Science

'Nature' Editorial Juxtaposes FOIA Email Release With Illegal Hacking (vice.com) 65

Jason Koebler and Sarah Emerson, reporting for Motherboard: Private emails between scientists working on a controversial genetic technology called "gene drive" were released last week. Obtained through a Freedom of Information Act (FOIA) request, their publication has been criticized by some as an attempt to discredit the science community. Gene drives are a genetic engineering approach with huge implications. They're meant to seed genetic traits -- one that stops mosquitoes from carrying malaria, for instance, or hampers invasive rodents' ability to reproduce -- in a population, and with terrifyingly high odds of inheritance. If things go wrong, gene drives could destabilize ecosystems. (So far, they've only been applied to yeast, fruit flies, and mosquitoes in a lab setting.) More ideally, they could wipe out deadly plagues by targeting their vectors, or give threatened species a fighting chance. Like any young technology, there are a lot of unknowns, and stakeholders are hoping to provide clarity at the United Nations Convention on Biological Diversity next year; the same convention where a proposed gene drive moratorium was rejected in 2016. The emails and other documents reveal details about gene drive's biggest funders, including DARPA, the US military's research agency.
The Military

The US Is Testing a Microwave Weapon To Stop North Korea's Missiles (vox.com) 213

An anonymous reader quotes a report from Vox: According to an NBC News report, the weapon -- which is still under development -- could be put on a cruise missile and shot at an enemy country from a B-52 bomber. It's designed to use microwaves to target enemy military facilities and destroy electronic systems, like computers, that control their missiles. The weapon itself wouldn't damage the buildings or cause casualties. Air Force developers have been working with Boeing on the system since 2009. They're hoping to receive up to $200 million for more prototyping and testing in the latest defense bill. There's just one problem. It's not clear that the weapon is entirely ready for use -- and it's not clear that it would be any more effective than the powerful weapons the U.S. already possesses. The weapon, which has the gloriously military-style name of Counter-electronics High Power Microwave Advanced Missile Project, or CHAMP, isn't quite ready for action, but it could be soon. Two unnamed Air Force officials told NBC that the weapon could be ready for use in just a few days.
Robotics

Russia Says It Will Ignore Any UN Ban of Killer Robots (ibtimes.com) 132

According a report from Defense One, a United Nations meeting in Geneva earlier this month on lethal autonomous weapons systems (LAWS) was derailed when Russia said they would not adhere to any prohibitions on killer robots. "The U.N. meeting appeared to be undermined both by Russia's disinterest in it and the framework of the meeting itself," reports International Business Times. "Member nations attempted to come in and define what LAWS' systems would be, and what restrictions could be developed around autonomous war machines, but no progress was made." From the report: In a statement, Russia said that the lack of already developed war machines makes coming up with prohibitions on such machines difficult. "According to the Russian Federation, the lack of working samples of such weapons systems remains the main problem in the discussion on LAWS... this can hardly be considered as an argument for taking preventive prohibitive or restrictive measures against LAWS being a by far more complex and wide class of weapons of which the current understanding of humankind is rather approximate," read the statement.
The Military

After Two Months of Quiet, North Korea Launches Another Ballistic Missile (arstechnica.com) 245

South Korean and U.S. officials have confirmed that North Korea has launched another ballistic missile into the sea of Japan. The ballistic missile test -- launched just after 3am Wednesday local time from Sin-ni in South Pyongyang -- is the first since an intermediate-range missile test in September. Ars Technica reports: In a statement to the press, a spokesperson for South Korea's Joint Chiefs of Staff said, "North Korea fired an unidentified ballistic missile early this morning from Pyongsong, South Pyongan [Province], to the east direction. South Korea's Joint Chiefs of Staff is analyzing more details of the missile with the U.S. side." The U.S. Department of Defense and the North American Aerospace Defense Command (NORAD) have made an initial assessment that the missile was an ICBM, according to Office of the Secretary of Defense spokesperson Col. Robert Manning. The missile traveled 1,000 kilometers, flew over Japan, and landed in the sea east of Japan within its exclusive economic zone.
Government

FBI Failed To Notify 70+ US Officials Targeted By Russian Hackers (apnews.com) 94

An anonymous reader quotes the AP: The FBI failed to notify scores of U.S. officials that Russian hackers were trying to break into their personal Gmail accounts despite having evidence for at least a year that the targets were in the Kremlin's crosshairs, The Associated Press has found. Nearly 80 interviews with Americans targeted by Fancy Bear, a Russian government-aligned cyberespionage group, turned up only two cases in which the FBI had provided a heads-up. Even senior policymakers discovered they were targets only when the AP told them, a situation some described as bizarre and dispiriting.

"It's utterly confounding," said Philip Reiner, a former senior director at the National Security Council, who was notified by the AP that he was targeted in 2015. "You've got to tell your people. You've got to protect your people." The FBI declined to answer most questions from AP about how it had responded to the spying campaign... A senior FBI official, who was not authorized to publicly discuss the hacking operation because of its sensitivity, declined to comment on timing but said that the bureau was overwhelmed by the sheer number of attempted hacks... A few more were contacted by the FBI after their emails were published in the torrent of leaks that coursed through last year's electoral contest. But to this day, some leak victims have not heard from the bureau at all.

Here's an interesting statistic from the AP's analysis. "Out of 312 U.S. military and government figures targeted by Fancy Bear, 131 clicked the links sent to them."
EU

EU Lawmakers Back Exports Control on Spying Technology (reuters.com) 35

An anonymous reader shares a report: EU lawmakers overwhelmingly backed plans on Thursday to control exports of devices to intercept mobile phone calls, hack computers or circumvent passwords that could be used by foreign states to suppress political opponents or activists. Members of the European Parliament's trade committee voted by 34 votes to one in favor of a planned update to export controls on "dual use" products or technologies. The EU has had export controls since 2009 on such dual use products including toxins, laser and technology for navigation or nuclear power, which can have a civilian or military applications but also be used to make weapons of mass destruction. The EU has felt that spyware or malware and telecom of Internet surveillance technologies are increasingly threatening security and human rights and proposed a modernization of its export control system to cover cyber-surveillance.
Security

Iranian 'Game of Thrones' Hacker Demanded $6 Million Bitcoin Ransom From HBO, Feds Say (thedailybeast.com) 34

Anonymous readers share a report: The Department of Justice on Tuesday charged an Iranian national with allegedly hacking into HBO, dumping a selection stolen files, and attempting to extort the company by ransoming a treasure trove of the company's content. This summer, hackers released a bevy of internal HBO files, included scripts for Game of Thrones and full, unaired episodes of other shows. Behzad Mesri, aka "Skote Vahshat," at one point worked for the Iranian military to break into military and nuclear systems, as well as Israeli infrastructure, according to the newly released complaint. Under his Vahshat pseudonym, Mesri also defaced hundreds of websites in the U.S. and around the world, the complaint adds. Mesri started his hacking campaign in around May 2017, according to the complaint, probing HBO's systems and employees for weaknesses. Mesri managed to compromise multiple HBO employee accounts as well as other authorized users; from here, he allegedly stole confidential and proprietary information. These included unaired episodes of Ballers, Barry, Room 104, Curb Your Enthusiasm, and The Deuce, as well as scripts for Game of Thrones. Indeed, the hacker behind the HBO breach publicly dumped much of this material online this summer.
AI

Musk-Backed 'Slaughterbots' Video Will Warn the UN About Killer Microdrones (space.com) 252

An anonymous reader quotes Space.com: A graphic new video posits a very scary future in which swarms of killer microdrones are dispatched to kill political activists and U.S. lawmakers. Armed with explosive charges, the palm-sized quadcopters use real-time data mining and artificial intelligence to find and kill their targets. The makers of the seven-minute film titled Slaughterbots are hoping the startling dramatization will draw attention to what they view as a looming crisis -- the development of lethal, autonomous weapons, that select and fire on human targets without human guidance.

The Future of Life Institute, a nonprofit organization dedicated to mitigating existential risks posed by advanced technologies, including artificial intelligence, commissioned the film. Founded by a group of scientists and business leaders, the institute is backed by AI-skeptics Elon Musk and Stephen Hawking, among others. The institute is also behind the Campaign to Stop Killer Robots, a coalition of non-governmental organizations which have banded together to call for a preemptive ban on lethal autonomous weapons... The film will be screened this week at the United Nations in Geneva during a meeting of the Convention on Certain Conventional Weapons... The Campaign to Stop Killer Robots is hosting a series of meetings at this year's event to propose a worldwide ban on lethal autonomous weapons, which could potentially be developed as flying drones, self-driving tanks, or automated sentry guns.

"This short film is more than just speculation," says Stuart Russell, a U.C. Berkeley considered an expert in artificial intelligence.

"It shows the results of integrating and miniaturizing technologies we already have."
Transportation

DJI Threatens Researcher Who Reported Exposed Cert Key, Credentials, and Customer Data (arstechnica.com) 81

An anonymous reader quotes Ars Technica: DJI, the Chinese company that manufactures the popular Phantom brand of consumer quadcopter drones, was informed in September that developers had left the private keys for both the "wildcard" certificate for all the company's Web domains and the keys to cloud storage accounts on Amazon Web Services exposed publicly in code posted to GitHub. Using the data, researcher Kevin Finisterre was able to access flight log data and images uploaded by DJI customers, including photos of government IDs, drivers licenses, and passports. Some of the data included flight logs from accounts associated with government and military domains.

Finisterre found the security error after beginning to probe DJI's systems under DJI's bug bounty program, which was announced in August. But as Finisterre worked to document the bug with the company, he got increasing pushback -- including a threat of charges under the Computer Fraud and Abuse Act. DJI refused to offer any protection against legal action in the company's "final offer" for the data. So Finisterre dropped out of the program and published his findings publicly yesterday, along with a narrative entitled, "Why I walked away from $30,000 of DJI bounty money."

The company says they're now investigating "unauthorized access of one of DJI's servers containing personal information," adding that "the hacker in question" refused to agree to their terms and shared "confidential communications with DJI employees."
Robotics

'Robots Are Not Taking Over,' Says Head of UN Body of Autonomous Weapons (theguardian.com) 77

An anonymous reader writes: Robots are not taking over the world," the diplomat leading the first official talks on autonomous weapons assured on Friday, seeking to head off criticism over slow progress towards restricting the use of so-called "killer robots." The United Nations was wrapping up an initial five days of discussions on weapons systems that can identify and destroy targets without human control, which experts say will soon be battle ready. "Ladies and gentlemen, I have news for you: the robots are not taking over the world. Humans are still in charge," said India's disarmament ambassador, Amandeep Gill, who chaired the CCW meeting. "I think we have to be careful in not emotionalizing or dramatizing this issue," he told reporters in response to criticism about the speed of the conference's work. Twenty-two countries, mostly those with smaller military budgets and lesser technical knowhow, have called for an outright ban, arguing that automated weapons are by definition illegal as every individual decision to launch a strike must be made by a human. Gill underscored that banning killer robots, or even agreement on rules, remained a distant prospect.
The Military

Massive US Military Social Media Spying Archive Left Wide Open In AWS S3 Buckets (theregister.co.uk) 85

An anonymous reader quotes a report from The Register: Three misconfigured AWS S3 buckets have been discovered wide open on the public internet containing "dozens of terabytes" of social media posts and similar pages -- all scraped from around the world by the U.S. military to identify and profile persons of interest. The archives were found by veteran security breach hunter UpGuard's Chris Vickery during a routine scan of open Amazon-hosted data silos, and these ones weren't exactly hidden. The buckets were named centcom-backup, centcom-archive, and pacom-archive. CENTCOM is the common abbreviation for the U.S. Central Command, which controls army operations in the Middle East, North Africa and Central Asia. PACOM is the name for U.S. Pacific Command, covering the rest of southern Asia, China and Australasia.

"For the research I downloaded 400GB of samples but there were many terabytes of data up there," he said. "It's mainly compressed text files that can expand out by a factor of ten so there's dozens and dozens of terabytes out there and that's a conservative estimate." Just one of the buckets contained 1.8 billion social media posts automatically fetched over the past eight years up to today. It mainly contains postings made in central Asia, however Vickery noted that some of the material is taken from comments made by American citizens. The databases also reveal some interesting clues as to what this information is being used for. Documents make reference to the fact that the archive was collected as part of the U.S. government's Outpost program, which is a social media monitoring and influencing campaign designed to target overseas youths and steer them away from terrorism.

China

China Builds World's Fastest Hypersonic Wind Tunnel To Simulate Flight At 27,000 MPH (scmp.com) 63

schwit1 quotes a report from South China Morning Post: China is building the world's fastest wind tunnel to simulate hypersonic flight at speeds of up to 12 kilometers per second (~27,000 miles per hour). Zhao Wei, a senior scientist working on the project, said researchers aimed to have the facility up and running by around 2020 to meet the pressing demand of China's hypersonic weapon development program. "It will boost the engineering application of hypersonic technology, mostly in military sectors, by duplicating the environment of extreme hypersonic flights, so problems can be discovered and solved on the ground," said Zhao. The world's most powerful wind tunnel at present is America's LENX-X facility in Buffalo, New York state, which operates at speeds of up to 10 kilometers per second -- 30 times the speed of sound. Hypersonic aircraft are defined as vehicles that travel at speeds of Mach 5, five times the speed of sound, or above.

In the new tunnel there will be a test chamber with room for relatively large aircraft models with a wing span of almost three meters. To generate an airflow at extremely high speeds, the researchers will detonate several tubes containing a mixture of oxygen, hydrogen and nitrogen gases to create a series of explosions that can discharge one gigawatt of power within a split second, according to Zhao. The shock waves, channelled into the test chamber through a metallic tunnel, will envelope the prototype vehicle and increase the temperature over its body to 8,000 Kelvins, or 7,727 degrees Celsius, Zhao said. The new tunnel would also be used to test the scramjet, a new type of jet engine designed specifically for hypersonic flights. Traditional jet engines are not capable of handling air flows at such speeds.

The Military

Russia Posts Video Game Screenshot As 'Irrefutable Proof' of US Helping IS (bbc.com) 132

Plus1Entropy shares a report from BBC, adding: "But when I asked Putin, he said they didn't do it": Russia's Ministry of Defense has posted what it called "irrefutable proof" of the U.S. aiding so-called Islamic State -- but one of the images was actually taken from a video game. The ministry claimed the image showed an IS convoy leaving a Syrian town last week aided by U.S. forces. Instead, it came from the smartphone game AC-130 Gunship Simulator: Special Ops Squadron. The ministry said an employee had mistakenly attached the photo. The Conflict Intelligence Team fact-checking group said the other four provided were also errors, taken from a June 2016 video which showed the Iraqi Air Force attacking IS in Iraq. The video game image seems to be taken from a promotional video on the game's website and YouTube channel, closely cropped to omit the game controls and on-screen information. In the corner of the image, however, a few letters of the developer's disclaimer can still be seen: "Development footage. This is a work in progress. All content subject to change."
Government

Pentagon To Make a Big Push Toward Open-Source Software Next Year (theverge.com) 99

"Open-source software" is computer software with its source code made available with a license in which the copyright holder provides the rights to study, change, and distribute the software to anyone and for any purpose. According to The Verge, the Pentagon is going to make a big push for open-source software in 2018. "Thanks to an amendment introduced by Sen. Mike Rounds (R-SD) and co-sponsored by Sen. Elizabeth Warren (D-MA), the [National Defense Authorization Act for Fiscal Year 2018] could institute a big change: should the bill pass in its present form, the Pentagon will be going open source." From the report: We don't typically think of the Pentagon as a software-intensive workplace, but we absolutely should. The Department of Defense is the world's largest single employer, and while some of that work is people marching around with rifles and boots, a lot of the work is reports, briefings, data management, and just managing the massive enterprise. Loading slides in PowerPoint is as much a part of daily military life as loading rounds into a magazine. Besides cost, there are two other compelling explanations for why the military might want to go open source. One is that technology outside the Pentagon simply advances faster than technology within it, and by availing itself to open-source tools, the Pentagon can adopt those advances almost as soon as the new code hits the web, without going through the extra steps of a procurement process. Open-source software is also more secure than closed-source software, by its very nature: the code is perpetually scrutinized by countless users across the planet, and any weaknesses are shared immediately.
The Military

North Korean Hackers Are Targeting US Defense Contractors (wpengine.com) 146

chicksdaddy quotes Security Ledger: North Korean hackers have stepped up their attacks on U.S. defense contractors in an apparent effort to gain intelligence on weapon systems and other assets that might be used against the country in an armed conflict with the United States and its allies, The Security Ledger is reporting. Security experts and defense industry personnel interviewed by The Security Ledger say that probes and attacks by hacking groups known to be associated with the government of the Democratic People's Republic of Korea (DPRK) have increased markedly as hostilities between that country and the United States have ratcheted up in the last year. The hacking attempts seem to be aimed at gaining access to intellectual property belonging to the companies, including weapons systems deployed on the Korean peninsula.

"As the situation between the DPRK and the US has become more tense, we've definitely seen an increase in number of probe attempts from cyber actors coming out of the DPRK," an official at an aerospace and defense firm told Security Ledger. The so-called "probes" were targeting the company's administrative network and included spear phishing attacks via email and other channels. The goal was to compromise computers on the corporate network... So far, the attacks have targeted "weakest links" within the firms, such as Human Resources personnel and general inquiry mailboxes, rather than targeting technical staff directly. However, experts who follow the DPRK's fast evolving cyber capabilities say that the country may have more up their sleeve.

CNBC also reports that America's congressional defense committees have authorized a last-minute request for $4 billion in extra spending for "urgent missile defeat and defense enhancements to counter the threat of North Korea."

Other countries newly interested in purchasing missile defense systems include Japan, Sweden, Poland, and Saudi Arabia.
The Military

Lockheed Martin To Build High-Energy Airborne Laser For Fighter Planes (newatlas.com) 80

Slashdot reader Big Hairy Ian quotes New Atlas: In a move that could revolutionize aerial combat, the US Air Force Research Lab (AFRL) has awarded Lockheed Martin a US$26.3 million contract to design, develop, and produce a high-power laser weapon that the AFRL wants to install and test on a tactical fighter jet by 2021. The new test weapon is part of the AFRL Self-protect High Energy Laser Demonstrator (SHiELD) program tasked with developing airborne laser systems.

Airborne laser weapons are nothing new. Experimental lasers mounted on aircraft date back to the US Strategic Defense Initiative of the 1980s, but producing a practical weapon system has proven difficult. Previous attempts have resulted in dodgy chemical laser weapons so bulky that they had to be mounted in a 747, but the development of solid state fiber optic lasers is starting to change the game. Earlier this year, Lockheed's ground-based ATHENA system shot down five 10.8-ft (3.3-m) wingspan Outlaw drones by focusing its 30-kW Accelerated Laser Demonstration Initiative (ALADIN) laser at their stern control surfaces until they burned off, sending them crashing into the desert floor.

Education

Magazine For Museums Publishes Its 2040 Issue -- 23 Years Early (aam-us.org) 40

A nonprofit founded in 1906 is now offering a glimpse at 2040, according to an anonymous reader: The Alliance of American Museums has just published an ambitious Nov/Dec 2040 issue of Museum, the Alliance's magazine. The columns, reviews, articles, awards, and even the ads describe activities from a 2040 perspective, based on a multi-faceted consensus scenario.
Besides virtual reality centers (and carbon-neutral cities), it envisions de-extinction biologists who resurrect lost species. It also predicts a 2040 with orbiting storehouses to preserve historic artifacts (as well as genetic materials) as part of a collaboration with both NASA and a new American military branch called the US Space Corps. And of course, by 2040 musuems have transformed into hybrid institutions like "museum schools" and "well-being and cognitive health centers" that are both run by museums.

It also predicts for-profit museums that have partnered with corporations.
Security

Should Private Companies Be Allowed To Hit Back At Hackers? (vice.com) 141

An anonymous reader quotes a report from Motherboard: The former director of the NSA and the U.S. military's cybersecurity branch doesn't believe private companies should be allowed to hit back at hackers. "If it starts a war, you can't have companies starting a war. That's an inherently governmental responsibility, and plus the chances of a company getting it wrong are fairly high," Alexander said during a meeting with a small group of reporters on Monday. During a keynote he gave at a cybersecurity conference in Manhattan, Alexander hit back at defenders of the extremely common, although rarely discussed or acknowledged, practice of revenge hacking, or hack back. During his talk, Alexander said that no company, especially those attacked by nation state hackers, should ever be allowed to try to retaliate on its own.

Using the example of Sony, which was famously hacked by North Korea in late 2014, Alexander said that if Sony had gone after the hackers, it might have prompted them to throw artillery into South Korea once they saw someone attacking them back. "We can give Sony six guys from my old place there," he said, presumably referring to the NSA, "and they'd beat up North Korea like red-headed stepchild -- no pun intended." But that's not a good idea because it could escalate a conflict, and "that's an inherently governmental responsibility. So if Sony can't defend it, the government has to." Instead, Keith argued that the U.S. government should be able to not only hit back at hackers -- as it already does -- but should also have more powers and responsibilities when it comes to stopping hackers before they even get in. Private companies should share more data with the U.S. government to prevent breaches, ha said.

Earth

The US Has Destroyed A Critical Sea Ice-Measuring Satellite (scientificamerican.com) 283

"A key polar satellite used to measure the Arctic ice cap failed a few days ago, leaving the U.S. with only three others, and those have lived well beyond their shelf lives," writes long-time Slashdot reader edibobb. The Guardian reports that all three of the remaining satellites "are all beginning to drift out of their orbits over the poles" and will no longer be operational by 2023. This could put an end to nearly 40 years of uninterrupted data on polar ice, notes the original submission, adding "It seems like there would be a backup satellite, right?

"In fact, there was a backup satellite ready to go." The $58 million satellite was dismantled in 2016 when the Republican-controlled Congress cut its funding. (The Guardian reports that many scientists "say this decision was made for purely ideological reasons.") Now Nature reports: The U.S. military is developing another set of weather satellites...but the one carrying a microwave sensor will not launch before 2022. That means that when the current three aging satellites die, the United States will be without a reliable, long-term source of sea-ice data... For now, the the U.S. National Snow and Ice Data Center is preparing for those scenarios by incorporating data from Japan's AMSR2 microwave sensor into its sea-ice record. Another, more politically fraught option is to pull in data from the China Meteorological Administration's Fengyun satellite series... Since 2011 Congress has banned NASA scientists from working with Chinese scientists -- but not necessarily from using Chinese data. One final possibility is finding a way to launch the passive-microwave sensor that scientists at the U.S. Naval Research Laboratory salvaged from the dismantled DMSP satellite. The sensor currently sits at the Aerospace Corporation in El Segundo, California, where researchers are trying to find a way to get it into orbit.
Transportation

The Fourth US Navy Collision of the Year Was Ultimately Caused By UI Confusion (arstechnica.com) 220

Yesterday, the U.S. Navy issued its report on the collisions of the USS Fitzgerald and USS John S. McCain this summer, which was the fourth U.S. Navy collision this year. "The Navy's investigation found that both collisions were avoidable accidents," reports Ars Technica. "And in the case of the USS McCain, the accident was in part caused by an error made in switching which control console on the ship's bridge had steering control. While the report lays the blame on training, the user interface for the bridge's central navigation control systems certainly played a role." From the report: According to the report, at 5:19am local time, the commanding officer of the McCain, Commander Alfredo J. Sanchez, "noticed the Helmsman (the watchstander steering the ship) having difficulty maintaining course while also adjusting the throttles for speed control." Sanchez ordered the watch team to split the responsibilities for steering and speed control, shifting control of the throttle to another watchstander's station -- the lee helm, immediately to the right (starboard) of the Helmsman's position at the Ship's Control Console. While the Ship's Control Console has a wheel for manual steering, both steering and throttle can be controlled with trackballs, with the adjustments showing up on the screens for each station. However, instead of switching just throttle control to the Lee Helm station, the Helmsman accidentally switched all control to the Lee Helm station. When that happened, the ship's rudder automatically moved to its default position (amidships, or on center line of the ship). The helmsman had been steering slightly to the right to keep the ship on course in the currents of the Singapore Strait, but the adjustment meant the ship started drifting off course.

At this point, everyone on the bridge thought there had been a loss of steering. In the commotion that ensued, the commanding officer and bridge crew lost track of what was going on around them. Sanchez ordered the engines slowed, but the lee helmsman only slowed the port (left) throttle, because the throttle controls on-screen were not "ganged" (linked) at the time as the result of the switch-over of control. The ship continued to turn uncontrolled to port -- putting the ship on a collision course with the Liberian-flagged chemical carrier Alnic MC.

Slashdot Top Deals