RISKS-LIST: Risks-Forum Digest Friday 13 May 2022 Volume 33 : Issue 20

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.20>
The current issue can also be found at
<http://www.csl.sri.com/users/risko/risks.txt>

Contents:
Oops! Looks like your Mirror isn't connected to a network (geoff goodfellow)
Companies envision taxis flying above jammed traffic (techxplore)
Global cost of cybercrime topped $6 trillion in 2021 (techxplore)
As Cryptocurrencies Melt Down, $300 Billion Evaporaites in Days (NYTimes)
Crypto's Audacious Algorithmic Stablecoin Experiment Crumbles (Bloomberg)
Decade-Old Bugs Discovered in Avast, AVG Antivirus Software
(Charlie Osborne)
Costa Rica Declares Emergency in Ongoing Cyberattack (ABC)
Why Twitter May Be Doomed (Lauren Weinstein)
Facebook is trying to capitalize on my grief (Rob Slade)
EU plans to require backdoor to encrypted messages for child protection
(Apple)
Cellphones have no real off switch (Peter Gutmann)
ICE 'now operates as a domestic surveillance agency,' think tank says
(Engadget)
ACM, Ethics, and Corporate Behavior (Moshe Vardi, CACM March 2022)
Did bad interface design lead to the sinking of the Moskva?
(Paul Robinson)
Re: Bitcoin Is Unlikely to Go Green (John Levine)
Re: Squirrels (Elinor Mills)
Re: FBI Told Israel It Wanted Pegasus Hacking Tool for Investigations
(Jan Wolitzky)
Abridged info on RISKS (comp.risks)

----------------------------------------------------------------------

Date: Thu, 12 May 2022 18:04:21 -1000
From: geoff goodfellow <geoff@iconia.com>
Subject: Oops! Looks like your Mirror isn't connected to a network

https://twitter.com/LordRavenscraft/status/1524482648315473922

[That won't work in Red Rock Canyon Park (RISKS-30.72) and many other
places with no wireless. PGN]

------------------------------

Date: Tue, 10 May 2022 16:33:53 +0800
From: Richard Stein <rmstein@ieee.org>
Subject: Companies envision taxis flying above jammed traffic
(techxplore.com)

https://techxplore.com/news/2022-05-companies-envision-taxis-traffic.html

Without or without pilots? Droned if you or droned if you don't!

------------------------------

Date: Wed, 11 May 2022 09:57:38 +0800
From: Richard Stein <rmstein@ieee.org>
Subject: Global cost of cybercrime topped $6 trillion in 2021
(techxplore.com)

https://techxplore.com/news/2022-05-global-cybercrime-topped-trillion-defence.html

The world's economy, per GDP estimates, is estimated @ US$ ~104T per
https://en.wikipedia.org/wiki/World_economy (retrieved on 11MAY2022).

The essay cites a deficit of ~200K cyber-security professionals, in Europe
specifically, as a possible remedy to reduce grift and cut the skim.
Investing in people, training, and infrastructure is proactive and usually,
with supportive leadership, effective.

The outrage expressed by corporate lobbyists' to recently proposed SEC
regulations (see https://www.sec.gov/files/33-11038-fact-sheet.pdf)
indicates that disclosing corporate CxO cyber-skillsets for the investing
public to assess might accelerate essential investments to tame the
cybertheft wildfire.

See "Industry Report" in
https://www.washingtonpost.com/politics/2022/05/10/costa-rica-shows-damage-ransomware-can-do-country/
(retrieved on 11MAY2022) for a discussion.

------------------------------

Date: Fri, 13 May 2022 15:02:13 PDT
From: Peter Neumann <neumann@csl.sri.com>
Subject: As Cryptocurrencies Melt Down, $300 Billion Evaporaites in Days

David Yaffe-Bellany, Erin Griffith, and Ephrat Livni
*The New York Times*, 13 May 2022, National Edition front page + A20
[PGN-ed]

Bitcoin fell as low as $26,000, down 60% from its November 2021 peak, and
down 20% in just the past five days. Just a few months ago, blockchain
proponents were predicting the price would rise as high as $100,000 this
year.

"Stablecoin" TerraUSD imploded to a low of $0.23 (not backed by cash,
and depending on Luna, which lost almost its entire value).

Treasury's leader suggested a *regulatory framework* is needed.

[See also:
Cryptocurrencies Melt Down in a 'Perfect Storm' of Fear and Panic
https://www.nytimes.com/2022/05/12/technology/cryptocurrencies-crash-bitcoin.html
]

------------------------------

Date: Wed, 11 May 2022 12:03:17 -0400 (EDT)
From: ACM TechNews <technews-editor@acm.org>
Subject: Crypto's Audacious Algorithmic Stablecoin Experiment Crumbles
(Bloomberg)

Stacy-Marie Ishmael, Bloomberg, 10 May 2022, via ACM TechNews, 11 May 2022

The algorithmic stablecoin cryptocurrency does not provide greater stability
than other cryptocurrencies. Conventional stablecoin issuers say their
tokens are underpinned by "real" assets like cash or highly rated bonds, and
can theoretically maintain stability because they can be readily swapped for
cash or highly liquid cash equivalents. Algorithmic stablecoins try holding
their value through a mix of instructions encoded in algorithms and active
treasury management. The failure of such cryptoassets' price stability
mechanisms could carry systemic ramifications for other coins and protocols,
as CoinMarketCap counts roughly 18.5 billion TerraUSD stablecoins in
circulation. Said Kyle Samani at the Multicoin Capital investment firm, "The
biggest losers from all of this will be retail [investors] that didn't
understand the risks they were taking."

https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-2e9bfx233b92x071163&

------------------------------

Date: Mon, 9 May 2022 12:08:31 -0400 (EDT)
From: ACM TechNews <technews-editor@acm.org>
Subject: Decade-Old Bugs Discovered in Avast, AVG Antivirus Software
(Charlie Osborne)

Charlie Osborne, ZDNet, 5 May 2022, via ACM TechNews, 9 May 2022

Researchers at cybersecurity software company SentinelOne reported two
high-severity bugs in Avast and AVG antivirus products that have gone
undetected for a decade. The researchers said the flaws have existed since
2012, and could have affected "dozens of millions of users worldwide." They
found the bugs in the Avast Anti Rootkit driver, and the first vulnerability
resided in a socket connection handler used by the kernel driver
aswArPot.sys; hackers could hijack a variable during routine operations to
escalate privileges, potentially disable security solutions, or meddle with
target operating systems. The researchers described the second bug as "very
similar" to the first, and rooted in the aswArPot+0xc4a3 function. Sentinel
Labs on Dec. 20 informed Avast of the vulnerabilities, and the company had
patched them by Feb. 11, with no active exploitation in the wild indicated.

https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-2e95ax233ad9x071942&

------------------------------

Date: Fri, 13 May 2022 12:20:02 -0400 (EDT)
From: ACM TechNews <technews-editor@acm.org>
Subject: Costa Rica Declares Emergency in Ongoing Cyberattack (ABC)

Javier Cordoba, ABC News, 12 May 2022 via ACM TechNews; 13 May 2022

Costa Rica has declared a state of emergency after enduring a month of
ransomware attacks that have hobbled critical systems. The siege began last
month when Costa Rica's Finance Ministry reported that its tax collection,
customs, and other systems were affected; the hackers also targeted the
nation's social security agency human resources system and its Labor
Ministry. The Russian-speaking Conti gang took credit for the attack. Costa
Rica's emergency declaration describes the perpetrators as "cybercriminals"
and "cyberterrorists." The U.S. State Department said the gang has
orchestrated hundreds of ransomware attacks over the past two years,
collectively targeting more than 1,000 victims and extorting them for more
than $150 million as of January 2022. '

https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-2e9fdx233c2dx071807&

------------------------------

Date: Mon, 9 May 2022 14:56:01 -0700
From: Lauren Weinstein <lauren@vortex.com>
Subject: Why Twitter May Be Doomed

If a Musk "new regime" ruling @Twitter permits all speech that "is legal" --
Twitter is doomed. Because the parade of legal (in the U.S.) hate speech
that will flood the platform will drive away most advertisers, brands, and
support services that Twitter needs to operate.

------------------------------

Date: Fri, 13 May 2022 05:49:22 -0700
From: "Rob Slade, greatgrandpa and widower" <rslade@gmail.com>
Subject: Facebook is trying to capitalize on my grief

So, I posted what I thought was a bit of a joke (albeit maybe a dark one)
about being pathetically lonely following bereavement.
https://twitter.com/rslade/status/1522345541522235392
https://www.blogger.com/blog/post/edit/626389518384655417/6860285728885858232#
https://fibrecookery.blogspot.com/2022/05/ding.html
https://www.facebook.com/rslade/posts/10160304212242853?notif_id=1651913627430909
https://www.blogger.com/blog/post/edit/626389518384655417/6860285728885858232#