RISKS-LIST: Risks-Forum Digest Saturday 30 December 2023 Volume 34 : Issue 01

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/34.01>
The current issue can also be found at
<http://www.csl.sri.com/users/risko/risks.txt>

Contents: Apologies for hiatus. Network outage in a real shutdown.
DRM bricks Polish trains (404media)
Rise of AI fake news is creating a misinformation superspreader (WashPost)
Coffee Cty, GA missing laptop may impact Trump, Curling cases
(Douglas Lucas)
Michael Cohen Used Artificial Intelligence in Feeding Lawyer Bogus Cases
(NYTimes)
Splitting a Large AI Across Several Devices Lets You Run It in Private
(New Scientist)
The Times Sues OpenAI and Microsoft Over AI Use of Copyrighted Work
(NYTimes)
Six Big Questions for Generative AI (Tech Review)
FTC slams Rite Aid for misuse of facial recognition technology in stores
(The Washington Post)
More people at risk as Ontario public bodies face growing wave of
cyberattacks, experts say (CBC)
New AI model can predict human lifespan, researchers say.
They want to make sure it's used for good (phys.org)
BBC has the miraculous report of an AI that is capable of learning. (BBC)
A New Kind of AI Copy Can Fully Replicate Famous People (Politico)
AI in the Machine Internet (Dana F. Blankenhorn)
Chinese Spy Agency Rising to Challenge the CIA (NYTimes)
Open-Source Chip Design Takes Hold in Silicon Valley (WSJ)
Operation Triangulation: The last 'hardware' mystery (Securelist)
TERRAPIN: SSH protects the world's most sensitive networks. It just got a
lot weaker (Ars Technica)
TERRAPIN and SSH Prefix Truncation Attack (Bob Gezelte)
GTA 6 hacker handed indefinite hospital order (Lapsus$)
Xfinity waited to patch critical Citrix Bleed 0-day. Now it's paying the
price (Ars Technica)
The 2010 Census Confidentiality Protections Failed, Here's How and Why
(Arxiv)
Quantum Computing's Hard, Cold Reality Check* (IEEE)
It's easier to convince kids than adults about quantum mechanics
(Physicist Bob Coecke)
FCPD Combats Crypto-Related Scams: How to Avoid Falling Victim to Fraud
(Fairfax County Police Department News)
Israeli hackers shut down 70% of Iran's gas stations (Times of Israel)
Blog post on CSAE and E2EE (Susan Landau)
The Disturbing Impact of the Cyberattack at the British Library
(The New Yorker)
Data for nearly 36 million Comcast customers leaked to hackers
(Ars Technica)
Online searches to evaluate misinformation can increase its perceived
veracity (Nature)
The 2023 Good Tech Awards (The NYTimes)
Do you need git or Subversion? (Cliff Kilby)
iPhone Thief Explains How He Breaks Into Your Phone (WSJ)
Former White House scientist was scammed out of $650K and must pay taxes
(The Washington Post)
Re: Ex-Amazon security engineer admits to stealing over $12M in crypto
(Gabe Goldberg)
Re: What to do when receiving unprompted MFA OTP codes (Joseph Gwinn)
Re: WeWork has failed, leaving damage in its wake (Martin Ward)
Abridged info on RISKS (comp.risks)

----------------------------------------------------------------------

Date: 17 Dec 2023 23:09:02 -0500
From: "John Levine" <johnl@iecc.com>
Subject: DRM bricks Polish trains (404media)

Some Polish trains were sent for routine maintenance, after which they would
not run even though nothing was evidently wrong. As a last resort, the
railway hired the Dragon Sector hacking group which analysed the trains'
software and found code that made the trains fail if their GPS said they'd
been in a list of locations that happened to match repair shops not run by
the trains' manufacturer.

NEWAG, the manufacturer, denies everything and has sued them for slander.

https://badcyber.com/dieselgate-but-for-trains-some-heavyweight-hardware-hacking/

https://www.404media.co/polish-hackers-repaired-trains-the-manufacturer-artificially-bricked-now-the-train-company-is-threatening-them/

------------------------------

Date: Sun, 17 Dec 2023 22:29:07 -0800
From: Steve Bacher <sebmb1@verizon.net>
Subject: Rise of AI fake news is creating a misinformation superspreader
(WashPost)

www.washingtonpost.com

Artificial intelligence is automating the creation of fake news, spurring an
explosion of websites that can disseminate false information about wars and
elections

https://www.washingtonpost.com/technology/2023/12/17/ai-fake-news-misinformation/

------------------------------

Date: Tue, 19 Dec 2023 13:31:53 -0800
From: Douglas Lucas <dal@riseup.net>
Subject: Coffee Cty, GA missing laptop may impact Trump, Curling cases

On 19 Dec, the Daily Dot published my new investigative article digging into
the mystery of the missing silver laptop that Coffee County, Georgia -- home
of the infamous January 2021 elections office breach captured on
surveillance film -- is going to the mat not to turn over, not to even
find. This laptop was used extensively by Trump co-defendant and
then-election supervisor Misty Hampton, charged for facilitating the
MAGA-led intrusions. If found, the laptop's contents would likely impact two
cases in Atlanta courthouses: Trump's criminal one over election
interference, and the long-running federal civil suit *Curling v.
Raffensperger*, in which plaintiffs seek to force the state to abandon
mandatory electronic ballots and, in most circumstances, employ instead
hand-marked paper ones.

Here's the link for my investigative article:
https://www.dailydot.com/news/missing-laptop-trump-case-georgia/

Also on 19 Dec, I self-published an accompanying blog post that includes
several of the cut passages as well as, for the first time, four previously
unreleased surveillance still. My blog pot has a ton of additional
information, including a longtime area lawyer's proposal that the county
adopt independent (not conflicted) and possibly pro bono counsel to aid the
elections board and public with an internal inquiry into the breach and its
aftermath.

Here's the link for my blog post, the deleted scenes if you will:
https://douglaslucas.com/blog/2023/12/19/extra-material-dailydot-investigative-article-laptop/

I worked on this for something like half a year. There's a lot of material
that RISKS may be interested in. Mysteries surrounding the .ost file, the
Microsoft Office 365 licenses, the county refusing to back up official files
on the elections desktop computer, as required by law, when the Georgia
Bureau of Investigation came knocking, they say because they feared
accusations of tampering. One of the most interesting aspects is lawyers
that are more powerful than the people they represesnt, the de jure vs de
facto power landscape of the county, and how all this can fester and get
worse when the underlying digital data, in full, headers, signatures,
everything, is not out in the open. Theopacity allows the overpowered
lawyers and county manager to run the show, merely claiming this, claiming
that, until enough strength shows up to enforce, you know, Rules of
Evidence.

------------------------------

Date: Fri, 29 Dec 2023 12:05:03 -0800
From: Jan Wolitzky <jan.wolitzky@gmail.com>
Subject: Michael Cohen Used Artificial Intelligence in Feeding Lawyer
Bogus Cases (NYTimes)

*The New York Times*, 30 Dec 2023, Front-page story (PGN-ed)
Benjamin Weiser and Jonah Bromwich

Michael D. Cohen, the onetime fixer for former President Donald J. Trump,
said in court papers unsealed on Friday that he had mistakenly given his
lawyer bogus legal citations generated by the artificial intelligence
program Google Bard.

The fictitious citations were used by Mr. Cohen's lawyer in a motion
submitted to a federal judge, Jesse M. Furman. Mr. Cohen, who pleaded guilty
in 2018 to campaign finance violations and served time in prison, had asked
the judge for an early end to the court's supervision of his case now that
he is out of prison and has complied with the conditions of his release.

In a sworn declaration made public on Friday, Mr. Cohen explained that he
had not kept up with ``emerging trends (and related risks) in legal
technology and did not realize that Google Bard was a generative text
service that, like ChatGPT, could show citations and descriptions that
looked real but actually were not.''

https://www.nytimes.com/2023/12/29/nyregion/michael-cohen-ai-fake-cases.html

[Lauren Weinstein had a note on this:   Most ordinary folks do *not
understand* what AI and Large Language Models are about. They don't read
the AI company disclaimers that the firms know are basically there to try
protect the firms -- not the users. PGN]

[But Michael Cohen was no ordinary person. Perhaps Google Bard also
wrote all of ``shakespeare'' (The Bard) retroactively? The illiterate
Willem Shaksper certainly didn't. PGN]

[Gabe Goldberg commented, When will they ever learn... PGN]

------------------------------

Date: Fri, 22 Dec 2023 11:35:51 -0500 (EST)
From: ACM TechNews <technews-editor@acm.org>
Subject: Splitting a Large AI Across Several Devices Lets You Run It
in Private (New Scientist)