#AxisOfEasy 209: Breach Of The Year? T-Mobile Hack Exposes Data For Millions Of Users



Weekly Axis Of Easy #209

Last Week’s Quote was “In any bureaucracy, the people devoted to the benefit of the bureaucracy itself always get in control, and those dedicated to the goals the bureaucracy is supposed to accomplish have less and less influence, and sometimes are eliminated entirely,” that was Jerry Pournelle’s “Iron Law of Bureaucracy.”  David Gay, proprietor of DavesDogHikes  of BC got there first.

This Week’s Quote: “Not that you lied, but that I no longer believe you, has shaken me”  … by???

THE RULES: No searching up the answer, must be posted to the blog – the place to post the answer is at the bottom of the post, in the comments section.

The Prize: First person to post the correct answer gets their next domain or hosting renewal is on us.


In this issue:

  • Breach of the Year? T-Mobile hack exposes PII of 54M users
  • Accenture hit with ransomware, attackers demand $50M
  • Maple Leafs new hire lasts about 30 seconds thanks to Twitter
  • Wikipedia blocks content on Ivermectin use in India
  • Ben Hunt: Noble Lies and the Power of Nudge
  • Vaccine Passports to be required for travel within Canada
  • PEW Research: More Americans favoring censorship at cost of free speech
  • MasterCard and VISA’s chilling effects on free speech
  • Uber’s Prop-22 ruled unconstitutional in California
  • Clarification on Apple’s scanning of phones for CSAM
  • Evil Coin & the Old Monetary Order

Breach of the Year? T-Mobile hack exposes PII of 54M users 

I can’t remember if there was a larger data breach already this year but T-Mobile’s now acknowledged theft of their customer data has to be up there. The telco giant started investigating reports that customer data was being offered for sale on the dark web when Vice ran a story about hackers claiming to have stolen the data of 100 million subscribers. The dark web seller told Vice that the data included “social security numbers, phone numbers, names, physical addresses, unique IMEI numbers, and driver licenses information [sic].”

That kind of trove would be a boon for identity theft and SIM swap attacks. So far the official victim count is over 50 million and T-Mobile was hit fairly quickly with a class action lawsuit.

T-Mobile has been asked by the press when and how they will notify the literally millions of past and present customers affected by the breach, and at the moment they haven’t said how they will do so. They did put out this blog post on how to protect oneself in light of the breach, which is a largely unhelpful exercise in CYA. The one critical action T-Mobile users could and should take right away (as per Mashable) is to change their account PIN.

“To change your T-Mobile PIN:

  1. Log into your T-Mobile account
  2. Under the MY T-MOBILE drop-down menu, select My Profile > Profile Information
  3. Scroll down, and next to Change PIN select Edit
  4. Enter your new PIN twice, then select Save”

Meanwhile, AT&T has issued a denial  that they too have suffered a breach after a threat actor called ShinyHunters started auctioning off data for a claimed 70 million subscribers of theirs. He opened the bidding at $200K USD and will sell the entire trove for $1 million USD. Maybe next week I’ll simply copy and paste this item, searching and replacing T-Mobile with AT&T. We’ll see.

Read: https://www.vice.com/en/article/akg8wg/tmobile-investigating-customer-data-breach-100-million

And: https://www.cnet.com/tech/services-and-software/t-mobile-data-breach-more-than-50-million-people-now-affected/

Accenture hit with ransomware, attackers demand $50M

Accounting firm Accenture was hit with the LockBit 2 ransomware a little over a week ago. On August 11th,  a countdown timer began circulating that showed over 6 TB of Accenture files would be published on the web unless Accenture ponied up a $50M USD ransom.

Accenture acknowledged the attack and have since brought their systems back online. I have also not seen any subsequent items about their files being published, which leads me to believe that they paid up.

Read: https://www.bleepingcomputer.com/news/security/accenture-confirms-hack-after-lockbit-ransomware-data-leak-threats/

Maple Leafs new hire lasts about 30 seconds thanks to Twitter

The Toronto Maple Leafs hockey club farm team, the Toronto Marlies hired Dusty Imoo to be their new goaltending coach. Imoo was, (emphasis on was) a well respected goaltending coach known for helping current Leafs’ goaltender Jack Campbell overcome the big league jitters early in his NHL career when he was initially drafted by the LA Kings.

Within 48 hours, Imoo’s social media history had been “back checked” by a Twitter mob the public and it was all over. Imoo having “liked” the wrong sorts of tweets by the wrong sorts of people was fired from the very top of the Leafs’ organization: with GM Brendan Shanahan tweeting that they had made an error in judgement and had failed to “properly vet” the new hire.

If this doesn’t make you rethink your own social media usage, it should.

It does not bode well for society at large or even the social media platforms themselves when people’s postings and likes can be used down the road to destroy one’s career and define them evermore. For one thing, I personally used to use Twitter’s “like” function as a book-mark for something I may have wanted to reference later in a blog post or even within AxisOfEasy.  I’m sure I’m not alone. It didn’t mean I agreed with, nor endorsed the tweet. Add the Leafs to organizations who are delegating HR decisions to twitchunts. There is no semblance of due process to find out what was going on in somebody’s mind when they used a button built into a platform to note a tweet that is ostensibly permitted on the very same platform or even if it’s anybody’s else’s business. Yet we live in an age where other people’s opinions of your thoughts and reactions may destroy your life.

The incentive structure of taking part on Twitter is decidedly asymmetrical:

Especially if your sentiments are not in total conformity with the prevailing zeitgeist that defines mainstream media and dominates Big Tech.

Read: https://torontosun.com/sports/hockey/maple-leafs-dust-imoo-after-social-media-activity-comes-to-light

Wikipedia blocks content on Ivermectin use in India

It’s difficult to tell if Ivermectin has helped India turn the corner on COVID. They were suffering one of the worst fatality rates globally in the early part of 2021 and then according to non-mainstream reports, the government there started recommending Ivermectin in treatment of patients and things seemed to turn the corner. This is all dismissed as lunacy and fringe by the mainstream media. This “fact check” by Politifact once again relies on logical fallacies and circular reasoning to dismiss an otherwise backhanded admission that around the same time the Indian government started advocating for Ivermectin treatments, cases and fatalities started to drop.

You can’t even talk about this on Wikipedia. A purported medical doctor writing under the name “Justus R. Hope” (pseudonymously, presumably because they’re trying not to wreck their own career) describes in “India’s Ivermectin Blackout” how the mainstream media in general, including the supposedly neutral Wikipedia, will not countenance any talk about how India beat the Delta variant with the help of Ivermectin:

“There is a blackout on any conversation about how Ivermectin beat COVID-19 in India. When I discussed the dire straits that India found itself in early this year with 414,000 cases per day, and over 4,000 deaths per day, and how that evaporated within five weeks of the addition of Ivermectin, I am often asked, “But why is there no mention of that in the news?”

Yes, exactly. Ask yourself why India’s success against the Delta variant with Ivermectin is such a closely guarded secret by the NIH and CDC. Second, ask yourself why no major media outlets reported this fact, but instead, tried to confuse you with false information by saying the deaths in India are 10 times greater than official reports.

Wikipedia will also not allow a Dr. Tess Lawrie and Pierre Kory’s peer reviewed meta-analysis of Ivermectin to be cited within its pages. Nor will they allow a more recent meta-analysis by Dr. Andrew Hill or any mentions of Ivnmeta which is currently tracking 63 studies.

The Lawrie and Kory study, easily found on the US government’s NIH website here looked at 18 separate trials using Ivermectin concludes:

“Meta-analyses based on 18 randomized controlled treatment trials of ivermectin in COVID-19 have found large, statistically significant reductions in mortality, time to clinical recovery, and time to viral clearance. Furthermore, results from numerous controlled prophylaxis trials report significantly reduced risks of contracting COVID-19 with the regular use of ivermectin. Finally, the many examples of ivermectin distribution campaigns leading to rapid population-wide decreases in morbidity and mortality indicate that an oral agent effective in all phases of COVID-19 has been identified.”

Anybody posting about this to social media often finds themselves “fact checked” or worse, while the media’s antipathy towards anything that isn’t a Big Pharma intervention is beyond obvious.

Example, a study undertaken in Brazil supervised by MacMaster University showed zero efficacy of Ivermectin in patient outcomes. LA Times ran a piece about it by Michael Hiltzik (who won a couple of Pulitzers back in the 90’s. The title was “Major study of Ivermectin, the anti-vaccine crowd’s latest COVID drug, finds ‘no effect whatsoever'” and prominently featured a picture of Trump.

Nevermind that “The study’s results on Ivermectin haven’t been formally published or peer-reviewed.”  It’s a slam dunk. Hiltzik also proposes that doctors who spread “coronavirus misinformation” be stripped of their licenses to practice medicine.

When it comes to the MSM and Wikipedia, peer reviewed studies on issues that violate the narrative are to be marginalized and squelched, but anything that supports the groupthink position is to be widely amplified, even before it’s been peer reviewed.

Read: https://www.zerohedge.com/covid-19/indias-ivermectin-blackout

My point about Ivermectin (and the lab origin theory) was never to say either narrative was true. It was always to point out that using well established rules of both the scientific method and critical thinking, it was impossible for anybody (let alone commercial media and tech platforms who get paid by the click) to state what is or isn’t “truth.”  Lab origin theory went from debunked conspiracy theory that would get you deplatformed to “probably what happened” within a few short months. India’s Delta variant wave was out of control and then it wasn’t. The change in trajectory may or may not correspond to the deployment of Ivermectin but I don’t think anybody acting in good faith can categorically dismiss it.

Ben Hunt: Noble Lies and the Power of Nudge

I’ve been on a fair number of podcasts and interviews since all this began and when the conversation trends toward the conspiratorial, about what’s going on in the world these days, I am usually quick to point out that I don’t see what is happening (basically that open-mindedness is actively penalized while groupthink is effectively compulsory) as an outright conspiracy with edicts on wrongthink and doublespeak as much as it is a dynamic borne out by certain incentives and driven by a high level simpatico among policy makers, technocrats, with governing and corporate elites.

Ben Hunt captures exactly what I mean by this in his review of Dick Thaler and Cass Sunstein’s Nudge. Thaler is a Nobel winning economist and Sunstein is a law professor who headed up the White House Office of Information and Regulatory Affairs under Obama. Their book lays out what they call “libertarian paternalism,” which actually isn’t really libertarian but that’s just their term to describe how governments can build the “choice architecture” so that the rabble will  think they make choices along the lines the people in charge want them to….

“In its most basic application, the nudge of “choice architecture” is literally a reframing of formal choices available to us children citizens. Want more organ donors? Why, just make organ donation an opt-out choice rather than an opt-in choice on driver’s license applications. Just make organ donation the default choice, like it is in Austria, and voila! 90% of the population will “choose” to be organ donors. Want to eliminate the various tax and social advantages provided to married couples? Why, just strike the word “marriage” from federal and state laws entirely. Just replace marriage certificates with civil union certificates, and pretty soon people will “choose” civil unions over marriage. Again, I’m not imposing these examples on Thaler and Sunstein’s framework. These are their examples.”

Alas, it turned out that jerry rigging actual choice architecture is hard, simply because the governing bureaucracy is so large it has its own inertia that is hard to “nudge” in itself.

But when it comes to narratives, well that’s a whole ’nother ballgame. With narrative there are “tools” that can be used to nudge the conversation the direction it needs to go. They have names like “counter speech” and “cognitive infiltration.” From one of Sunstein’s separate papers, cited in the book:

“What can government do about conspiracy theories? Among the things it can do, what should it do? We can readily imagine a series of possible responses. (1) Government might ban conspiracy theorizing. (2) Government might impose some kind of tax, financial or otherwise, on those who disseminate such theories. (3) Government might itself engage in counterspeech, marshaling arguments to discredit conspiracy theories. (4) Government might formally hire credible private parties to engage in counterspeech. (5) Government might engage in informal communication with such parties, encouraging them to help.
Each instrument has a distinctive set of potential effects, or costs and benefits, and each will have a place under imaginable conditions. However, our main policy idea is that government should engage in cognitive infiltration of the groups that produce conspiracy theories, which involves a mix of (3), (4) and (5).”

 Cass Sunstein and Adrian Vermeule “Conspiracy Theories” (2008)

And in case you were wondering exactly what cognitive infiltration is, Ben Hunt pulled the relevant quote in Sunstein’s words:

“Government agents (and their allies) might enter chat rooms, online social networks, or even real-space groups and attempt to undermine percolating conspiracy theories by raising doubts about their factual premises, causal logic or implications for political action.”

Hunt does an excellent job elucidating exactly why this is a problem, why what I called earlier “compulsory groupthink” is far more Orwellian than allowing the rabble to think all kinds of crazy, non-sanctioned things…

“What makes Sunstein’s notion of cognitive infiltration all the more chilling is that the sole guideline for determining whether a narrative is false and harmful in the first place is a utilitarian notion of “social welfare,” and the sole arbiter of that social welfare is the Executive of the “well-motivated” State (meaning, in a triumph of circular reasoning, a State that is assumed to be motivated by social welfare concerns).”

What is perhaps most chilling is that line out of The Big Short, which I just re-watched the other day:

“True believers in the power of Nudge and the righteousness of Nudge do not see smiley-face authoritarian influence over social choice through the misuse of language as the enemy of good government. They see it as the GOAL of good government.”

Let’s just cut straight to the chase now:

“The story of our institutional response to Covid has been and continues to be a series of truths told with bad intent, a constant effort to nudge and use words instrumentally for partisan or corporate advantage.”

Read the whole article here: https://www.epsilontheory.com/nudging-state-noble-lies/

Ben Hunt was our guest on AxisOfEasy Salon #26.

Vaccine Passports to be required for travel within Canada 

The Trudeau government: It’s safe enough to hold a general election in September.

Also the Trudeau Government: we need vaccine passports for all air and train travel even within the country, effective October 1st.

Such are the new rules out of Ottawa. Mere months after the Prime Minister said he was hesitant to employ vaccine passports, and weeks after he said he’d leave it to the provinces and seemingly taking his cue after media outlets the Toronto Star and the Globe and Mail, said he might win a majority if he implemented them, Trudeau announced the implementation of vaccine passports for all air, train and ship travel, even within Canada.

A couple days later he called an election.

Read: https://www.forbes.com/sites/sandramacgregor/2021/08/18/canada-to-make-proof-of-vaccination-mandatory-for-air-and-train-travel/

Quebec has gone a step further and will require vaccine passports to enter all “non-essential” venues, such as restaurants and movie theatres, after September 1st.

PEW Research: More Americans favoring censorship at cost of free speech

According to PEW Research, an increasing number of US citizens are in favour of censorship to quash (so-called) “mis-information,” even if it means limiting free speech.

Comparing their results to the same study conducted in 2018, an already worrying trend has only gotten worse:

In 2018, 39% of respondents said that the US government should take steps to restrict false information online even if it means restricting free speech. This year that went up to 48%.

The same question posed, inserting tech companies in the place of the government, 56% of the respondents already felt this should be the case in 2018, now up to 59%.

Reminder that regardless of what people say they want, the US Constitution expressly forbids the government from enacting any law that restricts freedom of speech, and both the Canadian Charter of Rights and Freedoms and the UN Declaration of Human Rights list freedom of speech as a basic human right.

Read: https://www.pewresearch.org/fact-tank/2021/08/18/more-americans-now-say-government-should-take-steps-to-restrict-false-information-online-than-in-2018/

Bearing in mind that there really is nobody in a position 
to decide what is or isn’t “mis-information,” there are two possible reasons people want free speech to be limited, and both are non-starters in my book. Reason #1 is that instead of having to think for themselves, people want to be told what to think. Reason #2 is that people believe they have the right to decide what other people get to say or think. I have no sympathy for those in the first camp and categorically refuse those in the second.

MasterCard and VISA’s chilling effects on free speech

The online pornography industry was rocked last week when OnlyFans announced that they would be banning sex workers and explicit content from their platform. The reason why was cited as pressure from their banking and payout partners.

Standing behind those partners, and who we already knew from prior episodes were exerting their influence into the public sphere were the credit card companies: Visa and Mastercard. They had already cut off processing to PornHub last year after a NY Times op-ed brought to light problematic content (underage exploitation, non-consensual acts, revenge videos). OnlyFans has decided to try to stay a step ahead of any potential issues with their payment processing and jettisoned the adult content providers.

This Protocol article looks at the unchecked power the payment processing duopoly of Visa and Mastercard could yield in wider aspects of content and dialogue.

“Voices in the adult entertainment industry are not alone in speaking out about consolidation in the payment-processing market. Advocates for free expression more broadly also frame OnlyFans’ decision as an issue of corporate power. “Payment processing has long provided a convenient choke-point for censorship,” Evan Greer, director of the digital rights group Fight for the Future, wrote in a Twitter thread Friday.

“As long as businesses like OnlyFans are reliant on centralized tech infrastructure, they will always behave like businesses that are ‘renting’ & not ‘owning,’ and they’ll always be scared that their landlords (Mastercard/Visa, Paypal, Amazon Web Services) will evict them,” Greer continued.”

That sounds a lot like the core premise of my book, Unassailable.

Read: https://www.protocol.com/policy/onlyfans-visa-mastercard

Jesse Hirsh also covered this in a recent Metaviews column.

Uber’s Prop-22 ruled unconstitutional in California

Prop 22 is back in the news. That was California’s (or rather Uber and Lyft’s) gig-economy bill that made it legal for these money-losing unicorns to externalize one of their largest business expenses: their drivers. Under Prop 22, which passed, the ride hailing companies (and numerous others) could treat their employees as contractors, thereby making it easier for them to lower costs, undercut other companies (like independent small businesses) and play by a different set of rules than everybody else (and still lose hundreds of millions of dollars every year).

The California Supreme Court has ruled that Prop 22 is unconstitutional (meaning the State constitution, not the US constitution), finding that it “limits the power of a future legislature to define app-based drivers as workers subject to workers’ compensation law.”

The Protect App-Based Drivers & Services Coalition, a Silicon Valley shill outfit gig economy lobby group (heavily funded by Uber, Lyft and Doordash) say they will appeal the decision.

Read: https://www.protocol.com/bulletins/prop-22-unconstitutional

Clarification on Apple’s scanning of phones for CSAM

In our last issue (two weeks ago since I was on vacation), we covered how Apple announced it will be scanning photos for CSAM (Child Sexual Abuse Material). Long time reader and easyDNS customer Adam Engst, who runs TidBits newsletter sent me additional context, quoting verbatim:

• It’s NeuralHash, not neuralMatch.
• It’s not scanning your iPhone’s photos or those in iCloud Photos. It scans new photos that are being uploaded to iCloud Photos.
• The matching is done with a threshold, so it reports only if the number of matches exceeds a threshold, not a single image.
• When there’s a match, it’s reviewed by a human at Apple, not reported to the police. If it does match known CSAM, it’s reported to NCMEC and law enforcement.
• It’s probably worth noting that it’s US-only, so it doesn’t apply to anyone in other countries.

That’s not to say that it’s a good thing or that it’s not controversial, but it’s a lot more specific and subtle than most people are saying.
I’d recommend reading our article on it and following up on the resources that I and others share in the comments.

Read: https://tidbits.com/2021/08/07/faq-about-apples-expanded-protections-for-children/

If you’re a Mac user and not already a subscriber to Tidbits, you should be.

Evil Coin & the Old Monetary Order

A few months ago I taped an interview with The Policy Blog’s John Lillywhite about the dynamics between platforms and protocols, Central Bank Digital Currencies and cryptos, and centralization vs decentralization.

It came out today as the inaugural episode of Lillywhite’s “Origins of Government” podcast series. Lillywhite is a historian, academically, who’s own work looks at how the patterns of the past are playing out today and into the future. His master’s thesis “The Return of Cyberspace: Towards a Digital Architecture for Internet Governance” looks at the very same issues and transition we do when we talk about Network States vs Nation States.

Listen: https://soundcloud.com/user-105536399/mark-jeftovic-evil-coin-the-old-monetary-order

And: https://www.academia.edu/44467474/The_Return_of_Cyberspace_Towards_a_Digital_Architecture_for_Internet_Governance

3 thoughts on “#AxisOfEasy 209: Breach Of The Year? T-Mobile Hack Exposes Data For Millions Of Users

Leave a Reply

Your email address will not be published. Required fields are marked *