Electronic Frontier Foundation

EFF: Thousands of People Have Secure Messaging Clients Infected By Spyware (eff.org) 31

An anonymous reader quotes the EFF: The Electronic Frontier Foundation (EFF) and mobile security company Lookout have uncovered a new malware espionage campaign infecting thousands of people in more than 20 countries. Hundreds of gigabytes of data has been stolen, primarily through mobile devices compromised by fake secure messaging clients. The trojanized apps, including Signal and WhatsApp, function like the legitimate apps and send and receive messages normally. However, the fake apps also allow the attackers to take photos, retrieve location information, capture audio, and more.

The threat, called Dark Caracal by EFF and Lookout researchers, may be a nation-state actor and appears to employ shared infrastructure which has been linked to other nation-state actors. In a new report, EFF and Lookout trace Dark Caracal to a building belonging to the Lebanese General Security Directorate in Beirut. "People in the U.S., Canada, Germany, Lebanon, and France have been hit by Dark Caracal. Targets include military personnel, activists, journalists, and lawyers, and the types of stolen data range from call records and audio recordings to documents and photos," said EFF Director of Cybersecurity Eva Galperin. "This is a very large, global campaign, focused on mobile devices. Mobile is the future of spying, because phones are full of so much data about a person's day-to-day life."

Dark Caracal apparently gets installed through carefully-targeted spearphishing attacks, accoridng to the EFF. "Several types of phishing emails directed people -- including military personnel, activists, journalists, and lawyers -- to go to a fake app store-like page, where fake Android apps waited. There is even evidence that, in some cases, Dark Caracal used physical access to peopleâ(TM)s phones to install the fake apps."
The Military

America's Fastest Spy Plane May Be Back -- And Hypersonic (bloomberg.com) 299

A Lockheed Skunk Works executive implied last week at an aerospace conference that the successor to one of the fastest aircraft the world has seen, the SR-71 Blackbird, might already exist. Previously, Lockheed officials have said the successor, the SR-72, could fly by 2030. Bloomberg reports: Referring to detailed specifics of company design and manufacturing, Jack O'Banion, a Lockheed vice president, said a "digital transformation" arising from recent computing capabilities and design tools had made hypersonic development possible. Then -- assuming O'Banion chose his verb tense purposely -- came the surprise. "Without the digital transformation, the aircraft you see there could not have been made," O'Banion said, standing by an artist's rendering of the hypersonic aircraft. "In fact, five years ago, it could not have been made." Hypersonic applies to speeds above Mach 5, or five times the speed of sound. The SR-71 cruised at Mach 3.2, more than 2,000 mph, around 85,000 feet.

"We couldn't have made the engine itself -- it would have melted down into slag if we had tried to produce it five years ago," O'Banion said. "But now we can digitally print that engine with an incredibly sophisticated cooling system integral into the material of the engine itself and have that engine survive for multiple firings for routine operation." The aircraft is also agile at hypersonic speeds, with reliable engine starts, he said. A half-decade before, he added, developers "could not have even built it even if we conceived of it."

The Military

'Don't Fear the Robopocalypse': the Case for Autonomous Weapons (thebulletin.org) 150

Lasrick shares "Don't fear the robopocalypse," an interview from the Bulletin of the Atomic Scientists with the former Army Ranger who led the team that established the U.S. Defense Department policy on autonomous weapons (and has written the upcoming book Army of None: Autonomous Weapons and the Future of War). Paul Scharre makes the case for uninhabited vehicles, robot teammates, and maybe even an outer perimeter of robotic sentries (and, for mobile troops, "a cloud of air and ground robotic systems"). But he also argues that "In general, we should strive to keep humans involved in the lethal force decision-making process as much as is feasible. What exactly that looks like in practice, I honestly don't know."

So does that mean he thinks we'll eventually see the deployment of fully autonomous weapons in combat? I think it's very hard to imagine a world where you physically take the capacity out of the hands of rogue regimes... The technology is so ubiquitous that a reasonably competent programmer could build a crude autonomous weapon in their garage. The idea of putting some kind of nonproliferation regime in place that actually keeps the underlying technology out of the hands of people -- it just seems really naive and not very realistic. I think in that kind of world, you have to anticipate that there are, at a minimum, going to be uses by terrorists and rogue regimes. I think it's more of an open question whether we cross the threshold into a world where nation-states are using them on a large scale.

And if so, I think it's worth asking, what do we mean by"them"? What degree of autonomy? There are automated defensive systems that I would characterize as human-supervised autonomous weapons -- where a human is on the loop and supervising its operation -- in use by at least 30 countries today. They've been in use for decades and really seem to have not brought about the robopocalypse or anything. I'm not sure that those [systems] are particularly problematic. In fact, one could see them as being even more beneficial and valuable in an age when things like robot swarming and cooperative autonomy become more possible.

The Military

Russian Military Base Attacked By Drones (bellingcat.com) 183

A Russian military base in Syria was recently attacked -- 20 miles from the frontline. The only video of the attack is from a Facebook group for a nearby town, which identifies the noises as an "anti-aircraft response to a remote-controlled aircraft," while the Russian Ministry of Defence claims at least 13 drones were involved in the attack, displaying pictures of drones with a wingspan around 13 feet (four meters).

Long-time Slashdot reader 0x2A shares a report from a former British Army officer who calls drones "the poor man's Air Force," who writes that the attack shows "a strategic grasp of the use of drones, as well as a high level of planning." The lack of cameras on the drones suggest that they are likely pre-loaded with a flight plan and then flown autonomously to their target, where they dropped their payload en masse on a given GPS coordinate... The lack of any kind of claim, or even rumours from the rebels, indicates that whoever is producing these drone and launching these attacks has a high level of discipline and an understanding of operational and personal security...

Although some regard the threat from commerical off-the-shelf and improvised drones as negligible, they have the power to inflict losses at both a tactical and strategic level... Although the plastic sheeting, tape and simple design may belie the illusion of sophistication, it seems that the use of drones, whether military, commerical off-the-shelf or improvised, is taking another step to becoming the future of conflict.

The article notes there's already been four weaponized drone attacks in Syria over the last two weeks, which according to CNBC may be part of a growing trend. "Experts said swarm-like attacks using weaponized drones is a growing threat and likely to only get worse. They also said the possibility exists of terrorists using these drones in urban areas against civilians."
United States

Top US Government Computers Linked to Revenge-Porn Site (thedailybeast.com) 97

Joseph Cox, reporting for The Daily Beast: Data obtained by a security analyst and shared with The Daily Beast reveals the behind-the-scenes of the epicenter of revenge porn: a notorious image board called Anon-IB, where users constantly upload non-consensual imagery, comment on it, and trade nudes like baseball cards. The data shows Anon-IB users connecting from U.S. Senate, Navy, and other government computers, including the Executive Office of the President, even as senators push for a bill that would further combat the practice, and after the military's own recent revenge-porn crisis. "Wow tig ol bitties. You have any nudes to share?" someone wrote in November, underneath a photo of a woman who apparently works in D.C., while connecting from an IP address registered to the U.S. Senate.

Anon-IB is a free-to-use message board where users post images, typically of women, and which is split into various genre or location sections. Some parts are focused on countries, while U.S. sections may narrow down to a state. Many users pursue so-called wins, which are nude or explicit photos, and may egg each other on to share more images. Anon-IB was also intertwined with a 2014 breach of celebrity nudes referred to as The Fappening. "Looking for wins of [redacted]. She used to send nudes to my friend all of the time. Would love to see some more," someone connecting from the U.S. Senate IP address wrote last August.

Space

Rumors Swirl That Secret Zuma Satellite Launched By SpaceX Was Lost (scientificamerican.com) 171

Many media outlets are reporting that the U.S. government's top-secret Zuma satellite may have run into some serious problems during or shortly after its Sunday launch. Zuma was launched atop a SpaceX Falcon 9 rocket from Florida's Cape Canaveral Air Force Station Sunday evening -- a launch that also featured a successful landing back on Earth by the booster's first stage. While everything seemed fine at the time, rumors began swirling within the spaceflight community that something had happened to Zuma. "According to one source, the payload fell back to Earth along with the spent upper stage of the Falcon 9 rocket," Ars Technica's Eric Berger wrote. Scientific American reports: To be clear: There is no official word of any bad news, just some rumblings to that effect. And the rocket apparently did its job properly, SpaceX representatives said. "We do not comment on missions of this nature, but as of right now, reviews of the data indicate Falcon 9 performed nominally," company spokesman James Gleeson told Space.com via email. Space.com also reached out to representatives of aerospace company Northrop Grumman, which built Zuma for the U.S. government. "This is a classified mission. We cannot comment on classified missions," Northrop Grumman spokesman Lon Rains said via email. All we know about the satellite itself is that it was destined for a low-Earth orbit and built for the U.S. government. We will update this story if we hear anything else about Zuma's status.
The Military

Pentagon Seeks Laser-Powered Bat Drones (defenseone.com) 44

Zorro quotes DefenseOne: A new contest seeks flight systems inspired by Mother Nature and powered by directed-energy beams. Tired: multi-rotor copters and fixed-wing drones. Wired: flying robots that move like living animals, are crafted of next-generation materials, and draw their power not from batteries but energy beamed from nearby aircraft...

"The biological study of agile organisms such as bats and flying insects has yielded new insights into complex flight kinematics of systems with a large number of degrees of freedom, and the use of multi-functional flight surface materials," the announcement reads. The Air Force believes that more and more naturalistic design -- coupled with more powerful and smaller sensors to form a better picture of the outside world -- should yield "significant improvements in maneuverability, survivability and stealth over traditional quadcopter or fixed wing designs."

The article includes a link to a CalTech video showing footage of an advanced robotic bat.
Businesses

Ford is Giving Its Factory Workers Robot Exo-suits To Ease To Burden of Building Cars (qz.com) 49

Mike Murphy, writing for Quartz: Ford's cars are getting closer to driving themselves, but they still need humans to build them. And because people aren't quite as durable as robots, it's trying to make those jobs easier by developing a suit with Ekso Bionics that takes the stress out of working long hours on a car assembly floor. Ekes, founded in 2005 in California, builds exoskeletons, essentially robotic assistive systems that people strap into to make walking, lifting, and standing easier. It's worked with the US military to build suits for soldiers. The system Ekso developed with Ford, called the EksoVest, doesn't use any motors to make working on factory lines less stressful, and it's nothing like what you see in movies, as it simply uses hydraulics to redistribute weight so that workers can comfortably raise their arms above their heads for extended periods of time. The suit can be worn by anyone from 5 ft to 6 ft 4 inches tall, and can provide lift assistance up to 15 pounds per arm. Some assembly-line workers at the average Ford plant lift their arms 4,600 times a day -- or about 1 million times a year, the company said.
Space

SpaceX's Latest Advantage? Blowing Up Its Own Rocket, Automatically (qz.com) 126

SpaceX has reportedly worked with the Air Force to develop a GPS-equipped on-board computer, called the "Automatic Flight Safety System," that will safely and automatically detonate a Falcon 9 rocket in the sky if the launch threatens to go awry. Previously, an Air Force range-safety officer was required to be in place, ready to transmit a signal to detonate the rocket. Quartz reports: No other U.S. rocket has this capability yet, and it could open up new advantages for SpaceX: The U.S. Air Force is considering launches to polar orbits from Cape Canaveral, but the flight path is only viable if the rockets don't need to be tracked for range-safety reasons. That means SpaceX is the only company that could take advantage of the new corridor to space. Rockets at the Cape normally launch satellites eastward over the Atlantic into orbits roughly parallel to the equator. Launches from Florida into orbits traveling from pole to pole generally sent rockets too close to populated areas for the Air Force's liking. The new rules allow them to thread a safe path southward, past Miami and over Cuba.

SpaceX pushed for the new automated system for several reasons. One was efficacy: The on-board computer can react more quickly than human beings relying on radar data and radio transmissions to signal across miles of airspace, which gives the rocket more time to correct its course before blowing up in the event of an error. As important, the automated system means the company doesn't need to pay for the full use of the Air Force radar installations on launch day, which means SpaceX doesn't need to pay for some 160 U.S. Air Force staff to be on duty for their launches, saving the company and its customers money. Most impressively, the automated system will make it possible for SpaceX to fly multiple boosters at once in a single launch.

The Military

Neuro, Cyber, Slaughter: Emerging Technological Threats In 2017 (thebulletin.org) 38

"Wouldn't it be nice if advances in technology stopped throwing new problems at the world? No such luck," writes Bulletin of the Atomic Scientists. "Several emerging technological threats could -- soon enough -- come to rival nuclear weapons and climate change in their potential to upend (or eliminate) civilization." Lasrick writes: In 2017, the cyber threat finally began to seem real to the general public. Advances in biotech in 2017 could lead to the deliberate spread of disease and a host of other dangers. And then there were the leaps forward made in AI. Here's a roundup of coverage from the Bulletin of the Atomic Scientists on advances in emerging technological threats that were made in the last year.
One article even describes the possibility of malevolent brain-brain networks in the future, warning scientists (and the international community) to "remain vigilant about neurotechnologies as they become more refined -- and as the practical barriers to their malevolent use begin to lower."
Censorship

Vietnam Deploys 10,000 Cyber Warriors to Fight 'Wrongful Views' (bloomberg.com) 92

Vietnam is deploying a 10,000-member military cyber warfare unit to combat what the government sees as a growing threat of "wrongful views" proliferating on the internet, Bloomberg reported on Wednesday, citing local media reports. From the report: Force 47 has worked pro-actively against distorted information, Tuoi Tre newspaper reported, citing Nguyen Trong Nghia, deputy head of the general politics department under the Vietnam People's Military. The disclosure of the unit comes as the Communist government pressures YouTube and Facebook to remove videos and accounts seen damaging the reputations of leaders or promoting anti-party views. Facebook this year removed 159 accounts at Vietnam's behest, while YouTube took down 4,500 videos, or 90 percent of what the government requested, according to VietnamNet news, which cited Minister of Information and Communications Truong Minh Tuan last week. The National Assembly is debating a cybersecurity bill that would require technology companies to store certain data on servers in the country.
The Military

Resuming Its Annual PR Mission, NORAD Tracks Santa Claus (cnn.com) 82

An anonymous reader quotes CNN: The U.S. military command that is charged with protecting the airspace for North America is on alert this Christmas weekend for a man with a white beard and a red suit. The North American Aerospace Defense Command (NORAD) is tracking a sleigh and eight tiny reindeer around the world as it heads for U.S. airspace Sunday night. The public can access NORAD's official Santa Tracker to watch Santa Claus' voyage... [NOTE: The site will request access to your physical location before revealing Santa's whereabouts...]

The public can also call 1-877-HI-NORAD (1-877-446-6723) and speak live with NORAD trackers. People stuck in the car on the way to Grandmother's house, and with an OnStar subscription, can access the tracker by hitting their OnStar button... Marine Col. Bob Brodie of the 601st Air Operations Center said fighter jets will "fly along (Santa's) wing" in a "close escort," and that the center will "monitor him with our satellites and even have infrared trackers to follow Rudolph."

CNN reports NORAD first began tracking Santa in 1955 when a Sears ad misprinted the telephone number for children to call for updates on Mr. Claus's progress. "On December 24, 1955, Air Force Col. Harry Shoup was on duty, and instead of hanging up on countless children that night, Shoup checked the radar and updated the eager children on jolly old Saint Nick's location." But Gizmodo reports a different origin story: that one child had simply dialed the number incorrectly (in November), and weeks later that gave NORAD the idea for "one of the most successful military PR campaigns of the last century."

This year fifteen of the children's calls to NORAD were remotely answered by President Trump and first lady Melania.
AI

Project Maven Brings AI To the Fight Against ISIS (thebulletin.org) 35

Dog of the South writes: When the Pentagon -- famous for its painful procurement process and its penchant for producing tech systems that are obsolete before they're fielded -- decided to develop and deploy artificial intelligence to a combat zone within just six months, the idea sounded like a failure waiting to happen. Remarkably, Project Maven has met its goals and won rave reviews -- and may have changed the Pentagon's whole approach to tech innovation. But is the Defense Department ready for the enormous challenges that lie at the intersection of military power and artificial intelligence?
The project "focuses on analysis of full-motion video data from tactical aerial drone platforms," according to Bulletin of the Atomic Scientists , which reports that the Pentagon has already spent "tens of billions of dollars" developing them.

"A single drone with these sensors produces many terabytes of data every day. Before AI was incorporated into analysis of this data, it took a team of analysts working 24 hours a day to exploit only a fraction of one drone's sensor data."
Earth

Experts Cast Doubt on 'Alien Alloys' in the New York Times' UFO Story (scientificamerican.com) 206

What to make of a Las Vegas building full of unidentified alloys? The New York Times published a stunning story last week revealing that the U.S. Department of Defense (DOD) had, between 2007 and 2012, funded a $22 million program for investigating UFOs (Editor's note: the link may be paywalled; alternative source). The story included three revelations that were tailored to blow readers' minds: 1. Many high-ranking people in the federal government believe aliens have visited planet Earth. 2. Military pilots have recorded videos of UFOs with capabilities that seem to outstrip all known human aircraft, changing direction and accelerating in ways no fighter jet or helicopter could ever accomplish. 3. In a group of buildings in Las Vegas, the government stockpiles alloys and other materials believed to be associated with UFOs. From a Scientific American report: Points one and two are weird, but not all that compelling on their own: The world already knew that plenty of smart folks believe in alien visitors, and that pilots sometimes encounter strange phenomena in the upper atmosphere. Point No. 3, though -- those buildings full of alloys and other materials -- that's a little harder to hand wave away. Is there really a DOD cache full of materials from out of this world? Here's the thing, though: The chemists and metallurgists Live Science spoke to -- experts in identifying unusual alloys -- don't buy it. "I don't think it's plausible that there's any alloys that we can't identify," Richard Sachleben, a retired chemist and member of the American Chemical Society's panel of experts, told Live Science. "My opinion? That's quite impossible." Alloys are mixtures of different kinds of elemental metals. They're very common -- in fact, Sachleben said, they're more common on Earth than pure elemental metals are -- and very well understood.
Businesses

Kaspersky Lab Sues Trump Administration Over Software Ban (reuters.com) 185

Moscow-based anti-virus company Kaspersky Lab sued the Trump administration in U.S. federal court on Monday, arguing that the American government has deprived it of due process rights by banning its software from U.S. government agencies. From a report: The lawsuit is the latest effort by Kaspersky Lab to push back on allegations that the company is vulnerable to Kremlin influence. The Department of Homeland Security in September issued a directive to U.S. civilian agencies ordering them to remove Kaspersky Lab from their computer networks within 90 days. The order came amid mounting concern among U.S. officials that the software could enable Russian espionage and threaten national security. The ban was codified last week when President Donald Trump signed legislation banning Kasperky Lab from use across civilian and military agencies.
The Military

The US Military Admits It Spent $22 Million Investigating UFOs (boston.com) 166

Long-time Slashdot reader Joosy writes, "Until 2012 the Pentagon had a program, the 'Advanced Aerospace Threat Identification Program', that tracked unidentified flying objects." An anonymous reader writes: The Pentagon finally acknowledged the existence of the $22 million program today to the New York Times, while also claiming that they closed the program five years ago. "But its backers say that, while the Pentagon ended funding for the effort at that time, the program remains in existence. For the past five years, they say, officials with the program have continued to investigate episodes brought to them by service members, while also carrying out their other Defense Department duties."

Over the years the program "produced documents that describe sightings of aircraft that seemed to move at very high velocities with no visible signs of propulsion, or that hovered with no apparent means of lift. Officials with the program have also studied videos of encounters between unknown objects and U.S. military aircraft." But ultimately, a Pentagon spokesman said, "It was determined that there were other, higher priority issues that merited funding, and it was in the best interest of the DoD to make a change."

China

China Will Spend $3.3 Billion to Research Molten Salt Nuclear-Powered Drones (scmp.com) 194

Long-time Slashdot reader WindBourne tipped us off to some news from The South China Morning Post: China is to spend 22 billion yuan (US$3.3 billion) trying to perfect a form of technology largely discarded in the cold war which could produce a safer but more powerful form of nuclear energy. The cash is to develop two "molten salt" reactors in the Gobi Desert in northern China. Researchers hope that if they can solve a number of technical problems the reactors will lead to a range of applications, including nuclear-powered warships and drones. The technology, in theory, can create more heat and power than existing forms of nuclear reactors that use uranium, while producing only one thousandth of the radioactive waste. It also has the advantage for China of using thorium as its main fuel. China has some of the world's largest reserves of the metal...

The reactors use molten salt rather than water as a coolant, allowing them to create temperatures of over 800 degrees Celsius, nearly three times the heat produced by a commercial nuclear plant fuelled with uranium. The superhot air has the potential to drive turbines and jet engines and in theory keep a bomber flying at supersonic speed for days.

One Beijing researcher says these drones "would serve as a platform for surveillance, communication or weapon delivery to deter nuclear and other threats from hostile countries." He asked not to be named, but provided one more advantage for a nuclear-powered drone flying at high-altitudes over the ocean.

"It will also have more public acceptance. If an accident happens, it crashes into the sea."
Government

Trump Signs Law Forcing Drone Users To Register With Government (thehill.com) 468

President Trump signed a sweeping defense policy bill into law on Tuesday that will allow the government to require recreational drone users to register their model aircraft. This comes after a federal court ruled in May that Americans no longer have to register non-commercial drones with the Federal Aviation Administration (FAA) "because Congress had said in a previous law that the FAA can't regulate model aircraft," reports The Hill. From the report: In December 2015, the FAA issued an interim rule requiring drone hobbyists to register their recreational aircraft with the agency. The rule -- which had not been formally finalized -- requires model aircraft owners to provide their name, email address and physical address; pay a $5 registration fee; and display a unique drone ID number at all times. Those who fail to comply could face civil and criminal penalties. While Congress directed the FAA to safely integrate drones into the national airspace in a 2012 aviation law, lawmakers also included a special exemption to prevent model aircraft from being regulated. A D.C.-based appeals court cited the 2012 law in its ruling striking down the FAA drone registry, arguing that recreational drones count as model aircraft and that the registry counts as a rule or regulation.
Businesses

Trump Signs Into Law US Government Ban on Kaspersky Lab Software (reuters.com) 140

President Donald Trump signed into law on Tuesday legislation that bans the use of Kaspersky Lab within the U.S. government, capping a months-long effort to purge the Moscow-based antivirus firm from federal agencies amid concerns it was vulnerable to Kremlin influence. From a report: The ban, included as part of a broader defense policy spending bill that Trump signed, reinforces a directive issued by the Trump administration in September that civilian agencies remove Kaspersky Lab software within 90 days. The law applies to both civilian and military networks. "The case against Kaspersky is well-documented and deeply concerning. This law is long overdue," said Democratic Senator Jeanne Shaheen, who led calls in Congress to scrub the software from government computers. She added that the company's software represented a "grave risk" to U.S. national security.
Sci-Fi

Ask Slashdot: What Is Your View On UFO Sightings? 384

dryriver writes: UFOs sightings have been reported in the tens of thousands over the last decades. In the past, some have seen flying cigar-shaped craft (blimps?), some flying triangles, some more rounded-looking flying saucers. Often the apparent spacecraft does something improbable like standing completely still in the sky and then shooting off to somewhere at an incredible speed. Some sightings are just lights or light formations flying around or dancing around in the night sky -- which could be military aircraft like helicopters and F16s training at night. There seem to be people who genuinely see stuff that is hard to explain, people who fake UFO sightings, photos and videos for profit to keep the "UFO industry" of websites, radio shows and magazines afloat, and yet others that think a regular airplane flying at night with its lights on is a UFO. What is your view on all this? Are we being visited from outer space? Is it prototype aircraft that look like UFOs to the untrained eye? Was some 190 IQ inventor-prankster having fun with quadcopter drones with colored lights four decades before quadcopters became a thing (hey, tons of people have created fake crop-circles in the past)? Where do all these supposed UFO sightings and reports come from? Did events like the famous "Battle Of Los Angeles" actually happen? And do you find any UFO reports credible at all?

Slashdot Top Deals