United States

A Harrowing Story: Dropping an Atomic Bomb on Nagasaki (thebulletin.org) 279

Last Sunday marked the 75th anniversary of the world's second atomic bomb attack in 1945. Slashdot reader DanDrollette (who is also the deputy editor of The Bulletin of the Atomic Scientists) shares their article describing that eight-hour flight — with no radio communication — carrying a 9,000-pound nuclear weapon as "outside, monsoon winds, rain, and lightning lashed at them." In a nutshell: A typhoon was coming, the fuel pump failed, they had to switch planes, things were wired incorrectly, they missed their rendezvous, they couldn't see the primary target, they ran out of gas on the way home, and they had to crash-land. But the worst part was when the Fat Man atomic bomb started to arm itself and begin the countdown to detonation mid-flight, before they were even half-way to Nagasaki.
"One of them, bearing the newly minted title 'weaponeer,' grabbed the Bomb's blueprints and raced to figure out what was wrong..." the article explains, calling it a miracle that their mission ultimately succeeded. "It is a story of astonishing screw-ups that easily could have plunged the plane, the men, and the bomb into the Pacific Ocean...

"The military has been loathe to talk about it for reasons of national security and, perhaps, embarrassment."
Security

FBI and NSA Expose New Linux Malware Drovorub, Used by Russian State Hackers (zdnet.com) 72

The FBI and NSA have published today a joint security alert containing details about a new strain of Linux malware that the two agencies say was developed and deployed in real-world attacks by Russia's military hackers. From a report: The two agencies say Russian hackers used the malware, named Drovorub, was to plant backdoors inside hacked networks. Based on evidence the two agencies have collected, FBI and NSA officials claim the malware is the work of APT28 (Fancy Bear, Sednit), a codename given to the hackers operating out of military unity 26165 of the Russian General Staff Main Intelligence Directorate (GRU) 85th Main SpecialService Center (GTsSS). Through their joint alert, the two agencies hope to raise awareness in the US private and public sectors so IT administrators can quickly deploy detection rules and prevention measures.
United States

US Says It Seized Cryptocurrency From Three Terrorist Groups (bloomberg.com) 39

The Trump administration dismantled digital campaigns by al-Qaeda and other other terrorist groups that used social media to obtain cryptocurrency for carrying out terrorist attacks, the Justice Department said on Thursday. From a report: The U.S. seized millions of dollars and more than 300 cryptocurrency accounts used by al-Qaeda; Hamas's military wing, the al-Qassam Brigades; and the Islamic State of Iraq and the Levant, or ISIS. "These actions represent the government's largest-ever seizure of cryptocurrency in the terrorism context," the Justice Department said in a statement.
The Internet

Belarus Has Shut Down the Internet Amid a Controversial Election (wired.com) 120

An anonymous reader quotes a report from Wired: Internet connectivity and cellular service in Belarus have been down since Sunday evening, after sporadic outages early that morning and throughout the day. The connectivity blackout, which also includes landline phones, appears to be a government-imposed outage that comes amid widespread protests and increasing social unrest over Belarus' presidential election Sunday. The ongoing shutdown has further roiled the country of about 9.5 million people, where official election results this morning indicated that five-term president Aleksandr Lukashenko had won a sixth term with about 80 percent of the vote. Around the country, protests against Lukashenko's administration, including criticisms of his foreign policy and handling of the Covid-19 pandemic, grew in the days leading up to the election and exploded on Sunday night. The government has responded to the protests by mobilizing police and military forces, particularly in Minsk, the capital. Meanwhile, opposition candidates and protesters say the election was rigged and believe the results to be illegitimate.

On Monday, Lukashenko said in an interview that the internet outages were coming from abroad, and were not the result of a Belarusian government initiative. Belarus' Community Emergency Response Team, or CERT, in a statement on Sunday blamed large distributed denial-of-service attacks, particularly against the country's State Security Committee and Ministry of Internal Affairs, for causing "problems with equipment." The Belarusian government-owned ISP RUE Beltelecom said in a statement Monday that it is working to resolve the outages and restore service after "multiple cyberattacks of varying intensity." Outside observers have met those claims with skepticism. "The truth of what's going on in Belarus isn't really knowable right now, but there's no indication of a DDoS attack. It can't be ruled out, but there's no external sign of it that we see," says Alp Toker, director of the nonpartisan connectivity tracking group NetBlocks. After midnight Sunday, NetBlocks observed an outage that went largely unnoticed by the Belarus population, given the hour, but the country's internet infrastructure became increasingly wobbly afterward. "Then just as polls are opening in the morning, there are more disruptions, and those really continue and progress," says Toker. "Then the major outage that NetBlocks detected started right as the polls were closing and is ongoing."

The disruption extended even to virtual private networks -- a common workaround for internet outages or censorship -- most of which remain unreachable. "Belarus hasn't had a lot of investment in circumvention technologies, because people there haven't needed to," Toker says. Meanwhile, there are a few anecdotal indications that the outages were planned, and even possibly that the government warned some businesses and institutions ahead of time. A prescient report on Saturday from the Russian newspaper Moskovsky Komsomolets included an interview with a salesperson who warned journalists attempting to buy SIM cards that the government had indicated widespread connectivity outages might be coming as soon as that night.

Government

New Zealand Marks 100 Days of No Covid-19 Community Spread (axios.com) 60

Axios reports: New Zealand has now gone 100 days with no detected community spread of COVID-19, the Ministry of Health confirmed in an emailed statement Sunday afternoon local time... Prime Minister Jacinda Ardern has been widely praised for her leadership that saw New Zealand lock down hard for several weeks before all domestic restrictions were lifted in June...

New Zealand has 23 active coronavirus cases. All are NZ residents newly returned from abroad, who are staying in managed isolation facilities. The border remains closed to non-residents and all newly-returned Kiwis must undergo a two-week isolation program managed by the country's defense force... Police are stationed outside hotels where travelers are in quarantine.

Transportation

Last Fall a Drone Swarm Surveilled America's Largest Nuclear Reactor -- Twice (forbes.com) 114

America's Nuclear Regulatory Commission honored a document request from a UFO group — which has inadvertently revealed a very real incident last fall at America's largest nuclear reactor in Arizona, reports Forbes: Documents gained under the Freedom of Information Act show how a number of small drones flew around a restricted area at Palo Verde Nuclear Power Plant on two successive nights last September. Security forces watched, but were apparently helpless to act as the drones carried out their incursions before disappearing into the night. Details of the event gives some clues as to just what they were doing, but who sent them remains a mystery...

"Officer noticed several drones (5 or 6) flying over the site. The drones are circling the 3 unit site inside and outside the Protected Area. The drones have flashing red and white lights and are estimated to be 200 to 300 feet above the site. It was reported the drones had spotlights on while approaching the site that they turned off when they entered the Security Owner Controlled Area..."

The drones departed at 22:30, eighty minutes after they were first spotted. The security officers estimated that they were over two feet in diameter. This indicates that they were not simply consumer drones like the popular DJI Phantom, which have a flight endurance of about half an hour and is about a foot across, but something larger and more capable. The Lockheed Martin Indago, a military-grade quadcopter recently sold to the Swiss Army, has a flight endurance of about seventy minutes and is more than two feet across. At several thousand dollars apiece minimum, these are far less expendable than consumer drones costing a few hundred. All of which suggests this was not just a prank.

The next night events were repeated...

The article notes that two months later America's Nuclear Regulatory Commission "decided not to require drone defenses at nuclear plants, asserting that small drones could not damage a reactor or steal nuclear material. It is highly likely that such sites are still vulnerable to drone overflights."

The article also notes that this reactor supplies electricity to major American cities including Los Angeles, San Diego, Phoenix, and Tucson.
Privacy

US Government Contractor Embedded Software in Apps To Track Phones (wsj.com) 32

A small U.S. company with ties to the U.S. defense and intelligence communities has embedded its software in numerous mobile apps, allowing it to track the movements of hundreds of millions of mobile phones world-wide, The Wall Street Journal reported Friday, citing people familiar with the matter and documents it reviewed. From the report: Anomaly Six, a Virginia-based company founded by two U.S. military veterans with a background in intelligence, said in marketing material it is able to draw location data from more than 500 mobile applications, in part through its own software development kit, or SDK, that is embedded directly in some of the apps. An SDK allows the company to obtain the phone's location if consumers have allowed the app containing the software to access the phone's GPS coordinates. App publishers often allow third-party companies, for a fee, to insert SDKs into their apps. The SDK maker then sells the consumer data harvested from the app, and the app publisher gets a chunk of revenue. But consumers have no way to know whether SDKs are embedded in apps; most privacy policies don't disclose that information.

Anomaly Six says it embeds its own SDK in some apps, and in other cases gets location data from other partners. Anomaly Six is a federal contractor that provides global-location-data products to branches of the U.S. government and private-sector clients. The company told The Wall Street Journal it restricts the sale of U.S. mobile phone movement data only to nongovernmental, private-sector clients. Numerous agencies of the U.S. government have concluded that mobile data acquired by federal agencies from advertising is lawful. Several law-enforcement agencies are using such data for criminal-law enforcement, the Journal has reported, while numerous U.S. military and intelligence agencies also acquire this kind of data.

Earth

How To Build a Nuclear Warning For 10,000 Years' Time (bbc.com) 273

Faizdog writes (edited for clarity): The BBC has a fascinating story about the struggle we are facing today as we work on finding ways to warn future generations about nuclear waste dumps. How does language or knowledge survive over 300,000 years? Even today, only about 6% of the world's population recognizes the nuclear danger symbol, and we've forgotten the purpose of Stonehenge. Language, culture, history all change and are forgotten in a relatively short period of time on a nuclear scale. From a report: "This place is not a place of honor," reads the text. "No highly esteemed dead is commemorated here... nothing valued is here. What is here was dangerous and repulsive to us. This message is a warning about danger." It sounds like the kind of curse that you half-expect to find at the entrance to an ancient burial mound. But this message is intended to help mark the site of the Waste Isolation Pilot Project (WIPP) that has been built over 2,000 feet (610m) down through stable rocks beneath the desert of New Mexico. The huge complex of tunnels and caverns is designed to contain the US military's most dangerous nuclear waste. This waste will remain lethal longer than the 300,000 years Homo sapiens has walked across the surface of the planet. WIPP is currently the only licensed deep geological disposal repository in operation in the world. A similar facility should also open in Finland in the mid-2020s. When the facility is full sometime in the next 10 to 20 years, the caverns will be collapsed and sealed with concrete and soil. The sprawling complex of buildings that currently mark the site will be erased. In its place will be "our society's largest conscious attempt to communicate across the abyss of deep time."
China

Will China's AI Surveillance State Go Global? (theatlantic.com) 109

China already has hundreds of millions of surveillance cameras in place, reports the Atlantic's deputy editor, and "because a new regulation requires telecom firms to scan the face of anyone who signs up for cellphone services, phones' data can now be attached to a specific person's face."

But the article also warns that when it comes to AI-powered surveillance, China "could also export it beyond the country's borders, entrenching the power of a whole generation of autocrats" and "shift the balance of power between the individual and the state worldwide..." The country is now the world's leading seller of AI-powered surveillance equipment.... China uses "predatory lending to sell telecommunications equipment at a significant discount to developing countries, which then puts China in a position to control those networks and their data," Michael Kratsios, America's CTO, told me. When countries need to refinance the terms of their loans, China can make network access part of the deal, in the same way that its military secures base rights at foreign ports it finances. "If you give [China] unfettered access to data networks around the world, that could be a serious problem," Kratsios said...

Having set up beachheads* in Asia, Europe, and Africa, China's AI companies are now pushing into Latin America, a region the Chinese government describes as a "core economic interest." China financed Ecuador's $240 million purchase of a surveillance-camera system. Bolivia, too, has bought surveillance equipment with help from a loan from Beijing. Venezuela recently debuted a new national ID-card system that logs citizens' political affiliations in a database built by ZTE.

* The article provides these additional examples:
  • In Malaysia, the government is working with Yitu, a Chinese AI start-up, to bring facial-recognition technology to Kuala Lumpur's police...
  • Chinese companies also bid to outfit every one of Singapore's 110,000 lampposts with facial-recognition cameras.
  • In South Asia, the Chinese government has supplied surveillance equipment to Sri Lanka.
  • On the old Silk Road, the Chinese company Dahua is lining the streets of Mongolia's capital with AI-assisted surveillance cameras.
  • In Serbia, Huawei is helping set up a "safe-city system," complete with facial-recognition cameras and joint patrols conducted by Serbian and Chinese police aimed at helping Chinese tourists to feel safe.
  • Kenya, Uganda, and Mauritius are outfitting major cities with Chinese-made surveillance networks...

The Military

Should the US Military Be Recruiting On Twitch? (theverge.com) 160

The U.S. military has for years been using streaming channels and video gaming to recruit people. "Several branches of the military -- with the exception of the Marines -- have had esports teams since 2018," reports The Verge. "And according to Military.com, the Army's esports efforts alone generated 3,500 recruiting leads in fiscal year 2019."

But the question is... should they be recruiting on these platforms? According to Rep. Alexandria Ocasio-Cortez (D-NY), the answer is no. She is proposing an amendment that would ban the U.S. military from recruiting on Twitch. The Verge reports: "Children should not be targeted in general for many marketing purposes in addition to military service. Right now, currently, children on platforms such as Twitch are bombarded with banner ads linked to recruitment signup forms that can be submitted by children as young as 12 years old," Ocasio-Cortez said on the House floor Thursday. "These are not education outreach programs for the military."

Last week, the Army paused its use of Twitch for recruitment after its channel was criticized for banning viewers who asked about war crimes. The Army told GameSpot: "The team has paused streaming to review internal policies and procedures, as well as all platform-specific policies, to ensure those participating in the space are clear before streaming resumes." And earlier this month, Twitch told the Army to stop sharing phony prize giveaways on its channel that promised an Xbox Elite Series 2 controller, only for users to be directed to a recruitment page when they clicked through. The language of Ocasio-Cortez's draft would make that pause permanent, banning US military organizations from using funds to "maintain a presence on Twitch.com or any video game, e-sports, or live-streaming platform."
You can watch the congresswoman's impassioned floor speech here.
Security

Hackers Broke Into Real News Sites To Plant Fake Stories (wired.com) 67

A disinfo operation broke into the content management systems of Eastern European media outlets in a campaign to spread misinformation about NATO. Wired reports: On Wednesday, security firm FireEye released a report on a disinformation-focused group it's calling Ghostwriter. The propagandists have created and disseminated disinformation since at least March 2017, with a focus on undermining NATO and the US troops in Poland and the Baltics; they've posted fake content on everything from social media to pro-Russian news websites. In some cases, FireEye says, Ghostwriter has deployed a bolder tactic: hacking the content management systems of news websites to post their own stories. They then disseminate their literal fake news with spoofed emails, social media, and even op-eds the propagandists write on other sites that accept user-generated content. That hacking campaign, targeting media sites from Poland to Lithuania, has spread false stories about US military aggression, NATO soldiers spreading coronavirus, NATO planning a full-on invasion of Belarus, and more.

"They're spreading these stories that NATO is a danger, that they resent the locals, that they're infected, that they're car thieves," says John Hultquist, director of intelligence at FireEye. "And they're pushing these stories out with a variety of means, the most interesting of which is hacking local media websites and planting them. These fictional stories are suddenly bona fide by the sites that they're on, and then they go in and spread the link to the story."

FireEye itself did not conduct incident response analyses on these incidents and concedes that it doesn't know exactly how the hackers are stealing credentials that give them access to the content management systems that allow posting and altering news stories. Nor does it know who is behind the string of website compromises, or for that matter the larger disinformation campaign that the fake stories are a part of. But the company's analysts have found that the news site compromises and the online accounts used to spread links to those fabricated stories, as well as the more traditional creation of fake news on social media, blogs, and websites with an anti-US and anti-NATO bent, all tie back to a distinct set of personas, indicating one unified disinformation effort. FireEye's Hultquist points out that the campaign doesn't seem financially motivated, indicating a political or state backer, and notes that the focus on driving a wedge between NATO and citizens of Eastern Europe hints at possible Russian involvement.

China

How a Chinese Agent Used LinkedIn to 'Lure' American Targets (bbc.com) 61

Today the BBC told the story of Jun Wei Yeo, "an ambitious and freshly enrolled Singaporean PhD student" who was gradually recruited by Chinese intelligence.

Yeo "would end up using the professional networking website LinkedIn, a fake consulting company and cover as a curious academic to lure in American targets." Some of the targets that Yeo found by trawling through LinkedIn were commissioned to write reports for his "consultancy", which had the same name as an already prominent firm. These were then sent to his Chinese contacts. One of the individuals he contacted worked on the U.S. Air Force's F-35 fighter jet programme and admitted he had money problems. Another was a U.S. army officer assigned to the Pentagon, who was paid at least $2,000 (£1,500) to write a report on how the withdrawal of US forces from Afghanistan would impact China... According to the court documents, his handlers advised him to ask targets if they "were dissatisfied with work" or "were having financial troubles"...

In 2018, Yeo also posted fake online job ads for his consulting company. He told investigators he received more than 400 CVs with 90% of them coming from "US military and government personnel with security clearances". Some were passed to his Chinese handlers... Dickson Yeo does not appear to have got as far with his contacts as his handlers would have liked. But in November 2019, he travelled to the U.S. with instructions to turn the army officer into a "permanent conduit of information", his signed statement says.

He was arrested before he could ask.

The 39-year-old now faces up to 10 years in prison for being an "illegal agent of a foreign power" — but the article notes he was "aided by an invisible ally — the LinkedIn algorithm.

"Each time Yeo looked at someone's profile it would suggest a new slate of contacts with similar experience that he might be interested in..."
Sci-Fi

Pentagon's UFO Unit Will Make Some Findings Public (baltimoresun.com) 186

According to The New York Times, a secretive task force called the Unidentified Aerial Phenomenon Task Force is expected to release new and alarming findings that may involve vehicles made of materials not of this plant. From the report: Despite Pentagon statements that it disbanded a once-covert program to investigate unidentified flying objects, the effort remains underway -- renamed and tucked inside the Office of Naval Intelligence, where officials continue to study mystifying encounters between military pilots and unidentified aerial vehicles. Pentagon officials will not discuss the program, which is not classified but deals with classified matters. Yet it appeared last month in a Senate committee report outlining spending on the nation's intelligence agencies for the coming year. The report said the program, the Unidentified Aerial Phenomenon Task Force, was "to standardize collection and reporting" on sightings of unexplained aerial vehicles, and was to report at least some of its findings to the public every six months. While retired officials involved with the effort -- including Harry Reid, the former Senate majority leader -- hope the program will seek evidence of vehicles from other worlds, its main focus is on discovering whether another nation, especially any potential adversary, is using breakout aviation technology that could threaten the United States.

Sen. Marco Rubio, R-Fla., who is the acting chairman of the Senate Select Committee on Intelligence, told a CBS affiliate in Miami this month that he was primarily concerned about reports of unidentified aircraft over U.S. military bases -- and that it was in the government's interest to find out who was responsible. He expressed concerns that China or Russia or some other adversary had made "some technological leap" that "allows them to conduct this sort of activity." Rubio said some of the unidentified aerial vehicles over U.S. bases possibly exhibited technologies not in the U.S. arsenal. But he also noted: "Maybe there is a completely, sort of, boring explanation for it. But we need to find out."

Crime

'World's Most Wanted Man' Involveld In Bizarre Attempt To Buy Hacking Tools (vice.com) 27

An anonymous reader quotes a report from Motherboard: The fugitive executive of the embattled payment startup Wirecard was mentioned in a brazen and bizarre attempt to purchase hacking tools and surveillance technology from an Italian company in 2013, an investigation by Motherboard and the German weekly Der Spiegel found. Jan Marsalek, a 40-year-old Austrian who until recently was the chief operating officer of the rising fintech company Wirecard, seems to have taken a meeting with the infamous Italian surveillance technology provider Hacking Team in 2013. At the time, Marsalek is described as an official representative of the government of Grenada, a small Caribbean island of around 100,000 people, in a letter that bears the letterhead of the Grenada government. The documents were included in a cache published after Hacking Team was hacked in 2015. In recent days, Marsalek has been described as the 'world's most wanted man.'

It is unclear from the documents alone whether Marsalek played any role in the attempt to procure hacking tools, or whether his name was simply used. However, months before Marsalek appears to have contacted with Hacking Team, several websites with official sounding names such as StateOfGrenada.org were registered under the name of Jan Marsalek, as Der Spiegel reported last week. Some of the sites were registered with Marsalek's phone number and his Munich address at the time, and the servers were apparently operated from Germany. Wirecard provided digital payment services and was considered one of the most important companies in the financial tech industry. Wirecard offered a mobile payment app called Boon, which was essentially a virtual MasterCard card, it also offered a prepaid debit card called mycard2go, and worked with companies such as KLM, Rakuten, and Qatar Airways to manage their online transactions. The company suddenly collapsed in June after German regulators raided its headquarters as part of an investigation into fraudulent stock price manipulation and 1.9 billion euros that are missing from the company's books. Marsalek is now a fugitive and a key suspect in the German investigation. He reportedly fled to Belarus, and is now hiding in Russia under the protection of the FSB, according to German news reports. In the past, he was involved in other strange dealings: he bragged about an attempt to recruit 15,000 Libyan militiamen, and about a trip to Syria along with Russian military, according to the Financial Times.

United States

Marco Rubio Hopes UFOs Are Aliens, Not Chinese Planes (vice.com) 144

Florida Senator Marco Rubio said he hopes that UFOs are extraterrestrials and not advanced Chinese aircraft. From a report: In a July 16 interview with CBS reporter Jim DeFede about a range of topics, including the government's Covid-19 response and the possible existence of extraterrestrial life. "We have things flying over our military bases and places where we're conducting military exercises and we don't know what it is and it isn't ours," Rubio said. "Frankly, if it's something outside this planet that might actually be better than the fact that we've seen some sort of technological leap from the Chinese or Russians or some other adversary that allows them to conduct this sort of activity," Rubio said. "That to me is a national security risk and one we should be looking into."
The Military

'If War Breaks Out on Top of the World' (popularmechanics.com) 83

The United States Air Force's elite "PJ" pararescue units and Alaska National Guard units "are ready to respond if war breaks out on top of the world," reports a new article in Popular Mechanics: With much of the ice cap melted, the Arctic is teeming with competitive activity because it's no longer an impenetrable land of glaciers — void of economic or strategic military advantages. In fact, quite the opposite. The U.S., Russia, and China all recognize that new shipping lanes and natural resources, worth trillions of dollars, are becoming more viable every day in the Arctic. Each nation has its own economic interests and the competition for control in the Arctic is only increasing.

Lt. Gen. Tom Bussiere says simply: "Whoever holds Alaska holds the region, and that impacts the globe," and according to the U.S. Senator of Alaska Dan Sullivan, "we have fallen behind in the race with China and Russia." Russia is reviving Soviet-era Arctic bases, increasing its fleet of Arctic icebreakers to a whopping 41 vessels (the U.S. has only two though this shortage is getting more attention), and Russian TU-95 "Bear" bombers frequently test F-22A Raptors' readiness near U.S. airspace.

And China has its own plans. Though not an Arctic nation like the U.S. or Russia, China's economic clout gained the nation an observer seat in the Arctic Council under the claims that they are a "near-Arctic state." China is positioning itself to stake a greater claim to the bountiful resources that the Arctic can provide, based on a bold plan they call the "Polar Silk Road." If completed, the plan will create an economic network beneficial to China through the once-frozen ocean.

In response to Russian operations and Chinese advances, the U.S. Air Force is battling for air superiority in the Arctic with its most valuable — and lethal — assets in Alaska, including the F-22A Raptor and F-35A Joint Strike Fighter.

By "battling" I think they mean "spending." A related side note: The article was co-authored by the producer of the TV series War On Top of The World
Social Networks

Hoax That Fooled Armed Protesters Was Created By a Socialist Troll on Food Stamps (stripes.com) 281

Remember that anonymous online hoaxster who urged hundreds of armed protesters to counter a non-existent flag-burning event at America's historic Civil War battefield at Gettysburg?

An investigation by the Washington Post reveals that the hoaxster had in fact been a "lifelong Democrat" before instead registering in 2015 with the Socialist Party — and that he now collects food stamps: Adam Rahuba, a former concert promoter, works part-time as a food-delivery driver and a DJ. [Alternate URL here] At 38, he spent most of the past year staying on a friend's couch in a small town north of Pittsburgh. A Washington Post investigation found that Rahuba is also the anonymous figure behind a number of social media hoaxes — the most recent played out in Gettysburg on Independence Day — that have riled far-right extremists in recent years and repeatedly duped partisan media outlets...

These false claims circulated widely on social media and on Internet message boards. They were often amplified by right-wing commentators and covered as real news by media outlets such as Breitbart News and the Gateway Pundit... They have led to highly combustible situations — attracting heavily armed militia members and far-right activists eager to protect values they think are under siege — as well as large mobilizations of police... His July 4 hoax, a purported burning of the American flag, was billed as an antifa event. Hundreds of counterprotesters, including skinheads, flocked to Gettysburg National Military Park to confront the nonexistent flag burners.

A Post examination of Rahuba's activities provides a rare inside look at the work of a homegrown troll who uses social media to stoke partisan division. It shows that in an era of heightened sensitivity about disinformation campaigns carried out by foreign nations, bad-faith actors with far fewer resources can also manipulate public discourse and affect events in the real world.... Post reporters located Rahuba last week at a friend's apartment in Harmony Township, Pa., where he acknowledged in an interview that he was behind 13 aliases and social media accounts that promoted hoaxes as far back as 2013.... A self-described democratic socialist and supporter of former presidential candidate Bernie Sanders, Rahuba said he antagonizes far-right extremists mostly for his own amusement...

"The message here was that any idiot on the Internet can get a bunch of people to show up at a Union cemetery with a bunch of Confederate flags and Nazi tattoos on their necks that just make them look foolish," he said.

The Post also reports that to deal with his July 4th hoax, "A local middle school was transformed into a makeshift command center to help coordinate the 16 federal and local law enforcement agencies monitoring the event. The state provided 100 Pennsylvania State troopers to assist, including mounted officers and a helicopter, according to Gettysburg city manager Charles Gable....

"That weekend, Rahuba said, he went camping with his girlfriend."
The Military

Twitch Tells US Army To Stop Sharing Fake Prize Giveaways That Sent Users To Recruitment Page (theverge.com) 35

Twitch has intervened to stop the US Army using fake prize giveaways on its esports channel to redirect viewers to army recruitment pages. From a report: The practice was brought to light by a report from The Nation on the use of esports as a recruitment tool by the American military. The US Army, Navy, and Air Force all field esports teams comprised of active and reserve personnel who stream on Twitch and chat with young viewers about life, video games, and the opportunities afforded by military service. "Esports is just an avenue to start a conversation," Major-General Frank Muth, head of the army's recruiting command, told ThinkTech Hawaii recently. "We go out there and we have a shared passion for esports ... and it naturally devolves into a conversation, 'What do you do?', 'I'm in the army.'"

This outreach included automated links dropped into the army's stream chat that told viewers they could win an Xbox Elite Series 2 controller in a "giveaway." But when anyone clicked the link, says The Nation, they were directed to "a recruiting form with no additional mention of a contest, odds, total number of winners, or when a drawing will occur." Viewers, streamers, and game developers reacted with anger to the news, saying that any other channel would face repercussions for such behavior. Twitch itself has now apparently forced the army to stop these giveaways, according to a report from Kotaku.

Security

Iranian Spies Accidentally Leaked Videos of Themselves Hacking (wired.com) 41

An anonymous reader quotes a report from Wired: Researchers at IBM's X-Force security team revealed today that they've obtained roughly five hours of video footage that appears to have been recorded directly from the screens of hackers working for a group IBM calls ITG18, and which other security firms refer to as APT35 or Charming Kitten. It's one of the most active state-sponsored espionage teams linked to the government of Iran. The leaked videos were found among 40 gigabytes of data that the hackers had apparently stolen from victim accounts, including U.S. and Greek military personnel. Other clues in the data suggest that the hackers targeted U.S. State Department staff and an unnamed Iranian-American philanthropist.

The IBM researchers say they found the videos exposed due to a misconfiguration of security settings on a virtual private cloud server they'd observed in previous APT35 activity. The files were all uploaded to the exposed server over a few days in May, just as IBM was monitoring the machine. The videos appear to be training demonstrations the Iran-backed hackers made to show junior team members how to handle hacked accounts. They show the hackers accessing compromised Gmail and Yahoo Mail accounts to download their contents, as well as exfiltrating other Google-hosted data from victims. This sort of data exfiltration and management of hacked accounts is hardly sophisticated hacking. It's more the kind of labor-intensive but relatively simple work that's necessary in a large-scale phishing operation. But the videos nonetheless represent a rare artifact, showing a first-hand view of state-sponsored cyberspying that's almost never seen outside of an intelligence agency.

Government

White House Reportedly Orders Hospitals To Bypass CDC During COVID-19 Data Collection 189

The Trump administration is now ordering hospitals to send coronavirus patient data to a database in Washington, DC as part of a new initiative that may bypass the Centers for Disease Control and Prevention (CDC), according to a report from The New York Times published on Tuesday. The Verge reports: As outlined in a document (PDF) posted to the website of the Department of Health and Human Services (HHS), hospitals are being ordered to send data directly to the administration, effective tomorrow, a move that has alarmed some within the CDC, according to The Times. The database that will collect and store the information is referred to in the document as HHS Protect, which was built in part by data mining and predictive analytics firm Palantir. The Silicon Valley company is known most for its controversial contract work with the US military and other clandestine government agencies as well as for being co-founded and initially funded by Trump ally Peter Thiel.

"A unique link will be sent to the hospital points of contact. This will direct the [point of care] to a hospital-specific secure form that can then be used to enter the necessary information. After completing the fields, click submit and confirm that the form has been successfully captured," reads the HHS instructions. "A confirmation email will be sent to you from the HHS Protect System. This method replaces the emailing of individual spreadsheets previously requested." While the White House's official reasoning is that this plan will help make data collection on the spread of COVID-19 more centralized and efficient, some current and former public health officials fear the bypassing of the CDC may be an effort to politicize the findings and cut experts out of the loop with regard to federal messaging and guidelines, The Times reports.

Slashdot Top Deals