl style accident with this plant.
Colorado Plateau
Share this story
Delete

Sony-backed multiplayer shooter Concord has sold only a few thousand copies

1 Comment

Concord has been available for less than two weeks, but its sales numbers are far from encouraging. According to estimates provided by various market analysts, the Overwatch-like first-person shooter has sold only a few thousand copies on both PC and PS5. If officially confirmed, these underwhelming results would turn into...

Read Entire Article

Read the whole story
kazriko
42 days ago
reply
The problem with chasing trends. when you're 8 years late to the trend...

HellDivers 2 was stepping into an underserved non-trendy niche because it's the title the developers wanted to make...
Colorado Plateau
Share this story
Delete

For the first time in more than three years, SpaceX misses a booster landing

2 Comments
A screen capture of landing video of a Falcon 9 rocket just before it tips over on Wednesday morning.

Enlarge / A screen capture of landing video of a Falcon 9 rocket just before it tips over on Wednesday morning. (credit: SpaceX)

Early on Wednesday morning, at 3:48 am ET local time, a Falcon 9 rocket booster making its 23rd launch took off from Space Launch Complex-40 at Cape Canaveral, Florida.

The mission successfully delivered 21 Starlink satellites, including 13 of the larger vehicles with direct-to-cell capabilities, before attempting a landing on the A Shortfall of Gravitas. However, the experienced booster had a shortfall of stability and tipped over shortly following touchdown.

Prior to Wednesday's landing failure, SpaceX had landed 267 boosters in a row. The company's last failure occurred in February 2021. The cause of the failure was not immediately clear, and SpaceX said "teams are assessing the booster's flight data and status." Based on video of the landing, it is possible there was an engine burn timing issue.

Fleet leader

This particular first stage of the Falcon 9 rocket made its debut in November 2020, launching the GPS III-04 mission for the US Space Force. By making its 23rd launch on Wednesday morning, Booster 1062 briefly became the fleet leader of SpaceX's collection of first stages that perform most of the company's launches.

Booster landings are considered secondary objectives to a launch's primary mission of delivering payloads into orbit. However, in recent years, SpaceX has delayed launches due to poor recovery weather conditions, as it does not want to lose the first-stage hardware, which probably costs at least $20 million to $30 million to manufacture, test, and deliver to the launch site.

The landing failure had one immediate consequence for the company's launch manifest. A second Starlink launch planned for early Wednesday morning, from the other side of the country at Vandenberg Space Force Base, was scrubbed so that SpaceX could assess the cause of the landing issue with the Florida launch.

Implications for Polaris Dawn

It is unclear whether the landing problem will impact the high-profile Falcon 9 launch of the Polaris Dawn mission, carrying Jared Isaacman and three other pilots and engineers on an adventurous mission to an orbit more than 1,200 km above the Earth before performing the first private spacewalk.

A planned launch of this mission on early Tuesday morning was scrubbed after a helium leak was discovered in the ground systems that support the rocket. Then, a second launch attempt of the vehicle on early Wednesday was scrubbed several hours before liftoff due to weather issues. Meteorologists are concerned about sea states for the Crew Dragon vehicle's landing three to five days after liftoff when the spacecraft returns to Earth in the seas near Florida.

"Our launch criteria are heavily constrained by forecasted splashdown weather conditions," Isaacman wrote on X on Tuesday evening. "With no ISS rendezvous and limited life support consumables, we must be absolutely sure of reentry weather before launching. As of now, conditions are not favorable tonight or tomorrow, so we’ll assess day by day."

The earliest that the Polaris Dawn mission could launch is now Friday morning, at 3:38 am ET (07:38 UTC) from Kennedy Space Center in Florida. But that is dependent on both weather and, now, SpaceX becoming comfortable with understanding the landing failure of Wednesday morning's Starlink launch.

Read Comments

Read the whole story
kazriko
47 days ago
reply
Nice streak there, Lets hope they beat it next time.
Colorado Plateau
fxer
47 days ago
reply
> Prior to Wednesday's landing failure, SpaceX had landed 267 boosters in a row.

Elon can shampoo my ass of course, but it’s cool we’re entering an era where spaceflight news is when a booster _isn’t_ recovered.
Bend, Oregon
Share this story
Delete

Sassy Pg 1

1 Share


Join me, my friends, as we enter the world of SASSY SORCERERS!

Ripped from the headlines of our main story, you’ve already been introduced to the Drive in-world TTRPG, “Sassy Sorcerers” (see 123456). And now we explore our own campaign!

This Tales of the Drive is drawn by the incredibly talented Mary Cagle, also known as Cube Watermelon on X and Tumblr! Mary’s style and lineart are perfect for this story, and I can’t thank her enough for the gift of her time and talents! Please go check out her work!

It was written by Beth Reidmiller and I, and was a dang delight to giggle over, as we imagined how Fillipods would approach a role-playing game.

I hope you enjoy it! It was tremendous fun for us!

The post Sassy Pg 1 appeared first on DRIVE™.

Read the whole story
kazriko
87 days ago
reply
Colorado Plateau
Share this story
Delete

Comic: July 5, 2024

1 Comment

Comic: July 5, 2024

Read the whole story
kazriko
101 days ago
reply
The first episode of the Carboniferous/Curvy author's new comic.
Colorado Plateau
Share this story
Delete
Next Page of Stories