SiliconANGLE: The Hamas-Israeli war is also being fought in cyberspace

The war between Hamas and Israel is also raging across the cybersecurity realm, with various malware exploits, disinformation campaigns and recruitment of citizen hackers seen on both sides of the conflict. Security researchers are seeing an increase in cyberattacks targeting Israeli businesses and government agencies.

In my story for SiliconANGLE, I document some of the hacker groups involved.

How to protect yourself from Predator and other spywares

I wrote about the insidious operations of the spyware known as Predator for SiliconANGLE today. This nasty piece of work infects your phone and can capture everything going on around you, and what you type, and where you go, among other things. If this sounds familiar, it is. Remember the Pegasus spyware that was sold by the Israeli NSO Group?

A consortium of international researchers and reporters have published a coordinated expose about the spyware, just like what happened a few years ago with Pegasus. What I want to talk about in conjunction with this effort are things that you can do to protect yourself. While you may not be a target, if you are sufficiently paranoid, you might want to implement at least one of the suggestions from the main Amnesty International report to protect your privacy.

I have annotated their recommendations with my own experience.

  • Update your web browser and mobile operating system software as soon as any security updates are made available for your devices. Many of the latest updates have been triggered by these spyware revelations.
  • Enable Lockdown Mode (Settings/Privacy and Security) if you use an Apple device. This can make a successful compromise of your device more challenging for an attacker. I have implemented this and so far it doesn’t seem to mess things up with normal phone operations. It does produce a regular series of warning messages saying that it is still on.
  • Be wary of clicking links from anyone, but especially strangers or people you haven’t heard from recently. Do not rely only on the preview of the URL displayed on messaging apps or social media platforms as that might be deceptive.
  • Pay attention to any changes in your devices’ functioning (i.e., shortened battery life or overheated phones). However, this by itself is not a strong indicator of suspicious activity.
  • Disable the ‘Direct Messages from Anyone’ option on Twitter. Better yet, don’t reply to anyone there.
  • On your personal Facebook accounts, manage privacy settings to limit your profile’s visibility to existing friends.
  • Speaking of Facebook, I would also carefully evaluate any new friend or Messenger requests before accepting. Also, review your post comments for any entreaties from unknown contacts and delete them quickly. I almost always get several of these each time I post. And I have deleted the Messenger app from my phone, and just wait until I am back at my desktop and use the web version. The app collects all sorts of information about your contacts.

SiliconANGLE: How the International Red Cross aims to make civilian wartime hacking more humanitarian

The role of civilian hackers during warfare continues to expand, and now at least one group is trying to set up some rules of engagement. But whether the proposal from the International Committee of the Red Cross announced Wednesday will gain any traction and make these attempts more humane is anyone’s guess. In this story for SiliconANGLE, I review the roles that civilian hackers have played in previous conflicts, how the Russian/Ukrainian war has escalated civilian participation, and what this new proposal means for future conduct.

 

Review: The Roaring Days of Zora Lily

A book cover of a person

Description automatically generatedAs a man with absolutely no fashion sense I was surprised that I was drawn into this novel and how much I absolutely loved its characters, plot lines, and settings. At its heart is a love story that spans the past century. It centers on the life and career of the title character, who becomes an expert dressmaker and designer. She has the ability to feel her fabrics, sense the style and shape of her work which spans everyday wear to movie costumes. The story is told from two perspectives: besides Zora’s narrative which mostly takes place in the 1920s (hence the title), there is a no-so-small matter of a Smithsonian curator who is putting together a show of period costumes who finds out about Zora’s past. This book is just a sheer delight, and even though I couldn’t tell you whether some hem was dropped, set, or whatever, it was still a great read with fascinating descriptions not just of the clothes but the whole design ethos surrounding their art, creation and craft. Very highly recommended. Buy it on Amazon.

Book Review: Your Face Belongs to Us by Kashmir Hill

Author Logo“Instantaneous photographs and newspaper enterprise have invaded the sacred precincts of private and domestic life.” You might be surprised to find out that this quote is more than 130 years old, from a law review article co-authored by Louis Brandeis, and inspired by the invention of Kodak film. It appears in a new book “Your Face Belongs to Us,” by Kashmir Hill, a tech reporter for the NY Times. She chronicles the journey of digital facial recognition software, focusing on Clearview AI Inc. from scrappy startup to a powerful player in the field, and exposes their many missteps, failures, and successful inroads into becoming a potent law enforcement tool.

Clearview wasn’t the only tech firm to develop facial recognition software: Google, Facebook, Microsoft, IBM, Apple and Amazon all had various projects that they either developed internally or purchased (Google with Pittsburgh Pattern Recognition and Apple with Polar Rose for example). In either case, these projects were eventually stopped because they were afraid to deploy them, as Hill writes. Facebook, for example, had face recognition projects as early as 2010 “but could afford to bide its time until some other company broke through.” But Facebook didn’t delete the code but merely turned it off, leaving the door open for some future time when perhaps the technology would be more accepted.

She documents one of the biggest challenges: being able to identify people in various candid poses, with dim lighting, with poor resolution street surveillance cameras, and looking away from the ever-seeing lens. Another challenge is legal, with lawsuits coming at Clearview from literally all corners of the globe. Leading the charge is ACLU lawyer James Ferg-Cadima and the state of Illinois, which was an early adopter of biometric privacy.

Clearview has also brought many activists to protest and lobby for restrictions. One shared his opinion that “face recognition should be thought about in the same way we do about nuclear or biological weapons.” Clearview soon “became a punching bag for global privacy regulators,” she writes, and describes several efforts in Europe during the early 2020’s that resulted in various fines and restrictions placed on the company.

Police departments were early adopters of Clearview, thanks to today’s smartphone users that post everything about their lives. That has led to one series of legal challenges which was self-inflicted. Hill documents many cases where the wrong person was identified and then arrested, such as Robert Williams. “It wasn’t a simple matter of an algorithm making a mistake,” she writes. “It was a series of human beings making bad decisions, aided by fallible technology.” She wrote that one for a NY Times article entitled, “Wrongly Accused by an Algorithm.” In many of these wrongful arrest cases, the accused were black men, which could be tracked back to inadequate training data of non-white images. (Facebook had this problem for many years with its image recognition algorithm.)

Some of Clearview’s story is inextricably bound to Hill’s own investigations, where early on she tipped off the company about her interests and was initially blocked from learning more about their technology. Eventually, she would interview Clearview’s CEO Hoan Ton-That numerous times to connect the dots. “It was astonishing that Ton-That had gone from building banal Facebook apps to creating world-changing software,” she sums up his career.

The company was determined to “scrape” the web for personal photos, and today various sources claim they have accumulated more than 30 billion images. All of these images, as she points out, were collected without anyone’s explicit permission. This collection would become infamous and exemplify a world “in which people are prejudged based on choices they’ve made in the past, not their behavior in the present,” she wrote. You could say that on the internet, everyone knows you once were a dog.

She finds that Clearview created a “red list” which would remove certain VIPs from being tracked by its software by government edict. “Being unseen is a privilege.” Unfortunately, it is getting harder and harder to be unseen, because even if you petition Clearview to remote your images from their searches and from public web sources, they still have a copy buried deep within their database. Her book is an essential document about how this technology has evolved, and what we as citizens have to do to protect ourselves.

SiliconANGLE: After 10 years of crypto scammers, there is still a rocky road ahead

Running a criminal cryptocurrency enterprise has certainly gotten more complicated.

It was 10 years ago this week when Ross Ulbricht walked into a branch of the San Francisco public library to spend another day running the Silk Road, his marketplace for buying and selling illegal and questionable goods. He walked out in handcuffs after an elaborate sting operation carried out by the FBI. This week, the scene shifts to a downtown New York City courtroom, where former FTX Trading Ltd. founder and former Chief Executive Sam Bankman-Fried faces 12 counts that he attempted to defraud investors for his various alleged crypto-related schemes.

Although the two events deal with vastly different parts of the criminal justice system, they are notable bookends in the past decade for the rise and fall of cryptocurrencies, along with associated technologies regarding blockchains, smart contracts and other elements of this universe.

You can read my analysis of this historic moment in SiliconANGLE here.

Using Fortnite for actual warfare

What do B-52s and a Chinese soccer stadium have in common? Both are using Epic Games’ Unreal Engine to create digital twins to help with their designs. Now, you might think having a software gaming engine would be a stretch to retrofit the real engines on a 60-plus year old bomber, but that is exactly what Boeing is doing. The 3D visualization environment makes it easier to design and provide faster feedback to meet the next generation of military pilots.

This being the military, the notion of “faster” is a matter of degree. The goal is for Boeing to replace the eight Pratt and Whitney engines on each of 60-some planes, as well as update cockpit controls, displays and other avionics. And the target date? Sometime in 2037. So check back with me then.

Speaking of schedules, let’s look at what is happening with that Xi’an stadium. I wrote about the soccer stadium back in July 2022 and how the architects were able to create a digital twin of the stadium to visualize seating sight lines and how various building elements would be constructed. It is still under construction, but you can see a fantastic building taking shape in this video. However slowly the thing is being built, it will probably be finished before 2037, or even before 2027.

Usually, when we talk about building digital twins, we mean taking a company’s data and making it accessible to all sorts of analytical tools. Think of companies like Snowflake, for example, and what they do. But the gaming engines offer another way to duplicate all the various systems digitally, and then test different configurations by literally putting a real bomber pilot in a virtual cockpit to see if the controls are in the right place, or the new fancy hardware and software systems can provide the right information to a pilot. If you look at the cockpit of another Boeing plane — the iconic 747, now mostly retired, you see a lot of analog gauges and physical levers and switches.

Now look at the 777 cockpit — see the difference? Everything is on a screen.

product image

It is ironic in a way: we are using video gaming software to reproduce the real world by placing more screens in front of the people that are depicted in the games. A true Ender’s Game scenario, if you will.

SiliconANGLE: This week’s news

I have known John Kindervag for many years, going back to the days when Novell Netware was a major power and Interop a must-see international conference. Yes, those dinosaurs have become extinct, but John soldier’s on with promoting zero trust networking far and wide. Now he is with Illumio, which seems like a great fit. I interview him for a post here.

Have you heard the term purple teams in reference to IT security? There is yet another new vendor on the purple scene, and the purple trend is catching on, albeit slowly. The notion is to have both defenders and attackers collaborate, and learn something from each other. Here is my take on the situation.

Finally, there has been yet another NFT hack, this time with one of the OG NFT marketplaces OpenSea. It is not their first time when funds were stolen. You would hope by now they would have gotten their act together. Here is my post about the situation.

SiliconANGLE: Security threats of AI large language models are mounting, spurring efforts to fix them

A new report on the security of artificial intelligence large language models, including OpenAI LP’s ChatGPT, shows a series of poor application development decisions that carry weaknesses in protecting enterprise data privacy and security. The report is just one of many examples of mounting evidence of security problems with LLMs that have appeared recently, demonstrating the difficulty in mitigating these threats. I take a deeper dive into a few different sources and suggest ways to mitigate the threats of these tools in my post for SiliconANGLE here.