Power

Millions of Cubans Had Another Power Outage Wednesday (cnn.com) 104

Wednesday Cuba's energy grid collapsed, "leaving millions without power," CNN reported, calling it "the latest in a series of failures on an island struggling from creaking infrastructure, natural disasters and economic turmoil."

Today Reuters reports: Cuba said it had reconnected its national electrical grid on Thursday, though generation remained well below demand one day after a plant failure knocked out power to millions across the island... Around half of Cuba's power generation facilities are offline for maintenance or broken down. All are decades old and producing well under capacity.

As a result, a majority of Cuba's residents suffer hours-long, rolling blackouts on a daily basis even when the grid is functional. Cuba's electrical grid has been on the brink of collapse for years, as fuel shortages, a string of natural disasters and an economic crisis have left the island's government unable to maintain the system's decrepit infrastructure. Dwindling oil imports from Venezuela, Russia and Mexico tipped the system into full crisis this year, leading to several nationwide blackouts that have sparked unrest and increasing anger among the population. The blackouts, together with food, medicine and water shortages, have vastly complicated life on the island and driven a record-breaking exodus of its residents since 2020.

Authorities informed Cuba's citizens that scheduled power outages will now resume, reports ABC News. "Cuban authorities said they will continue their current practice of implementing daily, five-hour power outages by block or zone as they have been doing for the past few months."
The Internet

Is Europe Better Prepared to Protect Undersea Internet Cables? (carnegieendowment.org) 64

The Carnegie Endowment for Peace, a nonpartisan international affairs think tank, points out that when subsea internet cables were cut in November, Europe was more prepared: Where in the past there were no contingency plans for sabotage, there are now more maritime patrols, an attempt to forge deeper intelligence connections, and the beginnings of a new relationship with the private sector...

Even before the October 2023 incident, NATO, the EU, and certain European governments began to increase their efforts to boost subsea cable resilience and security. In February 2023, NATO stood up a new Critical Undersea Infrastructure Coordination Cell in Brussels to convene stakeholders and enhance coordination between the public and private sectors. In July 2023, NATO allies at the Vilnius Summit established a Maritime Center for the Security of Critical Undersea Infrastructure as part of the alliance's Maritime Command in Northwood, UK. In October 2023, after the first incident, NATO defense ministers endorsed a new Digital Ocean Vision, an initiative aimed at improving undersea surveillance. And in February 2024, the European Commission released its first "Recommendation on Secure and Resilient Submarine Cable Infrastructures," encouraging member states to conduct regular stress tests, improve information sharing amongst themselves, and improve cable maintenance and repair capabilities.

The article points out that the Chinese ship suspected in the 2023 cable cutting "ignored requests from Finnish and Estonian authorities to halt" and returned to China. But the Chinese ship suspected in November's cable-cutting "remains in international waters in the Kattegat, with naval and coast guard vessels from Denmark, Germany, and Sweden circling close by." Yet "Under international maritime law, these countries' authorities are not allowed to board..." Current provisions of international law are neither formulated to adequately protect subsea data cables from sabotage nor hold perpetrators accountable. This reality should lead the EU, as a body inherently focused on the resilience of international legal regimes, to push for updates that are better suited for the current geopolitical reality... Lawmakers should also explore ways to increase penalties for subsea cable damage, in part to deter acts of sabotage in the first place....

A forthcoming Carnegie Endowment report will detail more in-depth recommendations on how Europe can both protect itself against future subsea cable damage and help expand trusted networks around the world.

The article also notes that "Of the hundreds of disruptions to cables that occur each year, the vast majority are caused by accidental human activity, like fishing, or natural events, like earthquakes."
NASA

America's Next NASA Administrator May Be Former SpaceX Astronaut Jared Isaacman (arstechnica.com) 83

America's next president "announced Wednesday he has selected Jared Isaacman, a billionaire businessman and space enthusiast who twice flew to orbit with SpaceX, to become the next NASA administrator," reports Ars Technica: In a post on X, Isaacman said he was "honored" to receive Trump's nomination. "Having been fortunate to see our amazing planet from space, I am passionate about America leading the most incredible adventure in human history," Isaacman wrote. "On my last mission to space, my crew and I traveled farther from Earth than anyone in over half a century. I can confidently say this second space age has only just begun...."

"Jared Isaacman will be an outstanding NASA Administrator and leader of the NASA family," said Jim Bridenstine, who led NASA as administrator during Trump's first term in the White House. "Jared's vision for pushing boundaries, paired with his proven track record of success in private industry, positions him as an ideal candidate to lead NASA into a bold new era of exploration and discovery. I urge the Senate to swiftly confirm him." Lori Garver, NASA's deputy administrator during the Obama administration, wrote on X that Isaacman's nomination was "terrific news," adding that "he has the opportunity to build on NASA's amazing accomplishments to pave our way to an even brighter future."

Isaacman, 41, is the founder and CEO of Shift4, a mobile payment processing platform, and co-founded Draken International, which owns a fleet of retired fighter jets to pose as adversaries for military air combat training... Isaacman, an evangelist for the commercial space industry, has criticized some of NASA's decisions on the Artemis program. In several posts on X, he questioned the agency's decision to fund two redundant lunar landers, while not planning for any backup to the Space Launch System (SLS) rocket, which costs $2.2 billion per copy, not including expenses for ground infrastructure or the Orion spacecraft itself. One of those casualties might be the SLS rocket. The program is managed by NASA, with suppliers spread across the United States and prime contractors working under cost-plus arrangements with the space agency, meaning the government is on the hook to pay for any delays or cost overruns.

If confirmed he'll be the 4th NASA administrator who's actually flown in space, according to the article.

And according to Wikipedia, Isaacman was the commander of Inspiration4, a private spaceflight using SpaceX's Crew Dragon Resilience that launched in 2021. The crew returned to Earth on September 18, 2021, after orbiting at 585 km (364 mi) in altitude. The mission was part of a fundraiser for St. Jude Children's Research Hospital, to which Isaacman pledged to donate $100 million.
Thanks to Slashdot reader FallOutBoyTonto for sharing the news.
Encryption

US Officials Urge Americans to Use Encrypted Apps Amid Unprecedented Cyberattack (nbcnews.com) 58

An anonymous reader shared this report from NBC News: Amid an unprecedented cyberattack on telecommunications companies such as AT&T and Verizon, U.S. officials have recommended that Americans use encrypted messaging apps to ensure their communications stay hidden from foreign hackers...

In the call Tuesday, two officials — a senior FBI official who asked not to be named and Jeff Greene, executive assistant director for cybersecurity at the Cybersecurity and Infrastructure Security Agency — both recommended using encrypted messaging apps to Americans who want to minimize the chances of China's intercepting their communications. "Our suggestion, what we have told folks internally, is not new here: Encryption is your friend, whether it's on text messaging or if you have the capacity to use encrypted voice communication. Even if the adversary is able to intercept the data, if it is encrypted, it will make it impossible," Greene said. The FBI official said, "People looking to further protect their mobile device communications would benefit from considering using a cellphone that automatically receives timely operating system updates, responsibly managed encryption and phishing resistant" multi-factor authentication for email, social media and collaboration tool accounts...

The FBI and other federal law enforcement agencies have a complicated relationship with encryption technology, historically advocating against full end-to-end encryption that does not allow law enforcement access to digital material even with warrants. But the FBI has also supported forms of encryption that do allow some law enforcement access in certain circumstances.

Officials said the breach seems to include some live calls of specfic targets and also call records (showing numbers called and when). "The hackers focused on records around the Washington, D.C., area, and the FBI does not plan to alert people whose phone metadata was accessed."

"The scope of the telecom compromise is so significant, Greene said, that it was 'impossible" for the agencies "to predict a time frame on when we'll have full eviction.'"
United States

Musk Signals Fresh Push To End US Daylight Saving Time 263

The Department of Government Efficiency, headed by Elon Musk and Vivek Ramaswamy, appears to be signaling its intention to tackle daylight saving time. Musk has indicated support for ending semiannual clock changes in recent days on his social media platform X, sharing a poll showing majority opposition to the practice.

DOGE co-head Ramaswamy also backed the stance, calling time changes "inefficient and easy to change."

The initiative follows a failed 2022 legislative attempt, the Sunshine Protection Act, which passed the Senate but stalled in the House. The Department of Transportation, which oversees time changes, cannot alter the system without congressional action.

Public sentiment appears to favor reform, with a 2022 YouGov poll showing two-thirds of Americans support ending time changes. Studies have linked the switches to increased rates of heart attacks and traffic accidents, while JPMorgan Chase research found the return to standard time reduces consumer spending by up to 4.9%. Several countries including Mexico, Russia, and Turkey have already discontinued daylight saving time, which originated during World War I as an energy conservation measure.
Facebook

Meta Says It's Mistakenly Moderating Too Much (theverge.com) 78

An anonymous reader shares a report: Meta is mistakenly removing too much content across its apps, according to a top executive. Nick Clegg, Meta's president of global affairs, told reporters on Monday that the company's moderation "error rates are still too high" and pledged to "improve the precision and accuracy with which we act on our rules."

"We know that when enforcing our policies, our error rates are still too high, which gets in the way of the free expression that we set out to enable," Clegg said during a press call I attended. "Too often, harmless content gets taken down, or restricted, and too many people get penalized unfairly." He said the company regrets aggressively removing posts about the covid-19 pandemic. CEO Mark Zuckerberg recently told the Republican-led House Judiciary Committee the decision was influenced by pressure from the Biden administration.

"We had very stringent rules removing very large volumes of content through the pandemic," Clegg said. "No one during the pandemic knew how the pandemic was going to unfold, so this really is wisdom in hindsight. But with that hindsight, we feel that we overdid it a bit. We're acutely aware because users quite rightly raised their voice and complained that we sometimes over-enforce and we make mistakes and we remove or restrict innocuous or innocent content."

Privacy

FTC Bans Location Data Company That Powers the Surveillance Ecosystem (404media.co) 39

The Federal Trade Commission on Tuesday announced sweeping action against some of the most important companies in the location data industry, including those that power surveillance tools used by a wide spread of U.S. law enforcement agencies and demanding they delete data related to certain sensitive areas like health clinics and places of worship. From a report: Venntel, through its parent company Gravy Analytics, takes location data from smartphones, either through ordinary apps installed on them or through the advertising ecosystem, and then provides that data feed to other companies who sell location tracking technology to the government or sells the data directly itself.

Venntel is the company that provides the underlying data for a variety of other government contractors and surveillance tools, including Locate X. 404 Media and a group of other journalists recently revealed Locate X could be used to pinpoint phones that visited abortion clinics. The FTC says in a proposed order that Gravy and Venntel will be banned from selling, disclosing, or using sensitive location data, except in "limited circumstances" involving national security or law enforcement.

Science

India Takes Out Giant Nationwide Subscription To 13,000 Journals (science.org) 33

India has struck a landmark $715 million deal with 30 global academic publishers to provide nationwide free access to nearly 13,000 research journals. The "One Nation One Subscription" initiative, launching January 2025, will benefit an estimated 18 million students and researchers. The agreement, which surpasses similar arrangements in Germany and the UK, marks a significant shift in India's academic publishing landscape, despite the country's position as the world's third-largest producer of research papers. Science magazine: India's is expected to encompass some 6300 government-funded institutions, which produce almost half the country's research papers. Currently, only about 2300 of these institutions have subscriptions to 8000 journals. Under the new arrangement, "universities that aren't so well funded, and can't afford many journals, will gain," said Aniket Sule of the Homi Bhabha Centre for Science Education. Specialist institutes that only subscribe to journals relevant to their field will benefit from accessing work outside their silos, he added. Colleges that want to subscribe to journals not included under this initiative can use their own funds to do so.

Some part of the $715 million will cover the fees some journals charge to publish papers open access, making them immediately free to read by anyone worldwide when published, Madalli told Science. Details of that component have not been worked out yet, but the amount will be calculated based on the country's current spending on these fees, known as article-processing charges (APCs), which are paid by authors or their institutions, Madalli says.

Earth

UN Plastic Treaty Talks Collapse Without a Deal (politico.eu) 67

United Nations members gathered this week in Busan, South Korea to negotiate the first treaty reducing plastic pollution. But Politico reports that "talks collapsed late Sunday after negotiators failed to resolve their differences and agree on a global plastic treaty. At the heart of the disagreement was a refusal by oil-rich nations led by Saudi Arabia to accept a deal that put limits on plastic production... Throughout the two years of talks, oil-rich and plastic-producing states had repeatedly clashed with nations that wanted to reduce plastic production to solve a worsening plastic pollution crisis. Many went to Busan hopeful differences would be put aside in the name of combatting a common global threat. But in the end this proved too optimistic...

The EU, alongside more than 100 other countries that included the U.K., on Thursday had backed a new proposal spearheaded by Panama pushing for a global target to reduce plastic production to "sustainable levels", drawing a clear battle line for the talks. But three negotiators from countries in the High Ambition Coalition to End Plastic Pollution — granted anonymity to discuss closed-door talks — told POLITICO Saudi Arabia had coordinated a push from oil-rich and plastic-producing countries to block any proposals for the treaty that threatened to reduce plastic production. The vast majority of plastic is made from oil or natural gas...

Along with disagreements over plastic production, countries were also unable to agree on whether and how to target particularly polluting plastic products, and how to finance the treaty. Two of the "high-ambition" negotiators referenced above suggested the talks were doomed to fail from the beginning, arguing that there was never going to be enough time given the scope of the mandate. "I think the pressure on us to deliver that in 18 months ... was kind of stupid then, and it's still stupid now," said one. "Usually these processes take a number of years — beyond what we are doing...." But many observers and some delegates said the summit's collapse demonstrated the failures of consensus-based environmental multilateralism, arguing that requiring all countries to agree by consensus gave reluctant nations too much veto power. NGOs like the Center for International Environmental Law hope this week's failed talks will serve as a lesson for future U.N. talks...

The date and time of the next round of talks is yet to be announced.

Greenpeace issued a statement saying "over 100 Member States, representing billions of people, rejected a toothless deal that would have accomplished nothing, and stood before the world committing to an ambitious treaty."

And they argued that the message is clear. "Ambitious countries must not allow the fossil fuel and petrochemical industries, backed by a small minority of countries, to prevent the will of the vast majority. A strong agreement that protects people and the planet is our only option."
Space

Spacecraft Face 'Sophisticated and Dangerous' Cybersecurity Threats (cnbc.com) 17

"Spacecraft, satellites, and space-based systems all face cybersecurity threats that are becoming increasingly sophisticated and dangerous," reports CNBC.

"With interconnected technologies controlling everything from navigation to anti-ballistic missiles, a security breach could have catastrophic consequences." Critical space infrastructure is susceptible to threats across three key segments: in space, on the ground segment and within the communication links between the two. A break in one can be a cascading failure for all, said Wayne Lonstein, co-founder and CEO at VFT Solutions, and co-author of Cyber-Human Systems, Space Technologies, and Threats. "In many ways, the threats to critical infrastructure on Earth can cause vulnerabilities in space," Lonstein said. "Internet, power, spoofing and so many other vectors that can cause havoc in space," he added. The integration of artificial intelligence into space projects has heightened the risk of sophisticated cyber attacks orchestrated by state actors and individual hackers. AI integration into space exploration allows more decision-making with less human oversight.

For example, NASA is using AI to target scientific specimens for planetary rovers. However, reduced human oversight could make these missions more prone to unexplained and potentially calamitous cyberattacks, said Sylvester Kaczmarek, chief technology officer at OrbiSky Systems, which specializes in the integration of AI, robotics, cybersecurity, and edge computing in aerospace applications. Data poisoning, where attackers feed corrupted data to AI models, is one example of what could go wrong, Kaczmarek said. Another threat, he said, is model inversion, where adversaries reverse-engineer AI models to extract sensitive information, potentially compromising mission integrity. If compromised, AI systems could be used to interfere with or take control of strategically important national space missions...

The U.S. government is tightening up the integrity and security of AI systems in space. The 2023 Cyberspace Solarium Commission report stressed the importance of designating outer space as a critical infrastructure sector, urging enhanced cybersecurity protocols for satellite operators... The rivalry between the U.S. and China includes the new battleground of space. As both nations ramp up their space ambitions and militarized capabilities beyond Earth's atmosphere, the threat of cyberattacks targeting critical orbital assets has become an increasingly pressing concern... Space-based systems increasingly support critical infrastructure back on Earth, and any cyberattacks on these systems could undermine national security and economic interests.

Medicine

US Insurers Are Still Charging for HIV Prevention Pills That Should Be Free (msn.com) 144

The Washington Post reports on tens of thousands of Americans "forced to pay for medication" to prevent the HIV infections, "despite federal requirements guaranteeing free access to treatment...according to multiple studies and interviews with medical professionals, activists and patients." Insurance companies are skirting rules compelling them to pay for pre-exposure prophylaxis treatment, known as PrEP, researchers and HIV advocacy organizations say — leaving patients to shell out hundreds of dollars each year for medication co-pays, doctor visits and screenings required to stay on drugs that reduce the risk of contracting HIV through sex by 99 percent.

Under the Affordable Care Act, commercial insurers must cover certain preventive health services. This is supposed to include at least one form of oral PrEP and related health services, such as regular testing for HIV and other sexually transmitted diseases, for people at increased risk of contracting HIV, according to 2021 guidance from the Biden administration. Responding to complaints that patients were still being charged, the Biden administration in October released new guidance instructing private insurers to cover all forms of PrEP without prior authorization, including new long-acting injections.

Nearly a third of a national sample of 325 health coverage plans on government insurance marketplaces did not include PrEP on their lists of covered preventive services, according to the AIDS Institute, a New York-based nonprofit. Between 20 and 30 percent of PrEP users with commercial insurance still had to pay for it despite the coverage mandate, with an average cost of $227 for 2022, according to the Centers for Disease Control and Prevention. Government regulators have been slow to crack down on insurer violations, activists say, creating a barrier to getting more at-risk Americans on the medication. The CDC estimates that only a third of the more than 1 million people who could benefit from PrEP have received a prescription, according to its most recent data.

The issue appears to be lax enforcement against insurers who break rules, a policy advocate told the newspaper. America's Centers for Medicare and Medicaid Services, which enforces regulations for preventive care, "said it takes enforcement seriously and recently found two insurance plans in violation of coverage requirements following consumer complaints."

And the Post spoke to an official at America's Labor Department, who said they were investigating a complaint against a large insurance company, but "said the agency does not have enough staff to conduct proactive investigations and lacks the authority to sue and penalize insurers that break the rules."
Australia

Australia To Ban Under-16s From Social Media After Passing Landmark Law (yahoo.com) 214

Australia will ban children under 16 from using social media after its senate approved what will become a world-first law. From a report: Children will be blocked from using platforms including TikTok, Instagram, Snapchat and Facebook, a move the Australian government argue is necessary to protect their mental health and wellbeing.

The online safety amendment (social media minimum age) bill will impose fines of up to 50 million Australian dollars ($32.5 million) on platforms for systemic failures to prevent young children from holding accounts. It would take effect a year after the bill becomes law, allowing platforms time to work out technological solutions that would also protect users' privacy. The senate passed the bill 34 votes to 19. The house of representatives overwhelmingly approved the legislation 102 votes to 13 on Wednesday.

The Military

NASA Aircraft Uncovers Cold War Nuclear Missile Tunnels Under Greenland Ice (space.com) 72

An anonymous reader quotes a report from Space.com: NASA scientists conducting surveys of arctic ice sheets in Greenland got an unprecedented view of an abandoned "city under the ice" built by the U.S. military during the Cold War. During a scientific flight in April 2024, a NASA Gulfstream III aircraft flew over the Greenland Ice Sheet carrying radar instruments to map the depth of the ice sheet and the layers of bedrock below it. The images revealed a new view of Camp Century, a Cold War-era U.S. military base consisting of a series of tunnels carved directly into the ice sheet.

As it turns out, this abandoned "secret city" was the site of a secret Cold War project known as Project Iceworm [that] called for the construction of 2,500 miles (4,023 km) of tunnels that could be used [for] nuclear intermediate range ballistic missiles (IRBMs) at the Soviet Union. "We were looking for the bed of the ice and out pops Camp Century. We didn't know what it was at first," said NASA's Chad Greene, a cryospheric scientist at the agency's Jet Propulsion Laboratory (JPL), in an agency statement. "In the new data, individual structures in the secret city are visible in a way that they've never been seen before."
"Weapons, sewage, fuel and other contaminants were buried at Camp Century when it was abandoned, but the thawing Greenland Ice Sheet threatens to unbury these dangerous relics," reports Space.com. In 2017, the U.S. government issued a statement saying it "acknowledges the reality of climate change and the risk it poses" and will "work with the Danish government and the Greenland authorities to settle questions of mutual security" over Camp Century.

Scientists are using Camp Century to serve as a warning and a signpost to measure how climate change is affecting the area. You can learn more about Camp Century in a restored declassified U.S. Army film on YouTube.
Earth

Denmark Will Plant 1 Billion Trees, Convert 10% Farmland Into Forest (apnews.com) 120

An anonymous reader quotes a report from the Associated Press: Danish lawmakers on Monday agreed on a deal to plant 1 billion trees and convert 10% of farmland into forest and natural habitats over the next two decades in an effort to reduce fertilizer usage. The government called the agreement "the biggest change to the Danish landscape in over 100 years." Under the agreement, 43 billion kroner ($6.1 billion) have been earmarked to acquire land from farmers over the next two decades, the government said.

Danish forests would grow on an additional 250,000 hectares (618,000 acres), and another 140,000 hectares (346,000 acres), which are currently cultivated on climate-damaging low-lying soils, must be converted to nature. Currently, 14.6% of land is covered by forests. [...] In June, the government said livestock farmers will be taxed for the greenhouse gases emitted by their cows, sheep and pigs from 2030, the first country to do so as it targets a major source of methane emissions, one of the most potent gases contributing to global warming.

Bitcoin

Tornado Cash Sanctions Overturned By US Appeals Court (coindesk.com) 35

A U.S. federal appeals court ruled that sanctions against Tornado Cash, a crypto transaction anonymization service, must be abandoned, stating that its immutable smart contracts do not constitute "property" under U.S. law and that the Treasury overstepped its authority. The ruling is available here (PDF). CoinDesk reports: The decision answers a controversial privacy debate on whether the government -- via a sanctions list maintained by the U.S. Treasury Department -- has a right to target the technology because it's associated with criminals. The ruling reversed a district court's August ruling that had sided with the government's pursuit of what it had characterized as a "notorious" crypto-mixing service.

OFAC had sanctioned Tornado Cash last year, contending that it was a vital tool used by bad actors including North Korea's Lazarus Group to launder crypto tokens pilfered from platforms and games such as Axie Infinity. Coinbase (COIN) and others had sued the government, claiming it had overreached. Paul Grewal, chief legal officer of crypto exchange Coinbase, cheered the ruling in a Tuesday post on X, calling it a "historic win for crypto." "These smart contracts must now be removed from the sanctions list and U.S. persons will once again be allowed to use this privacy-protecting protocol," Grewal wrote. "Put another way, the government's overreach will not stand."
"We readily recognize the real-world downsides of certain uncontrollable technology falling outside of OFAC's sanctioning authority," the judges said, referencing the ineffectiveness of a law that was established well before the world moved online. "But we must uphold the statutory bargain struck (or mis-struck) by Congress, not tinker with it."

Tornado Cash's TORN token has since rallied 500%, passing the $20 mark.
Government

FTC Launches Broad Microsoft Antitrust Investigation (reuters.com) 17

The FTC has opened a broad antitrust investigation into Microsoft, including of its software licensing and cloud computing business. Bloomberg first reported the news. Reuters reports: The probe was approved by FTC Chair Lina Khan ahead of her likely departure in January. The election of Donald Trump as U.S. president and the expectation he will appoint a fellow Republican with a softer approach toward business, leaves the outcome of the investigation up in the air.

The FTC is examining allegations that the software giant is potentially abusing its market power in productivity software by imposing punitive licensing terms to prevent customers from moving their data from its Azure cloud service to other competitive platforms, sources confirmed earlier this month. The FTC is also looking at practices related to cybersecurity and artificial intelligence products, the source said on Wednesday.

Security

Hacker In Snowflake Extortions May Be a US Soldier (krebsonsecurity.com) 20

An anonymous reader quotes a report from KrebsOnSecurity: Two men have been arrested for allegedly stealing data from and extorting dozens of companies that used the cloud data storage company Snowflake, but a third suspect -- a prolific hacker known as Kiberphant0m -- remains at large and continues to publicly extort victims. However, this person's identity may not remain a secret for long: A careful review of Kiberphant0m's daily chats across multiple cybercrime personas suggests they are a U.S. Army soldier who is or was recently stationed in South Korea.

Kiberphant0m's identities on cybercrime forums and on Telegram and Discord chat channels have been selling data stolen from customers of the cloud data storage company Snowflake. At the end of 2023, malicious hackers discovered that many companies had uploaded huge volumes of sensitive customer data to Snowflake accounts that were protected with nothing more than a username and password (no multi-factor authentication required). After scouring darknet markets for stolen Snowflake account credentials, the hackers began raiding the data storage repositories for some of the world's largest corporations. Among those was AT&T, which disclosed in July that cybercriminals had stolen personal information, phone and text message records for roughly 110 million people. Wired.com reported in July that AT&T paid a hacker $370,000 to delete stolen phone records.

On October 30, Canadian authorities arrested Alexander Moucka, a.k.a. Connor Riley Moucka of Kitchener, Ontario, on a provisional arrest warrant from the United States, which has since indicted him on 20 criminal counts connected to the Snowflake breaches. Another suspect in the Snowflake hacks, John Erin Binns, is an American who is currently incarcerated in Turkey. Investigators say Moucka, who went by the handles Judische and Waifu, had tasked Kiberphant0m with selling data stolen from Snowflake customers who refused to pay a ransom to have their information deleted. Immediately after news broke of Moucka's arrest, Kiberphant0m was clearly furious, and posted on the hacker community BreachForums what they claimed were the AT&T call logs for President-elect Donald J. Trump and for Vice President Kamala Harris. [...] Also on Nov. 5, Kiberphant0m offered call logs stolen from Verizon's push-to-talk (PTT) customers -- mainly U.S. government agencies and emergency first responders.
Kiberphant0m denies being in the U.S. Army and said all these clues were "a lengthy ruse designed to create a fictitious persona," reports Krebs.

"I literally can't get caught," Kiberphant0m said, declining an invitation to explain why. "I don't even live in the USA Mr. Krebs." A mind map illustrates some of the connections between and among Kiberphant0m's apparent alter egos.
News

Philippines Recruits Civilian Tech Talent To Fend Off Cyber Attacks (restofworld.org) 11

The Philippine Army is recruiting civilian hackers to bolster its cybersecurity defenses amid rising digital threats from China, army officials said. The 120-member Cyber Battalion has hired 70 tech experts in their 20s and 30s since 2020, offering them military training and the opportunity to serve the nation despite lower wages than private sector jobs.

The initiative follows cyber attacks on Philippine government servers, including those of the Coast Guard and President Marcos Jr., which authorities traced to China. Beijing denies involvement. The Philippines ranks among the countries most vulnerable to cyber threats, with recent attacks compromising millions of citizens' data through state and private institutions.
Security

Russia-Linked Hackers Exploited Firefox, Windows Bugs In 'Widespread' Hacking Campaign (techcrunch.com) 31

An anonymous reader quotes a report from TechCrunch: Security researchers have uncovered two previously unknown zero-day vulnerabilities that are being actively exploited by RomCom, a Russian-linked hacking group, to target Firefox browser users and Windows device owners across Europe and North America. RomCom is a cybercrime group that is known to carry out cyberattacks and other digital intrusions for the Russian government. The group -- which was last month linked to a ransomware attack targeting Japanese tech giant Casio -- is also known for its aggressive stance against organizations allied with Ukraine, which Russia invaded in 2014.

Researchers with security firm ESET say they found evidence that RomCom combined use of the two zero-day bugs -- described as such because the software makers had no time to roll out fixes before they were used to hack people -- to create a "zero click" exploit, which allows the hackers to remotely plant malware on a target's computer without any user interaction. "This level of sophistication demonstrates the threat actor's capability and intent to develop stealthy attack methods," ESET researchers Damien Schaeffer and Romain Dumont said in a blog post on Monday. [...] Schaeffer told TechCrunch that the number of potential victims from RomCom's "widespread" hacking campaign ranged from a single victim per country to as many as 250 victims, with the majority of targets based in Europe and North America.
Mozilla and the Tor Project quickly patched a Firefox-based vulnerability after being alerted by ESET, with no evidence of Tor Browser exploitation. Meanwhile, Microsoft addressed a Windows vulnerability on November 12 following a report by Google's Threat Analysis Group, indicating potential use in government-backed hacking campaigns.
The Internet

ISPs Say Their 'Excellent Customer Service' Is Why Users Don't Switch Providers (arstechnica.com) 76

Ars Technica's Jon Brodkin reports: Lobby groups for Internet service providers claim that ISPs' customer service is so good already that the government shouldn't consider any new regulations to mandate improvements. They also claim ISPs face so much competition that market forces require providers to treat their customers well or lose them to competitors. Cable lobby group NCTA-The Internet & Television Association told the Federal Communications Commission in a filing (PDF) that "providing high-quality products and services and a positive customer experience is a competitive necessity in today's robust communications marketplace. To attract and retain customers, NCTA's cable operator members continuously strive to ensure that the customer support they provide is effective and user-friendly. Given these strong marketplace imperatives, new regulations that would micromanage providers' customer service operations are unnecessary."

Lobby groups filed comments in response to an FCC review of customer service that was announced last month, before the presidential election. While the FCC's current Democratic leadership is interested in regulating customer service practices, the Republicans who will soon take over opposed the inquiry. USTelecom, which represents telcos such as AT&T and Verizon, said that "the competitive broadband marketplace leaves providers of broadband and other communications services no choice but to provide their customers with not only high-quality broadband, but also high-quality customer service."

"If a provider fails to efficiently resolve an issue, they risk losing not only that customer -- and not just for the one service, but potentially for all of the bundled services offered to that customer -- but also any prospective customers that come across a negative review online. Because of this, broadband providers know that their success is dependent upon providing and maintaining excellent customer service," USTelecom wrote. While the FCC Notice of Inquiry said that providers should "offer live customer service representative support by phone within a reasonable timeframe," USTelecom's filing touted the customer service abilities of AI chatbots. "AI chat agents will only get better at addressing customers' needs more quickly over time -- and if providers fail to provide the customer service and engagement options that their customers expect and fail to resolve their customers' concerns, they may soon find that the consumer is no longer a customer, having switched to another competitive offering," the lobby group said.

Slashdot Top Deals