The RISKS Digest
Volume 33 Issue 10

Monday, 21st March 2022

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…


It's 70 degrees warmer than normal in eastern Antarctica. Scientists are flabbergasted.
Russia Faces IT Crisis with Just 2 Months of Data Storage Left
Bill Toulas
Huge DDoS attack temporarily kicks Israeli government sites offline
The Register
Unix Rootkit Used to Steal ATM Banking Data
Two items combined
Researcher Uses 379-Year-Old Algorithm to Crack Crypto Keys in the Wild
Dan Goodin
Legislation to require hand-counting of ballots?
Douglas W. Jones
When It Comes to AI, Can We Ditch the Datasets?
Adam Zewe
The TikTok-Oracle Deal Would Set 2 Dangerous Precedents
Find You: Building a stealth AirTag clone
Positive Security
Tired of Waiting for Driverless Vehicles? Head to a Farm
Scott McFetridge
Time Releases Full Magazine Issue as NFT on the Blockchain
Beware of QR Code Scams
Heidi Mitchell
Drone swarm forms clickable QR code
Hollywood Reporter
Re: Senate passes permanent Daylight Saving Time
John Levine
One problem with permanent daylight saving time: Geography
Lauren Weinstein
Re: MMS spam?
Jay Libove Rob Slade
Re: Farewell Honeychild
Charles Jackson
Info on RISKS (comp.risks)

It's 70 degrees warmer than normal in eastern Antarctica. Scientists are flabbergasted. (MSN)

Peter Neumann <>
Sat, 19 Mar 2022 14:49:38 PDT

The coldest location on the planet has experienced an episode of warm weather this week unlike any ever observed, with temperatures over the eastern Antarctic ice sheet soaring 50 to 90 degrees above normal. The warmth has smashed records and shocked scientists.

This event is completely unprecedented and upended our expectations about the Antarctic climate system, said Jonathan Wille, a researcher studying polar meteorology at Universite Grenoble Alpes in France, in an email.

Antarctic climatology has been rewritten, tweeted Stefano Di Battista, a researcher who has published studies on Antarctic temperatures. He added that such temperature anomalies would have been considered impossible and unthinkable before they actually occurred.

Parts of eastern Antarctica have seen temperatures hover 70 degrees (40 Celsius) above normal for three days and counting, Wille said. He likened the event to the June heat wave in the Pacific Northwest, which scientists concluded would have been virtually impossible without human-caused climate change.

What is considered warm over the frozen, barren confines of eastern Antarctica is, of course, relative. Instead of temperatures being minus-50 or minus-60 degrees (minus-45 or minus-51 Celsius), they've been closer to zero or 10 degrees (minus-18 Celsius or minus-12 Celsius)—but that's a massive heat wave by Antarctic standards. […]

Russia Faces IT Crisis with Just 2 Months of Data Storage Left (Bill Toulas)

ACM TechNews <>
Wed, 16 Mar 2022 12:08:06 -0400 (EDT)

Bill Toulas, BleepingComputer, Ides of March 2022, via ACM TechNews, 16 Mar 2022

The withdrawal of Western cloud computing companies from Russia has left the country with roughly two months of information technology (IT) data storage. Russian news outlet Kommersant says the situation is compounded by exponential growth of public Russian agencies' storage needs due to Smart City projects entailing extensive video-surveillance and facial-recognition systems. Options proposed at a meeting of the Ministry of Digital Transformation Solutions include leasing all available domestic data storage or mandating that Internet service providers ditch media streaming services and other online entertainment platforms. Russia also could seize IT servers and storage left behind by exiting businesses and incorporate them into public infrastructure. The last option would be to use Chinese cloud service providers and IT system sellers, although China has not yet decided how much aid it is willing to provide.

Huge DDoS attack temporarily kicks Israeli government sites offline (The Register)

Mike Rechtman <>
Wed, 16 Mar 2022 09:16:49 +0200

A state of emergency is declared as officials assess the damage and look for culprits 15 Mar 2022 // 17:12 UTC

A massive distributed denial-of-service (DDoS) attack forced Israeli officials Monday to temporarily take down several government websites and to declare a state of online emergency to assess the damage and begin investigating who was behind the incident.

In a tweet, the Israel National Cyber Directorate said it had detected the DDoS attack against a communications provider and that several websites had been taken down, though all have since resumed normal activity.

According to Internet watchdog NetBlocks, the attacks targeted Israeli telecom providers Bezeq and Cellcom and hit multiple networks run by the companies.

Unix Rootkit Used to Steal ATM Banking Data (Two items combined)

ACM TechNews <>
Mon, 21 Mar 2022 12:03:33 -0400 (EDT)

Bill Toulas, BleepingComputer, 17 Mar 2022

Researchers at the cybersecurity firm Mandiant found that the LightBasin hacking group is using a previously unknown Unix rootkit to steal ATM banking data and make unauthorized cash withdrawals from ATM terminals at several banks. The rootkit, a Unix kernel module called “Caketap,” affects servers running the Oracle Solaris operating system, hiding network connections, processes, and files while installing several hooks into system functions to receive remote commands and configurations. Caketap intercepts messages sent to the Payment Hardware Security Module (HSM), used by the banking industry to verify bank card information, to stop verification messages that match fraudulent bank cards and instead generate a valid response. It also internally saves valid messages that match non-fraudulent primary account numbers and sends them to the HSM to avoid impacting routine customer transactions and implant operations.

ALSO: Drew Harwell, The Washington Post 17 Mar 2022

Computer programmers and volunteer “information warriors” are attempting to counter Russian propaganda and information suppression concerning the Ukraine invasion. A Website built by the squad303 coder group shows a randomly selected Russian citizen's email address and phone or WhatsApp number, and provides a pre-written message visitors can send to engage in a dialogue. A Polish programmer said he works with more than 100 volunteers from the U.S., Estonia, France, Germany, and more, divided into teams focused on software development, cyberdefense, social media, and a help desk to onboard new messengers. Western social media companies and media outlets also have started helping Russians bypass government censorship by using Tor software, which directs online traffic through a scattered network of servers, neutralizing Russia's Website blockade. Market research data indicates virtual private network applications, which enable Russians to access otherwise-banned sites, have been downloaded millions of times on the Apple and Google app stores.

Researcher Uses 379-Year-Old Algorithm to Crack Crypto Keys in the Wild (Dan Goodin)

ACM TechNews <>
Wed, 16 Mar 2022 12:08:06 -0400 (EDT)

Dan Goodin, Ars Technica, 14 Mar 2022, via ACM TechNews, 16 Mar 2022

Researcher Hanno B=F6ck said he used a 379-year-old algorithm described by French mathematician Pierre de Fermat to break a handful of weak cryptographic keys found in the wild. The keys were generated with older software owned by technology company Rambus, derived from a basic version of the SafeZone Crypto Libraries. B=F6ck said the SafeZone library insufficiently randomized the two prime numbers it used to generate RSA keys, and Fermat's factorization method can crack such keys easily. The algorithm was based on the fact that any odd number can be expressed as the difference between two squares, and factors near that number's root are easily and quickly calculable. B=F6ck thinks all the keys he found in the wild were generated using software or methods unaffiliated with the SafeZone library, which if true means the Fermat algorithm might easily break keys crafted by other software.

Legislation to require hand-counting of ballots? (Douglas W. Jones)

Peter Neumann <>
Sun, 20 Mar 2022 11:49:09 PDT

My long-time colleague (Prof.) Doug Jones (not the politician) has published an op-ed relating to recent attempts to abandon ballot scanners in favor of hand-counting ballots. It is in The Des Moines Register. This is worth reading.

When It Comes to AI, Can We Ditch the Datasets? (Adam Zewe)

ACM TechNews <>
Mon, 21 Mar 2022 12:03:33 -0400 (EDT)

Adam Zewe, MIT News, 15 Mar 2022

Massachusetts Institute of Technology (MIT) researchers have demonstrated the use of a generative machine-learning model to produce synthetic data, based on real data, to train another model for image classification. Researchers showed the generative model millions of images containing objects in a specific class, after which it learned those objects' appearance in order to generate similar objects. MIT's Ali Jahanian said generative models also learn how to transform underlying training data, and connecting a pre-trained generative model to a contrastive learning model enabled both models to work together automatically. The results show that a contrastive representation learning model trained only on synthetic data can learn visual representations that rival or top those learned from real data. In analyzing how the number of samples influenced the model's performance, researchers determined that, in some cases, generating larger numbers of unique samples facilitated additional enhancements.

The TikTok-Oracle Deal Would Set 2 Dangerous Precedents (WiReD)

Gabe Goldberg <>
Sun, 20 Mar 2022 21:57:26 -0400

The agreement may provoke a global data storage melee and more politically motivated intervention in the tech sector.

In August 2020, President Donald Trump dropped a bombshell executive order banning TikTok in the United States. Since then, as TikTok has competed against other Big Tech companies—growing among teen users while Facebook and others have struggled—its ability to survive in the United States has remained under a cloud of uncertainty. Would regulators step in and kill off a product that had become a staple form of communication for some 100 million Americans?

That cloud seemed to lift last week in the wake of reports that TikTok will enter into a data storage deal with Oracle. In the short term, the agreement would be good for U.S. users, enabling TikTok to invest more of its resources and energy into improving its product, rather than wrestling with the government.

But in the long run, the forecast looks bleaker. The deal would establish precedents likely to harm technology companies and their users. […]

However, the agreement is almost certain to provide momentum to foreign governments who want to do exactly what the United States is doing: require companies to store data within their borders. Numerous countries have pushed these types of data localization requirements over the last decade, including Russia, India, and France. In response, the tech sector has made the case that this approach to data storage creates privacy risks, degrades performance, and imposes compliance costs that make it harder for small companies to compete.

If the U.S. government succeeds in forcing TikTok to enter this local data-storing arrangement with Oracle, other governments will be more likely to impose comparable requirements on U.S. companies operating within their borders. A principle that might be appealing to TikTok’s critics in the United States could seem much less desirable if it were applied to Apple, Meta, or Snap in countries like China or Russia. The war in Ukraine has highlighted why countries like Russia want to use localization to exert more control over global tech companies, and also why it’s so important that local data storage requirements remain the exception rather than the norm.

Find You: Building a stealth AirTag clone (Positive Security)

Gabe Goldberg <>
Sun, 20 Mar 2022 22:11:15 -0400

Tired of Waiting for Driverless Vehicles? Head to a Farm (Scott McFetridge)

ACM TechNews <>
Mon, 21 Mar 2022 12:03:33 -0400 (EDT)

Scott McFetridge, Associated Press, 16 Mar 2022

Driverless vehicles are more abundant on farms than city streets, with John Deere to start manufacturing autonomous tractors this fall after more than 10 years in development. The company intends to run the tractors on 10 to 50 farms by fall, before expanding to more farms in the coming years. Carnegie Mellon University's Raj Rajkumar said autonomous tractors have no vehicles, pedestrians, or intricacies of urban systems to deal with, and they can employ consistent global-positioning system data. Farmers can hitch a plow behind the driverless tractor, start it with a swipe of a smartphone, and then leave it to travel the field on its own. The machine has six pairs of cameras that can provide a 360-degree image, and computer algorithms help it to navigate and stop before unfamiliar obstacles.

Time Releases Full Magazine Issue as NFT on the Blockchain (Time)

ACM TechNews <>
Mon, 21 Mar 2022 12:03:33 -0400 (EDT)

Time, 18 MAr 2022

Time magazine will publish the first fully decentralized magazine issue, available on March 23 as a non-fungible token (NFT) on the blockchain. Created in partnership with LITDAO, a Web3 cultural currency and NFT project, the issue will be hosted through a decentralized protocol, with readers accessing the magazine through an interactive NFT. With support from the global Internet finance firm Circle, the issue, which will feature a cover story on Ethereum's Vitalik Buterin, will be airdropped to certain TIMEPiece and genesis LIT community wallet holders. “As Time continues to push the boundaries as to what is possible within the Web3 ecosystem, producing the first-ever full magazine on the blockchain seemed like a natural extension for our brand, and we knew this issue, in particular, would be cherished by our community,” said Time's Keith A. Grossman.

Beware of QR Code Scams (Heidi Mitchell)

ACM TechNews <>
Mon, 21 Mar 2022 12:03:33 -0400 (EDT)

Heidi Mitchell, The Wall Street Journal, 19 Mar 2022

Security researchers warn of the growing threat of fraudulent quick response (QR) codes, including some affixed to parking meters in Texas cities that tricked drivers into entering their credit-card data at a bogus Website. Although the Better Business Bureau's Scam Tracker site lists just 46 QR code-related attacks in the U.S. since March 2020, link-management service has observed a 750% increase in QR-code downloads since then. Most smartphones “just read the code and open the link without ensuring that it is safe or that it is, in fact, what it says it is,” said Justin Fier at artificial intelligence cybersecurity firm Darktrace. Skilled attackers also can use a QR code to send users to a spoof site, then hand over the information they enter to the genuine site. Symantec's Eric Chien suggests either avoiding QR codes that are stuck on devices or installing QR-code scanner applications.

Drone swarm forms clickable QR code (Hollywood Reporter)

Amos Shapir <>
Wed, 16 Mar 2022 17:47:35 +0200

In a publicity stunt for a TV series, 400 drones formed a huge QR code square in the sky over Austin, Texas, which linked to the series' trailer clip.

Yet another way to make people click on links to sites they never intended to visit.

Full story at:

Re: Senate passes permanent Daylight Saving Time (RISKS-33.09)

“John Levine” <>
16 Mar 2022 14:39:22 -0400

There were claims that there might be more accidents, but no evidence that there actually were.

Here in the frozen north, in January the sun rises at 7:30 or later so a lot of kids wait for the bus in the dark with or without daylight time.

One problem with permanent daylight saving time: Geography

Lauren Weinstein <>
Mon, 21 Mar 2022 09:48:13 -0700

It's pretty much always the case that anything Congress does in a hurry hasn't been thought out. Often not thinking things through is one of Congress' most obvious attributes. -L

Re: MMS spam?

Jay Libove <>
Wed, 16 Mar 2022 08:10:31 +0000

In re: Rob Slade's question about MMS spam, I've seen some mobile phone based messaging clients that, by default, “upgrade” messages which are too long to fit in a single (or in a consecutive set of up to five) SMS text messages, or which contain non-SMS-compatible content, to MMS. That is of course a horrible default, because MMS messages tend to have ridiculous costs, of which the user is unlikely to be consciously aware at the moment that their messaging software “helpfully” ensures delivery .. at a cost of $1.00 or so both to themself and probably also to each recipient. Rob, ask your correspondent to take a look at the settings of their messaging app in which the finally-resulted-as-MMS message was sent. -Jay

Re: MMS spam?

Rob Slade < <>>
Mon, 7 Mar 2022 07:21:29 -0800

I have been receiving a lot of MMS (as opposed to SMS, normal text) messages on my phones recently. One of the phones doesn't have a data plan, so I don't get to see what the messages are. (Yes, yes, I know the cell companies promise that their plans allow you unlimited voice, video, and pictures “text” messages. They lie.) I have generally despaired of trying to get people to realize the difference between SMS and MMS messages, and the incompatibilities that make MMS messages unreliable even if you do have the phone and cell/mobile data plan to support them.

However, a few days ago I got an MMS message from someone who is technically competent, and, when I challenged him, he denied sending any such message. Given that he would know, and the increase in numbers, I am wondering if there is some new spamming campaign utilizing MMS messages.

Anybody heard/seen anything along these lines?

Re: Farewell Honeychild (PGN, RISKS-33.09)

Charles Jackson <>
Tue, 15 Mar 2022 21:15:11 -0400

Well, as I recall the story, it goes like this:

Honeywell and Fairchild have announced a merger. They also announced that the merger would create substantial efficiencies by reducing expenses. Substantial layoffs are expected. The merged firm will be called Farewell Honeychild. [TNX for the rest of the story!!! PGN]

Please report problems with the web pages to the maintainer