This is House Arrest with the IT Privacy and Security Weekly update for April 19th., 2022


We start with another case of house arrest and end up where? Having our DNA broadcast to Martians (and we don’t mean those who have saved a hundred grand to fly with Elon).

In between, we have our moods checked by AI, we, along with 2999 others, end up with tummy aches, we take apart a high-end piece of Russian drone technology and we get a court decision on data scraping that could have repercussions across the world.

This is house arrest, in the best IT Privacy and Security update yet, come but wear your Sunday best!


PT: RaidForums Get Raided, Alleged Admin Arrested. This is House Arrest.

The U.S. Department of Justice (DOJ) recently seized the website and user database for RaidForums, an extremely popular English-language cybercrime forum that sold access to more than 10 billion consumer records stolen in some of the world’s largest data breaches since 2015.

The DOJ also charged the alleged administrator of RaidForums – 21-year-old Diogo Santos Coelho, of Portugal – with six criminal counts, including conspiracy, access device fraud, and aggravated identity theft.

So what’s the upshot for you? First Diogo had 2 years of Covid lockdown, now he gets to enjoy another few years of lockup. Wouldn’t want to be him.

KP/US: Treasury updates Lazarus Group sanctions with digital currency address linked to Ronin Bridge hack

There wasn’t much new in the most recent announcement of U.S. sanctions against the North Korean hackers known as Lazarus Group — except for one very important detail…

The U.S. Treasury Department’s announcement cited a single digital currency address, and cryptocurrency-tracking company Chainalysis quickly linked it to the March hack of Ronin Bridge, which connects the Axie Infinity video game with the Ethereum blockchain.

About $600 million in crypto ended up at the address.

The department’s Office of Foreign Assets Control (OFAC) said the sanctions were part of the Biden administration’s “persistent engagement vision” for confronting North Korea’s financially motivated hacking.

OFAC’s designations included a digital currency address that cryptocurrency-tracking company Chainalysis linked to the March hack of Ronin Bridge, which connects the Axie Infinity video game with the Ethereum blockchain.

During the attack, the address cited by the U.S. Treasury received 173,600 Ethereum coins and 25.5 million in USDC, a digital coin linked to the U.S. dollar — about $600 million worth of digital assets in total.

So what’s the upshot for you? The US Treasury says Lazarus Group is helping to illicitly fund Pyongyang’s weapons programs.

RU: Conti’s Ransomware Toll on the Healthcare Industry

Conti is one of the most ruthless and successful Russian ransomware groups and publicly declared during the height of the COVID-19 pandemic that it would refrain from targeting healthcare providers.

But new information confirms this pledge was always a lie, and that Conti has launched more than 200 attacks against hospitals and other healthcare facilities since first surfacing in 2018 under its earlier name, “Ryuk.”

The FBI says Conti typically gains access to victim networks through weaponized malicious email links, attachments, or stolen Remote Desktop Protocol (RDP) credentials, and that it weaponizes Microsoft Office documents with embedded Powershell scripts giving them the ability to deploy ransomware.

The FBI said Conti has been observed inside victim networks between four days and three weeks on average before deploying ransomware.

So what’s the upshot for you? With every new revelation, Russia digs itself deeper into a hole it may never come out of.

US:Web Scraping is Legal, US Appeals Court Reaffirms

The landmark ruling by the U.S. Ninth Circuit of Appeals is the latest in a long-running legal battle brought by LinkedIn aimed at stopping a rival company from scraping personal information from users’ public profiles.

The case reached the U.S. Supreme Court last year but was sent back to the Ninth Circuit for the original appeals court to re-review the case.

In its second ruling on Monday, the Ninth Circuit reaffirmed its original decision and found that scraping data that is publicly accessible on the internet is not a violation of the Computer Fraud and Abuse Act, or CFAA, which governs what constitutes computer hacking under U.S. law.

The Ninth Circuit’s decision is a major win for archivists, academics, researchers, and journalists who use tools to mass-collect or scrape, information that is publicly accessible on the internet.

Without a ruling in place, long-running projects to archive websites no longer online and using publicly accessible data for academic and research studies have been left in legal limbo.

But there have been egregious cases of scraping that have sparked privacy and security concerns.

Facial recognition startup Clearview AI claims to have scraped billions of social media profile photos, prompting several tech giants to file lawsuits against the startup.

Several companies, including Facebook, Instagram, Parler, Venmo, and Clubhouse have all had users’ data scraped over the years.

So what’s the upshot for you? Using a “gate-up, gate-down” analogy, the Supreme Court said that when a computer or website’s gates are up — and therefore information is publicly accessible — no authorization is required. Remember that the next time you post.

Global: DevOps teams worry CSPs are becoming competitors

  • AWS: 32%
  • Azure: 22%
  • Google Cloud: 18%

…are the hyper-scalers…

  • Other cloud providers: 15%. …The “other” list includes DigitalOcean, Equinix Metal, Hetzner, Linode, OVHcloud, Rackspace, UpCloud, and Vultr.
  • Oracle Cloud: 6%
  • IBM Cloud: 4%

Although the hyper-scalers hold most of the cloud provider market share, DevOps teams are worried about these companies stealing intellectual property or becoming a direct competitor.

The top three tech priorities for selecting a CSP were high data security, better price/performance, and technical know-how of the provider’s support team. The survey also asked about the top business criteria for selecting a CSP. Trust was at the top of the list.

So what’s the upshot for you? Trust was always at or near the top of the list of evaluation criteria when taking on a CSP.

US: GSA looks into facial recognition bias and improving accessibility in federal web services

The U.S. General Services Administration, which procures and investigates tech for things like government websites and online services, is making a two-pronged push for accessibility in its recently released Equity Action Plan.

Websites must be made accessible beyond the bare minimum, it said, and bias in facial recognition systems means the feds will be avoiding it wherever possible.

The Action Plan is the result of a bit of introspection at the GSA, which “conducted equity assessments and identified a set of actions for three high-impact focus areas,” one of which is “federal technology design & delivery.”

“Those who most need government services will often have the most difficulty accessing them,” reads the memo’s intro. “We are dedicated to actions that prioritize equitable user experience as a core design principle, mitigate algorithmic bias, improve digital accessibility, and modernize the delivery of government services to the American people.”

To that end, the GSA identified two major problems with the recent approach to providing those services.

One is an under-commitment to accessibility, or perhaps it is better stated as a firm commitment to bare compliance and not meeting the community’s needs.

It will also work on making sites perform better on old computers, phones, and devices with limited bandwidth.

The second problem is that facial recognition services are racially biased. This likely will not come as a surprise to readers of this website, but government procurement and deployment processes are slow and weird, so it’s not entirely surprising that the feds will only now be catching up with what the tech community has been warning of for years.

“Through our own testing, GSA learned that major commercial implementations of facial matching had disproportionately high ‘False Rejection Rates’ for African Americans,” the memo reads, noting at least that this is consistent with the larger body of research in this domain.

So what’s the upshot for you? Before you can fix a problem, you have to acknowledge it is a problem. We applaud this initiative.

Global: Companies are using AI to monitor your mood during sales calls. Zoom might be next.

Virtual sales meetings have made it tougher than ever for salespeople to “read the room”.

So, some well-funded tech providers are stepping in with a bold sales pitch of their own: that AI can not only help sellers communicate better, but detect the “emotional state” of a deal — and the people they’re selling to.

In fact, while AI researchers have attempted to instill human emotion into otherwise cold and calculating robotic machines for decades, sales and customer service software companies including Uniphore and Sybill are building products that use AI in an attempt to help humans understand and respond to human emotion. Virtual meeting powerhouse Zoom also plans to provide similar features in the future.

“It’s very hard to build rapport in a relationship in that type of environment,” said one director of product marketing.

One system, called Q for Sales, might indicate that a potential customer’s sentiment or engagement level perked up when a salesperson mentioned a particular product feature, but then drooped when the price was mentioned.

Sybill, a competitor, also uses AI in an attempt to analyze people’s moods during a call.

Uniphore’s software incorporates computer vision, speech recognition, natural-language processing, and emotion AI to pick up on the behavioral cues associated with someone’s tone of voice, eye, and facial movements or another non-verbal body language, then analyzes that data to assess their emotional attitude.

So what’s the upshot for you? Of course there are limitations to the technology… “There is no real objective way to measure people’s emotions. You could be smiling and nodding, and in fact, you’re thinking about your vacation next week.”

Smile followed by a nod….

US: Intel calls its AI that detects student emotions a teaching tool. Others call it 'morally reprehensible.'

When college instructor Angela Dancey wants to decipher whether her first-year English students comprehend what she’s trying to get across in class, their facial expressions and body language don’t reveal much.

"Even in an in-person class, students can be difficult to read.

Typically, undergraduates don’t communicate much through their faces, especially a lack of understanding," said Dancey, a senior lecturer at the University of Illinois Chicago.

Dancey uses tried-and-true methods such as asking students to identify their “muddiest point” – a concept or idea she said students still struggle with – following a lecture or discussion.

“I ask them to write it down, share it and we address it as a class for everyone’s benefit,” she said.

But Intel and Classroom Technologies, which sells virtual school software called Class, think there might be a better way.

The companies have partnered to integrate an AI-based technology developed by Intel with Class, which runs on top of Zoom.

Intel claims its system can detect whether students are bored, distracted, or confused by assessing their facial expressions and how they’re interacting with educational content.

“We can give the teacher additional insights to allow them to better communicate,” said Michael Chasen, co-founder, and CEO of Classroom Technologies, who said teachers have had trouble engaging with students in virtual classroom environments throughout the pandemic.

His company plans to test Intel’s student engagement analytics technology, which captures images of students’ faces with a computer camera and computer vision technology and combines it with contextual information about what a student is working on at that moment to assess a student’s state of understanding.

Intel hopes to transform the technology into a product it can distribute more broadly, said Sinem Aslan, a research scientist at Intel, who helped develop the technology. “We are trying to enable one-on-one tutoring at scale,” said Aslan, adding that the system is intended to help teachers recognize when students need help and to inform how they might alter educational materials based on how students interact with the educational content.

“High levels of boredom will lead [students to] completely zone out of educational content,” said Aslan.

But critics argue that it is not possible to accurately determine whether someone is feeling bored, confused, happy, or sad based on their facial expressions or other external signals.

So what’s the upshot for you? Intel developed its adaptive learning analytics system by incorporating data gathered from students in real-life classroom sessions using laptops with 3D cameras.

To label the ground truth data used to train its algorithmic models, the researchers hired psychologists who viewed videos of the students and categorized the emotions they detected in their expressions.

Just wondering if the psychologists were middle-aged white males?

ES:Catalan Independence Leaders Targeted By Spyware, Rights Group Says

Catalonia’s regional leader accused the Spanish government on Monday of spying on its citizens after a rights group said his phone and dozens more belonging to Catalan pro-independence figures had been infected with spyware used by sovereign states.

The Citizen Lab digital rights group found more than 60 people linked to the Catalan separatist movement, including several members of the European Parliament, other politicians, lawyers, and activists, had been targeted with “Pegasus” spyware made by Israel’s NSO Group after a failed independence bid.

NSO, which markets the software as a law-enforcement tool, said Citizen Lab and Amnesty International, which was not involved in this investigation but has published previous studies about Pegasus, had produced inaccurate and unsubstantiated reports to target the company.

Newspaper El Pais subsequently reported that Spain’s CNI intelligence agency did have access to the software.

Amnesty urged Spain to investigate the use of Pegasus and disclose whether it was a client of NSO.

So what’s the upshot for you? This won’t be our last story on the NSO group’s Pegasus spyware. We are pretty sure of that.

RU/PL:Cyberattacks On Russian Targets Jumped 5X After Invasion Of Ukraine

Russia is now the most-attacked country in the world and Russian citizens, who make up less than 2% of the global population, now constitute almost a fifth of all cyberattack victims. In fact, five times more Russian accounts were breached in March than in January as cyberattacks have ramped up significantly in 2022.

While the U.S., Canada, and many other countries showed fewer successful attacks and saw cybersecurity attacks dip 58% quarter over quarter, attacks on Russia are sharply up with 136% more email accounts breached.

So what’s the upshot for you? The other stat revealed was that Poland, which has shown such tremendous support for the Ukrainian refugees, is also up sharply as a victim of cyberattacks.

Meanwhile, although cyberattacks against the US seem lower due to some preemptive work on the part of the US Govt. bods. they warn that Russian scanning of US resources is continuous and that anything left unsecured, like Republican National Committee IT services partner Synnex accounts, will be compromised (as happened last week).

UA: Ukraine Opens Russian Drone, Finds Canon DSLR taped Inside

Ukraine’s Ministry of Defense has released a video in which a Ukrainian soldier disassembles a Russian military surveillance drone. The teardown revealed a remarkably rudimentary design that features a low-end Canon DSLR camera at its core.

The 2-minute video shows a soldier sitting next to what it says is a Russian Orlan-10 unmanned aerial vehicle (UAV) that had crashed in Ukraine.

The soldier notes how surprisingly low-tech the military drone is — observers quickly pointed out that certain aspects of it are more reminiscent of a hobbyist RC airplane project than a high-tech piece of military spying technology.

What the soldier found is that the primary camera responsible for image capture is a Canon EOS Rebel T6i (AKA 750D), a DSLR camera launched in 2015 prices at $300 to $400 on the used market.

The camera is mounted to a board with a hook-and-loop fastener strip (commonly referred to as Velcro).

The camera is held in place with a Velcro strip.

The mode dial of the camera has been frozen with glue, preventing the camera shooting mode from accidentally being switched mid-flight.

On the top of the drone, the fuel tank’s cap suggests that it may have been made from some kind of plastic water bottle. Various parts of the drone are also fixed together with some kind of duct tape.

The Ukrainian news agency UNIAN reported in 2017 after the downing of a drone that the Orlan-10 costs between $87,000 and $120,000 per unit.

“The Orlan-10 is developed by Russian-based Special Technological Center Ltd. The hull and the engine are made in Russia, its electronic components come from Taiwan.

“Russia often uses this model in Donbas for reconnaissance and adjustment of artillery fire.”

It now seems some electronic components in the drone also come from Japan, as well.

So what’s the upshot for you? We missed this story last week, but it had us giggling… Canon Europe already announced in March that it had suspended new shipments of products into Russia in response to the country’s invasion of Ukraine. Will that move have any impact on Russia’s drone program?

Global: Firmware Flaws Allow Disabling Secure Boot on Lenovo Laptops

Computer maker Lenovo has started pushing security patches to address three vulnerabilities impacting the UEFI firmware of more than 110 laptop models.

According to a Lenovo advisory, exploitation of the driver flaws could allow attackers with elevated privileges to either:

  1. Modify the secure boot settings or
  2. Modify the firmware protection region.
  3. the third bug could allow a local attacker with elevated privileges to execute arbitrary code.

The security defects were reported to Lenovo in October 2021. The computer maker has already issued patches for multiple laptop models and targets May 10 for the rollout of firmware updates for its remaining products.

So what’s the upshot for you? If you own a Lenovo laptop, the next couple of weeks would be a good time to check for firmware updates.

US: And under the title of Physical Security comes "UnLucky Charms"

This story may leave any parent that ever let their child eat any of this with pangs of guilt…

When we looked, Lucky Charms was trending highest on the “” website. So much so that the US Food and Drug Association is apparently set to start proceedings against General Mills, the cereal’s manufacturer.

Lucky Charms was the cereal we all wanted as kids.

Brightly colored marshmallow bits whose ingredients listed: Oats, Sugar, Corn Starch, Modified Corn Starch, Corn Syrup, Dextrose. Salt, Gelatin, Trisodium Phosphate (also used as an industrial cleaning agent), Red 40, Yellow 5 & 6, Blue 1, Natural and Artificial Flavor, and mixed tocopherols added to preserve freshness.

What kid would not want to eat that?

Well, now it seems the US Food and Drug Administration is launching into action against the brand/cereal.

So what’s the upshot for you? 3000 people have already filed reports of various adverse physical reactions, to what is essentially… children’s food.

US: “The Truth is out there.”. U.S. Space Command finally confirms interstellar meteor hit Earth

“The U.S. Space Command announced this week that it determined a 2014 meteor hit that hit Earth was from outside the solar system,” reports CBS News. “The meteor streaked across the sky off the coast of Manus Island, Papua New Guinea three years earlier than what was believed to be the first confirmed interstellar object detected entering our solar system.”

After Oumuamua was spotted in 2017, the interstellar comet Borisov appeared in 2019 — discovered in Crimea, Ukraine at a “personal observatory” built by amateur astronomer Gennadiy Borisov"

But CBS notes that despite their theory about the first interstellar meteor in 2014, the two Harvard astronomers — Dr. Amir Siraj and Dr. Abraham Loeb — “had trouble getting their paper published because they used classified information from the government.” Specifically, data from a classified U.S. government satellite designed to detect foreign missiles…

The meteor was unusual because of its very high speed and unusual direction — which suggested it came from interstellar space. Any space object traveling more than about 42 kilometers per second may come from interstellar space. The data showed the 2014 Manus Island fireball hit the Earth’s atmosphere at about 45 kilometers per second, which was “very promising” in identifying it as interstellar, Siraj said.

After more research and help from other scientists, including classified information from the government about the accuracy or level of precision of the data, Siraj and Loeb determined with 99.999% certainty the object was interstellar.

But their paper on the finding was being turned down because the pair only had a private conversation with an anonymous U.S. government employee to confirm the accuracy of the data.

“We had thought this was a lost cause,” Dr. Siraj told the New York Times — which couldn’t resist adding that “it turned out, the truth was out there.”

Last month, the U.S. Space Command released a memo to NASA scientists that stated the data from the missile warning satellites’ sensors “was sufficiently accurate to indicate an interstellar trajectory” for the meteor.

Many scientists, including those at NASA, say that the military still has not released enough data to confirm the interstellar origins of the space rock, and a spokesperson said Space Command would defer to other authorities on the question.

But it wasn’t the only information about meteors to be released.

The military also handed NASA decades of secret military data on the brightness of hundreds of other fireballs, or bolides.

The Times notes that data from classified military satellites "could also aid NASA in its federally assigned role as defender of planet Earth from killer asteroids.

And that is the goal of a new agreement with the U.S. Space Force that aims to help NASA’s Planetary Defense Coordination Office better understand what happens when space rocks reach the atmosphere. Sharing sensitive military satellite data with astronomers has led to significant scientific discoveries in the past.

A group of satellites deployed in the 1960s by the United States to detect covert detonations of nuclear weapons on Earth accidentally became the key instruments used to make the first detection of extraterrestrial gamma-ray bursts. The bursts showed up on the satellites, code-named Vela, as single bursts of energy, confusing analysts at Los Alamos who later declassified the data in a 1973 paper that spurred academic debate about the bursts’ origins.

So what’s the upshot for you? A core reason for Space Force’s increasing ties with NASA has centered on the agency’s congressional mandate to detect nearly all asteroids that could threaten the Earth.

When NASA signed an agreement in 2020 to strengthen ties with Space Force, the agency acknowledged it had fallen behind in its asteroid-tracking efforts and would need Pentagon resources to carry out its planetary defense mission.

Outer Space: Scientists Hope To Broadcast DNA and Earth’s Location For Curious Aliens

“Even if the aliens are short, dour, and sexually obsessed,” the late cosmologist Carl Sagan once mused, “if they’re here, I want to know about them.”

Driven by the same mindset, a Nasa-led team of international scientists has developed a new message that it proposes to beam across the galaxy in the hope of making first contact with intelligent extraterrestrials.

The interstellar missive, known as the Beacon in the Galaxy, opens with simple principles for communication, some basic concepts in maths and physics, the constituents of DNA, and closes with information about humans, the Earth, and a return address should any distant recipients be minded to reply.

The group of researchers, headed by Dr. Jonathan Jiang at Nasa’s Jet Propulsion Laboratory in California, says that with technical upgrades the binary message could be broadcast into the heart of the Milky Way by the Seti Institute’s Allen Telescope Array in California and the 500-meter Aperture Spherical Radio Telescope in China.

In a preliminary paper, which has not been peer-reviewed, the scientists recommend sending the message to a dense ring of stars near the center of the Milky Way – a region deemed most promising for life to have emerged.

“Humanity has, we contend, a compelling story to share and the desire to know of others – and now has the means to do so,” the scientists write.

The message, if it ever leaves Earth, would not be the first. The Beacon in the Galaxy is loosely based on the Arecibo message sent in 1974 from an observatory of the same name in Puerto Rico.

That targeted a cluster of stars about 25,000 light-years away, so it will not arrive any time soon. Since then, a host of messages have been beamed into the heavens including an advert for Doritos and an invitation, written in Klingon, to a Klingon Opera in The Hague.

So what’s the upshot for you? Flinging the detail about our DNA across the universe could be asking for trouble. Where is the privacy in sharing our DNA with … aliens?

And a final quote from IT Security researcher Brian Krebs: “I’ve come to the conclusion that if you give a data point to a company, they will eventually sell it, leak it, lose it, or get hacked and relieved of it. There really don’t seem to be any exceptions.”

spoonful-of-original-lucky-charms-spoon-of-lucky Right

That’s it for this week. Stay safe, stay, secure, watch that cabin fever, and we’ll see you in se7en.