Winners of the 2014 National Geographic Travelers Photography Contest were announced earlier this week.
Image: Merit Prize Winner, A Well Earned Rest, by Evan Cole, who writes, “This photo of Moussa Macher, our Tuareg guide, was taken at the summit of Tin-Merzouga, the largest dune (or erg) in the Tadrat region of the Sahara desert in southern Algeria. Moussa rested while waiting for us to finish our 45-minute struggle to the top.” Select to embiggen.
A team of hackers based in south central Russia stole over a billion passwords from sites large and small, The New York Times reported Tuesday.
The breach, conducted by a hacker group called CyberVor and discovered by a computer security firm, is the largest known to date but continues a trend of mass credential theft:
In December, 40 million credit card numbers and 70 million addresses, phone numbers and additional pieces of personal information were stolen from the retail giant Target by hackers in Eastern Europe.
And in October, federal prosecutors said an identity theft service in Vietnam managed to obtain as many as 200 million personal records, including Social Security numbers, credit card data and bank account information from Court Ventures, a company now owned by the data brokerage firm Experian.
The CyberVor hack appears impressively large (1.2 billion accounts stolen from 420,000 sites) but a number of commentators are skeptical that the breach is as extensive as the Times reports.
At Forbes, Kashmir Hill questions Hold Security, the firm the Times sourced its information to, for withholding information about what sites were hacked, and standing to benefit from the breach itself:
Panic time, right? You can’t even change your passwords to protect yourself because you don’t know which websites are affected or if they’re still vulnerable. This is the worst kind of news, spare on details and causing a panic without offering a solution. Oh wait, but there is a solution! You can pay “as low as $120″ to Hold Security monthly to find out if your site is affected by the breach . Hold Security put a page up on its site about its new breach notification service around the same time the New York Times story went up.
Then there’s the issue of what CyberVor is or isn’t doing with the stolen user names and passwords.
Via Lily Hay Newman at Slate:
Strangest of all, the Times reports that the hackers are mainly just using the credentials to hack social media accounts and spam them. Which is weird, because when criminals steal valuable things, they usually try to sell them. Or if they steal things that give them access to money they take the money. So maybe the credentials aren’t that valuable on their own.
Russell Brandom at The Verge points out that CyberVor may have purchased the bulk of the credentials off the black market which, while serious, isn’t as disastrous as a full-fledged, successful botnet attack.
Still, the breach is a strong reminder of our collective vulnerability, and underscores the inadequacy of username password combinations. Increasing one’s personal digital security requires a few extra steps. While not foolproof, Newman offers some sensible recommendations:
The key is adding extra layers of protection. Using a password manager, or at least randomly generating strong passwords, eliminating duplicate passwords used on multiple accounts, and adding two-factor (or multi-factor) authentication everywhere it’s offered are all readily available steps that can help you protect yourself.
Takeaway: Digital security threats and the cybercrime that accompanies it cost the global economy somewhere in the neighborhood of $400 billion per year and affects tens of millions who have personal information stolen.
That said, articles such as this one from The New York Times oversells (1.2 billion credentials stolen!) and under-delivers (but we can’t tell you who might be at risk). With scant details on what individuals can do outside of paying its primary source for an audit, the worry is there’ll be a lot of hype with very little information to take action on.
1. Forbes clarifies that $120 is a yearly monitoring cost at $10/month.
A human author simply decides an interesting emotional path for the story, and the computer does the rest. —
Margaret Sarlej, PhD candidate at University of New South Wales, to Phys.org. Computer writes its own fables.
We’ve written before about robots writing the news, now they’re writing fables.
Sarlej has written an application that takes 22 identified emotions used in fables, mixes and matches them with a plot, and pops out a written story.
Easier said than done.
Via The Guardian:
Breaking stories down for a computer “involves not only encoding story elements like characters, events, and plot, but also the ‘common sense’ people take for granted”, said Sarlej. Telling a story is simple enough for a child to do, but stories are actually “incredibly complex”.
"For example, if Bob gives Alice an apple, Alice will have the apple, and Bob will not. To a person, that’s obvious, and doesn’t require explanation. If Bob punches Carl, people would generally assume Carl will be unhappy about it, but a computer doesn’t have the ‘common sense’ to make such an inference. In a computer programme, details like this must be explicitly spelled out," she said.
Current results are fairly rudimentary but, according to Scarlej’s supervisor, computers “will be making interesting and meaningful contributions to literature within the next decade.”
Can You Design a Universal Font?
A few months ago Wikipedia unveiled a typographical “refresh” across its Web properties. As Fast Company pointed out at the time, doing so across 33 million pages and 297 languages isn’t easy:
“The changes might seem subtle—some readers of Wikipedia might not even know there’s a change!” says Wikimedia’s Director of User Experience Jared Zimmerman. “But for us, it starts to highlight some bigger issues.”
Those bigger issue stem from a daunting problem: Wikipedia is 100% open source and free for the world to use. But there is no free and open typeface that can render in all of the world’s languages. For those of us in the Western world, it’s not much of a problem. We’re privileged, using operating systems like OS X that license fonts for us. Plus, our Latin-based scripts are represented in the vast majority of typefaces, while most written language is actually not Latin-based…
…Historically, this has created a design culture of the haves and the have nots, in which the look of Wikipedia was subject to the whims of whatever your software providers had already licensed. When rendering its pages in your browser, all Wikipedia would ask for was “sans-serif”—basically, give me anything you’ve got that’s sans-serif! As you might imagine, this has been a mess.
Enter Google and its development of the Noto font family. The freely available font ”aims to support all the world’s languages” and achieve “visual harmonization across languages.”
No small task but to date the two-year-old project supports 600 written languages and 100,000 characters. In July, support for Simplified Chinese, Traditional Chinese, Japanese, and Korean was added.
NPR has a good article on the background and continued development of Noto. In particular, it takes a look at whether a company like Google should be doing this at all:
[C]ritics like Pakistani-American writer Ali Eteraz are suspicious about grand plans by any of these big companies.
"I tend to go back and forth," Eteraz says. "Is it sort of a benign — possibly even helpful — universalism that Google is bringing to the table? Or is it something like technological imperialism?"
What he means is that when one group of people (in this case, Google) decides what to code for and what not to — and in what way — people who are not a part of that decision-making process, those who actually use these fonts and these languages, can feel ill-served.
"Language is the building block of people’s identities all around the world," Eteraz tells NPR, “and Google is basically saying that, ‘We got this.’”
In other words, with great power comes great responsibility.
Download the fonts here. Join the Noto Google Group here.
Image: Screenshot, Noto Sans Cherokee.
Where there is good journalism, there will be scoops
As of 12:45 pm today, Jeremy Scahill and Ryan Devereaux published a new in-depth piece at The Intercept called "Watch Commander: Barack Obama’s Secret Terrorist-Tracking System, by the Numbers" examining the government’s Terrorist Screening Database, as discovered in classified documents the news outlet obtained. The article breaks down the system piece by piece, with startling observations from classified documents.
The second-highest concentration of people designated as “known or suspected terrorists” by the government is in Dearborn, Mich.—a city of 96,000 that has the largest percentage of Arab-American residents in the country.
Even if you don’t live in Dearborn, you should be concerned.
…officials don’t need “concrete facts” or “irrefutable evidence” to secretly place someone on the list—only a vague and elastic standard of “reasonable suspicion.
According to information from the documents, during the Obama administration, there are more people in the TIDE (Terrorist Identities Datamart Environment) than ever before (an even bigger system with an even lower bar for making the list), there are 47,000 people on the government’s “No Fly” list, as well as a disproportionate about of suspects on the watchlist based on their assumed terrorist group affiliation (see above pie chart). Which is skewed, because the estimated size of Al-Qaeda in Iraq, for example, is significantly smaller than the amount of people on the AQI watchlist:
If this information doesn’t make you want to put on a tinfoil hat and anti-surveillance coat and go off the grid for a while, on top of all of that, the story itself was scooped by a government agency and handed to the AP. The AP story in question, written by Eileen Sullivan, came out just minutes before the Intercept piece.
The government, it turned out, had “spoiled the scoop,” an informally forbidden practice in the world of journalism. To spoil a scoop, the subject of a story, when asked for comment, tips off a different, typically friendlier outlet in the hopes of diminishing the attention the first outlet would have received. Tuesday’s AP story was much friendlier to the government’s position, explaining the surge of individuals added to the watch list as an ongoing response to a foiled terror plot.
As Hina Shamsi, director of the ACLU’s National Security Project, told The Intercept,
We’re getting into Minority Report territory when being friends with the wrong person can mean the government puts you in a database and adds DMV photos, iris scans, and face recognition technology to track you secretly and without your knowledge.
TLDNR; We’re probably all on a secret watchlist. And as soon as we find out we are, the government will know we know.
Images: Chart via The Intercept ”Who’s on the watchlist?” that breaks down the list by affiliated terrorist group, and screenshot from Ryan Devereaux’s Twitter.
Hack the News, Playing With Words Edition
Disrupt to Bullshit replaces various versions of the word ‘disrupt’ with various versions of the word ‘bullshit,’ in all websites.
Bonus: “It is inspired by the plugins Cloud To Butt and Cloud To Butt Plus.”
Double Bonus: Available as a Chrome Extension and Firefox Add-On
Triple Bonus: You can review the code on GitHub
H/T: Evgeny Morozov
CNN’s Bill Weir Takes on Fox Nation
Via Bill Weir.
Report: US Surveillance Harming Journalism, Law and Society
Human Rights Watch and the American Civil Liberties Union released a report this week outlining the effect the US surveillance state is having on journalism, law and society. In particular, the two groups interviewed “50 journalists covering intelligence, national security, and law enforcement for outlets including the New York Times, the Associated Press, ABC, and NPR.”
Via Human Rights Watch:
[The report] documents how national security journalists and lawyers are adopting elaborate steps or otherwise modifying their practices to keep communications, sources, and other confidential information secure in light of revelations of unprecedented US government surveillance of electronic communications and transactions. The report finds that government surveillance and secrecy are undermining press freedom, the public’s right to information, and the right to counsel, all human rights essential to a healthy democracy…
…Surveillance has magnified existing concerns among journalists and their sources over the administration’s crackdown on leaks. The crackdown includes new restrictions on contact between intelligence officials and the media, an increase in leak prosecutions, and the Insider Threat Program, which requires federal officials to report one another for “suspicious” behavior that might betray an intention to leak information.
Journalists interviewed for the report said that surveillance intimidates sources, making them more hesitant to discuss even unclassified issues of public concern. The sources fear they could lose their security clearances, be fired, or – in the worst case – come under criminal investigation.
"People are increasingly scared to talk about anything," observed one Pulitzer Prize winner, including unclassified matters that are of legitimate public concern.
The report, With Liberty to Monitor All: How Large-Scale US Surveillance is Harming Journalism, Law, and American Democracy, can be downloaded here (PDF). The online Executive Summary is here.
Meantime, via The New York Times: “An internal investigation by the Central Intelligence Agency has found that its officers improperly penetrated a computer network used by the Senate Intelligence Committee in preparing its report on the C.I.A.’s detention and interrogation program.”
Image: Anonymous quote from a journalist interviewed for the report. Via Human Rights Watch.
[T]o be honest, there aren’t a lot of jobs that are cooler than being a reporter. I mean, that’s what Superman was. — John Horton, former columnist for The Plain Dealer, to Poynter, before adding, “I miss the daily challenge that you had, the feeling that you were doing something larger that made a big difference, fighting that fight every day. I think journalism is one of the few jobs that really has that aspect to it.” How mass layoffs in 2013 changed the lives of former Plain Dealer staffers.
Attack on Tor Has Likely Stripped Users of Anonymity -
Tor, the network used specifically for privacy and anonymity, just warned users of an attack meant to deanonymize people on the service. Anyone who used Tor from February 2014 through this July 4 can assume they were impacted.
Who’s behind the attacks? It appears researchers from Carnegie Mellon. Via The Verge:
The Tor team suspects the CERT division of Carnegie Mellon University’s Software Engineering Institute (SEI). Earlier this month, CERT abruptly canceled a Black Hat conference talk called “You Don’t Have to be the NSA to Break Tor: Deanonymizing Users on a Budget.” The NSA has famously attempted to break Tor, to limited success.
So what’s the big deal?: If it was the team from CERT, consider the attack a proof of concept. If they can get in, so to can more malicious actors. According to The Guardian, the CERT talk at the Black Hat conference would explain “how anyone with $3,000 could de-anonymise users of Tor.”
Somewhat related: US Government increases funding for Tor, via The Guardian.
Tor, the internet anonymiser, received more than $1.8m in funding from the US government in 2013, even while the NSA was reportedly trying to destroy the network.
According to the Tor Project’s latest annual financial statements, the organisation received $1,822,907 from the US government in 2013. The bulk of that came in the form of “pass-through” grants, money which ultimately comes from the US government distributed through some independent third-party.
Sorta Somewhat Related, Tinfoil Hat Edition: Back in January, Reuters reported that the NSA funneled $10 million to RSA, a computer security firm whose encryption tools are an industry standard. The Reuters report indicates that the funding helped ensure that a less secure encryption system was used as the default setting in an RSA “software tool called Bsafe that is used to enhance security in personal computers and many other products.”
That’s the way this city lives now — one funeral to another, hiding from bombs and collecting the dead. —
Sergey Ponomarev, freelance photographer covering Gaza, in an interview with the New York Times. Photographing on the Ground in Gaza.
Read through to see Sergey’s recent photos from Gaza.
I don’t think Hustler’s going to be around very much longer. Most people are getting their information from the Internet. It’s a technology evolution that brings a lot with it and takes a lot away. —
Larry Flynt, Founder, Hustler Magazine to Bloomberg TV via Ars Technica*. “Writing is on the wall” for Hustler print mag thanks to Internet.
FJP: Sometimes we fire up the Internets to take a quick look at ‘information’. Here’s what we’ve found.
*The post has been updated to indicate that Flynt was speaking to Bloomberg TV, not Ars Technica. HT.
On this, the 100th anniversary of the day the first world war began, it is sobering to look back at the way that conflict was so badly reported. The catalogue of journalistic misdeeds is a matter of record: the willingness to publish propaganda as fact, the apparently tame acceptance of censorship and the failure to hold power to account. —
Roy Greenslade, The Guardian. First world war: how state and press kept truth off the front page.
FJP: The more things change…