The RISKS Digest
Volume 33 Issue 52

Sunday, 13th November 2022

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…


Internal Documents Show How Close the FBI Came to Deploying Spyware
Taking down a ransomware hacker
A Porcelain Sink, Then Chaos: Inside the Takeover of Twitter
Latest Laughs on on Twitter?
Lauren Weinstein collected by PGN
FTX Bankruptcy
He was hailed as crypto's saviour. Now he needs billions for a bailout
TrustCor Systems
David Lesher
Asteroids, climate change, killer robots: A handy guide to doomsday scenarios
*The Washington Post*
AI computations want 250kW densities per rack
Henry Baker
How to get better and more reliable telecommunications services
Re: The Rise of Rust
Henry Baker
Re: Scientists Increasingly Can't Explain How AI Works
Henry Baker
Re: Same New York lottery numbers drawn twice in one day
Martin Ward
*Dark Ships* Emerge From the Shadows of the Nord Streaam Mystery
Gabe Goldberg
Re: There's a good chance Meta has your contact info. Here's how to delete it
Anthony Thorn Dick Mills
Info on RISKS (comp.risks)

Internal Documents Show How Close the FBI Came to Deploying Spyware (NYTimes)

"Jan Wolitzky" <>
Sat, 12 Nov 2022 06:47:28 -0500
Mark Mazzetti and Ronen Bergman, *The New York Times* front page,
National Edition, 13 Nov 2022

During a closed-door session with lawmakers last December, Christopher A.
Wray, the director of the FBI, was asked whether the bureau had ever
purchased and used Pegasus, the hacking tool that penetrates mobile phones
and extracts their contents.

Mr. Wray acknowledged that the FBI had bought a license for Pegasus, but
only for research and development. “To be able to figure out how bad guys
could use it, for example,'' he told Senator Ron Wyden, Democrat of Oregon,
according to a transcript of the hearing that was recently declassified.

But dozens of internal FBI documents and court records tell a different
story. The documents, produced in response to a Freedom of Information Act
lawsuit brought by *The New York Times* against the bureau, show the FBI
officials made a push in late 2020 and the first half of 2021 to deploy the
hacking tools—made by the Israeli spyware firm NSO—in its own criminal
investigations. The officials developed advanced plans to brief the bureau's
leadership, and drew up guidelines for federal prosecutors about how the
FBI's use of hacking tools would need to be disclosed during criminal
proceedings.  [...]

Taking down a ransomware hacker (CBC)

Matthew Kruk <>
Thu, 10 Nov 2022 06:51:02 -0700S

An FBI investigation into a criminal ransomware gang believed to be tied to
Russia led to a Canadian government employee in Gatineau, the largest
cryptocurrency seizure in Canadian history and hundreds of victims around
the world.

A Porcelain Sink, Then Chaos: Inside the Takeover of Twitter (TWO ARTICLES)

Peter G Neumann <>
Sat, 12 Nov 2022 16:18:09 PST
  Kate Conger, Mike Isaac, Ryan Mac and Diffany Hsu
  For Staff, Two Weeks of Layoffs and Panic

  Ryan Mac, Benjamin Mullin, Kate Conger and Mike Isaac
  Users Make a Mockery of Musk's New Service

*The New York Times*, Business, 12 Nov 2022

Lauren's Latest Laughs on on Twitter?

Peter Neumann <>
Thu, 10 Nov 2022 11:53:21 PST
Fake LeBron, Schefter tweets expose flaw in new paid verification system

Fake Twitter accounts flock to blue check chaos

Twitter chief information security officer Lea Kissner departs:

The resignation of Lea, one of the industry's most respected and experienced
persons in our field, is yet another clear signal that Twitter is rapidly
rotting from within, putting users and itself at risk. There are also not
yet confirmed reports that Twitter's chief compliance officer resigned. -L

After fake Twitter claim that Northern Ireland secretary resigned,
Musk makes a joke

Twitter Lawyer Claims Elon Musk Has Put Company At Risk Of Billions In Fines

Twitter's Security And Privacy Leaders Quit Amidst Musk's Chaotic Takeover

Twitter's disaster for users:
We're all (including me) getting some laughs out of Musk's Twitter
situation, but I cannot possibly emphasize enough how incredibly
dangerous the situation has become for Twitter's users.
Infrastructure, privacy, security, are all affected by layoffs and
resignations. Disastrous. -L

More on Musk's Twitter disaster:
Additionally, the verification nightmare that Musk has callously
imposed is putting users in intolerable positions and supercharging
disinformation. Intolerable. -L

Elon Musk's Twitter Is a Scammer's Paradise

Twitter puts a "may be unsafe link" interstitial on a one word article
called "What Elon Musk Is Doing Right at Twitter"—the one word is

Musk blames "media elite" for Twitter's troubles

A Twitter manager says laid-off engineers he's rehired are 'weak, lazy,

After Sen. Markey raises concerns about Twitter, Musk replies that
Markey's account sounds like a parody. Markey is not amused, and Musk
is behaving like an idiot. Musk could bring everything down.  -L

FTX Bankruptcy (NYTimes)

Peter Neumann <>
Sat, 12 Nov 2022 16:18:09 PST
  David Yaffe Bellany, *The New York Times*, front page, 12 Nov 2022
  FTX, a Crypto Linchpin, Files for Bankruptcy:
  Chief Executive Exists, Ending Chaotic Weel

Added bonus noted on the front page:
Free Money—Why did investors hand over so much to FTX?
with so little oversight, p. B1 in the National Edition:

  Erin Griffith and David Yaffe-Bellany
  Questions About Crash of FTX Rise for Investors

Kevin Roose,
*The New York Times*, 10 Nov 2022, Business
Crypto[currency] faces a reckoning in FTX collapse

... it is already being referred to as a "Lehman moment" —a reference
to the 2008 collapse of Lehman Brothers.

  [Earlier item from LaurenW:

    Crypto giant Binance drops bid to save rival, stoking chaos in digital

David Yaffe-Bellany, *The New York Times*, p.27, National Ed., 13 Nov 2022
Crypto Giant FTX Investigating $515 Million in Transfers After Collapses

He was hailed as crypto's saviour. Now he needs billions for a bailout (CBC)

Matthew Kruk <>
Thu, 10 Nov 2022 21:15:15 -0700

Last week, California billionaire Sam Bankman-Fried was touted as a key
figure in cryptocurrency—even a saviour. Today, amid a series of
apologetic tweets, he said "I f--ked up" after his cryptocurrency exchange
bled billions of dollars.  His FTX exchange is now scrambling to raise $9.4
billion US from both investors and rivals, as customers rush to withdraw
their funds.

TrustCor Systems

David Lesher <>
Wed, 9 Nov 2022 23:42:33 -0500
"Google's Chrome, Apple's Safari, nonprofit Firefox and others allow the
company, TrustCor Systems, to act as what's known as a root certificate
authority, a powerful spot in the Internet's infrastructure that guarantees
websites are not fake, guiding users to them seamlessly.

The company's Panamanian registration records show that it has the identical
slate of officers, agents and partners as a spyware maker identified this
year as an affiliate of Arizona-based Packet Forensics, which public
contracting records and company documents show has sold communication
interception services to U.S. government agencies for more than a decade."


  [David Rosenthal noted an earlier item on David Farber's IP distribution
  via Dewayne Hendricks, excerpted here:

    Mysterious company with government ties plays key internet role
    TrustCor Systems vouches for the legitimacy of websites. But its physical
    address is a UPS Store in Toronto.
    Joseph Menn, WashPost, 8 Nov 2022

Asteroids, climate change, killer robots: A handy guide to doomsday scenarios (*The Washington Post*)

"Gabe Goldberg" <>
Sun, 13 Nov 2022 15:46:04 -0500
A guide to contemporary doomsday scenarios ” from the threats you know about
to the ones you never think of

Author: A few days before NASA tried to crash a spacecraft into an asteroid
as part of what it called the Double Asteroid Redirection Test, I talked to
Lindley Johnson, the agency’s planetary defense officer. I think we can all
agree that this sounds like an important job.

Should be enough risks here for any riskophile.

AI computations want 250kW densities per rack

Henry Baker <>
Sat, 12 Nov 2022 15:51:13 +0000
250kW per rack !  The average home uses 29kWh per day, for an average of
1.2kW, so a single rack would consume the power of 200 homes.

A large data center can have 5,000 racks; hence might require *four* small
nuclear reactors to power it !

These are terrifying numbers.

And we thought that cryptomining calculations were going to ruin the planet...

The average human brain requires perhaps 0.1kW, so a single rack consumes
the "brainpower" of 2500 people; a large datacenter consumes the
"brainpower" of 12.5 million people—the population of greater Los

It's time we thought about  moving these datacenters to remote places, e.g.,
in the middle of the Pacific Ocean, in outer space orbit, on the far side of
the Moon.

Tobias Mann Tue 8 Nov 2022 // 00:30 UTC
AI and HPC deployments means propping up 250kW densities per rack
The all liquid-cooled colo facility rush has begun.

  [Long item PGN-truncated.]

How to get better and more reliable telecommunications services (Fibrecoookery)

Rob Slade <>
Sat, 12 Nov 2022 04:55:12 -0800
  [Unauthored blog:]

I suppose that you can blame Telus for this, and, if they go out of
business, it's their own fault.  I did tell them: Do not annoy grieving
widowers.  They have lots of time to create and detail new ideas that may
drive you out of business if you're not providing actual service to your

Ever since I've thought of this, I have felt that it would be a really good
idea to drive the telephone and telecommunications companies (generally
known as telcos) out of business.  After all, they make tons of money, and
make huge profit margins on, what is currently, very little outlay.

The telecommunications companies have a near monopoly.  They use this to
ensure that they have large profits, for relatively little effort and
expense.  We do not need the telephone companies.  Okay, there is the issue
of long distance, but there are ways around that.  Or, we can simply set up
new long distance companies, and let them know that provision of service is
not actually necessary to most of our communications.

  [Long but fascinating personal-experience-based Blog item PGN-truncated.]

Re: The Rise of Rust (R-33.51)

Henry Baker <>
Thu, 10 Nov 2022 17:14:58 +0000
I love Rust, but my love is tough love.

The referenced Wired article focuses on Rust's guarantees of memory
safety. Memory safety has been a solved problem since the 1950's, with the
invention of reference counting and tracing garbage collection.  With the
development of *real-time* garbage collection in 1976, it has been
theoretically possible to do system programming in a garbage- collected
language for nearly half a century. I leave it to others to explain why it
has taken so long for the CS industry to accept memory safety as a
fundamental requirement.

The ubiquity of Javascript in every web page has now made memory
safety an absolute must, and Javascript's garbage collector has taught
new generations of software engineers about this solution to memory

However, Javascript (with the exception of WASM) is not a compiled
system programming language like C/C++, and therefore not a suitable
replacement for C/C++. Enter a number of new "safe" systems
programming languages, including Rust.

Rust inherits a more modern and far more powerful *type system*
from so-called "functional" languages, which enables many of the
overheads for memory safety to be moved to compile time. In
particular, Rust's so-called "affine" types with their "move" and
"borrow" semantics enable *some* of the overheads of reference
counting to be moved to compile time.

The interaction of *memory safety* with *multiple threads* and *crash
consistency* required in a systems programming language place very
severe requirements on the type system and runtime system of a system
remain open to significant criticism IMHO.

Rust's "affine types" abandon the fundamental "object identity" axiom of
computer SW (HW since the 1950s) "address IS identity". All of the
datapaths, caches, speculations, etc., found in modern CPU architectures are
dedicated to preserving this axiom. Rust's "everything is movable (its
address can change)" destroys this identity, and thus the fundamental mental
models of millions of programmers and CPU designers.

[A technical note: as the developer of a "copying garbage collector", where
everything can (and eventually will) move, my criticism of Rust's affine
types could be seen as hypocritical. Nevertheless, a copying garbage
collector still needs to rely on "address IS identity" for "forwarding
pointers" *during* an epoch of the CGC; Rust makes the implementation of a
copying GC *inside safe Rust* essentially impossible.]

An alternative (and more fundamental) typing model utilizes "linear" types
and objects, where "linear" essentially means "refcount = 1".  It is
possible to implement "affine" types using "linear" types, but the reverse
is apparently impossible. For example, so long as its "refcount = 1",
*moving* a "small" object is safe, trivial, lockfree and inexpensive.

Rust's interactions of multiple threads, memory safety and crash consistency
are still  not very clean. The  specification of what is  an "atomic" action
(*indivisible* w.r.t. thread switches, interrupts, and crashes) is still not
particularly perspicuous in Rust.

We are not yet in an era where Rust is a result of ACID.

Re: Scientists Increasingly Can't Explain How AI Works (R-33.51)

Henry Baker <>
Thu, 10 Nov 2022 15:11:02 +0000
Don't rain on the AI parade!

AI is currently an infinite source of CS theses: develop/train an AI model
to do X; then another student thesis pokes holes in that AI model in order
to 'hack' it.

The wonderful thing: the student/developer doesn't have to *think*; just
find a sufficiently large database and use multiple bitcoins' worth of
CPU/GPU cycles to do your thinking for you!

Re: "Most AI systems are black box models"

That's their *advantage*!  You develop an AI model to determine who gets
bail, who gets parole, who gets 911 service, who gets a loan, who gets
admitted into your college, and *no person (or politician) is at fault*.

We love AI not because of its superior performance, but because it is the
ultimate scapegoat (scAIpegoat ??).

My favorite AI example: train an AI to recognize a single 256-bit number
chosen `at random' (  The chances of including that
particular number in "randomly chosen" training samples is effectively zero,
so my AI model gives you a constant function *no*. It's correct for nearly
all universes, and therefore good enough for government work.

  "... Computer scientists don't have to worry about the world.  They don't
  have to develop theories of the world and then build tools to test it.
  Rather, they just build tools to satisfy their own worlds.  Ask a computer
  science graduate student what his or her thesis is and the best they can
  answer is that the program or machine they are working on will be a good
  thing to have..."

  —Chuck Thacker, in "Fumbling the Future: How Xerox Invented,
      Then Ignored, the First Personal Computer"

Re: Same New York lottery numbers drawn twice in one day (R-33.51)

Martin Ward <>
Thu, 10 Nov 2022 13:50:50 +0000
Getting the same five numbers twice in one day is described as a 1 in 330
billion chance, but the odds of guessing the five numbers correctly are
given as 1 in 575,757.

To get the same five numbers twice in one day simply requires that the
machine doing the evening draw simply has to *win the lottery* for the
midday draw: so the actual chance of getting the same numbers twice for a
particular lottery on a particular day is simply 1 in 575,757. Given the
number of city, state and national lotteries and the number of days in a
year, such an event is likely to happen in a few years.  For example, if
there are 100 lotteries then there is around a 50% chance of duplicate
numbers occurring some time within 10 years.

Here's where it gets a bit more interesting: *The New York Post* article
says “Thursday's drawing for the game amazingly yielded the numbers 18, 21,
30, 35, and 36 during both the midday and evening drawings --the odds of
which experts put at more than 1 in 330 billion.''

Now, technically, this is correct: the odds of getting *that particular
sequence of numbers* twice on that particular day with that particular
lottery are indeed 330 billion to 1. But the first draw had to have *some*
set of numbers: so drawing the same set of numbers twice in the same day is
not the same as drawing a specified set of numbers twice in one day.

Did the journalist knowingly mislead their readers by writing something
technically correct, knowing that it would be interpreted as saying
something about getting the same numbers twice in a row?  Or did the
journalist mis-calculate and not notice their absurdly inaccurate result
because humans have difficulty in comprehending really large numbers?

If there was a verified written prediction which read: “On Thursday 27th
October the New York Lottery numbers will be 18, 21, 30, 35, 36 on both the
midday and evening draw'', then that prediction would have a 1 in 331
billion probability of being correct by chance.

But the chance of the evening drawing matching the midday drawing is the
same as the chance of your numbers matching the midday drawing, which is the
same as the chance of winning the jackpot.

If the chance of winning the jackpot ($37,206 prize fund total for Thursday
evening) was really 330 billion to 1, then it is extremely unlikely that
anyone would ever win and I think most people would give up playing!

So you don't need to know anything about how many numbers are drawn or what
the range of numbers are in order to deduce that the *1 in 330 billion
chance of duplicate numbers on the same day* just *cannot* be correct.

  [Amos Shapir came up with similar reasoning.  PGN]

*Dark Ships* Emerge From the Shadows of the Nord Streaam Mystery (WiReD, re: R-33.50)

"Gabe Goldberg" <>
Sun, 13 Nov 2022 14:47:26 -0500
Satellite monitors discovered two vessels with their trackers turned off in
the area of the pipeline prior to the suspected sabotage in September.

Re: There's a good chance Meta has your contact info. Here's how to delete it. (R-33.51)

"Anthony Thorn" <>
Sat, 12 Nov 2022 09:33:04 +0100
Read the small print!

I was delighted to read the Washable item, telling me that I can delete
Meta's contact information.   (I am not a Meta user.)

Sure enough Meta has my information.

Well I *was* delighted *until* I read *Information for people who don't use
Meta Products*—
-- where I learned that:
“We retain Non-User's personal information for as long as needed...
*including after you ask us to erase it.*
This includes for legal reasons ...''

and for those of us living in the EU, and who assume some level of privacy

“*Non-Users'* information will be transferred or transmitted to, or stored
and processed in, the United States or other third countries outside of
where they live for the purposes described in this Data Notice.''

So there!

Re: There's a good chance Meta has your contact info. Here's how to delete it. (R-33.51)

Dick Mills <>
Sun, 13 Nov 2022 09:31:32 -0500
I tried that.  I never gave Meta my contact info, but I'm suspicious that
they might have found it other ways.

But I did not use the Mashable link.  I searched the help on FB.   When I
got to the removal tool, it asked for a number or email to send a
confirmation code to verify my identity.  I did that, but the code never
arrived. No explanation or error appeared. Hmmm.

   - Could Meta use this tool for phishing to collect your contact info if
   it doesn't already have it?
   - Might two-factor confirmation codes on other sites be used for
   - Could Meta be protecting us against bad guys who might trick Meta into
   sending messages to my contacts?
   - Might it be that the tool doesn't work if Meta never had your contact
   info in the first place as a security measure?  A code can't verify my
   identity if Meta doesn't know my number or email.

So, now I fear that I have been phished.   Worse; I have never used my real
name on FB, but now I fear that I just revealed a way to link my identity
to my FB username.

Resistance is futile. :-(

Please report problems with the web pages to the maintainer