A 17-Year-Old's Journey: Minecraft, SIM-Swapping Bitcoin Heists, Breaching Twitter
The New York Times tells the story of the 17-year-old "mastermind"
arrested Friday for the takeover of dozens of high-profile Twitter accounts.
They report that Graham Ivan Clark "had a difficult family life" and "
poured his energy into video games and cryptocurrency" after his parents divorced when he was 7, and he grew up in Tampa, Florida with his mother, "a Russian immigrant who holds certifications to work as a facialist and as a real estate broker."
By the age of 10, he was playing the video game Minecraft, in part to escape what he told friends was an unhappy home life. In Minecraft, he became known as an adept scammer with an explosive temper who cheated people out of their money, several friends said.... In late 2016 and early 2017, other Minecraft players produced videos on YouTube describing how they had lost money or faced online attacks after brushes with Mr. Clark's alias "Open...."
Mr. Clark's interests soon expanded to the video game Fortnite and the lucrative world of cryptocurrencies. He joined an online forum for hackers, known as OGUsers, and used the screen name Graham$... Mr. Clark described himself on OGUsers as a "full time crypto trader dropout" and said he was "focused on just making money all around for everyone." Graham$ was later banned from the community, according to posts uncovered by the online forensics firm Echosec, after the moderators said he failed to pay Bitcoin to another user who had already sent him money to complete a transaction.
Still, Mr. Clark had already harnessed OGUsers to find his way into a hacker community known for taking over people's phone numbers to access all of the online accounts attached to the numbers, an attack known as SIM swapping. The main goal was to drain victims' cryptocurrency accounts. In 2019, hackers remotely seized control of the phone of Gregg Bennett, a tech investor in the Seattle area. Within a few minutes, they had secured Mr. Bennett's online accounts, including his Amazon and email accounts, as well as 164 Bitcoins that were worth $856,000 at the time and would be worth $1.8 million today... In April, the Secret Service seized 100 Bitcoins from Mr. Clark, according to government forfeiture documents... Mr. Bennett said in an interview that a Secret Service agent told him that the person with the stolen Bitcoins was not arrested because he was a minor... By then, Mr. Clark was living in his own apartment in a Tampa condo complex...
[L]ess than two weeks after the Secret Service seizure, prosecutors said Mr. Clark began working to get inside Twitter. According to a government affidavit, Mr. Clark convinced a "Twitter employee that he was a co-worker in the IT department and had the employee provide credentials to access the customer service portal."
The plan was to sell access to the breached Twitter accounts, but Clark apparently
began cheating his customers again, the Times reports — "reminiscent of what Mr. Clark had done earlier on Minecraft..."
"Mr. Clark, who prosecutors said worked with at least two others to hack Twitter but was the leader, is being charged as an adult with 30 felonies."
Will Elon Musk License Tesla's Technology To Other Automakers?
Audi's CEO "willingly admits that
Tesla is two years ahead of the industry in some critical areas of building electric vehicles," reports Electrek. But where will that lead?
"Earlier this week, Musk made a subtle comment on Twitter
that could majorly upend the auto industry," reports
In response to an article in Teslarati highlighting German automakers' attempts to bridge the gap between Tesla's technology and their own, Musk tweeted the following: "Tesla is open to licensing software and supplying powertrains & batteries," tweeted Musk. "We're just trying to accelerate sustainable energy, not crush competitors!"
Consider for just a moment the brilliant potential of Musk's statement. In addition to leading its rivals in electric vehicle production (and the larger style batteries needed to support these), Tesla is also at the forefront of utilizing modern technology in its vehicles. In fact, many have described Tesla as "a tech company that happens to make cars." In contrast, though, Musk has repeatedly spoken on the challenges of actually manufacturing cars at consistent quality, as well as delivering them. At one point, he described Tesla's journey as going from "production hell to delivery logistics hell...." [L]egacy automakers excel where Tesla is weak: namely, manufacturing and delivery. Since they've been making cars so long, they've developed huge factories, along with consistent and refined processes.
But what if Tesla could reach a deal with automakers to license its strength — software and battery technology? Then everyone benefits...
If you're surprised by Musk's tweet, you shouldn't be. In fact, for years Musk has insisted that his primary goal is not to compete with larger automakers but rather to win them over.... If the legacy automakers are smart, they'll jump at the opportunity to negotiate a licensing deal.
The article cites a 2014 blog post in which Musk promised Tesla wouldn't initiate patent lawsuits against companies who wanted to use its technology, "
in the spirit of the open-source movement, for the advancement of electric vehicle technology..."
"Our true competition is not the small trickle of non-Tesla electric cars being produced, but rather the enormous flood of gasoline cars pouring out of the world's factories every day."
Microsoft Fixes Edge Bug That Made It Crash When Searching With Google
"Microsoft's new Edge browser started randomly crashing when users typed into the address bar," reported the Verge on Thursday.
appear to have affected Edge users who had selected Google as the default search engine."
Microsoft investigated the problem and now says it's believed to have been resolved. The Microsoft Edge crashes started at around 7PM ET, and were affecting macOS and Windows users. Microsoft resolved the problems after around four hours of crashes, but it's not clear why they were only limited to Google search users in Edge.
If users switched to Microsoft's Bing search engine within Edge, the crashes never occured.
Do Animals Really Anticipate Earthquakes? Sensors Hint They Do
An anonymous reader quotes
For centuries, people have described unusual animal behavior just ahead of seismic events: dogs barking incessantly, cows halting their milk, toads leaping from ponds... Now researchers at the Max Planck Institute of Animal Behavior and the University of Konstanz, both in Germany, along with a multinational team of colleagues, say they have managed to precisely measure increased activity in a group of farm animals prior to seismic activity...
The researchers used highly sensitive instruments that record accelerated movements — up to 48 each second — in any direction. During separate periods totaling about four months in 2016 and 2017, they attached these biologgers and GPS sensors to six cows, five sheep and two dogs living on a farm in an earthquake-prone area of northern Italy. A total of more than 18,000 tremors occurred during the study periods, with more seismic activity during the first one — when a magnitude 6.6 quake and its aftershocks struck the region. The team's work was published in July in Ethology...
Analyzing the increased movements as a whole, the researchers claim, showed a clear signal of anticipatory behavior hours ahead of tremors. "It's sort of a system of mutual influence," Wikelski says. "Initially, the cows kind of freeze in place — until the dogs go crazy. And then the cows actually go even crazier. And then that amplifies the sheep's behavior, and so on...." This "swarm intelligence" can happen within or across species, Wikelski says. For example, "we did a study on Galápagos marine iguanas, and we know that they are actually listening in to mockingbirds' warnings about the Galápagos hawks," he adds. "These kinds of systems exist all over the place. We're just not really tuned in to them yet."
The researchers say the farm animals appeared to anticipate tremors anywhere from one to 20 hours ahead, reacting earlier when they were closer to the origin and later when they were farther away. This finding, the authors contend, is consistent with a hypothesis that animals somehow sense a signal that diffuses outward.
Larry King Duped Into 'Disinfomercial' on Social Media By China (and Possibly Russia)
For 25 years, until 2010, Larry King had a live interview show on CNN. But now ProPublica reports "In the twilight of a remarkable radio and television career spanning more than six decades, battling health problems but determined to stay in the public eye,
King was ensnared in an international disinformation scheme."
It involved filming Larry King asking questions, and then
later splicing in responses from Anastasia Dolgova (an employee of a Russia state-owned broadcaster) — and then widely promoting the footage on social media:
Posted on YouTube under the title "Larry King US China Special Conference 2019," and quickly spread by social media accounts linked to Chinese government influence operations, the fake interview went viral across Chinese-language social media, likely reaching hundreds of thousands of users on Twitter, Facebook and YouTube... By conveying Chinese disinformation through a journalist for Russian media, it may exemplify the increasing media cooperation between the two countries...
ProPublica found that the Chinese government was involved in distributing the video. Our analysis of data released by Twitter showed that nearly 250 fake accounts linked to China's government shared nearly 40 different links to the video a total of more than 500 times. Around half of those fake accounts had more than 10,000 followers... In September 2018, six months before King taped the Dolgova video, Putin and Chinese President Xi Jinping attended a ceremony in Vladivostok, Russia. There, the Russian state-controlled Rossiya Segodnya news agency and Chinese state-controlled China Media Group signed an agreement to cooperate in news exchange, joint reporting and distribution, and promotion of each other's reports, especially on social media...
The Russia-China partnership reflects the alignment of the two countries' political messaging, as both promote alternatives to liberal democracy in a post-Cold War world. To achieve that goal, the Kremlin is building a "global media conglomerate," said Nataliya Bugayova, a research fellow at the Institute for the Study of War, a Washington, D.C.-based think tank. Russian media outlets have signed more than 50 cooperation agreements with foreign media since 2015, she said...
In a telephone interview, King expressed remorse and bewilderment.
New Repository Leaks Souce Code From Microsoft, Adobe, and Dozens of Other Companies
Bleeping Computer reported this week that a new public repository of leaked code
includes big names like Microsoft, Adobe, Lenovo, AMD, Qualcomm, Motorola, Roblox, and Disney:
The leaks have been collected by Tillie Kottmann, a developer and reverse engineer, from various sources and from their own hunting for misconfigured devops tools that offer access to source code... According to Bank Security, a researcher focused on banking threats and fraud, code from more than 50 companies is published in the repository...
Kottmann told BleepingComputer that they find hardcoded credentials in the easily-accessible code repositories, which they try to remove as best as they can... Kottmann also says that they comply with takedown requests and gladly provide information that would strengthen the security of a company's infrastructure. One leak from Daimler AG corporation behind the Mercedes-Benz brand is no longer present in the repository. Another empty folder has Lenovo in its name. However, judging by the number of DMCA notices received (estimated at up to seven) and direct contact from legal or other representatives, many companies may not be aware of the leaks...
Reviewing some of the code leaked on Kottmann's GitLab server revealed that some of the projects have been made public by their original developer or had been last updated a long time ago. Nevertheless, the developer told us that there are more companies with misconfigured devops tools exposing source code. Furthermore, they are exploring servers running SonarQube, an open-source platform for automated code auditing and static analysis to uncover bugs and security vulnerabilities.
Kottmann believes there are thousands of companies that expose proprietary code by failing to properly secure SonarQube installations.
Tom's Guide considers it a serious breach:
Jake Moore, a security specialist at ESET, told Tom's Guide: "Losing control of the source code on the internet is like handing the blueprints of a bank to robbers.
"This list will be viewed by cyber criminals far and wide looking for vulnerabilities as well as confidential information in a scarily short space of time."
NASA Astronauts Fire Deorbiting Burn. Watch Splashdown Back to Earth
After travelling all night to return from the International Space Station, two NASA astronauts will splashdown in the Gulf of Mexico at 11:48 PT, reports CNET. "There
will be about an hour of excitement prior to that moment as Crew Dragon deorbits and re-enters Earth's atmosphere..."
That 11-minute deorbiting burn should begin in five minutes (at 10:56 PT), and you can
watch it live on SpaceX's YouTube channel before the splashdown 52 minutes later. CNET notes that "This will be the first crew recovery at sea of NASA astronauts since 1975 at the end of the Apollo moon exploration era, the space agency tweeted on Sunday."
The reentry process is dramatic. "Crew Dragon will be traveling at orbital velocity prior to reentry, moving at approximately 17,500 miles per hour. The maximum temperature it will experience on reentry is approximately 3,500 degrees Fahrenheit," said NASA in a statement on July 24...
If Crew Dragon passes these final tests, then SpaceX will be able to provide regular, operational flights to the ISS starting later this year. And it would end NASA's reliance on Russian spacecraft for the first time since the shuttle era.
After splashdown the crew "
will spend up to an hour floating inside the capsule before joint recovery teams from SpaceX and NASA retrieve them for a helicopter trip ashore," reports Reuters.
A post-splashdown news conference is then scheduled about 30 minutes later at 1:30 p.m. PT.
Microsoft Edge Accused of Stealing Data From Chrome
Some Windows 10 users have complained that when Microsoft sets up its Edge browser,
it steals data from Chrome and
Firefox without asking first, writes ZDNet columnist Chris Matyszczyk.
But today a reader sent him
a new complaint involving Windows 7:
"My wife's computer, which is running Windows 7, got a Windows update this morning, which then gave the full-screen welcome page for Edge Chromium. She was terrified as this looked exactly as if malware had taken over the machine... How could any application be running that she hadn't started? How is it that Microsoft can't manage to provide security updates for Windows 7, as it is end of life, but still manage to force a new web browser that isn't wanted on Windows 7 users...?"
"The full-screen welcome page for Chomium Edge did have a faint 'close' gadget in the top right, which was the very first thing we clicked... This still left Edge pinned on the taskbar and when I hovered over it, it showed all the recent sites she had visited on Chrome. So it must have stolen that data from Chrome which is the only browser she ever uses."
The ZDNet columnist shared his own reaction to the story. "Edge is a fine browser. It's quick, effective, and has superior privacy instincts than does Chrome. I have begun to use it and I like it. When you launch a new product, however, you have two choices: You can announce it, make people feel good about it, and then rely on word of mouth. Or you can try ramming it down people's throats.
"The former is often more effective. Microsoft has chosen the latter."
jd (Slashdot reader #1,658) writes:
The large scale maps of the universe show something is seriously wrong with current models of gravity and dark matter. The universe simply isn't clumping right and, no, it's not the new improved formula. As you go from the early universe to the present day, gravity should cause things to clump in specific ways.
It isn't. Which means dark matter can't be cold and general relativity may have a problem.
They need more data to prove it's not just a freaky part of the universe they're looking at, which is being collected.
"The new results come from the Kilo-Degree Survey, or KiDS, which uses the European Southern Observatory's Very Large Telescope to map the distribution of matter across our universe," according to the Independent:
So far, it has charted roughly 5% of the extragalactic sky, from an analysis of 31 million galaxies that are as much as 10 billion light years away... That allows researchers to build up a picture of all matter in the universe, of which some 90 per cent is invisible, made up of dark matter and tenuous gas.
While Some Top Creators Abandon TikTok, the ACLU Opposes a Ban
Late Friday night, the American Civil Liberties Union
tweeted its objections to banning TikTok in the United States. "Banning an app like TikTok, which millions of Americans use to communicate with each other, is a danger to free expression and technologically impractical."
More details from TechCrunch:
"With any Internet platform, we should be concerned about the risk that sensitive private data will be funneled to abusive governments, including our own," the ACLU wrote in a subsequent statement. "But shutting one platform down, even if it were legally possible to do so, harms freedom of speech online and does nothing to resolve the broader problem of unjustified government surveillance."
But TechCrunch also reports TikTok is facing another threat:
On Tuesday, a clutch of the company's largest celebrities, with a collective audience of some 47 million viewers, abandoned the platform for its much smaller competitor, Triller.
Founded in 2015, two years before TikTok began its explosive rise to prominence, Triller is backed by some of the biggest names in American music and entertainment including Snoop Dogg, The Weeknd, Marshmello, Lil Wayne, Juice WRLD, Young Thug, Kendrick Lamar, Baron Davis, Tyga, TI, Jake Paul and Troy Carter...
[T]he creators say they're leaving TikTok because they've grown wary of the Chinese-owned company's security practices. "After seeing the U.S. and other countries' governments' concerns over TikTok — and given my responsibility to protect and lead my followers and other influencers — I followed my instincts as an entrepreneur and made it my mission to find a solution," Richards, who's assuming the title of Triller's chief strategy officer, told the LA Times.
Could Randomness Theory Hold Key To Internet Security?
"In a new paper, Cornell Tech researchers identified a problem that
holds the key to whether all encryption can be broken — as well as a surprising connection to a mathematical concept that aims to define and measure randomness," according to a news release shared by Slashdot reader
"Our result not only shows that cryptography has a natural 'mother' problem, it also shows a deep connection between two quite separate areas of mathematics and computer science — cryptography and algorithmic information theory," said Rafael Pass, professor of computer science at Cornell Tech...
Researchers have not been able to prove the existence of a one-way function. The most well-known candidate — which is also the basis of the most commonly used encryption schemes on the internet — relies on integer factorization. It's easy to multiply two random prime numbers — for instance, 23 and 47 — but significantly harder to find those two factors if only given their product, 1,081. It is believed that no efficient factoring algorithm exists for large numbers, Pass said, though researchers may not have found the right algorithms yet.
"The central question we're addressing is: Does it exist? Is there some natural problem that characterizes the existence of one-way functions?" he said. "If it does, that's the mother of all problems, and if you have a way to solve that problem, you can break all purported one-way functions. And if you don't know how to solve that problem, you can actually get secure cryptography...."
In the paper, Pass and doctoral student Yanyi Liu showed that if computing time-bounded Kolmogorov Complexity is hard, then one-way functions exist. Although their finding is theoretical, it has potential implications across cryptography, including internet security.
AI Distinguishes Birds That Even Experts Can't
It's a fact of life for birders that some species are fiendishly difficult to tell apart — in particular, the sparrows and drab songbirds dubbed "little brown jobs." Distinguishing individuals is nearly impossible. Now, a computer program analyzing photos and videos has accomplished that feat. The advance promises to reveal new information on bird behaviors...
The tool, called a convolutional neural network, sifts through thousands of pictures to figure out which visual features can be used to classify a given image; it then uses that information to classify new images. Convolutional neural networks have already been used to identify various plant and animal species in the wild, including 48 kinds of African animals. They have even achieved a more complicated task for elephants and some primates: distinguishing between individuals of the same species. Team member André Ferreira, a Ph.D. student at the University of Montpellier, fed the neural network several thousand photos of 30 sociable weavers that had already been tagged... [W]hen given photos it hadn't seen before, the neural network correctly identified individual birds 90% of the time, they report this week in Methods in Ecology and Evolution. Behavioral ecologist Claire Doutrelant of CNRS, the French national research agency, says that's about the same accuracy as humans trying to spot color rings with binoculars.
Ferreira then tried the approach on two other bird species studied by Damien Farine, a behavioral ecologist at the Max Planck Institute of Animal Behavior. The tool was just as accurate...
Tesla Engineer Reinvents Chocolate Chip for Maximum Taste and Melt
"Silicon Valley, long obsessed with computer chips, is now disrupting chocolate ones," writes the New York Post:
Remy Labesque, a Los-Angeles based industrial engineer working for Elon Musk's Tesla, has re-engineered the chocolate chip for the optimization-obsessed set.
Thirty bucks gets you 17.6 ounces, or about 142, of the expertly forged chocolate geodes, which are molded to "melt at the right rate," according to Todd Masonis, co-founder of San Francisco's Dandelion Chocolate, which makes and sells the chips... Labesque's flattened pyramid-like structures feature thick middles and thinly tapered edges. A 15-degree slope, according to blueprints for the morsel, creates a glossy finish when baked.
Masonis said it took years to realize Labesque's original multifaceted mold. "We did 3-D renderings of different options for shapes, test prints of a few molds and, of course, baking tests," he said. The goal? To emphasize the complex chips' cacao bean essence, which is said to have notes of chocolate buttercream frosting and banana. "We found that if you take a huge chunk of chocolate and put it in your mouth, that taste can be overwhelming," said Masonis. "The flat shape helps slow down the experience."
The single-origin chocolate is carefully tempered — a process where chocolate is heated then cooled to create a hard shell — and is designed to melt without ruining the structural integrity of its mold-cast hard edge.
The perfect chip weight, according to the engineers, is 4.05 grams.
The primitive shape of our current chocolate chips "isn't a designed shape," Labesque tells Bloomberg. "It's
a product of an industrial manufacturing process."
Google Starts Testing Its Replacement for Third-Party Cookies for Chrome
taken one step closer to banishing third-party cookies from Chrome," reports Engadget.
The internet giant has started testing its trust tokens with developers, with promises that more would move to live tests "soon." As before, the company hoped to phase out third-party cookies in Chrome once it could meet the needs of both users and advertisers.
Trust tokens are meant to foster user trust across sites without relying on persistent identifying data like third-party cookies. They theoretically prevent bot-based ad fraud without tying data to individuals. This would be one framework as part of a larger Privacy Sandbox including multiple open standards.
The company still hopes to eliminate third-party cookies by 2022.
Will China's AI Surveillance State Go Global?
China already has hundreds of millions of surveillance cameras in place, reports the Atlantic's deputy editor, and "because a new regulation requires telecom firms to scan the face of anyone who signs up for cellphone services, phones' data can now be attached to a specific person's face."
But the article also warns that when it comes to AI-powered surveillance, China "
could also export it beyond the country's borders, entrenching the power of a whole generation of autocrats" and "shift the balance of power between the individual and the state worldwide..."
The country is now the world's leading seller of AI-powered surveillance equipment.... China uses "predatory lending to sell telecommunications equipment at a significant discount to developing countries, which then puts China in a position to control those networks and their data," Michael Kratsios, America's CTO, told me. When countries need to refinance the terms of their loans, China can make network access part of the deal, in the same way that its military secures base rights at foreign ports it finances. "If you give [China] unfettered access to data networks around the world, that could be a serious problem," Kratsios said...
Having set up beachheads* in Asia, Europe, and Africa, China's AI companies are now pushing into Latin America, a region the Chinese government describes as a "core economic interest." China financed Ecuador's $240 million purchase of a surveillance-camera system. Bolivia, too, has bought surveillance equipment with help from a loan from Beijing. Venezuela recently debuted a new national ID-card system that logs citizens' political affiliations in a database built by ZTE.
* The article provides these additional examples:
- In Malaysia, the government is working with Yitu, a Chinese AI start-up, to bring facial-recognition technology to Kuala Lumpur's police...
- Chinese companies also bid to outfit every one of Singapore's 110,000 lampposts with facial-recognition cameras.
- In South Asia, the Chinese government has supplied surveillance equipment to Sri Lanka.
- On the old Silk Road, the Chinese company Dahua is lining the streets of Mongolia's capital with AI-assisted surveillance cameras.
- In Serbia, Huawei is helping set up a "safe-city system," complete with facial-recognition cameras and joint patrols conducted by Serbian and Chinese police aimed at helping Chinese tourists to feel safe.
- Kenya, Uganda, and Mauritius are outfitting major cities with Chinese-made surveillance networks...
InfoWorld Lists 'Four Powerful Features Python is Still Missing'
InfoWorld's senior writer calls Python a "living language," citing its recent
addition of the "walrus operator" for in-line assignments and the newly-approved
"And they're only two of a slew of
useful features that could be added to Python to make the language more expressive, more powerful, more suited to the modern programming world. What else might we wish for?"
True constants - Python doesn't really have the concept of a constant value... [E]very time a name is used, Python goes to the trouble of looking up what object it's pointing at. This dynamism is one of the chief reasons Python runs more slowly than some other languages. Python's dynamism offers great flexibility and convenience, but it comes at the cost of runtime performance. One advantage of having true constant declarations in Python would be some reduction in the frequency of object lookups that take place during runtime, and thus better performance. If the runtime knows ahead of time that a given value never changes, it doesn't have to look up its bindings...
True overloading and generics - In many languages, multiple versions of the same function can be written to work with different kinds of input... PEP 3124, advanced in April 2007, proposed a mechanism for decorating functions to indicate they could be overloaded. The proposal was deferred rather than being rejected outright — meaning the idea was fundamentally sound, but the time wasn't right to implement it. One factor that might speed the adoption of overloading in Python — or cause the idea to be ditched entirely — is the implementation of the newly proposed pattern matching system.
In theory, pattern matching could be used under the hood to handle overload dispatch. However, pattern matching could also be given as a rationale for not implementing generics in Python, since it already provides an elegant way to dispatch operations based on type signatures. So we might get true overloading in Python one day, or its advantages might be superseded by other mechanisms.
The article lists two more features Python "probably won't get" — starting with
multiline lambdas (anonymous functions). Guido van Rossum had argued in 2006 he
couldn't find an acceptable syntax, and the article argues "there is probably no way to do it that doesn't involve creating a special case." And it argues the final missing feature is
tail recursion optimizations, "where functions that call themselves don't create new stack frames in the application, and thus risk blowing up the stack if they run for too long.
"Python doesn't do this, and in fact its creators have consistently come out against doing so."