RISKS-LIST: Risks-Forum Digest Saturday 23 July 2022 Volume 33 : Issue 34

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.34>
The current issue can also be found at
<http://www.csl.sri.com/users/risko/risks.txt>

Contents:
'Drone Activity' Prompts Ground Stop At Reagan National Airport (Patch)
The Unsolved Mystery Attack on Internet Cables in Paris (WiReD)
Ransomware Attacks Against Higher Ed Increase (Inside Higher Ed)
37,800 people sent privacy breach notifications linked to
Newfoundland/Labrador cyberattack (CBC)
Twitter data breach exposes contact details for 5.4M accounts; on sale for
$30k (9to5mac)
You've Been Served Via NFT: Court Gives OK to Sue on Blockchain
(Katharein Gemmell)
UK proposes new rule for AI (Law Gazette)
The state of AI right now is absolutely ridiculous. This is terrifying
(Twitter)
Internet balkanization (Politico)
It's Time to Ask Patients to Quit Social Media (LWW)
The US military wants to understand the most important software on Earth
(MIT Technology Review)
Log4j Software Flaw 'Endemic,' Cyber Safety Panel Says (Alan Suderman)
Apple's Butterfly Keyboard Fiasco Leads to a $50M Settlement (WiReD)
On Google's proposal for political email (Joseph Brennan)
Re: MIT scientists think they've discovered how to fully reverse climate
change (geoff goodfellow)
Google Fires Engineer Who Claims Its AI Is Conscious (Jan Wolitzky)
Re: The Big Hack: How China Used a Tiny Chip to Infiltrate (Steve Klein,
Michael Kohne and others included)
Abridged info on RISKS (comp.risks)

----------------------------------------------------------------------

Date: Thu, 21 Jul 2022 17:52:26 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: 'Drone Activity' Prompts Ground Stop At Reagan National Airport
(Patch)

The ground stop affected both arriving and departing flights at the
Washington DC-area airport.

https://patch.com/virginia/annandale/s/ic4ry/drone-activity-prompts-ground-stop-at-reagan-national-airport

------------------------------

Date: Fri, 22 Jul 2022 23:16:55 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: The Unsolved Mystery Attack on Internet Cables in Paris (WiReD)

As new details about the scope of the sabotage emerge, the perpetrators --
and the reason for their vandalism -- remain unknown.

https://www.wired.com/story/france-paris-internet-cable-cuts-attack/

------------------------------

Date: Fri, 22 Jul 2022 12:12:36 -0400 (EDT)
From: ACM TechNews <technews-editor@acm.org>
Subject: Ransomware Attacks Against Higher Ed Increase (Inside Higher Ed)

Susan D'Agostino, *Inside Higher Ed*, 22 Jul 2022

Cybersecurity company Sophos reported a global surge in ransomware attacks
against colleges and universities last year. Nearly 75% of ransomware
attacks on higher-education institutions were successful, and only 2% of
victims retrieved all their data, even after paying the ransom. The
higher-education sector had the slowest post-attack recovery time, with 40%
of victims taking more than a month to recover, versus the 20% global
average. "When one sector improves their defenses, the bad folks go
somewhere where the bar is lower and they can get money easily," said Jeremy
Epstein, chair of the U.S. technology policy committee of ACM.

https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-2ef0ax234db1x070335&

[WholeyMoley! 75% "payoff success rate" for the ransomwarers, and 2%
recovery success rate for the victims who pay the ransom (ransomwearers?
the ransomed? the ransomees?). That's one helluva business model, which
should eventually update the business model for having trustworthy backups
and recovery processes. I wonder how often the victims get even some of
their data recovered. You might think the 2% full recovery rate would be
a strong disincentive to even pay the ransom. PGN]

------------------------------

Date: Thu, 21 Jul 2022 06:37:54 -0600
From: Matthew Kruk <mkrukg@gmail.com>
Subject: 37,800 people sent privacy breach notifications linked to
Newfoundland/Labrador cyberattack (CBC)

https://www.cbc.ca/news/canada/newfoundland-labrador/nl-cyberattack-privacy-breach-notices-1.6526431

Newfoundland and Labrador's largest health authority has notified 37,800
people that their privacy was breached as part of last fall's devastating
cyberattack.

That number equates to about one in every 13 people in the province.

And according to Eastern Health, it could go even higher.

Those affected include patients, along with current and former employees.

------------------------------

Date: Sat, 23 Jul 2022 12:33:25 -0700
From: Lauren Weinstein <lauren@vortex.com>
Subject: Twitter data breach exposes contact details for 5.4M accounts; on
sale for $30k (9to5mac)

https://9to5mac.com/2022/07/22/twitter-data-breach/

------------------------------

Date: Fri, 15 Jul 2022 12:13:58 -0400 (EDT)
From: ACM TechNews <technews-editor@acm.org>
Subject: You've Been Served Via NFT: Court Gives OK to Sue on Blockchain
(Katharein Gemmell)

Katharine Gemmell, *Bloomberg*, 13 Jul 2022,
via ACM TechNews; 15 Jul 2022

A UK court ruling allows legal documents to be served over the blockchain
ledger via nonfungible tokens (NFTs). The case was filed by Fabrizio
D'Aloia, founder of an online gambling company, against Binance Holdings and
other cryptocurrency exchanges after his crypto assets were fraudulently
cloned. The exchanges also were deemed responsible for ensuring stolen
crypto is not moved or removed from their systems. Legal experts at the law
firm Giambrone & Partners LLP said the ruling will enable crypto fraud
victims to file suit against unknown fraudsters in the U.K. The lawsuit
documents will be airdropped via NFT into two wallets originally used by
D'Aloia and later stolen. A similar decision was issued in June by a
U.S. court.

https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-2ee92x234c03x070270&

------------------------------

Date: Wed, 20 Jul 2022 12:40:40 +0100
From: Martyn Thomas <martyn@mctar.uk>
Subject: UK proposes new rule for AI (Law Gazette)

https://www.lawgazette.co.uk/law/artificial-intelligence-rules-to-require-human-liability/5113150.article

[Begin quote]

Artificial intelligence systems will have to identify a legal person to be
held responsible for any problems under proposals for regulating AI
unveiled by the UK government.

The proposed 'pro innovation' regime will be operated by existing
regulators rather than a dedicated central body along the lines of that
being created by the EU, the government said.

The proposals were published as the Data Protection and Digital
Information Bill, which sets out an independent data protection regime, is
introduced to parliament. The measure will be debated after the summer
recess.

The core principles of AI regulation proposed today will require
developers and users to:

* Ensure that AI is used safely
* Ensure that AI is technically secure and functions as designed
* Make sure that AI is appropriately transparent and explainable
* Consider fairness
* Identify a legal person to be responsible for AI
* Clarify routes to redress or contestability

Regulators - such as Ofcom, the Competition and Markets Authority, the
Information Commissioner's Office, the Financial Conduct Authority and the
Medicine and Healthcare Products Regulatory Agency - will be asked to
interpret and implement the principles.

They will be encouraged to consider lighter touch options which could
include guidance and voluntary measures or creating sandboxes - such as a
trial environment where businesses can check the safety and reliability of
AI tech before introducing it to market.

[End quote]

It will be interesting to follow the difficulties the regulators encounter
in implementing this policy announcement ...

------------------------------

Date: Thu, 21 Jul 2022 07:14:59 -0700
From: geoff goodfellow <geoff@iconia.com>
Subject: The state of AI right now is absolutely ridiculous. This is
terrifying (Twitter)

https://twitter.com/PPathole/status/1550000809278316544

------------------------------

Date: Thu, 21 Jul 2022 15:14:43 PDT
From: Peter Neumann <neumann@csl.sri.com>
Subject: Internet balkanization

[Thanks to Dan Geer]

https://www.politico.com/newsletters/politico-china-watcher/2022/07/21/china-launches-new-bid-for-internet-dominance-00047037

------------------------------

Date: Sat, 23 Jul 2022 12:14:24 -0400
From: =?iso-8859-1?Q?Jos=E9_Mar=EDa?= Mateos <chema@rinzewind.org>
Subject: It's Time to Ask Patients to Quit Social Media

https://journals.lww.com/em-news/Fulltext/2022/07121/First_Person__It_s_Time_to_Ask_Patients_to_Quit.2.aspx

> I have been tracking research for several years as our mental health
> crisis rages, always operating with a solid amount of confirmation bias,
> in search of evidence to support what I have been telling patients and
> friends alike for a long time (including a recent patient having a panic
> attack): Get off social media.