RISKS-LIST: Risks-Forum Digest Sunday 4 September 2022 Volume 33 : Issue 43

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.43>
The current issue can also be found at
<http://www.csl.sri.com/users/risko/risks.txt>

Contents:
Australian aviation watchdog's report on death of American firefighters
(SMH-AU)
High Seas Deception: How Shady Ships Use GPS to Evade International Law
(NYTimes)
Amazon Solar Array Fires (Henry Baker)
U.S. Freight Rail Crisis Threatens More Supply-Chain Chaos (WiReD)
Email scammers bilked VCU out of nearly $470,000,U.S. officials say
(WashPost)
Tech tool offers police *mass surveillance on a budget* (AP News)
FBI Warns Individuals Employed in the Healthcare Industry of the Ongoing
Scam Involving the Impersonation of Law Enforcement and Government
Officials (FBI)
Electricity company controls customers' thermostat settings during a warm
day in Denver. (The Denver Channel)
Hand-counting elections riskier than computer counts? (CNN)
Voting Machine Tampering Points to Concern for Fall Election (AP)
A neighborhood's cryptocurrency mine: Never-ending noise (WashPost)
LastPass, Password Manager with Millions of Users, Is Hacked (WSJ)
Face Recognition Struggles to Recognize Us After Five Years
(Matthew Sparkes)
Quantum AI Breakthrough: Theorem Shrinks Appetite for Training Data (LANL)
Why the Twilio Breach Cuts So Deep (WiReD)
Inside a Million-Dollar Instagram Verification Scheme (ProPublica)
Facebook Misinformation Is Bad Enough. The Metaverse Will Be Worse (RAND)
The FTC may -- finally -- protect Americans from data brokers (WiReD)
Storing data on floppy disks? Japan tells bureaucracy time to stop (Nikkei)
Satellites Keep the World's Clocks on Time. What if They Fail (WiReD)
Honda Clocks Are Stuck 20 Years In The Past; There Isn't A Fix
(Gabe Goldberg)
Ukraine celebrates its Independence Day hacking Russian cameras (twitter)
The Family That Mined the Pentagon's Data for Profit (WiReD)
Re: 3D gun printing operation busted in Calgary (Steve Bacher)
Re: A Dad Took Photos of His Naked Toddler for the Doctor.
Google Flagged Him as a Criminal. (Amos Shapir)
Re: Why are Tesla fanatics putting their children in the path of moving
cars? (John Levine)
Re: The Crypto[currency] World Can't Wait for Ethereum's Merge,
(Martin Ward)
Abridged info on RISKS (comp.risks)

----------------------------------------------------------------------

Date: Mon, 29 Aug 2022 20:58:33 +0000
From: John Colville <John.Colville@uts.edu.au>
Subject: Australian aviation watchdog's report on death of American
firefighters (SMH-AU)

Three American firefighters whose aircraft crashed while they were fighting
the [Australian] Black Summer bushfires were not given the appropriate
information about the difficult conditions and were without aerial
supervision, a report from the aviation watchdog has found.

https://www.smh.com.au/environment/weather/us-pilots-killed-in-plane-crash-unaware-of-terrible-fire-conditions-20220829-p5bdmj.html

UTS CRICOS Provider Code: 00099F DISCLAIMER: This email message and any
accompanying attachments may contain confidential information. If you are
not the intended recipient, do not read, use, disseminate, distribute or
copy this message or attachments. If you have received this message in
error, please notify the sender immediately and delete this message. Any
views expressed in this message are those of the individual sender, except
where the sender expressly, and with authority, states them to be the views
of the University of Technology Sydney. Before opening any attachments,
please check them for viruses and defects. Think. Green. Do. Please consider
the environment before printing this email.

------------------------------

Date: Sat, 3 Sep 2022 09:47:27 -0400
From: Monty Solomon <monty@roscom.com>
Subject: High Seas Deception: How Shady Ships Use GPS to Evade International
Law (NYTimes)

A technology enabling the transmission of fake locations to carry out murky
or even illegal business operations could have profound implications for the
enforcement of international law.

https://www.nytimes.com/2022/09/03/world/americas/high-seas-deception-how-shady-ships-use-gps-to-evade-international-law.html

[Jan Wolitsky noted that this is
Somewhat misleading, as the technology involved doesn't involve altering
any GPS signals, but rather the AIS (Automatic Identification Systems)
signal, which uses GPS to transmit position information. The "similar
satellite transponder" used by aircraft, mentioned but unnamed in the
article, is ADS-B (Automatic Dependent Surveillance Broadcast).
PGN]

------------------------------

Date: Fri, 02 Sep 2022 15:07:38 +0000
From: Henry Baker <hbaker1@pipeline.com>
Subject: Amazon Solar Array Fires

The large flat rooftops on Amazon warehouses would seem to be ideal
locations for solar panel arrays. Indeed, Amazon has installed a significant
amount of PV capacity on their warehouses. However, poor design and/or poor
maintenance has resulted in a number of fires in these panel arrays.

While Amazon has not disclosed details of the PV systems involved in these
fires, we can hazard (!) a guess.

There are several major risks associated with solar panel arrays, mainly due
to the *direct current* (DC) coupling found in most older PV arrays.

DC-coupled PV panels are typically series-connected with voltages
up to 600V or more -- roughly the same voltage found in the "third
rail" of subway train systems, so *electrocution risk* is quite high.

DC-coupled PV panel strings run at 10 amps or more, providing a
rough equivalent to a low-grade *arc welding* system. This high
amperage, plus the high DC voltage, means that once an arc starts,
it may continue even after the conductor melts away and increases the
size of the arc gap.

Hail and other damage to PV arrays can thus later result in arcs and
fires.

Many of these risks can be reduced through the use of AC-coupled PV panels
which incorporate so-called 'microinverters' which convert DC to AC within
each individual PV panel.

https://www.fluke.com/en-us/learn/blog/renewable-energy/solar-power-safety

- - - ALSO:

https://www.acsolarwarehouse.com/news/are-your-solar-systems-safe/

Amazon took all U.S. solar rooftops offline last year after flurry of fires,
electrical explosions

"Between April 2020 and June 2021, solar panels atop Amazon fulfillment
centers caught fire or experienced electrical explosions at least six
different times."

"Some 220 solar panels and other equipment at the facility, known as FAT1,
were damaged by the three-alarm fire, which was caused by "an undetermined
electrical event within the solar system mounted on top of the roof," Leland
Wilding, Fresno's fire investigator, wrote in an incident report."

"The documents, which have never been made public, indicate that between
April 2020 and June 2021, Amazon experienced "critical fire or arc flash
events" in at least six of its 47 North American sites with solar
installations, affecting 12.7% of such facilities. Arc flashes are a kind of
electrical explosion."

------------------------------

Date: Tue, 30 Aug 2022 20:29:06 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: U.S. Freight Rail Crisis Threatens More Supply-Chain Chaos (WiReD)

Federal regulators and the White House have been scrambling to prevent poor
service and a possible strike from jamming up a vital but often overlooked
network.

US freight railroads cut staff in recent years as part of a shift toward a
leaner and more profitable operating model dubbed Precision Scheduled
Railroading (PSR). It was invented by a Canadian railroad executive and
later replicated in the US, with the intention of simplifying a complex rail
network by running fewer, longer trains, replacing single-commodity trains
with mixed freight, and slashing labor. US freight trains grew 25 percent in
length between 2008 and 2017 and now sometimes reach 3 miles long. And while
the profits materialized, the promised service improvements have not always
followed.

------------------------------

Date: Thu, 1 Sep 2022 15:27:10 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: Email scammers bilked VCU out of nearly $470,000,U.S. officials say
(WashPost)

The scammers used a fake email account to send phony billing requests to
Virginia Commonwealth University, authorities allege.

Prosecutors said Egbinola controlled an email account that sent phony
billing requests to Virginia Commonwealth University on behalf of Kjellstrom
and Lee, a construction company that had been doing contract work for the
university in Richmond.

The emails from "Rachel Moore" in fact came from an impostor account
mimicking the construction company's real domain name, according to
prosecutors. After communicating with Moore over several months, VCU
officials wired almost $470,000 in December 2018 to a bank account that
U.S. officials said was controlled by Egbinola's associates.