“Suspicious” event routes traffic for big-name sites through Russia

According to a blog post published Wednesday by Internet monitoring service BGPMon, the hijack lasted a total of six minutes and affected 80 separate address blocks. It started at 4:43 UTC and continued for three minutes. A second hijacking occurred at 7:07 UTC and also lasted three minutes. Meanwhile, a second monitoring service, Qrator Labs, said the event lasted for two hours, although the number of hijacked address blocks varied from 40 to 80 during that time.

While BGP rerouting events are often the result of human error rather than malicious intent, BGPMon researchers said several things made Wednesday’s incident “suspicious.” First, the rerouted traffic belonged to some of the most sensitive companies, which—besides Google, Facebook, Apple, and Microsoft—also included Twitch, NTT Communications, and Riot Games. Besides the cherrypicked targets, hijacked IP addresses were broken up into smaller, more specific blocks than those announced by affected companies, an indication the rerouting was “intentional.”

Source: “Suspicious” event routes traffic for big-name sites through Russia | Ars Technica

Looking through walls, now easier than ever • The Register

In a paper published on Thursday in the journal Optica, Duke professors Daniel Marks and David R. Smith, and postdoctoral researcher Okan Yurduseven describe a method for through-wall imaging (TWI) that compensates for the varied distortion produced by different wall materials, to allow details to be captured more accurately.

Source: Looking through walls, now easier than ever • The Register

How to Track a Cellphone Without GPS—or Consent

Using only data that can be legally collected by an app developer without the consent of a cellphone’s owner, researchers have been able to produce a privacy attack that can accurately pinpoint a user’s location and trajectory without accessing the device’s Global Position System—GPS. And while the ramifications of this ability falling into the wrong hands are distressing, the way in which they pulled it off is nothing short of genius.
In fact, all you really need is your phone’s internal compass, an air pressure reading, a few free-to-download maps, and a weather report.

Your cellphone comes equipped with an amazing array of compact sensors that are more or less collecting information about your environment at all time. An accelerometer can tell how fast you’re moving; a magnetometer can detect your orientation in relation to true north; and a barometer can measure the air pressure in your surrounding environment. You phone also freely offers up a slew of non-sensory data such as your device’s IP address, timezone, and network status (whether you’re connected to Wi-Fi or a cellular network.)

All of this data can be accessed by any app you download without the type of permissions required to access your contact lists, photos, or GPS. Combined with publicly available information, such as weather reports, airport specification databases, and transport timetables, this data is enough to accurately pinpoint your location—regardless of whether you’re walking, traveling by plane, train, or automobile.
To track a user, you first need to determine what kind of activity they’re performing. It’s easy enough to tell if a person is walking versus riding in a car, speed being the discriminant factor; but also, when you’re walking you tend to move in one direction, while your phone is held in a variety of different positions. In a car, you make sudden stops (when you brake) and specific types of turns—around 90 degrees—that can be detected using your phone’s magnetometer. People who travel by plane will rapidly change time zones; the air pressure on a plane also changes erratically, which can be detected by a cellphone’s barometer. When you ride a train, you tend to accelerate in a direction that doesn’t significantly change. In other words, determining your mode of travel is relatively simple.

The fact that your cellphone offers up your time zone as well as the last IP address you were connected to really narrows things down—geolocating IP addresses is very easy to do and can at least reveal the last city you were in—but to determine your exact location, with GPS-like precision, a wealth of publicly-available data is needed. To estimate your elevation—i.e., how far you are above sea level—PinMe gathers air pressure data provided freely by the Weather Channel and compares it to the reading on your cellphone’s barometer. Google Maps and open-source data offered by US Geological Survey Maps also provide comprehensive data regarding changes in elevation across the Earth’s surface. And we’re talking about minor differences in elevation from one street corner to the next.

Upon detecting a user’s activity (flying, walking, etc.) the PinMe app uses one of four algorithms to begin estimating a user’s location, narrowing down the possibilities until its error rate drops to zero, according to the peer-reviewed research. Let’s say, the app decides you’re traveling by car. It knows your elevation, it knows your timezone, and if you haven’t left the city you’re in since you last connected to Wi-Fi, you’re pretty much borked.

With access to publicly available maps and weather reports, and a phone’s barometer and magnetometer (which provides a heading), it’s only a matter of turns. When PinMe detected one of the researchers driving in Philadelphia during a test-run, for example, the researcher only had to make 12 turns before the app knew exactly where they were in the city. With each turn, the number of possible locations of the vehicles dwindles. “[A]s the number of turns increases, PinMe collects more information about the user’s environment, and as a result it is more likely to find a unique driving path on the map,” the researchers wrote.

Source: How to Track a Cellphone Without GPS—or Consent

Google Taught an AI to Make Sense of the Human Genome

This week, Google released a tool called DeepVariant that uses deep learning to piece together a person’s genome and more accurately identify mutations in a DNA sequence.Built on the back of the same technology that allows Google to identify whether a photo is of a cat or dog, DeepVariant solves an important problem in the world of DNA analysis. Modern DNA sequencers perform what’s known as high-throughput sequencing, returning not one long read out of a full DNA sequence but short snippets that overlap. Those snippets are then compared against another genome to help piece it together and identify variations. But the technology is error-prone, and it can be difficult for scientists to distinguish between those errors and small mutations. And small mutation matter. They could provide significant insight into, say, the root cause of a disease. Distinguishing which base pairs are the result of error and which are for real is called “variant calling.”

Source: Google Taught an AI to Make Sense of the Human Genome

Apparent Google update glitch disconnects student Chromebooks in schools across the U.S. – GeekWire

Tens of thousands, perhaps millions, of Google Chromebooks, widely prized by schools due to their low cost and ease of configuration, were reported to be offline for several hours on Tuesday. The apparent cause? A seemingly botched WiFi policy update pushed out by Google that caused many Chromebooks to forget their approved network connection, leaving students disconnected.

Source: Apparent Google update glitch disconnects student Chromebooks in schools across the U.S. – GeekWire

Ouch – the dangers of cloud!

China Has Launched the World’s First All-Electric Cargo Ship

Constructed by Guangzhou Shipyard International Company Ltd, it can travel 80 kilometers (approximately 50 miles) after being charged for 2 hours. As noted by Clean Technica, 2 hours is roughly the amount of time it would take to unload the ship’s cargo while docked.Other stats for China’s cargo ship include being 70.5 meters (230 feet) in length, a battery capacity of 2,400 kWh, and a travel speed of 12.8 kilometers per hour (8 mph). It’s definitely not the fastest electric vehicle we’ve seen hit the water, but it’s designed for transporting numerous objects rather than speed.

Source: China Has Launched the World’s First All-Electric Cargo Ship

Coinbase warns of potential outages

Over the course of this year we have invested significant resources to increase trading capacity on our platform and maintain availability of our service. We have increased the size of our support team by 640% and launched phone support in September. We have also invested heavily in our infrastructure and have increased the number of transactions we are processing during peak hours by over 40x.There may be downtime which can impact your ability to tradeDespite the sizable and ongoing increases in our technical infrastructure and engineering staff, we wanted to remind customers that access to Coinbase services may become degraded or unavailable during times of significant volatility or volume. This could result in the inability to buy or sell for periods of time. Despite ongoing increases in our support capacity, our customer support response times may be delayed, especially for requests that do not involve immediate risks to customer account security.

Source: Please invest responsibly — an important message from the Coinbase team

HP laptops found to have hidden keylogger – BBC News

Hidden software that can record every letter typed on a computer keyboard has been discovered pre-installed on hundreds of HP laptop models.Security researcher Michael Myng found the keylogging code in software drivers preinstalled on HP laptops to make the keyboard work.HP said more than 460 models of laptop were affected by the “potential security vulnerability”.It has issued a software patch for its customers to remove the keylogger.The issue affects laptops in the EliteBook, ProBook, Pavilion and Envy ranges, among others. HP has issued a full list of affected devices, dating back to 2012.

Source: HP laptops found to have hidden keylogger – BBC News

Airgapping via PLC

CyberX demonstrated how to inject specially-crafted ladder logic code into a Siemens S7-1200 PLC. The code uses memory copy operations to generate frequency-modulated RF signals slightly below the AM band (340kHz-420kHz), with the modulation representing encoded data.The emitted RF signals are a byproduct of repeatedly writing to PLC memory in a specific way.Once transmitted the signal can be picked up by a nearby antenna before been decoded using a low-cost Software-Defined Radio (SDR) and a PC. “The receiving equipment can be located just outside the facility or even mounted on a drone flying overhead,” according to CyberX.

Source: Why bother cracking PCs? Spot o’ malware on PLCs… Done. Industrial control network pwned • The Register

AI in storytelling: Machines as cocreators

Sunspring debuted at the SCI-FI LONDON film festival in 2016. Set in a dystopian world with mass unemployment, the movie attracted many fans, with one viewer describing it as amusing but strange. But the most notable aspect of the film involves its creation: an artificial-intelligence (AI) bot wrote Sunspring’s screenplay.

ome researchers have already used machine learning to identify emotional arcs in stories. One method, developed at the University of Vermont, involved having computers scan text—video scripts or book content—to construct arcs.

We decided to go a step further. Working as part of a broader collaboration between MIT’s Lab for Social Machines and McKinsey’s Consumer Tech and Media team, we developed machine-learning models that rely on deep neural networks to “watch” small slices of video—movies, TV, and short online features—and estimate their positive or negative emotional content by the second.

These models consider all aspects of a video—not just the plot, characters, and dialogue but also more subtle touches, like a close-up of a person’s face or a snippet of music that plays during a car-chase scene. When the content of each slice is considered in total, the story’s emotional arc emerges.

Source: AI in storytelling: Machines as cocreators | McKinsey & Company

New battery boffinry could ‘triple range’ of electric vehicles • The Register

A new battery designed at the University of Waterloo in Ontario could triple the range of electric vehicles, a new paper has claimed.

The development, described by the article An In Vivo Formed Solid Electrolyte Surface Layer Enables Stable Plating of Li Metal (PDF) in energy journal Joule, is due to an improvement in the protection of lithium electrodes inside conventional lithium-ion batteries.

Researchers estimated that this improvement could increase the normal range of an electric vehicle battery from 200km to 600km.

The problem that comes with high-performance lithium batteries is the formation of branch-like structures by the electrolyte on the metal surface. These structures corrode and therefore reduce the effectiveness of the cell.

This can eventually lead to a short circuit if the branch breaks through the separator which keeps the two sides of the cell apart, causing a fire or explosion.

The research team was able to solve the problem by adding a compound containing phosphorus and sulphur to the electrolyte liquid in the battery. As the battery operates, this compound reacts with the lithium and creates a protective membrane on the electrodes. The membrane significantly slows the reaction which forms the branches, meaning that the battery can remain more efficient and operate safely for longer periods than were previously achievable.

Source: New battery boffinry could ‘triple range’ of electric vehicles • The Register

New Ruski hacker clan exposed: They’re called MoneyTaker, and they’re gonna take your money • The Register

The group has conducted more than 20 successful attacks on financial institutions and legal firms in the USA, UK and Russia in the last two months alone, according to Russian incident response firm Group-IB. MoneyTaker has primarily targeted card processing systems, including the AWS CBR (Russian Interbank System) and purportedly SWIFT (US).In addition to banks, MoneyTaker has attacked law firms and financial software vendors. In total, Group-IB has confirmed 20 companies as MoneyTaker victims, with 16 attacks on US organisations, three on Russian banks and one against a Brit IT company.By constantly changing their tools and tactics to bypass antivirus and traditional security solutions, and most importantly carefully eliminating their traces after completing operations, the group has largely gone unnoticed. “MoneyTaker uses publicly available tools, which makes the attribution and investigation process a non-trivial exercise,” said Dmitry Volkov, Group-IB co-founder and head of intelligence. “In addition, incidents occur in different regions worldwide and at least one of the US banks targeted had documents successfully exfiltrated from their networks, twice.”

Source: New Ruski hacker clan exposed: They’re called MoneyTaker, and they’re gonna take your money • The Register

Email tracking now extends to your acquantances: 1 in 5!

According to OMC’s data, a full 19 percent of all “conversational” email is now tracked. That’s one in five of the emails you get from your friends. And you probably never noticed.“Surprisingly, while there is a vast literature on web tracking, email tracking has seen little research,” noted an October 2017 paper published by three Princeton computer scientists. All of this means that billions of emails are sent every day to millions of people who have never consented in any way to be tracked, but are being tracked nonetheless. And Seroussi believes that some, at least, are in serious danger as a result.

Source: You Give Up a Lot of Privacy Just Opening Emails. Here’s How to Stop It | WIRED

New Google Home Mini update 1.29 restores top tap functionality with long-press on the side: doesn’t record everything anymore?

The Google Home Mini is a super-affordable way to get Google Assistant in your life, but Google was forced to hobble the device shortly after launch because a sticky touch sensor caused Artem’s Mini to record everything he said. Part of that functionality is now coming back with a small tweak. Instead of tapping the top of the device, you’ll be able to long-press the side.

Source: New Google Home Mini update 1.29 restores top tap functionality with long-press on the side

AI-Assisted Fake Porn Is Here and We’re All Fucked – Motherboard

There’s a video of Gal Gadot having sex with her stepbrother on the internet. But it’s not really Gadot’s body, and it’s barely her own face. It’s an approximation, face-swapped to look like she’s performing in an existing incest-themed porn video.The video was created with a machine learning algorithm, using easily accessible materials and open-source code that anyone with a working knowledge of deep learning algorithms could put together.

It’s not going to fool anyone who looks closely. Sometimes the face doesn’t track correctly and there’s an uncanny valley effect at play, but at a glance it seems believable. It’s especially striking considering that it’s allegedly the work of one person—a Redditor who goes by the name ‘deepfakes’—not a big special effects studio that can digitally recreate a young Princess Leia in Rogue One using CGI. Instead, deepfakes uses open-source machine learning tools like TensorFlow, which Google makes freely available to researchers, graduate students, and anyone with an interest in machine learning.

Like the Adobe tool that can make people say anything, and the Face2Face algorithm that can swap a recorded video with real-time face tracking, this new type of fake porn shows that we’re on the verge of living in a world where it’s trivially easy to fabricate believable videos of people doing and saying things they never did. Even having sex.

So far, deepfakes has posted hardcore porn videos featuring the faces of Scarlett Johansson, Maisie Williams, Taylor Swift, Aubrey Plaza, and Gal Gadot on Reddit. I’ve reached out to the management companies and/or publicists who represent each of these actors informing them of the fake videos, and will update if I hear back.

Source: AI-Assisted Fake Porn Is Here and We’re All Fucked – Motherboard

Twenty-five EU states sign PESCO defense pact

The European Council has adopted the decision to establish a European Union defense pact, known as PESCO. The 25 participating EU states are set to begin working on a series of joint-defense projects next year.

The Permanent Structured Cooperation (PESCO), which was first set out in the Lisbon Treaty, will allow member states to jointly develop military capabilities, invest in shared projects and enhance their respective armed forces.

On December 7, Portugal and Ireland announced their decision to join, taking the total number of contributing members up to 25. The countries that have chosen not to take part are Malta, Denmark – which has special opt-out status – and the UK (which is set to withdraw from the bloc in March 2019).

Officials have earmarked 17 joint projects that will fall under the scope of the PESCO agreement. These include establishing a pan-European military training center, improving capability development and even introducing common standards for military radio communication.

Source: Twenty-five EU states sign PESCO defense pact | News | DW | 11.12.2017

System76 will disable Intel Management engine on its Linux laptops via firmware update

System76 is one a handful of companies that sells computers that run Linux software out of the box. But like most PCs that have shipped with Intel’s Core processors in the past few years, System76 laptops include Intel’s Management Engine firmware.

Intel recently confirmed a major security vulnerability affecting those chips and it’s working with PC makers to patch that vulnerability.

But System76 is taking another approach: it’s going to roll out a firmware update for its recent laptops that disables the Intel Management Engine altogether.

Technically, that’s not something Intel wants you to do. Not only does the chip maker not tell you what’s in the code, but it doesn’t provide an off switch.

But independent researchers have recently discovered a way to disable the Intel Management Engine and companies including Google and Purism have already announced plans to do so.

What’s noteworthy in the System76 announcement is that the PC maker isn’t just planning to disable Intel ME in computers that ship from now on. The company will send out an update that disables it on existing computers with 6th, 7th, or 8th-gen Intel Core processors. System76 also notes that Intel ME “provides no functionality for System76 laptop customers and is safe to disable.”

Source: System76 will disable Intel Management engine on its Linux laptops – Liliputing

Come on Lenovo – do this for me too!

Don’t Buy Anyone an Echo

Let me make this point dreadfully clear, though: Your family members do not need an Amazon Echo or a Google Home or an Apple HomePod or whatever that one smart speaker that uses Cortana is called. And you don’t either. You only want one because every single gadget-slinger on the planet is marketing them to you as an all-new, life-changing device that could turn your kitchen into a futuristic voice-controlled paradise. You probably think that having an always-on microphone in your home is fine, and furthermore, tech companies only record and store snippets of your most intimate conversations. No big deal, you tell yourself.

Actually, it is a big deal. The newfound privacy conundrum presented by installing a device that can literally listen to everything you’re saying represents a chilling new development in the age of internet-connected things. By buying a smart speaker, you’re effectively paying money to let a huge tech company surveil you. And I don’t mean to sound overly cynical about this, either. Amazon, Google, Apple, and others say that their devices aren’t spying on unsuspecting families. The only problem is that these gadgets are both hackable and prone to bugs.

Before getting into the truly scary stuff, though, let’s talk a little bit about utility. Any internet-connected thing that you bring into your home should make your life easier. Philips Hue bulbs, for instance, let you dim the lights in an app. Easy! A Nest thermostat learns your habits so you don’t have to turn up the heat as often. Cool! An Amazon Echo or a Google Home, well, they talk to you, and if you’re lucky, you might be able to figure out how to talk back in the right way and do random things around the house. Huh?

Source: Don’t Buy Anyone an Echo

A good and concise explanation of why these useless devices are something to be very afraid of.

Mailsploit: It’s 2017, and you can spoof the ‘from’ in email to fool filters

Penetration tester Sabri Haddouche has reintroduced the world to email source spoofing, bypassing spam filters and protections like Domain-based Message Authentication, Reporting and Conformance (DMARC), thereby posing a risk to anyone running a vulnerable and unpatched mail client.What he’s found is that more than 30 mail clients including Apple Mail, Thunderbird, various Windows clients, Yahoo! Mail, ProtonMail and more bungled their implementation of an ancient RFC, letting an attacker trick the software into displaying a spoofed from field, even though what the server sees is the real sender.That means if the server is configured to use DMARC, Sender Policy Framework(SPF) or Domain Keys Identified Mail (DKIM), it will treat a message as legit, even if it should be spam-binned.

Source: Mailsploit: It’s 2017, and you can spoof the ‘from’ in email to fool filters • The Register

Bitcoin could cost us our clean-energy future

If you’re like me, you’ve probably been ignoring the bitcoin phenomenon for years — because it seemed too complex, far-fetched, or maybe even too libertarian. But if you have any interest in a future where the world moves beyond fossil fuels, you and I should both start paying attention now.Last week, the value of a single bitcoin broke the $10,000 barrier for the first time. Over the weekend, the price nearly hit $12,000. At the beginning of this year, it was less than $1,000.
But what they might not have accounted for is how much of an energy suck the computer network behind bitcoin could one day become. Simply put, bitcoin is slowing the effort to achieve a rapid transition away from fossil fuels. What’s more, this is just the beginning. Given its rapidly growing climate footprint, bitcoin is a malignant development, and it’s getting worse.
Digital financial transactions come with a real-world price: The tremendous growth of cryptocurrencies has created an exponential demand for computing power. As bitcoin grows, the math problems computers must solve to make more bitcoin (a process called “mining”) get more and more difficult — a wrinkle designed to control the currency’s supply.

Today, each bitcoin transaction requires the same amount of energy used to power nine homes in the U.S. for one day. And miners are constantly installing more and faster computers. Already, the aggregate computing power of the bitcoin network is nearly 100,000 times larger than the world’s 500 fastest supercomputers combined.

The total energy use of this web of hardware is huge — an estimated 31 terawatt-hours per year. More than 150 individual countries in the world consume less energy annually. And that power-hungry network is currently increasing its energy use every day by about 450 gigawatt-hours, roughly the same amount of electricity the entire country of Haiti uses in a year.

That sort of electricity use is pulling energy from grids all over the world, where it could be charging electric vehicles and powering homes, to bitcoin-mining farms. In Venezuela, where rampant hyperinflation and subsidized electricity has led to a boom in bitcoin mining, rogue operations are now occasionally causing blackouts across the country. The world’s largest bitcoin mines are in China, where they siphon energy from huge hydroelectric dams, some of the cheapest sources of carbon-free energy in the world. One enterprising Tesla owner even attempted to rig up a mining operation in his car, to make use of free electricity at a public charging station.

In just a few months from now, at bitcoin’s current growth rate, the electricity demanded by the cryptocurrency network will start to outstrip what’s available, requiring new energy-generating plants. And with the climate conscious racing to replace fossil fuel-base plants with renewable energy sources, new stress on the grid means more facilities using dirty technologies. By July 2019, the bitcoin network will require more electricity than the entire United States currently uses. By February 2020, it will use as much electricity as the entire world does today.

Source: Bitcoin could cost us our clean-energy future | Grist

DeepMind’s AI became a superhuman chess (and shogi and go) player in a few hours using generic reinforcement learning

In the paper, DeepMind describes how a descendant of the AI program that first conquered the board game Go has taught itself to play a number of other games at a superhuman level. After eight hours of self-play, the program bested the AI that first beat the human world Go champion; and after four hours of training, it beat the current world champion chess-playing program, Stockfish. Then for a victory lap, it trained for just two hours and polished off one of the world’s best shogi-playing programs named Elmo (shogi being a Japanese version of chess that’s played on a bigger board).

One of the key advances here is that the new AI program, named AlphaZero, wasn’t specifically designed to play any of these games. In each case, it was given some basic rules (like how knights move in chess, and so on) but was programmed with no other strategies or tactics. It simply got better by playing itself over and over again at an accelerated pace — a method of training AI known as “reinforcement learning.

”Using reinforcement learning in this way isn’t new in and of itself. DeepMind’s engineers used the same method to create AlphaGo Zero; the AI program that was unveiled this October. But, as this week’s paper describes, the new AlphaZero is a “more generic version” of the same software, meaning it can be applied to a broader range of tasks without being primed beforehand.What’s remarkable here is that in less than 24 hours, the same computer program was able to teach itself how to play three complex board games at superhuman levels. That’s a new feat for the world of AI.

Source: DeepMind’s AI became a superhuman chess player in a few hours – The Verge

NiceHash Hacked, $62 Million of Bitcoin May Be Stolen

New submitter Chir breaks the news to us that the NiceHash crypto-mining marketplace has been hacked. The crypto mining pool broke the news on Reddit, where users suggest that as many as 4,736.42 BTC — an amount worth more than $62 million at current prices — has been stolen. The NiceHash team is urging users to change their online passwords as a result of the breach and theft.

Source: NiceHash Hacked, $62 Million of Bitcoin May Be Stolen – Slashdot

Asus NovaGo: laptop built on an ARM mobile phone processor runs Windows

A 2-in-1 Windows 10 laptop powered by a smartphone chip

The chipset behind the Asus NovaGo comes straight from smartphones, so we were into the fact that the volume and power keys are aligned along the right side of the laptop. This is shaping up to be the always-connected laptop counterpart to a smartphone in so many ways.
The Asus NovaGo presents a glimpse of an always-connected laptop future with what promises to be stellar battery life, mixed with last year’s smartphone chipset and older ports.

It has us excited for what this laptop eliminates more than it introduces. Not having to connect to unsecure Wi-Fi, setup a hotspot or worry as much about battery life is a brilliant change that makes it possible to use this laptop anyway.

Performance is the wildcard. How does Qualcomm’s smartphone chipset backed by a lot of RAM compare to laptop that have the usual Intel CPUs at the heart?

That’s going to require more testing of the Asus NovaGo in a full review coming soon.

Source: Asus NovaGo hands on review | TechRadar

And no leaky backdoor installed in the form of Intel management engine

The Underground Uber Networks Driven by Russian Hackers

Uber’s ride-sharing service has given birth to some of the most creative criminal scams to date, including using a GPS-spoofing app to rip off riders in Nigeria, and even ginning up fake drivers by using stolen identities.Add to those this nefariously genius operation: Cybercriminals, many working in Russia, have created their own illegitimate taxi services for other crooks by piggybacking off Uber’s ride-sharing platform, sometimes working in collaboration with corrupt drivers.Based on several Russian-language posts across a number of criminal-world sites, this is how the scam works: The scammer needs an emulator, a piece of software which allows them to run a virtual Android phone on their laptop with the Uber app, as well as a virtual private network (VPN), which routes their computer’s traffic through a server in the same city as the rider.The scammer acts, in essence, as a middleman between an Uber driver and the passenger—ordering trips through the Uber app, but relaying messages outside of it. Typically, this fraudulent dispatcher uses the messaging app Telegram to chat with the passenger, who provides pickup and destination addresses. The scammer orders the trip, and then provides the car brand, driver name, and license plate details back to the passenger through Telegram.In one Russian-language crime-forum post, a scammer says their service runs in some 20 cities, including Moscow and St. Petersburg, as well as Kiev in Ukraine and Minsk in Belarus; another thread suggests the service has been used in New York and Portugal as well.In some cases, the scam middleman will use an Uber promotional code or voucher for a free or discounted ride—meaning they’d just pocket whatever fee charged to the passenger. In another variation of the scheme, some scammers are working with drivers to split profits—one post explicitly says the scammer cooperates with drivers.

Source: The Underground Uber Networks Driven by Russian Hackers

Scientists Added Two New Letters to DNA’s Code

Back in 2014, scientists at the Scripps Research Institute in California reported that they’d engineered bacteria whose DNA used a whole new pair of letters, nicknamed X and Y. That same team now reports that they’ve gotten the bacteria to actually use these new letters. The biological possibilities, as a result, now seem endless.“The resulting semi-synthetic organism both encodes and retrieves increased information,” report the authors this week in Nature, “and should serve as a platform for the creation of new life forms and functions,” like new kinds of bacteria with specialized purposes (cleaning the environment, storing gifs…who knows) for example.

Source: Scientists Added Two New Letters to DNA’s Code

Skip to toolbar