Privacy

Repo Men Scan Billions of License Plates -- For the Government (washingtonpost.com) 212

The Washington Post notes the billions of license plate scans coming from modern repo men "able to use big data to find targets" -- including one who drives "a beat-up Ford Crown Victoria sedan." It had four small cameras mounted on the trunk and a laptop bolted to the dash. The high-speed cameras captured every passing license plate. The computer contained a growing list of hundreds of thousands of vehicles with seriously late loans. The system could spot a repossession in an instant. Even better, it could keep tabs on a car long before the loan went bad... Repo agents are the unpopular foot soldiers in the nation's $1.2 trillion auto loan market... they are the closest most people come to a faceless, sophisticated financial system that can upend their lives...

Derek Lewis works for Relentless Recovery, the largest repo company in Ohio and its busiest collector of license plate scans. Last year, the company repossessed more than 25,500 vehicles -- including tractor trailers and riding lawn mowers. Business has more than doubled since 2014, the company said. Even with the rising deployment of remote engine cutoffs and GPS locators in cars, repo agencies remain dominant. Relentless scanned 28 million license plates last year, a demonstration of its recent, heavy push into technology. It now has more than 40 camera-equipped vehicles, mostly spotter cars. Agents are finding repos they never would have a few years ago. The company's goal is to capture every plate in Ohio and use that information to reveal patterns... "It's kind of scary, but it's amazing," said Alana Ferrante, chief executive of Relentless.

Repo agents are responsible for the majority of the billions of license plate scans produced nationwide. But they don't control the information. Most of that data is owned by Digital Recognition Network (DRN), a Fort Worth company that is the largest provider of license-plate-recognition systems. And DRN sells the information to insurance companies, private investigators -- even other repo agents. DRN is a sister company to Vigilant Solutions, which provides the plate scans to law enforcement, including police and U.S. Immigration and Customs Enforcement. Both companies declined to respond to questions about their operations... For repo companies, one worry is whether they are producing information that others are monetizing.

Transportation

Utilities, Tesla Appeal Federal Rollback of Auto Emissions Standards (arstechnica.com) 113

A coalition of utilities and electric vehicle makers, including Tesla, are petitioning the EPA to reconsider its recent plan to roll back auto emissions standards. In April, the EPA said that it would relax greenhouse gas emissions standards that had been put in place for model year 2022-2025 vehicles. Ars Technica reports: The National Coalition for Advanced Transportation (NCAT) represents 12 utilities as well as Tesla, electric truck maker Workhorse, and EV charging network EVgo. NCAT earlier this month asked the Second Circuit Court of Appeals in Washington, DC to review the EPA's latest efforts to relax the Obama-era fuel economy standards.

The coalition challenge to the EPA follows a similar challenge made by 17 states, including California. The utilities' efforts show that they're interested in protecting one of the major projected avenues for growth in electricity demand. Electricity consumption has stagnated in the U.S. as efficiency measures take effect and, in some states, solar panels make it easier for residents to buy less electricity from the local utility.

Transportation

Elon Musk Pitches 150 MPH Rides In Boring Company Tunnels For $1 (engadget.com) 70

An anonymous reader quotes a report from Engadget: At The Boring Company Information Session not all of the talk centered on flamethrowers. Elon Musk and project leader Steve Davis described many details of their visions for an underground network that could alleviate traffic problems in big cities. Musk said "we're not suggesting this to the exclusion of other approaches," but did take a moment to call out flying taxi solutions (like Uber Elevate) right off the bat due to danger and noise.

Earlier in the evening Musk retweeted an LA Metro tweet that said it's coordinating with The Boring Company on its test and said the two will be "partners" going forward. Much of what Musk discussed about how his concept in-city Loop would work has been answered in concept videos and the company's FAQ, but he specifically said that the plan is for rides that cost a $1, and carry up to 16 passengers through hundreds of tunnels to those small, parking space-size tunnels located throughout a city. Test runs in the loop have already hit a couple of hundred miles an hour, and Musk's plan is for vacuum Hyperloop tubes between cities that enable travel in pressurized carts at up to 300 MPH. That's compared to 150 MPH in the in-city Loop carts, all without slowing down due to traffic or anything else. The main concern is hitting speeds that are still comfortable for people inside.
The timeframe for when the "weird little Disney ride in the middle of LA" will be available to the public is unclear.
Android

With Steam Link App, Your Smartphone Can Be An Imperfect Gaming Monitor (arstechnica.com) 47

Ars Technica's Kyle Orland shares his experience with Valve's recently announced Steam Link app, which lets users play games running on a PC via a tablet, mobile phone, or Apple TV on the same network. The app launches today for Android 5.0+ devices; iOS support is "pending further review from Apple." From the report: Valve isn't kidding when it says a Wi-Fi router in the 5Ghz band is required for wireless streaming. I first tested iPad streaming on the low-end 2.4Ghz router provided with my Verizon FiOS subscription (an Actiontec MI424WR), with a wired Ethernet connection to my Windows gaming rig on the other end. The Steam Link network test warned me that "your network may not work well with Steam Link," thanks to 1- to 2-percent frame loss and about 15ms of "network variance," depending on when I tested. Even graphically simple games like The Binding of Isaac ran at an unplayably slowed-down rate on this connection, with frequent dropped inputs to boot.

Switching over to a 5GHz tri-band router (The Netgear Nighthawk X6, to be precise), the same network test reported a "fantastic" connection that "look[s] like it will work well with Steam." On this router, remotely played games ran incredibly smoothly at the iPad's full 1080p resolution, with total round-trip display latency ranging anywhere from 50 to 150ms, according to Steam Link's reports (and one-way "input lag" of less than 1ms). At that level of delay, playing felt practically indistinguishable from playing directly on the computer, with no noticeable gameplay impact even on quick-response titles like Cuphead.

Security

Hardcoded Password Found in Cisco Enterprise Software, Again (bleepingcomputer.com) 70

Catalin Cimpanu, writing for BleepingComputer: Cisco released 16 security advisories yesterday, including alerts for three vulnerabilities rated "Critical" and which received a maximum of 10 out of 10 on the CVSSv3 severity score. The three vulnerabilities include a backdoor account and two bypasses of the authentication system for Cisco Digital Network Architecture (DNA) Center. The Cisco DNA Center is a piece of software that's aimed at enterprise clients and which provides a central system for designing and deploying device configurations (aka provisioning) across a large network. This is, arguably, a pretty complex piece of software, and according to Cisco, a recent internal audit has yielded some pretty bad results.
Businesses

Faster Flights Are Coming With New Satellite Tracking Technology (bloomberg.com) 34

An anonymous reader shares a report: The company that provides the U.K.'s air-traffic control service is taking a 10 percent stake in Aireon, a U.S. firm that's building a satellite-based tracking system and will offer commercial services to controllers starting next year. Aireon plans to use a constellation of 66 Iridium Communications. Next satellites in low Earth orbit to track aircraft. Iridium has 50 in orbit already, 47 of which are operational. Each carries equipment to offer aircraft position data to ground controllers.

Iridium plans to launch five additional satellites on May 22 from California, completing its full network later this year. Aireon said 70 percent of the world's airspace lacks satellite tracking or airline surveillance coverage, including most oceans and parts of Africa and Latin America.

Bitcoin

Nobody Knows How Much Energy Bitcoin Is Using (vice.com) 161

dmoberhaus writes: A new report published in 'Joule' today claims Bitcoin may use up to 0.5% of the world's energy by the end of this year. We often hear about how bad Bitcoin is for the environment -- it already uses the same amount of energy as the country of Ireland -- but these numbers are usually just the /minimum/ amount of energy the network must be using. The actual amount of energy used by the Bitcoin network is likely substantially higher, but getting an accurate reading on that energy level is hard. The only researcher trying to quantify Bitcoin's energy use spoke to Motherboard about opening Bitcoin's 'black box.'
The Almighty Buck

Ecuador Spent $5 Million Protecting and Spying On Julian Assange, Says Report (theverge.com) 165

Citing reports from The Guardian and Focus Ecuador, The Verge reports that Ecuador's intelligence program spent at least $5 million "on an elaborate security and surveillance network around WikiLeaks founder Julian Assange." The intelligence program was known as "Operator Hotel," which began as "Operation Guest" when Assange took refuge in Ecuador's UK embassy in 2012. From the report: Operation Hotel has allegedly covered expenses like installing CCTV cameras and hiring a security team to "secretly film and monitor all activity in the embassy," including Assange's daily activities, moods, and interactions with staff and visitors. The Guardian estimates Ecuadorian intelligence agency Senain has spent at least $5 million on Assange-related operations, based on documents they reviewed. The report details attempts to improve Assange's public image and potentially smuggle him out of the embassy if he was threatened. But it also writes that relations between Assange and Ecuador have badly deteriorated over the past several years. In 2014, Assange allegedly breached the embassy's network security, reading confidential diplomatic material and setting up his own secret communications network.
Facebook

Facebook Deleted 583 Million Fake Accounts in the First Three Months of 2018 (cnet.com) 75

Facebook said Tuesday that it had removed more than half a billion fake accounts and millions of pieces of other violent, hateful or obscene content over the first three months of 2018. From a report: In a blog post on Facebook, Guy Rosen, Facebook's vice president of product management, said the social network disabled about 583 million fake accounts during the first three months of this year -- the majority of which, it said, were blocked within minutes of registration. That's an average of over 6.5 million attempts to create a fake account every day from Jan. 1 to March 31. Facebook boasts 2.2 billion monthly active users, and if Facebook's AI tools didn't catch these fake accounts flooding the social network, its population would have swelled immensely in just 89 days.
Communications

Wi-Fi Alliance's Wi-Fi EasyMesh Certification Aims To Standardize Mesh Networks (pcworld.com) 39

The Wi-Fi Certified EasyMesh program that the Wi-Fi Alliance announced today promises to do for mesh networks what the Alliance has long done for wireless networking gear in general: Assure consumers that they can build out wireless home networks without worrying if one brand of device will be compatible with another. From a report: The emergence of mesh networking somewhat undermined that effort, because every manufacturer pursued its own path. Wi-Fi is still Wi-Fi, so you don't need to worry that your smartphone, or media streamer, or home security camera will connect to your wireless router, regardless of brand. But if you buy a Linksys Velop router today, for example, you can buy only Linksys Velop access points if you want to expand your network to cover more areas of your home later. EasyMesh promises to bring to mesh networks the same interoperability assurances that conventional routers have long offered.
Piracy

The Brazen Bootlegging of a Multibillion-Dollar Sports Network (nytimes.com) 63

What do you do when your multibillion dollar sports network has been stolen? For the last several days, executives at Qatar's beIN Sports, which functions as the ESPN of the Middle East, have been pondering the same question. For the last several months, live coverage of beIN Sports feed is being broadcast on nearly a dozen beoutQ channels, a bootlegging operation seemingly based in Saudi Arabia, whose roots lie in the bitter political dispute between Qatar and a coalition of countries led by its largest neighbors, Saudi Arabia and the United Arab Emirates. From a report: The coalition countries have subjected Qatar to a punishing blockade over the past year. Those countries last year accused Qatar of supporting terrorism and criticized its relationship with Iran, an ally of Syrian leader Bashar al-Assad. They enacted an embargo, cut off diplomatic ties and set up the blockade of the energy-rich emirate, closing Qatar's access to many of the region's ports and much of its airspace. Qatar has denied the allegations and has claimed it has assisted the United States in its war on terrorism.

Now, one month before the start of the World Cup, the world's most-watched sporting event and beIN's signature property, the audacious piracy operation is positioned to illicitly deliver the tournament's 64 games to much of the Middle East. Qatar, despite abundant resources, has been powerless to stop it. Decoder boxes embossed with the beoutQ logo have for months been available across Saudi Arabia and are now for sale in other Arab-speaking countries. A one-year subscription costs $100. A Bangladeshi worker reached by phone at Sharif Electronics in Jeddah this week said his shop has been selling the boxes for three months. "Many people buy them," he said.

Security

One Year After WannaCry, EternalBlue Exploit Is Bigger Than Ever (bleepingcomputer.com) 62

An anonymous reader quotes a report from Bleeping Computer: Exactly one year after the biggest cyber-security incident in history, the exploit at the heart of the WannaCry attack is now more popular than ever, according to telemetry data gathered by Slovak antivirus vendor ESET. Named EternalBlue, the exploit was supposedly developed by the cyber division of the U.S. National Security Agency. EternalBlue was part of a large cache of tools that a hacker group known as The Shadow Brokers stole from NSA servers in 2016 and then leaked online from August 2016 to April 2017. Many suspect the NSA might have notified Microsoft of what the Shadow Brokers stole, because in March 2017, a month before EternalBlue was released, Microsoft released MS17-010, a security bulletin containing patches for the many SMB-targeting exploits included in the Shadow Broker leak.

Even if EternalBlue is not being used anymore to help ransomware become a virulent nightmare on a global level (only on a network level), most regular users don't know that it's still one of today's biggest threats. This threat doesn't only come from malware authors continuing to weaponize it for a diverse set of operations. Malware authors wouldn't ever bother with an inefficient exploit. ExploitBlue continues to be a threat because of the vulnerable machines still available online. According to Nate Warfield of the Microsoft Security Response Center, there are still plenty of vulnerable Windows systems exposing their SMB service available online.

Security

Hacker Shuts Down Copenhagen's Public City Bikes System (bleepingcomputer.com) 72

An anonymous reader writes: "An unidentified hacker has breached Bycyklen -- Copenhagen's city bikes network -- and deleted the organization's entire database, disabling the public's access to bicycles over the weekend," reports Bleeping Computer. "The hack took place on the night between Friday, May 4, and Saturday, May 5, the organization said on its website. Bycyklen described the hack as "rather primitive," alluding it may have been carried out "by a person with a great deal of knowledge of its IT infrastructure." Almost 2,000 bikes were affected, and the company's employees have been working for days, searching for bikes docked across the city and installing a manual update to restore functionality. The company is holding a "treasure hunt," asking users to hunt down and identify non-functional bikes.
The Internet

Russian Fake News Ecosystem Targets Syrian Human Rights Workers (securityledger.com) 259

chicksdaddy shares a report from The Security Ledger: Kremlin linked news sites like RT and Sputnik figure prominently in an online disinformation campaign portraying Syrian humanitarian workers ("White Helmets") as terrorists and crisis actors, according to an analysis (PDF) by researchers at University of Washington and Harvard. An online "echosystem" of propaganda websites including Russia backed news outlets Sputnik and RT is attacking the credibility of humanitarian workers on the ground in rebel occupied Syria, according to a new analysis by researchers at The University of Washington and Harvard University. Online rumors circulated through so called "alternative" media sites have attacked the Syrian Civil Defense (aka "White Helmets") as "crisis actors" and Western agents working on behalf of the U.S. and NATO. Statistical analysis of the online rumors reveal a tight network of websites sharing nearly identical content via Twitter and other social media platforms, wrote Kate Starbird. Starbird is an Assistant Professor of Human Centered Design & Engineering at University of Washington and a leading expert on so-called "crisis informatics."

In activity reminiscent of the disinformation campaigns that roiled the U.S. Presidential election in 2016, articles by what Starbird describes as "a few prominent journalists and bloggers" writing for self described "alternative" news sites like 21stCenturyWire, GlobalResearch, MintPressNews, and ActivistPost are picked up by other, smaller and more niche websites including both left- and right-leaning partisan news sites, "clickbait sites," and conspiracy theory websites. Government funded media outlets from Syria, Iran, Hezbollah and Russia figure prominently in the Syrian disinformation campaign, Starbird's team found. In particular, "Russian government-funded media outlets (i.e. SputnikNews and RT) play a prominent and multi-faceted role within this ecosystem," she wrote.

United Kingdom

London Plans To Ban Junk Food Advertising On Public Transport (bloomberg.com) 175

Junk food advertising could be banned from the entire Transport for London network under proposals announced by Mayor Sadiq Khan, as he tries to tackle rising levels of childhood obesity in the city. From a report: "I want to reduce the influence and pressure that can be put on children and families to make unhealthy choices," Khan said in a statement announcing the proposals to ban advertisements for unhealthy food and drink on London's trains, buses and bus shelters. The mayor also proposed a ban on new hot food takeaway stores opening within 400 meters of schools.

London has one of the highest childhood obesity rates in Europe -- nearly 40 percent of 10-11 year-olds in the capital are overweight or obese, according to the statement. Children from poorer areas are disproportionately affected by the "obesity epidemic," Khan said, adding that young people from Barking and Dagenham in East London are almost twice as likely to be overweight as children from the upmarket Richmond neighborhood.

Chrome

Malicious Chrome Extensions Infect Over 100,000 Users Again (arstechnica.com) 39

An anonymous reader quotes Ars Technica: Criminals infected more than 100,000 computers with browser extensions that stole login credentials, surreptitiously mined cryptocurrencies, and engaged in click fraud. The malicious extensions were hosted in Google's official Chrome Web Store. The scam was active since at least March with seven malicious extensions known so far, researchers with security firm Radware reported Thursday. Google's security team removed five of the extensions on its own and removed two more after Radware reported them. In all, the malicious add-ons infected more than 100,000 users, at least one inside a "well-protected network" of an unnamed global manufacturing firm, Radware said...

The extensions were being pushed in links sent over Facebook that led people to a fake YouTube page that asked for an extension to be installed. Once installed, the extensions executed JavaScript that made the computers part of a botnet. The botnet stole Facebook and Instagram credentials and collected details from a victim's Facebook account. The botnet then used that pilfered information to send links to friends of the infected person. Those links pushed the same malicious extensions. If any of those friends followed the link, the whole infection process started all over again. The botnet also installed cryptocurrency miners that mined the monero, bytecoin, and electroneum digital coins.

Crime

A Smart Doorbell Company Is Working With Cops To Report 'Suspicious' People, Activities (vice.com) 273

An anonymous reader quotes a report from Motherboard: Smart doorbell company Ring is making it easier for customers to call the cops on "suspicious" people and activities. The startup, which Amazon acquired for reportedly "more than" $1 billion this year, uses security cameras to let people monitor their entryways. Now, it's launching its Neighbors app -- a platform for reporting crime that, so far, police in Fort Lauderdale and Orlando, and the Ventura Sheriff's Department, have access to. "Over the next days and weeks, law enforcement across the U.S. will be joining Neighbors," a Ring spokesperson told me over email.

The app, while presented as a crime-fighting aid, could also be a new place for paranoid people to profile fellow citizens, as similar platforms in the past have turned out to be. According to the company's statement in a press release for Neighbors today: "In addition to receiving push notifications about potential security issues, app users can see recent crime and safety posts uploaded by their neighbors, the Ring team and local law enforcement via an interactive map. If a neighbor notices suspicious activity in their area, they can post their own text, photo or video and alert the community to proactively prevent crime."

Security

Equifax's Data Breach By the Numbers: 146 Million Social Security Numbers, 99 Million Addresses, and More (theregister.co.uk) 69

Several months after the data breach was first reported, Equifax has published the details on the personal records and sensitive information stolen in the cybersecurity incident. The good news: the number of individuals affected by the network intrusion hasn't increased from the 146.6 million Equifax previously announced, but extra types of records accessed by the hackers have turned up in Mandiant's ongoing audit of the security breach," reports The Register. From the report: Late last week, the company gave the numbers in letters to the various U.S. congressional committees investigating the network infiltration, and on Monday, it submitted a letter to the SEC, corporate America's financial watchdog. As well as the -- take a breath -- 146.6 million names, 146.6 million dates of birth, 145.5 million social security numbers, 99 million address information and 209,000 payment cards (number and expiry date) exposed, the company said there were also 38,000 American drivers' licenses and 3,200 passport details lifted, too.

The further details emerged after Mandiant's investigators helped "standardize certain data elements for further analysis to determine the consumers whose personally identifiable information was stolen." The extra data elements, the company said, didn't involve any individuals not already known to be part of the super-hack, so no additional consumer notifications are required.

Bitcoin

Telegram's Billion-Dollar ICO Has Become a Mess (amazon.com) 34

Jon Russell and Mike Butcher from TechCrunch report of the mess that is Telegram's billion-dollar initial coin offering (ICO): Telegram's ICO was supposed to be a record-breaker to develop a platform that brings the decentralized internet to life. Instead, it has become a mess with the tightly controlled fundraising process in disarray as early backers sell their tokens for handsome returns. The company recently canceled the public sale piece of its ICO, the Wall Street Journal reported this week, after it raised $1.7 billion from private sale investors, according to SEC filings. But the issues date back further.

Telegram's grand vision is to build the TON (Telegram Open Network), a blockchain-based platform that extends its messaging app, which counts 200 million active users, into a range of services that include payments, file storage, censorship-proof browsing and decentralized apps hosted on the platform. According to the original whitepaper, the plan was to raise $1.2 billion using both invite-only private investors and an open sale to the public. Telegram later extended the raise to $1.7 billion before it canceled the public sale altogether. That's almost certainly because it had already raised enough money to develop TON without the risk of running into the SEC's ongoing ICO probe by soliciting money from the public. The result is that the ordinary people can't buy Telegram's Gram crypto token until it is released on exchanges. There's currently no timeline for that. But, with massive demand for the messaging app and deep discounts for early backers, a secondary market for buying and selling tokens early has emerged -- with huge returns already realized by some.

Security

Chinese Government Is Behind a Decade of Hacks On Software Companies, Says Report (arstechnica.com) 81

An anonymous reader quotes a report from Ars Technica: Researchers said Chinese intelligence officers are behind almost a decade's worth of network intrusions that use advanced malware to penetrate software and gaming companies in the US, Europe, Russia, and elsewhere. The hackers have struck as recently as March in a campaign that used phishing emails in an attempt to access corporate-sensitive Office 365 and Gmail accounts. In the process, they made serious operational security errors that revealed key information about their targets and possible location. Researchers from various security organizations have used a variety of names to assign responsibility for the hacks, including LEAD, BARIUM, Wicked Panda, GREF, PassCV, Axiom, and Winnti. In many cases, the researchers assumed the groups were distinct and unaffiliated. According to a 49-page report published Thursday, all of the attacks are the work of Chinese government's intelligence apparatus, which the report's authors dub the Winnti Umbrella. Researchers from 401TRG, the threat research and analysis team at security company ProtectWise, based the attribution on common network infrastructure, tactics, techniques, and procedures used in the attacks as well as operational security mistakes that revealed the possible location of individual members.

Slashdot Top Deals