Category Archives: Technology

California Governor Newsome Loses Power || Oct 11 2019

The Blame Game: Gov. Newsom slams PG&E over ‘unacceptable’ power outages and failure to fix systems  || LA Times

 

“At a news conference Wednesday evening, PG&E officials signaled that these types of massive shut-offs during fire season might be the new normal.

Sumeet Singh, vice president of PG&E’s community wildfire safety program, said customers should anticipate similar shutdowns in the future until the utility has finished its wildfire safety plan, “unless the weather changes significantly and the vegetation condition and the fuel-loading condition, and land and the forest management, changes significantly within the state.”

“We understand that this power shut-off is difficult for our customers and communities. Please check on your neighbors, friends and family and know that we will work safely, and quickly as possible, to restore power across the region,” Singh said.

The power shut-offs have prompted backlash, with some residents saying they create a whole new set of dangers as they try to keep up with news about fires. Critics worry that communications and evacuations will be hampered when the power is out, especially if traffic signals don’t work and cellphone service is affected.

There also was concern about how those with health issues who rely on electrically powered medical equipment to stay alive would cope without power.

.. ..

The outage prompted UC Berkeley to cancel classes for a second consecutive day. University officials say some buildings are running on generator power for “life safety, animal care and support of critical research infrastructure.” However, the generators cannot power the entire campus.

The Oakland Zoo also remained closed after the region lost power overnight. The zoo had closed ahead of the planned blackout, and staff rushed out to purchase additional generators to power exhibits for animal safety. The gas they have will power the generators for about four days, Darren Minier, assistant director of animal care, told the San Francisco Chronicle.

In Southern California, residents have anxiously watched how the power shutdowns have affected other parts of the state, wondering if it was a glimpse of what was to come for them.

.. ..

About two hours northwest of Sacramento in Clearlake, residents entered their second full day without power. At the local Safeway, which had a generator to provide electricity, customers searched for ice and charcoal hoping to save or cook the groceries in their refrigerators.

At a nearby senior center, PG&E set up a charging station in a back room for cellphones and medical equipment. At least 150 people had visited Wednesday, said representative Conrad Asper. By lunchtime Thursday, there had been more than 250.

Paul Spillane, 79, expressed what was a common sentiment at the center: frustration with PG&E.

“I think it’s an outrage,“ he said of the blackouts. “I say it’s the three most miserable days I’ve had since I’ve been up here. I haven’t been eating properly or anything.“

Amee Peterson, 66, said she feels so dirty from a lack of hot showers that she’s considering boiling water on the barbecue to wash her hair. On Wednesday night, she ate cake for dinner because she couldn’t cook. Peterson, who has post-traumatic stress disorder, fibromialgia and other conditions, said she received automated calls warning her of the blackout, but they were not specific. When the power cut out at 1 a.m. while she was reading a book, she was surprised. Even more frustrating, she said, has been the lack of clarity on when power might return.”

….read more at: LA Times

Black Hat Conf Las Vegas Aug 2019 Reveals iPhone Text Hack | Aug 24 2019

Google researcher details iOS exploit that can take over an iPhone with a text message || BGR

 

As a general rule, if you avoid clicking on suspicious links that might pop on your phone — whether they’re sent via text message or appear as an in-browser pop-up ad — the odds of your device becoming infected with malware is slim to none.

That notwithstanding, security researchers from Google’s Project Zero team recently divulged a sophisticated exploit that would allow a malicious actor to take control of a targeted device with no interaction required from the device owner at all. As Google researcher Natalie Silvanovich detailed during a presentation at the Black Hat security conference this week, there are a handful of iOS 12 exploits — which have since been patched by Apple with iOS 12.4 — that can let a third-party gain full control of a device simply by sending over a text message.”

….read more at: BGR

 

 

Hackers Can Break Into Your iPhone Just By Sending a Text || Wired

 

“WHEN YOU THINK about how hackers could break into your smartphone, you probably imagine it would start with clicking a malicious link in a text, downloading a fraudulent app, or some other way you accidentally let them in. It turns out that’s not necessarily so—not even on the iPhone, where simply receiving an iMessage could be enough to get yourself hacked.At the Black Hat security conference in Las Vegas on Wednesday, Google Project Zero researcher Natalie Silvanovich is presenting multiple so-called “interaction-less” bugs in Apple’s iOS iMessage client that could be exploited to gain control of a user’s device. And while Apple has already patched six of them, a few have yet to be patched.

“These can be turned into the sort of bugs that will execute code and be able to eventually be used for weaponized things like accessing your data,” Silvanovich says. “So the worst-case scenario is that these bugs are used to harm users.”

Silvanovich, who worked on the research with fellow Project Zero member Samuel Groß, got interested in interaction-less bugs because of a recent, dramatic WhatsApp vulnerability that allowed nation-state spies to compromise a phone just by calling it—even if the recipient didn’t answer the call.

But when she looked for similar issues in SMS, MMS, and visual voicemail, she came up empty. Silvanovich had assumed that iMessage would be a more scrutinized and locked-down target, but when she started reverse engineering and looking for flaws, she quickly found multiple exploitable bugs.

This may be because iMessage is such a complex platform that offers an array of communication options and features. It encompasses Animojis, rendering files like photos and videos, and integration with other apps—everything from Apple Pay and iTunes to Fandango and Airbnb. All of these extensions and interconnections increase the likelihood of mistakes and weaknesses.

One of the most interesting interaction-less bugs Silvanovich found was a fundamental logic issue that could have allowed a hacker to easily extract data from a user’s messages. An attacker could send a specially crafted text message to a target, and the iMessage server would send specific user data back, like the content of their SMS messages or images.

The victim wouldn’t even have to open their iMessage app for the attack to work. iOS has protections in place that would usually block an attack like this, but because it takes advantage of the system’s underlying logic, iOS’ defenses interpret it as legitimate and intended.

Other bugs Silvanovich found could lead to malicious code being placed on a victim’s device, again from just an incoming text.

Interaction-less iOS bugs are highly coveted by exploit vendors and nation-state hackers, because they make it so easy to compromise a target’s device without requiring any buy-in from the victim. The six vulnerabilities Silvanovich found—with more yet to be announced—would potentially be worth millions or even tens of millions of dollars on the exploit market.

“Bugs like this haven’t been made public for a long time,” Silvanovich says. “There’s a lot of additional attack surface in programs like iMessage. The individual bugs are reasonably easy to patch, but you can never find all the bugs in software, and every library you use will become an attack surface. So that design problem is relatively difficult to fix.”

Silvanovich emphasizes that the security of iMessage is strong overall, and that Apple is far from the only developer that sometimes make mistakes in grappling with this conceptual issue. Apple did not return a request from WIRED for comment.”

….read more at: Wired

 

UCLA Professor Caught Stealing Secrets for China | Jul 11 2019

UCLA prof guilty of conspiring to steal missile secrets for China, could face more than 200 years in prison

|| Campus Reform

“A jury found an electrical engineer and University of California, Los Angeles (UCLA) professor guilty of exporting stolen U.S. military technology to China.

UCLA adjunct professor Yi-Chi Shih was convicted June 26 on 18 federal charges, Newsweek reported, and could now lose hundreds of thousands of dollars, while also facing up to 219 years behind bars for numerous violations of the law. These include conspiracy to break  the International Emergency Economic Powers Act (IEEPA), committing mail and wire fraud, lying to a government agency, subscribing to a false tax return, and conspiring to gain unauthorized access to information on a protected computer, according to a Department of Justice news release.

“Schemed to export to China semiconductors with military and civilian uses, then he lied about it    

Shih and co-defendant Kiet Ahn Mai tried to access illegally a protected computer owned by a U.S. company that manufactured semiconductor chips called monolithic microwave integrated circuits (MMICs). MMICs are used by the Air Force and Navy in fighter jets, missiles and missile guidance technology, and electronic military defense systems.

The chips were exported to Chengdu GaStone Technology Company (CGTC), a Chinese company, without a required Department of Commerce license. Shih previously served as the president of CGTC, which made the Commerce Department’s Entity List in 2014 “due to its involvement in activities contrary to the national security and foreign policy interest of the United States – specifically, that it had been involved in the illicit procurement of commodities and items for unauthorized military end use in China,” according to court documents cited by the DOJ.

Shih “schemed to export to China semiconductors with military and civilian uses, then he lied about it to federal authorities and failed to report income generated by the scheme on his tax returns,” U.S. Attorney Nick Hanna said, according to the DOJ release. “My office will enforce laws that protect our nation’s intellectual property from being used to benefit foreign adversaries who may compromise our national security.”

See more at: Campus Reform

 

Ex-State Department Worker Gets 40 Months In Prison For Secret Dealings With China

|| DelawarePublic.org

 

 

“A former State Department employee was sentenced to 40 months in prison for concealing her interactions with two Chinese intelligence agents, along with the extravagant gifts they gave her in exchange for government information.

Candace Claiborne began to work as an office management specialist at the State Department in 1999, according to court documents. She had a top secret security clearance and served overseas in such cities as Baghdad, Beijing and Shanghai.

But she ignored her responsibility to report foreign contacts, prosecutors said as they announced her sentence on Tuesday.

“Claiborne was entrusted with privileged information as a U.S. government employee, and she abused that trust at the expense of our nation’s security,” Acting Assistant Director John Selleck of the FBI’s Washington Field Office said in a statement. “The targeting of U.S. security clearance holders by Chinese intelligence services is a constant threat we face,” he added.

Over the course of five years, Chinese agents allegedly gave Claiborne and her family “tens of thousands of dollars” in gifts and perks – including wired cash, a monthly stipend, overseas trips, tuition at a Chinese fashion school and an apartment that was fully furnished. In exchange for the gifts, Claiborne gave them a window into the State Department’s inner workings through copies of internal documents about dignitary visits and other topics.

Prosecutors said she told a co-conspirator that the agents were “spies” and wrote in her journal that she could “Generate 20k in 1 year” by working with one of the agents.

Federal public defender David Walker Bos, Claiborne’s attorney, did not immediately respond to NPR’s request for comment.

Her arrest came in March 2017 after a sting operation in January of that year. An FBI agent, posing as a Chinese agent, approached Claiborne on a street in Washington, D.C. She welcomed him to her home and their lengthy discussion ended with the undercover agent thanking her for helping the “Ministry,” NPR previously reported.

After the arrest, she pleaded not guilty to charges of obstruction and making false statements to the FBI. In April 2019, she pleaded guilty to a charge of conspiracy to defraud the United States. In the plea agreement, prosecutors agreed to drop the other charges.

A judge ordered Claiborne detained pending sentencing, but she requested to self-surrender on June 5, the document stated.

In addition to a 40-month prison sentence, Claiborne received three years of supervised release and a fine of $40,000.

Her sentence comes after former CIA officer Jerry Chun Shing Lee pleaded guilty this spring to spying for China – and as U.S. officials have warned that Chinese espionage is the country’s most serious security threat.”

See more at: DelawarePublic.Org

California’s SpaceX Plans on Manned Missions to the International Space Station | Mar 02 2019

SpaceX Is Launching a Historic Crew Dragon Test Flight for NASA Tonight! Watch It Live

|| Space X

CAPE CANAVERAL, Fla.— SpaceX is counting down toward a historic test flight early Saturday of its first spaceship designed to carry astronauts, and you can watch the action live online.

The spacecraft, called Crew Dragon, will launch on a SpaceX Falcon 9 rocket from NASA’s Kennedy Space Center here in the wee hours of Saturday, March 2, to help show the space agency that it’s ready to launch astronauts. Liftoff is set for 2:49 a.m. EST (0749 GMT) from Pad 39A — the exact same site used by NASA’s Apollo moon shots and where, nearly eight years ago, the agency launched its final space shuttle mission.

“We are on the precipice of launching American astronauts on American rockets from American soil for the first time since the retirement of the space shuttles in 2011,” NASA Administrator Jim Bridenstine said in a Twitter statement. Tonight’s test, he added is a “critical piece” in the path to that goal.

You can watch SpaceX’s Crew Dragon launch on Space.com, courtesy of NASA TV, beginning at 2 a.m. EST (0700 GMT). The preparations running up to launch day have gone smoothly for SpaceX. There’s an 80 percent chance of good weather for the test flight. ”

 

…more here at:

Space.com

 

 

China Hacked Hillary Clinton’s Private Email Server

Sources: CHINA HACKED HILLARY CLINTON’S PRIVATE EMAIL SERVER

|| Daily Caller

  • A Chinese-owned company penetrated former Secretary of State Hillary Clinton’s private server, according to sources briefed on the matter.
  • The company inserted code that forwarded copies of Clinton’s emails to the Chinese company in real time.
  • The Intelligence Community Inspector General warned of the problem, but the FBI subsequently failed to act, Texas Republican Rep. Louie Gohmert said during a July hearing.

“A Chinese-owned company operating in the Washington, D.C., area hacked Hillary Clinton’s private server throughout her term as secretary of state and obtained nearly all her emails, two sources briefed on the matter told The Daily Caller News Foundation.

The Chinese firm obtained Clinton’s emails in real time as she sent and received communications and documents through her personal server, according to the sources, who said the hacking was conducted as part of an intelligence operation.

The Chinese wrote code that was embedded in the server, which was kept in Clinton’s residence in upstate New York. The code generated an instant “courtesy copy” for nearly all of her emails and forwarded them to the Chinese company, according to the sources.

The Intelligence Community Inspector General (ICIG) found that virtually all of Clinton’s emails were sent to a “foreign entity,” Rep. Louie Gohmert, a Texas Republican, said at a July 12 House Committee on the Judiciary hearing. He did not reveal the entity’s identity, but said it was unrelated to Russia.”

Two officials with the ICIG, investigator Frank Rucker and attorney Janette McMillan, met repeatedly with FBI officials to warn them of the Chinese intrusion, according to a former intelligence officer with expertise in cybersecurity issues, who was briefed on the matter. He spoke anonymously, as he was not authorized to publicly address the Chinese’s role with Clinton’s server.

Among those FBI officials was Peter Strzok, who was then the bureau’s top counterintelligence official. Strzok was fired this month following the discovery he sent anti-Trump texts to his mistress and co-worker, Lisa Page. Strzok didn’t act on the information the ICIG provided him, according to Gohmert.

Gohmert mentioned in the Judiciary Committee hearing that ICIG officials told Strzok and three other top FBI officials that they found an “anomaly” on Clinton’s server.

The former intelligence officer TheDCNF spoke with said the ICIG “discovered the anomaly pretty early in 2015.”

“When [the ICIG] did a very deep dive, they found in the actual metadata — the data which is at the header and footer of all the emails — that a copy, a ‘courtesy copy,’ was being sent to a third party and that third party was a known Chinese public company that was involved in collecting intelligence for China,” the former intelligence officer told TheDCNF.

“The [the ICIG] believe that there was some level of phishing. But once they got into the server something was embedded,” he said. “The Chinese are notorious for embedding little surprises like this.”

The intelligence officer declined to name the Chinese company.

“We do know the name of the company. There are indications there are other ‘cutouts’ that were involved. I would be in a lot of trouble if I gave you the name,” he told TheDCNF.

A government staff official who’s been briefed on the ICIG’s findings told TheDCNF that the Chinese state-owned firm linked to the hacking operates in Washington’s northern Virginia suburbs. The source was not authorized to publicly discuss the matter.

The company that penetrated Clinton’s server was not a technology firm and it served as a “front group” for the Chinese government, the source told TheDCNF.

The Fairfax and Loudoun county governments told TheDCNF that 13 state-owned Chinese companies operate in the area. Of those, three were not technologically oriented.”

….Read more at Daily Caller