Ledger owners lose over 1M XRP to homoglyph attack

Many crypto-currency holders use Ledger hardware wallets to store their bitcoin off the exchanges. This is actually the safer way to play it, except when you fall prey to a phishing campaign to lure you to a fake site to update your firmware that instead, drains your wallet.

That’s what happened to Ledger users through a combination of a data leak, earlier in the year, a targeted phishing campaign against the users revealed in that attack, and finally, a homoglyph attack that used an IDN enabled domain name that visually looked like the Ledger domain, but actually wasn’t.

Any recipients who were fooled by the fake notice into upgrading via the fake site (one of the “e”s  in ledger [.]com was actually from a foreign character set) were taken for an aggregate of 1.1 million XRP (Ripple), which is worth a little north of a quarter million dollars USD.

The near realtime phishing site detection in our soft-launched Domainsure detects homoglyph attacks. If you operate any kind of a website with a login function, you should have some coverage here. Reply to this email for details on features and pricing.


Police pilot program will live stream neighbourhood Ring cameras

In Jacksonville, Mississippi, the local police force there has announced a 45-day pilot program wherein participating homeowners will livestream, their video doorbells, including Amazon Ring devices.

A report by the Electronic Frontier Foundation details how homeowners will be able to patch the data stream from their doorbells directly into the force’s Real Time Crime Center. Those video streams will include anything within the field of vision of those devices (people entering and exiting the participating homeowner’s house, people, pets and things traversing the area out front, the neighbours across the street, etc.) to a control center whose video monitors will be under constant scrutiny by police staffing the facility.

Amazon for their part issued a statement distancing themselves from the program, stressing that the program will not make use of the Ring Neighbour’s App and will be allowed access by the device owners themselves.

Read: https://www.jacksonfreepress.com/news/2020/nov/02/mississippi-program-use-door-cameras-fight-crime/


Pervasive Windows ransomware strain now targeting linux

Linux is not immune to various ransomware strains, however historically these types of attacks relied on phishing campaigns with low levels of effectiveness.

That may be changing now, with the recent discovery by Kaspersky Labs of a Linux port of the RansomEXX ransomware. It’s the first  discovery of its kind of a major strain of Windows based malware ported to the Linux OS, which is installed and launched via a wholesale cyber breach into the victim organization’s network.

This type of malware is referred to as “Big Game Hunters” by security researchers, which are used by gangs to scope our large enterprise and government targets who can’t afford to be down and thus garner large payouts:

“These groups buy access or breach networks themselves, expand access to as many systems as possible, and then manually deploy their ransomware binary as a final payload to cripple as much of the target’s infrastructure as possible.”

The ZDnet article speculates that this may be the early stages of an industry shift away from Windows based workstations toward targeting a victim company’s servers and central nervous systems.


Calls grow to leave Github quasi-monopoly 

It is looking like GitHub’s decision to shut down multiple code repositories for the YouTube downloader at the behest of the RIAA may not go unnoticed by its community. 

We covered this in AxisOfEasy #169 and the incident inspired a manifesto of sorts by Dr. Roy Schestowitz posted to Techrights.org which summarized the entire situation as:

“GitHub is a Microsoft censorship machine and those who are still in denial about it are a lost cause”

He goes on to say that GitHub was a lost cause before this RIAA incident and it is just the beginning. It is not entirely correct to look at it as a profit-maximizing behemoth like Microsoft protecting its bottom line, but more accurately to understand that Microsoft has shown from past experience that they are willing to lose money indefinitely in a space in order to prevent anybody else from making money there. In short, protecting the quasi-monopoly is more important than anything else.


Big Tech moves quickly to quash election truthers  

With the mainstream media projecting calling the election for Biden early Saturday, the much predicted lawsuits are flying.

It looks like a Biden win, but it isn’t actually official until all 50 states certify their results, and amid at least three recounts (by my count, GA, WI and MI)) and myriad legal challenges, that may not happen until early December – here is a good outline about next steps. 

It should come as no surprise then, when citizen initiatives on the losing side spring up to advance their claims of malfeasance afterward and I think this statement would be true either way the election would have gone.

Both the GOP and Dems had already retained hundreds of lawyers ahead of Nov 3rd and as this NPR article describes, there were already a record-setting number of lawsuits in motion even before the election.

What is also not surprising, but that doesn’t make it any less disappointing, is how Big Tech also moved fast, picking and choosing outcomes and rapidly deplatforming groups and initiatives in their characteristically asymmetric manner. 

A small sampling of what’s happened since Election Day:

Facebook – deplatformed the Stop The Steal page, which in the wake of the MSM calling the election for Biden was reported to be acquiring 50,000 new users per hour.  
https://www.wsj.com/articles/facebook-takes-down-group-organizing-protests-of-vote-counting-11604603908

Facebook and TikTok also  blocked the #StopTheSteal hashtags (Although I am testing that on FB as I write this and it seems ok now with over 880K posts on that tag)
https://www.theverge.com/2020/11/5/21551717/facebook-tiktok-block-election-conspiracy-theory-hashtags-twitter-monitoring

GoFundMe removed a fund raiser from its platform. Former Trump 2016 campaign advisor Matt Braynard set up a page to raise funds in order to purchase voter data for analysis. He specifically wanted to compare data on early and absentee voting patterns against change-of-address and Social Security databases looking for voter fraud. GoFundMe deemed that as “spreading election misinformation” and nuked the page.
https://reclaimthenet.org/gofundme-deletes-fundraiser-for-election-fraud/

Alternative video hosting platform Bitchute was knocked offline on Election Day, but managed to get back online within 24 hours.
https://bigleaguepolitics.com/independent-streaming-service-bitchute-deplatformed-on-election-day/

Twitter for their part, slapped a “Fake News” disclaimer over most of Trump’s tweets.

Again, I’ve been clear on this for years: tech platforms should not be picking who gets a voice and who doesn’t. They should be running the internet plumbing, making sure it’s structurally safe and legal but otherwise staying the hell out of the way. You don’t want your domain registrar, or your SaaS provider or your social media platform adjudicating what they think is true, what might happen or who gets to have their say.  Doing so is the height of grandiosity and self-importance. In the end, all it does is succeed at is in amplifying and inflaming that which they seek to suppress. 

I also invite the reader to conduct the usual thought experiment of asking themselves if they honestly think Big Tech would have deplatformed anybody questioning the results had election night gone the other way, and it was the Dems who were mounting data analytics initiatives and street protests. 

So at the risk of sounding biased, I’ll link to two overview articles that are talking about all this, from either side of it:

Read: https://variety.com/2020/politics/news/trump-claims-election-fraud-1234824100/

Pick yer poison. There is also this recent blog post of mine about the Collectivist nature of social media platforms and Big Tech.

Trump campaign site to report rejected ballots leaked voter data 

In addition to the generalized sh*itshow that is US election 2020, the Trump campaign added to the carnage via a couple of unforced errors. I still don’t fully understand what happened with the whole “Four Seasons Total Landscaping “ thing, but I do know the Trumpers’ 4D chess game seemed a little off while Four Seasons Total Landscaping probably got the publicity scoop of the century.

Meanwhile in the online world, which is #AxisOfEasy’s wheelhaus, the Trump administration erected a website where voters were supposed to be able to report rejected ballots. But the site had a security flaw, and thus leaked private voter data. 
 
The Trump campaign launched DontTouchTheGreenButton.com to support a lawsuit in Arizona to do with purported rejected votes, it collected reports from the citizenry including voter name and addresses. But the site was vulnerable to an SQL injection that enabled attackers to snarf their SSN’s and d.o.b. Identity theft, on a platter.


Canada’s bill C-10 would give CRTC regulatory powers over internet 

The long awaited dream in Canada to tax social media platforms is closer to becoming a reality with the introduction of Bill C-10. This is an update to the Broadcasting Act which gives the CRTC regulatory powers over the Internet, and gave it nine months to figure out exactly how it’s going to do that.

“The legislation…amends the definition of a broadcasting undertaking — broadcasting undertakings being those can be regulated under the act — to include “online undertaking.” Content posted by social media users is excluded.”

As you may know, I’m a director to the Internet Society Canada Chapter and we’ve been reviewing C-10 in detail, ahead of a comprehensive response we will be tabling to the government and the CRTC. Our early assessment of it is “total bag of sh*t” which is policy wonk speak for “fscking terrible.”

The ISCC policy committee is still studying it, but it looks as if content creators could come under the scope of CRTC regulation, if only theoretically to start. The Broadband Telecom Legislative Review (BTLR) earlier this year proposed mandatory licensing for content creators. 

And here’s University of Ottawa law professor Michael Geist explaining why C-10 will have the exact opposite effect of its stated aims…

Read: https://www.michaelgeist.ca/2020/11/the-governments-internet-regulation-bill-why-bill-c-10-will-mean-a-crtc-approved-netflix-service-reduced-consumer-choice-and-less-investment-in-canadian-culture/

If you’d like to support a free (as in freedom) and open internet in Canada, you may want to consider supporting the work of the Internet Society Canada Chapter at https://internetsociety.ca/


Who knew? Crispr babies can have software bugs in their genes

It’s been awhile since we covered anything about the CRISPR babies (AxisOfEasy #125). Those are the gene edited babies created by a doctor in China who ended up getting three years in prison for doing that.

The science is progressing nonetheless, with a pair of women doctors picking up a Nobel Prize  in Chemistry for their work on a gene editing tool called Crispr-Cas9. It turns out that according to a recent study, these gene editing operations can have serious side effects, resulting in cells jettisoning entire chromosomes. I don’t really know what that means, but in plain English it’s described as causing “unwanted changes in human embryos”.

Read: https://www.wsj.com/articles/crispr-gene-editing-can-lead-to-big-mistakes-in-human-embryos-1160398360 (paywall)


AxisOfEasy #29: A Deep Dive into the Network State

This week on our AxisOfEasy Salon none of us felt like talking about the US election. So I posted a picture of two ducks standing atop a 3 tonne pile of horseshit and moved onto what we felt were weightier matters: taking a deep dive into what exactly we mean when we say The Network State. We’re closer than ever to living in one, so we should understand it.

Watch: https://axisofeasy.com/podcast/salon-29-a-deep-dive-into-the-network-state/