Did A US Navy Scientist Just Invent A Room-Temperature Superconductor?

"A scientist working for the U.S. Navy has filed for a patent on a room-temperature superconductor, representing a potential paradigm shift in energy transmission and computer systems," reports Phys.org: Salvatore Cezar Pais is listed as the inventor on the Navy's patent application made public by the U.S. Patent and Trademark Office on Thursday. The application claims that a room-temperature superconductor can be built using a wire with an insulator core and an aluminum PZT (lead zirconate titanate) coating deposited by vacuum evaporation with a thickness of the London penetration depth and polarized after deposition. An electromagnetic coil is circumferentially positioned around the coating such that when the coil is activated with a pulsed current, a non-linear vibration is induced, enabling room temperature superconductivity. "This concept enables the transmission of electrical power without any losses and exhibits optimal thermal management (no heat dissipation)," according to the patent document, "which leads to the design and development of novel energy generation and harvesting devices with enormous benefits to civilization." Long-time Slashdot reader resistant writes: NextBigFuture says the same individual appears to have made other startling claims that arguably stretch the boundaries of belief, such as a "high-frequency gravitational wave generator" that could supposedly drive a spaceship without conventional propellants as well as an "inertial mass reduction device." Prudence would appear to dictate examining these and other claims by Mr. Salvatore Cezar Pais with great caution.

Read more of this story at Slashdot.

NYT Reporter ‘Ditched My Phone and Unbroke My Brain’

"It's an unnerving sensation, being alone with your thoughts in the year 2019," writes New York Times technology columnist Kevin Roose, in an article shared by DogDude. "I don't love referring to what we have as an 'addiction.' That seems too sterile and clinical to describe what's happening to our brains in the smartphone era." We might someday evolve the correct biological hardware to live in harmony with portable supercomputers that satisfy our every need and connect us to infinite amounts of stimulation. But for most of us, it hasn't happened yet... [S]ometime last year, I crossed the invisible line into problem territory. My symptoms were all the typical ones: I found myself incapable of reading books, watching full-length movies or having long uninterrupted conversations. Social media made me angry and anxious, and even the digital spaces I once found soothing (group texts, podcasts, YouTube k-holes) weren't helping... Mostly, I became aware of how profoundly uncomfortable I am with stillness. For years, I've used my phone every time I've had a spare moment in an elevator or a boring meeting. I listen to podcasts and write emails on the subway. I watch YouTube videos while folding laundry. I even use an app to pretend to meditate. If I was going to repair my brain, I needed to practice doing nothing. Another science journalist helped him through "phone rehab," and "now, the physical world excites me, too -- the one that has room for boredom, idle hands and space for thinking." After a final 48 hour digital detox, "I also felt twinges of anger -- at myself, for missing out on this feeling of restorative boredom for so many years; at the engineers in Silicon Valley who spend their days profitably exploiting our cognitive weaknesses; at the entire phone-industrial complex that has convinced us that a six-inch glass-and-steel rectangle is the ideal conduit for worldly experiences... "Steve Jobs wasn't exaggerating when he described the iPhone as a kind of magical object, and it's truly wild that in the span of a few years, we've managed to turn these amazing talismanic tools into stress-inducing albatrosses. It's as if scientists had invented a pill that gave us the ability to fly, only to find out that it also gave us dementia."

Read more of this story at Slashdot.

CVE-2019-9074

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an out-of-bounds read leading to a SEGV in bfd_getl32 in libbfd.c, when called from pex64_get_runtime_function in pei-x86_64.c.

CVE-2019-9075

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is a heap-based buffer overflow in _bfd_archive_64_bit_slurp_armap in archive64.c.

CVE-2019-9073

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in _bfd_elf_slurp_version_tables in elf.c.

CVE-2019-9076

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in elf_read_notes in elf.c.

Samsung’s Newest Phones Read Your Fingerprints With Ultrasonic Sound Waves

An anonymous reader quotes CNET: The Galaxy S10's in-screen fingerprint scanner may look just like the one on the OnePlus 6T, but don't be fooled. Samsung's flagship Galaxy S10 and S10 Plus are the first phones to use Qualcomm's ultrasonic in-screen fingerprint technology, which uses sound waves to read your print. Related to ultrasound in a doctor's office, this "3D Sonic Sensor" technology works by bouncing sound waves off your skin. It'll capture your details through water, lotion and grease, at night or in bright daylight. Qualcomm also claims it's faster and much more secure than the optical fingerprint sensor you've seen in other phones before this. That's because the ultrasonic reader takes a 3D capture of all the ridges and valleys that make up your skin, compared to a 2D image -- basically a photo -- that an optical reader captures using light, not sound waves.

Read more of this story at Slashdot.

Weekly Update 127

Presently sponsored by: Twilio: Want to uplevel your authentication? Need to get off risky SMS 2FA? Learn about how you can with the Authy API...

Weekly Update 127

It was another travel week so another slightly delayed weekly update, but still plenty of stuff going on all the same. Along with a private Sydney workshop earlier on, I'm talking about some free upcoming NDC meetup events in Brisbane and Melbourne and I'd love to get a great turnout for. I've just ordered 10k more HIBP stickers to last me through upcoming events so they'll be coming with me.

In other news, there was old news appearing as new news about how hosed you are if your machine is compromised with the level of hosing extending to your password manager. This will inevitably be another one of these times where something gets blown out of proportion (and context) in some of the news headlines then we'll all go back to more sane discussions about assessing relative risks, likelihoods and impacts. There's also a very stead feed of breaches making their way into HIBP after appearing for sale on dark web marketplaces so I give a bit of an update on those as well.

All that and more this week in a slightly shorter form than usual, enjoy!

Weekly Update 127
Weekly Update 127
Weekly Update 127

References

  1. Catch me in Brisbane next week at the NDC meetup (free, and very close to capacity already)
  2. Or catch me in Melbourne a couple of weeks later for the NDC meetup there (that event has just gone up so there's tickets left, but there's also strong interest)
  3. Order yourself some Have I Been Pwned stickers (and help me by using the referral code in that blog post so I can buy more to give away at events)
  4. Twilio is sponsoring my blog this week (they're talking about how easy it is to use Authy for 2FA instead of risky SMS)

sysadmin

Do you know the scope of the pentest? What does a successful pentest look like? What does a failed pentest look like? What systems are "off-limits" ...

Crypto Update: Majors Break-Out as Short-Term Rally Resumes

The top coins are all significantly higher today, as following the shallow correction, the leaders of the move all hit new swing highs today. On another positive note Bitcoin successfully tackled the $4000-$4050 resistance zone, and that could give a boost to the whole segment even as the long-term downtrends are still intact in all […]

The post Crypto Update: Majors Break-Out as Short-Term Rally Resumes appeared first on Hacked: Hacking Finance.

Amazon Prime Air Cargo Plane Crashes in Texas, Three Dead

An anonymous reader quotes Weather.com: An Amazon Prime Air cargo plane crashed Saturday afternoon into Trinity Bay near Anahuac, Texas, as it approached Houston's George Bush Intercontinental Airport. Three crew members aboard the plane did not survive the crash, the Chamber County sheriff told WJTV. Air traffic controllers lost radar and radio contact with Atlas Air Flight 3591 shortly before 12:45 p.m. CST. The 767 jetliner was arriving from Miami when the crash occurred 30 miles southeast of the airport, according to a statement by the Federal Aviation Administration.

Read more of this story at Slashdot.

Argo Mining Discontinues Consumer Facing Service

Several months ago, I posted about how I was experimenting with several mining-as-a-service companies. On February 19th, one of the miners sent an email to their customers saying they were discontinuing the service and would be cancelling the mining rigs as of March 1st. In their words: As a company, we want to offer Argo […]

The post Argo Mining Discontinues Consumer Facing Service appeared first on Hacked: Hacking Finance.

New Material Can Soak Up Uranium From Seawater

A new adsorbent material "soaks up uranium from seawater, leaving interfering ions behind," reports the ACS's Chemical & Engineering News, in an article shared by webofslime: The world's oceans contain some 4 billion metric tons of dissolved uranium. That's roughly 1,000 times as much as all known terrestrial sources combined, and enough to fuel the global nuclear power industry for centuries. But the oceans are so vast, and uranium's concentration in seawater is so low -- roughly 3 ppb -- that extracting it remains a formidable challenge... Researchers have been looking for ways to extract uranium from seawater for more than 50 years... Nearly 20 years ago, the Japan Atomic Energy Agency (JAEA) confirmed that amidoxime-functionalized polymers could soak up uranium reliably even under harsh marine conditions. But that type of adsorbent has not been implemented on a large scale because it has a higher affinity for vanadium than uranium. Separating the two ions raises production costs. Alexander S. Ivanov of Oak Ridge National Laboratory, together with colleagues there and at Lawrence Berkeley National Laboratory and other institutions, may have come up with a solution. Using computational methods, the team identified a highly selective triazine chelator known as H2BHT that resembles iron-sequestering compounds found in bacteria and fungi.... H2BHT exhibits little attraction for vanadium but has roughly the same affinity for uranyl ions as amidoxime-based adsorbents do.

Read more of this story at Slashdot.

Record-Breaking Jet Stream Accelerates Air Travel, Flight Clocks In At 801 MPH

pgmrdlm quotes CBS News: On Monday night, the river of air 35,000 feet above the New York City area, known as the jet stream, clocked in at a blazing 231 mph. This is the fastest jet stream on record since 1957 for the National Weather Service in Upton, New York — breaking the old record of 223 mph, according to NWS forecaster Carlie Buccola. This wind provided a turbo boost to commercial passenger planes along for the ride. With the help of this rapid tailwind, Virgin Atlantic Flight 8 from Los Angeles to London hit what could be a record high speed for a Boeing 787: 801 mph over Pennsylvania at 9:20 p.m. Monday night... "The typical cruising speed of the Dreamliner is 561 mph," CBS News transportation correspondent Kris Van Cleave points out. "The past record for the 787 is 776 mph set in January 2017 by a Norwegian 787-9 flying from JFK to London Gatwick. That flight set a record for the fastest subsonic transatlantic commercial airline flight -- 5 hours and 13 minutes, thanks to a 202 mph tailwind." FlightAware, a global aviation data services company, reminds CBS that even a 100 mph increase in the jet stream can shorten a flight by an hour.

Read more of this story at Slashdot.

A Look Inside S4FE (S4F) and its 608% February Growth

S4FE (S4F) recorded 608% growth in just over two weeks after the token commenced trading at the start of February. It is currently ranked just outside the top seventy coins by market cap, and a glance at Etherscan reveals just 162 active addresses. Here in 2019’s lite version of alt season, does this new entrant […]

The post A Look Inside S4FE (S4F) and its 608% February Growth appeared first on Hacked: Hacking Finance.

What Happens When Police License Plate Readers Make Mistakes?

An anonymous reader writes: The Verge reports that San Francisco Bay Area police "pulled over a California privacy advocate and held him at gunpoint after a database error caused a license plate reader to flag a car as stolen, a lawsuit alleges." Brian Hofer, the chairman of Oakland's Privacy Advisory Commission, was handcuffed and surrounded by multiple police cars, and says a police deputy injured his brother by throwing him to the ground. They were finally released -- 40 minutes later. But ironically, Hofer has been a staunch critic of license plate readers, "which he points out have led to wrongful detentions, invasions of privacy and potentially costly lawsuits." (California bus driver Denise Green was detained at gunpoint when her own car was incorrectly identified as stolen -- leading to a lawsuit which she eventually settled for nearly $500,000.) And at least one thief simply swapped license plates with an innocent driver. The executive director of Northern California Regional Intelligence Center, a state government program, acknowledged that the accuracy rate of the license plate readers is about 90 percent, yet "added that in some cases, the technology has actually exonerated people, or given potential suspects alibis. But there is no way for the public to know just how effective the license plate reader technology is in capturing criminals" -- apparently because police departments aren't capturing that data. Only one of the region's police departments, in Piedmont, California, reported its "efficacy metrics" to the agency -- with 7,500 "hits" which over 11 months led to 28 arrests (and the recovery of 39 cars) after reading 21.3 million license plates. The license plate readers cost $20,000 per patrol car. In Hofer's case, he was driving a rental car which had previously been reported as stolen but then later recovered -- though for some reason the police or rental car agency failed to update their database. But he criticizes the fact that "somebody could pull a gun on your because of an alert that a computer system gave them." "They're just pulling guns and going cowboy on us," Hofer says. "It's a pretty terrifying position to be in.... "This is happening more frequently than it should be. They're not ensuring the accuracy of their data and people's lives are literally at risk."

Read more of this story at Slashdot.

Secure File Deletion

Today I received an email inviting me to buy a Easy File Shredder product for a special price of $15 instead of the usual price of $50.

Securely deleting sensitive data is really important. But is buying a product really needed?

This type of thing has generally been needed because when you delete a file, you are essentially marking the file space as unallocated, and until the space is used for new files, recovery software can “undelete” it.

For this reason, if I were deleting a sensitive file at work, I might use a something like sdelete from Microsoft Sysinternals or if I’d neglected to delete it securely, I’d use something like ‘cipher /w:F’ to wipe these file rementants from the whitespace.

Now I hear what you’re saying. These command line tools are fine, but a normal user might be needing a GUI. CCleaner has a securedelete functionality, as wells as a drive whitespace cleaner that can be used.

But this isn’t even the worst part about this. Many, if not most computers are now using SSDs for performance. The Secure File Deleting device I’ve given are for traditional drives. With SSDs you cant securely delete a file by overwriting the original blocks. There are no file blocks. A product like this is of questionable benefit.

What you need to do instead is make sure that you have full disk encryption enabled. On Windows this is bitlocker for your main drive and bitlocker to go for your removable storage. Then if someone were trying to recover files that you’ve previously deleted, they would need to first successfully authenticate to the computer.

The post Secure File Deletion appeared first on Roger's Information Security Blog.

SecurityWeek RSS Feed: Report: Apps Give Facebook Sensitive Health and Other Data

Several phone apps are sending sensitive user data, including health information, to Facebook without users' consent, according to a report by The Wall Street Journal.

An analytics tool called "App Events" allows app developers to record user activity and report it back to Facebook, even if the user isn't on Facebook, according to the report .

read more



SecurityWeek RSS Feed

Virgin Galactic Reaches Space Again In Highest, Fastest Test Flight Yet

"If you're willing to spend $250,000 for a quick trip to space, that option is getting closer to reality," reports CNN. VSS Unity, Virgin Galactic's rocket-powered plane, climbed to a record altitude of nearly 56 miles during a test flight on Friday, marking the second time Richard Branson's startup has reached space. Two pilots, and for the first time, an additional crew member, were on board. Beth Moses, Galactic's chief astronaut trainer and an aerospace engineer, rode along with the pilots. The trip allowed her to run safety checks and get a first look at what Galactic's customers could one day experience. Moses has logged hundreds of hours on zero gravity aircrafts, and she described the G Forces aboard the supersonic plane as "mildly wild." Some moments were intense, she told CNN Business, but it was never uncomfortable. "I was riveted and I think our customers will be as well." Unity took off from a runway in California's Mojave Desert just after 8 am PT and cruised to about 45,000 feet attached to its mothership before it broke away and fired its rocket motor. The plane then swooped into the upper reaches of the atmosphere, 295,000 feet high, at supersonic speeds. It's top speed was Mach 3. At the peak of its flight path, Unity experienced a few minutes of weightlessness and looked out into the black skies of the cosmos. Moses said she was able to leave her seat and take in the view. "The Earth was beautiful -- super sharp, super clear," she said, "with a gorgeous view of the Pacific mountains." America's Federal Aviation Administration says they'll now award commercial astronaut wings to all three members of the crew, and CNN reports that this second successful test flight suggests Galactic "could be on track" to start flying tourists into space this year. "About 600 people have reserved tickets, priced between $200,000 and $250,000, to fly with Galactic. And the company says it wants to eventually lower prices to broaden its customer base."

Read more of this story at Slashdot.

NBlog Feb 24 – how to challenge an audit finding

Although I wrote this in the context of ISO/IEC 27001 certification audits, it applies in other situations where there is a problem with something the auditors are reporting such as a misguided, out of scope or simply wrong audit finding.

Here are some possible strategies to consider:
  • Have a quiet word with the auditor/s about it, ideally before it gets written up and finalized in writing. Discuss the issue – talk it through, consider various perspectives. Negotiate a pragmatic mutually-acceptable resolution, or at least form a better view of the sticking points.
  • Have a quiet word with your management and specialist colleagues about it, before the audit gets reported. Discuss the issue. Agree how you will respond and try to resolve this. Develop a cunning plan and gain their support to present a united front. Ideally, get management ready to demonstrate that they are definitely committing to fixing this e.g. with budget proposals, memos, project plans etc. to substantiate their commitment, and preferably firm timescales or agreed deadlines.
  • Gather your own evidence to strengthen your case. For example:
    • If you believe an issue is irrelevant to certification since there is no explicit requirement in 27001, identify the relevant guidance about the audit process from ISO/IEC 27007 plus the section of 27001 that does not state the requirement (!)
    • If the audit finding is wrong, prove it wrong with credible counter-evidence, counter-examples etc. Quality of evidence does matter but quantity plays a part. Engage your extended team, management and the wider business in the hunt.
    • If it’s a subjective matter, try to make it more objective e.g. by gathering and evaluating more evidence, more examples, more advice from other sources etc. ‘Stick to the facts’. Be explicit about stuff. Choose your words carefully.
    • Ask us for second opinions and guidance e.g. on the ISO27k Forum and other social media, industry peers etc.
  • Wing-it. Duck-and-dive. Battle it out. Cut-and-thrust. Wear down the auditor’s resolve and push for concessions, while making limited concessions yourself if you must. Negotiate using concessions and promises in one area to offset challenges and complaints in another. Agree on and work towards a mutually-acceptable outcome (such as, um, being certified!).
  • Be up-front about it. Openly challenge the audit process, findings, analysis etc. Provide counter-evidence and arguments. Challenge the language/wording. Push the auditors to their limit. [NB This is a distinctly risky approach! Experienced auditors have earned their stripes and are well practiced at this, whereas it may be your first time. As a strategy, it could go horribly wrong, so what’s your fallback position? Do you feel lucky, punk?]
  • Suck it up! Sometimes, the easiest, quickest, least stressful, least risky (in terms of being certified) and perhaps most business-like response is to accept it, do whatever you are being asked to do by the auditors and move on. Regardless of its validity for certification purposes, the audit point might be correct and of value to the business. It might actually be something worth doing … so swallow your pride and get it done. Try not to grumble or bear a grudge. Re-focus on other more important and pressing matters, such as celebrating your certification!
  • Negotiate a truce. Challenge and discuss the finding and explore possible ways to address it. Get senior management to commit to whichever solution/s work best for the business and simultaneously persuade/convince the auditors (and/or their managers) of that.
  • Push back informally by complaining to the certification body’s management and/or the body that accredited them. Be prepared to discuss the issue and substantiate your concerns with some evidence, more than just vague assertions and generalities.
  • Push back hard. Review your contract with the certification body for anything useful to your case. Raise a formal complaint with the certification body through your senior management … which means briefing them and gaining their explicit support first. Good luck with that. You’ll need even stronger, more explicit evidence here. [NB This and the next bullet are viable options even after you have been certified … but generally, by then, nobody has the energy to pursue it and risk yet more grief.]
  • Push back even harder. Raise a complaint with the accreditation body about the certification body’s incompetence through your senior management … which again means briefing them and gaining their explicit support first, and having the concrete evidence to make a case. Consider enlisting the help of your lawyers and compliance experts willing to get down to the brass tacks, and with the experience to build and present your case.
  • Delay things. Let the dust settle. Review, reconsider, replan. Let your ISMS mature further, particularly in the areas that the auditors were critical of. Raise your game. Redouble your efforts. Use your metrics and processes fully.
  • Consider engaging a different certification body (on the assumption that they won’t raise the same concerns … nor any others: they might be even harder to deal with!).
  • Consider engaging different advisors, consultants and specialists. Review your extended ISMS team. Perhaps push for more training, to enhance the team’s competence in the problem areas. Perhaps broaden ‘the team’ to take on-board other specialists from across the business. Raise awareness.
  • Walk away from the whole mess. Forget about certification. Go back to your cave to lick your wounds. Perhaps offer your resignation, accepting personal accountability for your part in the situation. Or fire someone else!
Although that's a long shopping list, I'm sure there are other possibilities including some combination of the above. The fact is is that you have choices in how to handle such challenges: your knee-jerk response may not be ideal.

For bonus marks, you might even raise an incident report concerning the issue at hand, then handle it in the conventional manner through the incident management part of your ISMS. An adverse audit finding is, after all, a concern that needs to be addressed and resolved just like other information incidents. It is an information risk that has eventuated. You will probably need to fix whatever is broken, but first you need to assess and evaluate the incident report, then decide what (if anything) needs to be done about it. The process offers a more sensible, planned and rational response than jerking your knee. It's more business-like, more professional. I commend it to the house.

CVE-2019-9041

An issue was discovered in ZZZCMS zzzphp V1.6.1. In the inc/zzz_template.php file, the parserIfLabel() function's filtering is not strict, resulting in PHP code execution, as demonstrated by the if:assert substring.

Crypto Adoption is Spreading Like Wildfire; Where is Bitcoin Headed?

Crypto markets turned heads this past week following a rare surge in trading volume on virtual exchanges. In a matter of days, the cryptocurrency market capitalization ballooned by over $16 billion, offering the first convincing sign of 2019 that the bears were breathing their last gasp. While it’s still too early to definitively declare crypto […]

The post Crypto Adoption is Spreading Like Wildfire; Where is Bitcoin Headed? appeared first on Hacked: Hacking Finance.

Microsoft’s Cloud Evangelist Adds ‘Clippy’ To Their Business Card

An anonymous reader quotes Business Insider's update on Microsoft Clippy, the animated cartoon paperclip that was Office's virtual assistant until the early 2000s, that "everyone loved to hate." After 18 years, has it become retro chic? When Chloe Condon, a newly hired Microsoft cloud evangelist, ordered new business cards, she avoided the standard corporate look and instead went with Clippy-themed cards and tweeted them out... They've got a picture of Clippy on the front and on the back they say, "It looks like you are trying to get in touch with Chloe," with her contact info listed below... Naturally, the Clippy The Paperclip Twitter account loved these cards. He tweeted, "@chloecondon It looks like you're using my likeness on your new business cards. Would you like help with WAIT I'M ON BUSINESS CARDS NOW?!" And then former Microsoft exec Steven Sinofsky, the man credited for developing Microsoft Office into a massive hit, noticed the cards and tweeted, "I suppose if you live long enough, others will wear your failures as a badge of honor...." After four years of scorn, Clippy was officially retired in 2001. Sinofsky tells Business Insider that the company even issued a funny press release about it.... Microsoft even held an official retirement party for him in San Francisco, too. Sinfosky shared a photo from that party with us... If you look closely, you'll see unemployed Clippy is actually using the party thrown in his honor to collect charity for himself and beg for food.

Read more of this story at Slashdot.

Quem inventou a mentira de que o ministro Ricardo Salles estudou em Yale?

Este texto foi publicado originalmente na newsletter do Intercept Brasil. Assine. É de graça, todos os sábados, na sua caixa de e-mails.

Em 11 de fevereiro de 2012, um quase desconhecido Ricardo Salles publicou um artigo na Folha de S. Paulo intitulado “Privatização, ainda que tardia”. Ao fim de uma defesa apaixonada da venda dos aeroportos brasileiros, o texto do atual ministro do Meio Ambiente termina com sua biografia resumida em apenas uma linha. “Ricardo Salles, 36, mestre em direito público pela Universidade Yale, é advogado e presidente do Movimento Endireita Brasil”. Yale. Uau. Ali estava alguém que sabia do que estava falando.

A formação em uma das dez melhores universidades do mundo, chancelada pelo maior jornal do país, se espalhou pela internet e foi incorporada definitivamente ao currículo de Salles.

Programa Roda Viva, da TV Cultura, uma semana atrás: “Mestre em Direito Público pela Universidade de Yale, Ricardo Salles foi secretário estadual do Meio Ambiente de São Paulo no governo de Geraldo Alckmin (PSDB) e fundou, em 2006, o Movimento Endireita Brasil.”

Jornal Nexo, dezembro do ano passado: “Advogado de 43 anos, Ricardo Salles é mestre em direito público pela Universidade de Yale.”

Rádio Gaúcha e jornal Zero Hora, reproduzindo a divulgação do Roda Viva: “Mestre em Direito Público pela Universidade de Yale…”

Os incontáveis meios que reproduzem essa informação há anos, no entanto, estão estampando uma mentira.

Nós entramos em contato com Yale, mais precisamente com o Departamento de Comunicações da Faculdade de Direito, onde Salles teria obtido seu diploma. Cinco presidentes americanos estudaram em Yale. Doze vencedores de prêmios Nobel estudaram em Yale. Até o cara que escreveu as músicas do Frozen estudou em Yale. Mas Ricardo Salles, não.

“Oi. Sinto muito pela demora na resposta. A Faculdade de Direito não conseguiu localizar nenhum registro indicando que Ricardo de Aquino Salles frequentou a Faculdade de Direito de Yale”, disse o representante da universidade, por e-mail.

Mas quem então fabricou o factoide publicado na Folha e, mais recentemente, pelo Nexo e pelo site do Roda Viva, entre outros? A gente resolveu ir atrás.

Fizemos a pergunta ao ministério comandado por Salles, simples, objetiva: “Qual o ano de formatura na Universidade de Yale e o título exato que consta no diploma?”

Mas, após três dias de solicitações por e-mail e vários telefonemas, nenhuma resposta. Tampouco nos enviaram o currículo completo de Salles, que também pedimos, já que o que está publicado no site é de uma simplicidade franciscana – e não inclui Yale.

A referência tampouco consta em sua biografia no site da secretaria de Meio Ambiente de São Paulo, preservada pelo Internet Archive, nem no perfil publicado no site de campanha de 2018 – Salles tentou ser eleito deputado federal mas não conseguiu. Outras instituições com que ele colaborou, como o Movimento Endireita Brasil, também não publicam seu currículo completo.

A Folha não se manifestou formalmente – nós enviamos e-mail e ligamos –, mas um funcionário com conhecimento do processo editorial da seção de opinião nos disse que há “98% de probabilidade” de que o próprio Salles enviou a biografia que acompanhou seu artigo de 2012. Receber a biografia diretamente da pessoa que assina o artigo é a norma da casa – exceto para personalidades bastante conhecidas. Mas 98% não é 100%.

Graduates celebrate during Yale University's commencement in New Haven, Conn., Monday, May 25, 2009. (AP Photo/Douglas Healey)

Essa foto é da formatura da Universidade Yale em 2009. O Ricardo Salles não está nela porque ele não se formou em Yale.

Foto: AP Photo/Douglas Healey

O Nexo, por sua vez, informou que usou o currículo publicado pela Folha. A produção do Roda Viva não nos respondeu até a publicação deste texto.

Salles é conhecido – pela justiça, no caso – com especialista em canetadas criativas. Como contamos há alguns dias, ele foi condenado por improbidade administrativa após adulterar um mapa para beneficiar mineradoras.

Isso, claro, não significa que foi ele quem inventou sua passagem pela Universidade de Yale. Nem mesmo que ele seja dono do único currículo marombado no bonde de Bolsonaro.

Questionada pela Folha sobre o título de mestre em Educação e Direito Constitucional e da Família, Damares Alves, ministra da Mulher, Família e Direitos Humanos, saiu com essa: “Diferentemente do mestre secular, que precisa ir a uma universidade para fazer mestrado, nas igrejas cristãs é chamado mestre todo aquele que é dedicado ao ensino bíblico.” Mestre em coisa nenhuma, no caso.

Damares convocou a “ex-feminista” e ativista anti-aborto Sara Winter para cuidar das “políticas públicas para a maternidade”. A pupila da pastora-ministra também já cometeu alguns deslizes no próprio currículo. Num tuíte em que alguém criticava sua qualificação para o cargo, ela retrucou: “Desqualificada eu? Graduação em Relações Internacionais, especialização em crimes na adm. pública, experiência de 4 anos no campo da maternidade, conferencista internacional, agenda cheia até 2021 por toda América Latina, EUA e Europa. 3 idiomas. 26 anos.” Uou.

Ao TSE, porém, ela informou em 2018 ter “ensino superior incompleto”. Mais tarde, ela passou a dizer que ainda é “graduanda”, sem admitir qualquer erro – ou manipulação.

Motivo da primeira crise do governo Bolsonaro, Alecxandro Carreiro bateu o pé após ser demitido do comando da Agência Brasileira de Promoção de Exportações e Investimentos pelo ministro das Relações Exteriores Ernesto Araújo. Pois Carreiro, descobriu-se, não falava inglês fluentemente, uma exigência oficial para o cargo que ocupou, nem tem experiência na área – mas é amigo de Eduardo Bolsonaro.

Mas ninguém bate Joice Hasselmann. Deputada federal pelo PSL, ela foi pega por plagiar “65 reportagens, escritas por 42 profissionais diferentes, somente entre os dias 24 de junho e 17 de julho de 2014″, segundo o Sindicato dos Jornalistas Profissionais do Paraná. [Nós colocamos o trecho em aspa, porque não foi escrito por nós, citamos a fonte e incluímos o link, senão seria plágio, viu, Joice?]

No caso do excelentíssimo ministro Ricardo de Aquino Salles, no entanto, nós ainda não sabemos o que houve. Buscamos em todas as suas redes sociais para descobrir se, por acaso, em algum momento ele teria desmentido a informação dada tantas vezes pela imprensa. Nada. Se você souber de algo, manda um e-mail.

The post Quem inventou a mentira de que o ministro Ricardo Salles estudou em Yale? appeared first on The Intercept.

Bitcoin Cash Price Analysis: Explosive Buying Pressure for BCH/USD Could be Around the Corner

Bitcoin Cash price is moving within consolidation mode but demonstrating inherent breakout characteristics. BCH/USD has formed a bullish pennant pattern, which is subject to the bulls capitalizing on for further moves to the north. BCH/USD: Recent Price Behavior The Bitcoin Cash price has been trading in consolidation mode for the last few sessions. This came […]

The post Bitcoin Cash Price Analysis: Explosive Buying Pressure for BCH/USD Could be Around the Corner appeared first on Hacked: Hacking Finance.

12-Year-Old Boy Reportedly Builds A Nuclear Fusion Reactor

An anonymous reader quotes the Guardian: An American 14-year-old has reportedly become the youngest known person in the world to create a successful nuclear reaction. The Open Source Fusor Research Consortium, a hobbyist group, has recognised the achievement by Jackson Oswalt, from Memphis, Tennessee, when he was aged 12 in January 2018.... The enterprising teenager said he transformed an old playroom in his parents' house into a nuclear laboratory with $10,000 (£7,700) worth of equipment that uses 50,000 volts of electricity to heat deuterium gas and fuse the nuclei to release energy. "The start of the process was just learning about what other people had done with their fusion reactors," Jackson told Fox. "After that, I assembled a list of parts I needed. I got those parts off eBay primarily and then oftentimes the parts that I managed to scrounge off of eBay weren't exactly what I needed. So I'd have to modify them to be able to do what I needed to do for my project...." [S]cientists are likely to remain sceptical until Oswalt's workings are subject to verification from an official organisation and are published in an academic journal. Still, the teenager may now have usurped the previous record holder, Taylor Wilson, who works in nuclear energy research after achieving fusion aged 14.

Read more of this story at Slashdot.

Crooks offer millions to skilled black hats to help them in extortion campaigns

Cybercriminals are offering over a million dollars per year to skilled professionals like vxers and penetration testers to help them in extortion campaigns.

According to a new report published by the security firm Digital Shadows cybercriminal organizations are willing to pay millions to skilled hackers and malware developers.

The analysis of posts on Dark Web forums reveals that at least one threat actor is willing to pay more than $64,000 per month ($768,000 per year) to skilled hackers to recruit in criminal activities. Like big enterprises, the criminal organization is offering a professional and economic growth plan, in fact, the salary would go up to $90,000 per month ($1,080,000 per year) for the second year.

Cybercrime gangs aim at hiring skilled hackers that can help them in extortion campaign against high-worth individuals, in this case they promise $30,000 per month ($360,000 per year).

“For purer extortionists, the threat actor TDO used the KickAss forum to recruit individuals with network management, penetration testing, and programming skills. TDO posted job advertisements with specifications and salaries that would rival those offered by most corporate businesses. Recruits were tempted with £50,000 ($64,000) per month, with add-ons and a final salary after the second year of £70,000 ($90,000) per month.” reads the report published by Digital Shadows.

“Those with Chinese, Arabic or German skills could earn an added five percent on their salary or commission.

Highly competitive salaries and other forms of remuneration are becoming an essential element of attractive in the cybercrime ecosystem.

extortion cybercrime salaries

Experts believe that so high salaries could motivate skilled professionals in abandoning bug bounty programs and join the cybercrime arena.

Extortion is a profitable business, according to Digital Shadows, using compromised credentials found on public websites, crooks earned over $330,000 through sextortion campaigns in 2018.

Skilled professionals could also opt to work alone, blackmail and extortion guides are offered for sale on several underground forums for less than $10. Black markets have a crucial role in the cybercrime ecosystem, they allow to match offer and demand for stolen credentials, botnets, sensitive documentation.

Sextortion campaigns allow crooks to use credential sets that are no longer valid, sextortion-based email campaigns seek to extort victims by threatening to publicly embarrass them for engaging in a sexually explicit act. Scammers, in fact, claim to have evidence and use previously exposed passwords as “proof” of compromise.

“These emails have been reported intermittently since late 2017, but the scale and persistence of the campaigns rocketed over 2018. Between July 2018 and February 2019, Digital Shadows has collected and analyzed a sample of sextortion emails in which 89,000 addresses received over 790,000 sextortion attempts.” continues the report

One of the most interesting case studies for extortion attempt reported in the report was the one that involved the hacking group The Dark Overlord.

In January, The Dark Overlord published the first batch of decryption keys for 650 confidential documents related to the 9/11 terrorist attacks.

The group published a message on Pastebin announcing that it decided to offer for sale the documents even if the law firm paid to avoid publishing the documents. The Dark Overlord group decided to publish the document because the company contacted law enforcement.

If you want to read more about extortion activities conducted by cybercrime gangs give a look at the report.

Pierluigi Paganini

(SecurityAffairs – extortion, hacking)

The post Crooks offer millions to skilled black hats to help them in extortion campaigns appeared first on Security Affairs.

Security Affairs: Crooks offer millions to skilled black hats to help them in extortion campaigns

Cybercriminals are offering over a million dollars per year to skilled professionals like vxers and penetration testers to help them in extortion campaigns.

According to a new report published by the security firm Digital Shadows cybercriminal organizations are willing to pay millions to skilled hackers and malware developers.

The analysis of posts on Dark Web forums reveals that at least one threat actor is willing to pay more than $64,000 per month ($768,000 per year) to skilled hackers to recruit in criminal activities. Like big enterprises, the criminal organization is offering a professional and economic growth plan, in fact, the salary would go up to $90,000 per month ($1,080,000 per year) for the second year.

Cybercrime gangs aim at hiring skilled hackers that can help them in extortion campaign against high-worth individuals, in this case they promise $30,000 per month ($360,000 per year).

“For purer extortionists, the threat actor TDO used the KickAss forum to recruit individuals with network management, penetration testing, and programming skills. TDO posted job advertisements with specifications and salaries that would rival those offered by most corporate businesses. Recruits were tempted with £50,000 ($64,000) per month, with add-ons and a final salary after the second year of £70,000 ($90,000) per month.” reads the report published by Digital Shadows.

“Those with Chinese, Arabic or German skills could earn an added five percent on their salary or commission.

Highly competitive salaries and other forms of remuneration are becoming an essential element of attractive in the cybercrime ecosystem.

extortion cybercrime salaries

Experts believe that so high salaries could motivate skilled professionals in abandoning bug bounty programs and join the cybercrime arena.

Extortion is a profitable business, according to Digital Shadows, using compromised credentials found on public websites, crooks earned over $330,000 through sextortion campaigns in 2018.

Skilled professionals could also opt to work alone, blackmail and extortion guides are offered for sale on several underground forums for less than $10. Black markets have a crucial role in the cybercrime ecosystem, they allow to match offer and demand for stolen credentials, botnets, sensitive documentation.

Sextortion campaigns allow crooks to use credential sets that are no longer valid, sextortion-based email campaigns seek to extort victims by threatening to publicly embarrass them for engaging in a sexually explicit act. Scammers, in fact, claim to have evidence and use previously exposed passwords as “proof” of compromise.

“These emails have been reported intermittently since late 2017, but the scale and persistence of the campaigns rocketed over 2018. Between July 2018 and February 2019, Digital Shadows has collected and analyzed a sample of sextortion emails in which 89,000 addresses received over 790,000 sextortion attempts.” continues the report

One of the most interesting case studies for extortion attempt reported in the report was the one that involved the hacking group The Dark Overlord.

In January, The Dark Overlord published the first batch of decryption keys for 650 confidential documents related to the 9/11 terrorist attacks.

The group published a message on Pastebin announcing that it decided to offer for sale the documents even if the law firm paid to avoid publishing the documents. The Dark Overlord group decided to publish the document because the company contacted law enforcement.

If you want to read more about extortion activities conducted by cybercrime gangs give a look at the report.

Pierluigi Paganini

(SecurityAffairs – extortion, hacking)

The post Crooks offer millions to skilled black hats to help them in extortion campaigns appeared first on Security Affairs.



Security Affairs

Redis Changes Its Open Source License — Again

"Redis Labs is dropping its Commons Clause license in favor of its new 'available-source' license: Redis Source Available License (RSAL)," reports ZDNet -- adding "This is not an open-source license." Redis Labs had used Commons Clause on top of the open-source Apache License to protect its rights to modules added to its 3-Clause-BSD-licensed Redis, the popular open-source in-memory data structure store. But, as Manish Gupta, Redis Labs' CMO, explained, "It didn't work. Confusion reigned over whether or not the modules were open source. They're not open-source." So, although it hadn't wanted to create a new license, that's what Redis Labs ended up doing.... The RSAL grants, Gupta said, equivalent rights to permissive open-source licenses for the vast majority of users. With the RSAL, developers can: Use the software; modify the source code; integrate it with an application; and use, distribute, support, or sell their application. But -- and this is big -- the RSAL forbids you from using any application built with these modules in a database, a caching engine, a stream processing engine, a search engine, an indexing engine, or a machine learning/artificial intelligence serving engine. In short, all the ways that Redis Labs makes money from Redis. Gupta wants to make it perfectly clear: "We're not calling it open source. It's not." Earlier this month the Open Source Initiative had reaffirmed its commitment to open source's original definition, adding "There is no trust in a world where anyone can invent their own definition for open source, and without trust there is no community, no collaboration, and no innovation." And earlier this week on Twitter a Red Hat open-source evangelist said they wondered whether Redis was just "clueless. There are a lot of folks entering #opensource today who are unwilling to do the research and reading, and assume that these are all new problems."

Read more of this story at Slashdot.

Don’t Take the Bait! How to Steer Clear of Tax Time Scams

tax time scamsFor cybercriminals tax time is the most wonderful time of the year. They are in the shadows giddy, eager, and methodically setting a variety of digital traps knowing that enough taxpayers take the bait to render their efforts worthwhile.

Indeed, with the frenzy of online tax filings, personal information (and money) moving through mailboxes, and hardworking people eagerly awaiting tax refunds, crooks are perfectly positioned for big returns this year.

So let’s be wiser and let’s be ready.

Last year, the IRS noted a 60 percent spike in bogus email schemes seeking to steal money or tax information. This year its a surge in phishing scams, says the IRS, that should have taxpayers on alert.

“The holidays and tax season present great opportunities for scam artists to try stealing valuable information through fake emails,” said IRS Commissioner Chuck Rettig. “Watch your inbox for these sophisticated schemes that try to fool you into thinking they’re from the IRS or our partners in the tax community. Taking a few simple steps can protect yourself during the holiday season and at tax time.”

Scams to Look For

According to the IRS, phishing emails are circulating with subjects such as “IRS Important Notice,” “IRS Taxpayer Notice” and other iterations of that message. The fraudulent emails may demand payment with the threat of seizing the recipient’s tax refund or even jail time.

tax time scams

Attacks may also use email or malicious links to solicit tax or financial information by posing as a trustworthy organization or even a personal friend or business associate of the recipient.

While some emails may have obvious spelling errors or grammar mistakes, some scammers have gone to great lengths to piece together a victim’s personal information to gain their trust. These emails look legitimate, have an authentic tone, and are crafted to get even skeptics to compromise personal data using malicious web links.

Scams include emails with hyperlinks that take users to a fake site or PDF attachments that may download malware or viruses designed to grab sensitive information off your devices. With the right data in hand such as a social security number, crooks can file fake returns and claim your tax return, open credit cards, or run up medical bills.

Other tax scams include threatening phone calls from bogus IRS agents demanding immediate payment of past due tax bills and robocalls that leave urgent callback messages designed to scare victims into immediate payment.

Remember, the IRS will NOT:

  • Call to demand immediate payment over the phone, nor will the agency call about taxes owed without first having mailed you several bills.
  • Call or email you to verify your identity by asking for personal and financial information.tax time scams
  • Demand that you pay taxes without giving you the opportunity to question or appeal the amount they say you owe.
  • Require you to use a specific payment method for your taxes, such as a prepaid debit card.
  • Ask for credit or debit card numbers over the phone or
    e-mail.
  • Threaten to immediately bring in local police or other law-enforcement groups to have you arrested for not paying.

How to Protect Yourself

Be hyper-aware. Never open a link or attachment from an unknown or suspicious source. In fact, approach all emails with caution even those from people you know. Scams are getting more sophisticated. According to the IRS, thieves can compromise a friend’s email address, or they may be spoofing the address with a slight change in the email text that is hard to recognize.

Reduce your digital footprint. Now is a great time to go through your social accounts and online profiles, posts, and photos and boost your family’s privacy. Edit out any personal information such as your alma mater, your address, birthdate, pet names, children’s names, or mother’s maiden name. Consider making your social profiles private and filtering your friends’ list to actual people you know.

Have a strong password strategy. Cybercrooks count on their victims using the same password for multiple accounts. Lock them out by using unique passwords for separate accounts. Also, consider using two-factor authentification that requires a security code (sent to your phone) to access your account.

Install security software. Phishing emails carry malware and viruses designed to infect your devices and grab your family’s sensitive data or even seize your computer via ransomware. Crooks aren’t messing around so neither should you. Meet fire with fire by investing in comprehensive security software to protect your devices.

If you are the victim of tax fraud or identity theft, take the proper reporting steps. If you receive any unsolicited emails claiming to be from the IRS, forward them to phishing@irs.gov  (then delete the emails).

The post Don’t Take the Bait! How to Steer Clear of Tax Time Scams appeared first on McAfee Blogs.

CVE-2014-10079

In Vembu StoreGrid 4.4.x, the front page of the server web interface leaks the private IP address in the "ipaddress" hidden form value of the HTML source code, which is disclosed because of incorrect processing of an index.php/ trailing slash.

CVE-2018-20785

Secure boot bypass and memory extraction can be achieved on Neato Botvac Connected 2.2.0 devices. During startup, the AM335x secure boot feature decrypts and executes firmware. Secure boot can be bypassed by starting with certain commands to the USB serial port. Although a power cycle occurs, this does not completely reset the chip: memory contents are still in place. Also, it restarts into a boot menu that enables XMODEM upload and execution of an unsigned QNX IFS system image, thereby completing the bypass of secure boot. Moreover, the attacker can craft custom IFS data and write it to unused memory to extract all memory contents that had previously been present. This includes the original firmware and sensitive information such as Wi-Fi credentials.

CVE-2014-10078

Vembu StoreGrid 4.4.x has XSS in interface/registercustomer/onlineregsuccess.php, interface/registerreseller/onlineregfailure.php, interface/registerclient/onlineregfailure.php, and interface/registercustomer/onlineregfailure.php.

India inducts its first Robocop in Kerala police force

Meet India’s first Robocop, KP-Bot

Anyone visiting the police headquarters in Thiruvananthapuram, Kerala will now be greeted by a humanoid robot, as India has launched its first ever robocop in its police force on Tuesday. This is the first police department in the country to use a robot for police work, according to India Today.

The humanoid robot named KP-Bot has been developed by the Kerala Police Cyberdome with the help of a Kochi based start-up, Asimov Robotics Pvt Ltd. The robocop will be managing the front office of the headquarters in Vazhuthacaud.

Pinarayi Vijayan, the Chief Minister of Kerala inaugurated the humanoid police robot at the police headquarters in the state by giving it an honorary salute. To which, the robocop responded with a perfect salute.

The Robocop who has been given Sub Inspector (SI) ranking will receive the visitors and direct them to the appropriate department as per their needs. It can also salute at higher-ranked officers. However, KP-Bot will require to undergo a month’s before being posted at the police headquarters.

The cause of women empowerment and gender equality were the reason why KP Bot is considered female – a “she” robot.

“Women empowerment and gender equality were kept in mind while deciding on the gender of the first robot. Also, the fact that most front office jobs are managed by women was considered,” Loknath Behra, Director General of Police (DGP) said.

“At present, about four persons are required to do the front office duty. Now, it would be managed by the KP-Bot,” added the DGP.

With the use of facial recognition technology, KP-Bot can also record a person’s information. Once all the data is filled, it can also help in recognizing a criminal.

“Humanoids in the future may also be used to investigate crime or control traffic,” Kerala’s Assistant DGP Manoj Abraham told NDTV.

Jayakrishnan, CEO of Asimov Robotics Pvt Ltd, who led the technical team, says that the Robocop is a result of two months of hard work. “We became part of the project through Kerala Start-up Mission. The aim was to create a robot with versatile mobility and that can interact autonomously. The KP-BOT is designed to greet, guide and launch. As part of its launch, we had only given it basic training on greeting high-ranking police officials such as the DGP with a salute and self-introduction,” he says.

However, the sub-inspector will also be trained by feeding database on case files, identity information, face-and-voice detection of the public, and responding to these, he explains. “In the next phase, we will be training KP-BOT to recognize and respond to Malayalam speech. There would be various kinds of petitioners, and so she would be trained in understanding their emotional state of mind and also in booking those who attempt to bribe her,” Jayakrishnan says.

In the future, there are plans to update the Robocop with additional sensors such as metal and IED detectors, gas sensors along with thermal imaging to handle the safety and security concerns of human officers and workplaces.

The post India inducts its first Robocop in Kerala police force appeared first on TechWorm.

Honduran Teen Fled Gangs at Home Only to Be Murdered While Stranded at the U.S.-Mexico Border

Sixteen-year-old Jorge Alexander Ruiz took off alone in the middle of the night from San Pedro Sula, Honduras, to escape pressure to join a gang. Sitting outside the shelter for unaccompanied minors where he was staying in Tijuana, in early December, waiting for a chance to request asylum at the U.S. port of entry, he recalled the menacing words that drove him to catch a 1:30 a.m. bus to Guatemala. “‘You’re going to work for us for free,’” a gang member threatened him. “‘Or you want to die? Choose one of the two.’”

Jorge grew up in a neighborhood that has long served as a drug dealing hub. The barrio splashed local headlines a few years ago as one of the most crime-ridden areas in Honduras’s second-largest city, San Pedro Sula, though family members say violence has calmed down since then. Jorge described daily life there as a “strange” existence, confined by territorial lines where the local clique butts against rival turf. “A lot of people don’t have work,” he told us. “Many don’t go very far, because if you pass the boundary …”

A friend he met in Mexico, a 17-year-old asylum-seeker from a town outside San Pedro Sula, jumped in to finish Jorge’s thought. “We can’t go just anywhere, for fear of getting killed,” he blurted out.

Some 2,700 miles from home, Jorge was optimistic about his asylum case and relieved to have left both the gang threats in Honduras and the dangers of the migrant trail behind him. A cough nagged him, a souvenir from his journey. He headed to Mexico weeks before the first big Central American caravan formed in Honduras last October.

Jorge’s story lays bare the potentially deadly dangers that drive teens to leave home alone — and those that can befall them on their way. In fiscal year 2018, more than 50,000 unaccompanied minors were apprehended at the U.S. border, and in January 2019, apprehensions of minors traveling alone increased 40 percent from the same period last year, according to the Department of Homeland Security. Slow processing times to request asylum at the border have thrown thousands of Central Americans into uncertainty.

But despite the bottleneck in Tijuana, Jorge didn’t entertain the idea of returning to Honduras. “I don’t want to let down my family,” he told us. “Because if I go back, they won’t even have enough for my coffin.”

A week after we spoke outside the shelter, Jorge’s body was found with 37 stab wounds and strangle marks around his neck, dumped alongside a second victim, a 17-year-old from Honduras. A third Honduran teenager managed to escape alive. The boys were on their way from the youth shelter where they stayed to visit a camp of migrants in central Tijuana on December 15, when assailants lured them to a room, demanded money, and — finding they had none — brutalized them.

Back at his home in Honduras, Jorge’s grandmother, Amalia Díaz, hadn’t heard from him in four days. She was worried. She was mamá to Jorge, having raised him since he was a small child. His mother was absent from his life, and his father died years ago. When Amalia finally got a call, it was her nephew, Fernando Díaz, who has lived in the United States for 25 years. “Auntie, what’s Jorge’s full name?” he asked, needing to confirm. The next words gutted her. “Don’t panic — Jorge was killed.”

Uriel Gonzalez, general coordinator of the shelter for unaccompanied minors in Tijuana, didn’t mince words when he said the boys were “kidnapped, extorted, tortured, and executed.” Police arrested three suspects, and the surviving victim will remain under protection in Mexico until the case is resolved. “It’s a clear message of the vulnerability of the migrant population in general — above all, adolescents,” Gonzalez said of the killings.

Nearly two months passed before Jorge’s family found some semblance of closure when they finally received his body and held a humble funeral and burial.

29-1550777733

Amalia Díaz at her home with one of her grandchildren.

Photo: Héctor Edú for The Intercept

Leaving the Barrio

Sitting in the living room of Jorge’s childhood home, Amalia’s bright, clear eyes — identical to Jorge’s — welled up with tears. “He had so many hopes that were dashed,” she said in a wavering voice. She handed us a pair of photos of Jorge and his father, Alexander, who look so much alike they could easily be mistaken for the same person. Alexander died of a lung infection in 2011, when Jorge was 9 years old. He was a circus clown who had hit the road with the show after surviving an attack that left him with five gunshot wounds in 2003, when Jorge was just a baby, following pressure to join a gang. “God took my son from me, but he left me a replacement,” Amalia had thought at the time.

Jorge’s great-grandmother, Amalia Reyes, said with anguish in her voice that Jorge’s murder hit the family hard. The 93-year-old maintains a strong facade, but she admitted that she hardly manages to sleep. Amalia, 63, said that Amalia Reyes’s blood pressure has spiked since they got the news. She had never wanted Jorge to go. “‘Ay my boy,’ I told him, ‘you don’t know what you’re getting yourself into, but for me, what you’re thinking about doing is not good.’”

Jorge didn’t tell his grandmothers why he wanted to flee. “Mamá, I’m leaving tonight,” Amalia remembered him saying. “When I saw him ready to leave, I said to him, ‘Jorge, is there some kind of problem? You look worried to me.’” She assured him if he was failing in school, she wouldn’t be mad. But Jorge brushed off the questions.

Jorge’s great-uncle, Luis Alonso, also was suspicious. “The thing that worried me is that he spent two days shut up inside,” he said. “I said to him, ‘What’s up with you? You haven’t been out.’ And he said, ‘Tomorrow.’ But next day, same thing. Then he left.” Their best guess is that Jorge ran into trouble visiting relatives in a nearby neighborhood with a rough reputation. That area is controlled by the Barrio 18 gang, a rival to the MS-13 gang operating where Jorge’s family lives.

Amalia, a nurse, is respected in the community. While we chatted, a neighbor came to the door seeking help with an injection, a common method for administering routine medicines in Honduras, and Amalia collected 30 lempiras, just over $1, for giving her the needle. Local gang members and their families benefit from her health services, too. She doubts that Jorge ran into problems near home, but his relatives’ neighborhood could be another story. “We’re losing most of our youth, because it’s as if there was a decree of death for young people,” she lamented.

9-1550778010

Amalia Díaz holds her 12-year-old grandson, who had heart surgery at an early age.

Photo: Héctor Edú for The Intercept

At 11:30 p.m. one night in late September, Jorge stuffed the pants from his school uniform and a few other clothes into a small backpack. Beyond his immediate family, he didn’t tell anyone he was leaving. “I gave him a hug and my blessing,” Amalia said. “My mom didn’t want to see him when he left.”

After taking the bus, Jorge traveled on foot into Guatemala to dodge the border checkpoint. While a Central American immigration agreement allows citizens to travel freely between the two countries, unaccompanied minors require special documentation to cross. From there, he walked and caught rides to Mexico’s southern state of Chiapas. Calling from Tapachula, Chiapas, two days after leaving home, he told Amalia he planned to pick up a few days of work to scrape together cash to continue his trek.

“How are you, son? TKM and I miss you,” Amalia wrote to Jorge a week later, saying “I love you” in Spanish shorthand. “Bad, mamá, I don’t see the point here,” Jorge responded. It was October 8, and he was struggling, working as a security guard at a Domino’s Pizza in Tapachula. But he had heard a migrant caravan was set to leave from Honduras just days later. He planned to tag along.

Jorge caught a train to head farther north in Chiapas. He tied himself to the top, afraid that La Bestia, or “The Beast,” as the freight train is known, might lurch him off. When we spoke in Tijuana, he recalled seeing, in awe, thieves come on board and toss an old man off the side of the train when he lied about not having valuables. It was a warning to the rest to cough up their goods. When they got to Jorge, he shivered in the cold as they stripped him down to his underwear, only to find that he was indeed empty-handed. He hadn’t brought a sweater, and weathering the cold between the wind overhead and the metal train under his body exhausted him. “When we got to the caravan, we were even more tired than them,” he told us of those who rode La Bestia.

In late October, as Jorge joined the caravan after passing a few days in Mapastepec, his grandmother was pleased to hear he wasn’t traveling alone anymore. He had a girlfriend, a young Honduran woman from Santa Barbara. Amalia broke into a smile as she looked through the messages. “He confided in me a lot,” she laughed. Jorge and the girl went their separate ways, but he made another Honduran friend with whom he caught rides to Mexico City.

“He wasn’t afraid,” Amalia told us. Jorge was tall, and because he was mistaken for an adult, he had to endure tough conditions, like not being allowed to sleep in shelter areas reserved for children and families. Like many others traveling with the caravan, Jorge caught a bad cough that still rattled his chest weeks after getting to Tijuana.

“In three days I’ll be in Tijuana, but [I’m] going without anything, and I haven’t eaten in three days,” he wrote to his grandmother on November 25. “Ay son, but where are you now?” she replied. “In Mexicali,” he said. “We’re three hours away by car.”

Two days later, he had made it. “I’m in Tijuana,” he wrote to her. “In front of the border.”

“Did you find food?” she asked. It pained her to think of him not eating. But she admired his courage to travel with a mass of total strangers in the caravan. “Yes, some tortillas,” he told her. “Tortillas with beans?” she asked. “No just tortillas,” Jorge replied.

Once in Tijuana, Jorge got in touch with his uncle Fernando in the United States. Fernando sent him money and made sure he got to the shelter for underaged migrants. Jorge spoke to a lawyer and found he had a case for asylum. Amalia was consoled knowing her grandson was eating well again, treating his cold, and sleeping with a roof over his head.

On December 14, the day before the murder, Amalia got a call from Jorge in high spirits. “They’re going to give me asylum,” he told her, clearly optimistic about his case. He had asked her to send him a photo of his birth certificate to get his papers in order. She was relieved. “Take advantage if they give you that opportunity,” she encouraged him. It was the last time they spoke.

3-1550778159

Amalia Díaz reviews the last text message conversation she had with Jorge while he was traveling through Mexico.

Photo: Héctor Edú for The Intercept

On Christmas Day, Amalia wrote “Hola” to Jorge one last time. She had known for a week he was dead. She recites their messages by heart, having scrolled through the conversation countless times, moved to tears every time.

Amalia Reyes was more critical. “We have to know that he died and he’s not coming back,” she said. “I tell her that’s not going to solve anything at all.” She mimicked her daughter glued to her phone reviewing the messages. Amalia said her mother is just stronger than she is. “No, it’s not that,” Amalia Reyes said. “I think clearly.”

Four generations live in the house, from Jorge’s 93-year-old great-grandmother to the tiny 2-year-old Fernanda, Amalia’s great-granddaughter, whom she takes care of along with five other grandchildren. She’s also the sole caregiver of her ex-husband, who became paralyzed years after they separated. With her grandchildren, she’s patient and kind; they’re well-behaved and respectful, addressing her politely as “Mamá Amalia.”

Jorge was the oldest of the bunch. “He was a jokester. He was always just a kid to me,” Amalia said. “Humble, helpful.” Amalia Reyes taught Jorge to make baleadas, Honduran handmade flour tortillas with savory fillings, adamant that he should learn to take care of himself. “He made them better than me,” she conceded. “He became a man here.”

Jorge earned pocket change by running errands for neighbors. If someone sent him to the market only to realize they’d forgotten to ask him for something, he would race back a second or third time without protest. “I preferred him doing errands for 15 or 20 lempiras” — less than $1 — “and not taking what wasn’t his,” Amalia said. “I always told him not to take what wasn’t his.”

She chokes up thinking about a time she and Amalia Reyes burned his hands when he was 8 years old, as punishment for stealing. It turned out he had been telling the truth all along — the cellphone a neighbor accused him of taking soon turned up. Amalia was mortified she had chastised him for no reason. The regret still weighs on her.

When he was older, Jorge wanted to drop out of high school and get a job to help the family. But his grandmother wouldn’t let him. “He wasn’t very intelligent, he struggled in school. I never wanted to get him a permit to get a job, because I didn’t want him to feel obligated to work,” she said, standing beside the bed that Jorge shared with her until he was 15 years old, leaving a dent in the mattress next to the wall. She glances at that impression fondly now, a small memory of her boy, she said.

In Tijuana, we asked Jorge what kept him going through the challenging parts of his journey. “I thought about getting my family out of where they live,” he said. He worried gang threats could befall them after he disappeared and was especially concerned about his great-grandmother. “It’s the only thing I thought about.”

31-1550778303

From early in the morning until late at night, Amalia Díaz checks her phone over and over again, reviewing conversations and photos of Jorge while she finds a place to cry out of sight of her other grandchildren.

Photo: Héctor Edú for The Intercept

Life or Death

Sitting on the steps outside their shelter in Tijuana, we asked Jorge and his friend what it’s like to be a teenager in San Pedro Sula. “Being a survivor,” Jorge proclaimed, singing every syllable. They laughed in unison.

“The life of a young person is in danger because the gangs want to recruit you to make you work with them,” said his friend, Byron (not his real name). “And if you don’t want to,” Jorge chimed in, “two options: life or death.”

Both grew up in neighborhoods controlled by the MS-13 street gang. They said that because a kid with a backpack can pass as a student on the way to school, the gang often exploits young boys as drug mules. But if the child gets caught, or something happens to “the product,” consequences could be deadly. Neither let on if they personally had been victims of the scheme.

Amid generalized lawlessness in the wake of a U.S.-backed military coup in 2009, Honduras shot into international headlines with a new moniker: murder capital of the world. San Pedro Sula was most notorious, hitting a staggering 169 homicides per 100,000 inhabitants in 2012. The rate was three times that of the deadliest U.S. city that year, New Orleans, which suffered 56 murders per 100,000 inhabitants.

Dany Pacheco, an evangelical pastor who works with at-risk and gang-involved youth in San Pedro Sula, agreed that survival can be a battle for marginalized youth. He noted that suicide rates among young people are on the rise, a trend documented by the Violence Observatory at the National Autonomous University of Honduras.

“This should raise an alarm,” Pacheco said. “Our youth have reached a point of disillusionment.” But he’s observed another troubling shift, too: More young people are joining gangs by choice, not by force. With scarce job opportunities and little hope for a comfortable future, even youths striving to chart themselves on a different path can become desperate and turn to crime. “I’m not saying that they don’t leave because they’re in danger — that happens,” he said. “But not in the numbers we expect. The majority leave due to lack of opportunities.”

Poverty and unemployment spiked after the 2009 coup, and Honduras remains one of the most unequal countries in Latin America, according to the World Bank. The post-coup governments cut social spending while pouring resources into the military and police. In 2017, a widely condemned presidential election set off a fresh crisis. Anecdotally, for the thousands of Hondurans in exodus in recent months, life at home is untenable.

Tough-on-crime policing, ramped up with the creation of President Juan Orlando Hernández’s military police force, only increases pressures on youth, Pacheco said. While young men navigate gang threats, they’re also profiled as potential gang members by police keen to deliver results in the war on crime.

While we talked, the pastor took an urgent phone call. In one of the communities where he works, police had taken a young man to identify where the local gang dumped a body. It’s a virtual suicide mission, Pacheco said, certain the gang would hunt down the informant. But defying police also would have had consequences. “We’ve reached the point in this country that it’s a crime to be young,” he said.

TIJUANA, MEXICO - DECEMBER 04:  Honduran and Salvadorian flags fly over the Barretal migrant caravan camp on December 4, 2018 from Tijuana, Mexico. After traveling more than 6 weeks from Central America, thousands of immigrants remain in Tijuana, many awaiting asylum interviews and others deciding whether to cross illegally into the United States. (Photo by John Moore/Getty Images)

Honduran and Salvadorian flags fly over the Barretal migrant caravan camp on Dec. 4, 2018, in Tijuana, Mexico.

Photo: John Moore/Getty Images

In the Balance at the Border

The murders of the two teenagers in Tijuana cast into stark relief the dangers that migrants and refugees — especially unaccompanied minors — may face while stranded at the border. Artificially slow processing times at official points of entry, justified by highly questionable claims of maxed-out capacity, extend wait times and compound the risks.

“Tijuana is one of the most dangerous cities in the world for anyone. Putting children there, unaccompanied, without their families and their parents, puts them in serious danger,” said Kara Lynum, an immigration lawyer who visited Tijuana late last year and camped out with a group of Hondurans to pressure border officials to allow asylum-seekers, including eight unaccompanied minors, to pass. “If the law was being followed, these kids wouldn’t be in Mexico, they would be in the U.S. system — which is a very imperfect system, too, for unaccompanied children.”

Jorge had told his family that he would likely spend months in limbo in Tijuana. Once across the border, his uncle Fernando would take him in. Fernando told us by phone that he encouraged his nephew to consider returning to Honduras, but Jorge insisted it wasn’t an option. When Jorge boasted that he had learned to navigate bus routes in Tijuana, his uncle scolded him. “Listen to me please — don’t go out,” he told his nephew. The last time they spoke, around 3 p.m. on December 15, Fernando rattled off his usual pleas for caution. Hours later, Jorge no longer responded.

wake-0001-1550778653

Friends and family mourn Jorge’s death during a wake in the family’s home on Feb. 8, 2019.

Photo: Héctor Edú for The Intercept

Gonzalez, the general coordinator of the shelter where the boys stayed, believes Mexico has a responsibility to protect vulnerable migrants, but lacks capacity to do so. “Unaccompanied migrants are the most vulnerable among the flow of migrants,” he said. “They should be a priority to be given access.”

Immigration advocates have warned that the Trump administration’s new “migrant protection protocols” for asylum-seekers, known as “remain in Mexico,” will thrust more Central Americans into vulnerable situations. Under the policy, asylum-seekers who pass a credible fear test to be able to make their case for asylum must wait in Mexico for their day in U.S. immigration court. Unaccompanied minors are exempt from the program, but recent events at the border have not inspired confidence that officials will abide by the law.

“On paper, unaccompanied minors are exempted from it,” Lynum said. “But since [immigration officials] have already shown disregard for the law with allowing unaccompanied minors to apply for asylum, I’m not confident that that will be followed either.”

Jorge’s friend Byron, who sat by his side in Tijuana recounting the perils of barreling atop La Bestia and skirting gangs at home in Honduras, managed to enter the United States. With his 18th birthday approaching, he received priority legal assistance to request asylum, according to a supervisor at the shelter.

Ruminating on their futures, Byron lamented that he never had managed to pick up much English. Neither had Jorge. “It’s something that excites me, because it’s a dream I couldn’t realize in Honduras,” Jorge said. “United States, for us, is the country of dreams, you know.”

He wanted to master English to be able to translate, become a mechanic, a flight attendant, or work on a ship crew. Amalia chuckled softly when we mentioned this to her, appearing to retreat into her thoughts. Jorge also wanted to be a chef or a clown, she recalled. “Poor thing,” she sighed, sifting through a drawer of photos and drawings. “He sure did dream.”

30-1550778758

Amalia Reyes sits in a rocking chair in her family’s home.

Photo: Héctor Edú for The Intercept

As Amalia poured over the memories, Amalia Reyes swayed in a rocking chair beside the front door. After losing a son, a grandson, and now her great-grandson, she tries not to dwell on the past. “Most who make the effort to leave don’t realize their dreams,” she remembered telling Jorge before he left. She had the same message for him as she had years earlier for her own son, who left to work as a ship hand and ended up dying at sea: “Don’t go,” she told them both.

In Jorge’s recollection, the 93-year-old’s parting words were even more stern. “‘Remember,’” he recalled her saying, “‘I don’t even have enough to bury myself, let alone bury you.’”

Reporting in Tijuana for this story was supported by the International Women’s Media Foundation.

The post Honduran Teen Fled Gangs at Home Only to Be Murdered While Stranded at the U.S.-Mexico Border appeared first on The Intercept.

How To Download And Read Kindle Books On PC

Looking for the perfect way to download and read Kindle books for PC. Don’t worry anymore. In this article, we will provide you with some simple steps to download Kindle reader for PC and read Kindle books on PC.

Amazon Kindle is possibly the most popular e-reader that is designed and marketed by Amazon. This popular e-reader service is not restricted to the Amazon Kindle hardware. You can easily download the Amazon Kindle app on Windows, Mac, Android, and iOS devices.

So here’s a detailed guide on how to download Kindle reader for PC and read Kindle books on PC.

ALSO READ: 9 Best sources to read comics online for free in 2019

Download Kindle For PC

A few years ago Amazon introduced the Kindle for PC application that can be used to read eBooks from Amazon’s Kindle store. In addition to Amazon’s Kindle ebooks, the Kindle for PC application also allowed users to read their personal ebooks.

The Kindle book reader application eliminated the need for purchasing Amazon Kindle e-readers. Using the free Kindle app users can also read free ebooks from Amazon’s Kindle store or directly shop for their favourite ebooks.

Kindle For PC

The Kindle for PC application offers many nifty features like page flip enabled books, built-in dictionary, ability to sync ebooks across all devices. Additionally, users can also customize the font size, screen brightness, background colour, and orientation of ebooks.

Similar to Windows, Kindle can also be downloaded on MacOS computers and laptops.

Download Kindle For PC


How To Read Kindle Books On PC

Kindle For PC

Once you download the Kindle application for PC follow these simple steps to read Kindle books on PC.

  • Install the Kindle for PC application.
  • Using your credentials log-in to your Amazon account.
  • All of your ebooks will now show up in the Kindle application.

Well, if you don’t want to install the Kindle application for PC you can still read Kindle books on a Windows or Mac computer using the Kindle cloud reader. Kindle cloud reader allows users to read Kindle Books online. That said, it’s not as feature-rich as the Kindle application.

Visit Kindle Website


CONCLUSION

So this was a simple guide to download Kindle on PC and read Kindle books. You can use a similar process to download Kindle for Mac. Do share your favorite ebooks on Kindle in the comments section below.

The post How To Download And Read Kindle Books On PC appeared first on TechWorm.

Campaigns through LinkedIn ’s DM deliver More_eggs backdoor via fake job offers

Experts uncovered a new malware campaign that attempts to circumvent victims by abusing LinkedIn ’s direct messaging service. 

Researchers at Proofpoint have uncovered a new malware campaign that attempts to circumvent victims by abusing LinkedIn’s direct messaging service. 

In direct follow-up emails, the actor pretends to be from a staffing company with an offer of employment. In many cases, the actor supports the campaigns with fake websites that impersonate legitimate staffing companies.” reads the analysis published by Proofpoint.

“These websites, however, host the malicious payloads. In other cases, the actor uses a range of malicious attachments to distribute More_eggs.”

Scammers target the potential victims through LinkedIn direct messaging, attempt to establish a contact, and infect them through bogus websites serving malware and malicious emails. Initially, attackers leverage legitimately created a LinkedIn profile to target companies by sending invitations with a short message with the subject “Hi [Name], please add me to your professional network”.

LinkedIn phihsing

Attackers send a direct email to the target’s work address reminding the recipient about the prior attempt to communicate on LinkedIn, using a target’s professional title attempts to trick the recipient into clicking on a link to see the noted job description. Experts also observed the use of PDF attachments with embedded URLs or other malicious attachments.

The URLs link to a landing page that spoofs a real talent and staffing management company that initiates a download of a weaponized Microsoft Word file created with Taurus Builder. If the victim enables macros, the “More_eggs” payload will be downloaded and executed. Experts also observed the landing page initiating the download of a JScript loader to delivery the More_eggs payload.

Experts used a variety of tools to distribute malware, including the Taurus Builder, the VenomKit, and the More_eggs payload.

Experts observed overlaps between these campaigns and a campaign launched against anti-money laundering officers at various financial institutions that was reported by the popular expert Brian Krebs.

The final payload used in the campaigns were different, while key similarities included:

  • The use of a similar PDF email attachment to the PDFs used in the Fake Jobs campaigns
  • The PDFs of both the anti-money laundering campaign and the Fake Jobs campaigns at one point included URLs hosted on the same domain

Further details on the campaign, including the IoCs are reported here.

Pierluigi Paganini

(SecurityAffairs – LinkedIn phishing, hacking)

The post Campaigns through LinkedIn ’s DM deliver More_eggs backdoor via fake job offers appeared first on Security Affairs.

Security Affairs: Campaigns through LinkedIn ’s DM deliver More_eggs backdoor via fake job offers

Experts uncovered a new malware campaign that attempts to circumvent victims by abusing LinkedIn ’s direct messaging service. 

Researchers at Proofpoint have uncovered a new malware campaign that attempts to circumvent victims by abusing LinkedIn’s direct messaging service. 

In direct follow-up emails, the actor pretends to be from a staffing company with an offer of employment. In many cases, the actor supports the campaigns with fake websites that impersonate legitimate staffing companies.” reads the analysis published by Proofpoint.

“These websites, however, host the malicious payloads. In other cases, the actor uses a range of malicious attachments to distribute More_eggs.”

Scammers target the potential victims through LinkedIn direct messaging, attempt to establish a contact, and infect them through bogus websites serving malware and malicious emails. Initially, attackers leverage legitimately created a LinkedIn profile to target companies by sending invitations with a short message with the subject “Hi [Name], please add me to your professional network”.

LinkedIn phihsing

Attackers send a direct email to the target’s work address reminding the recipient about the prior attempt to communicate on LinkedIn, using a target’s professional title attempts to trick the recipient into clicking on a link to see the noted job description. Experts also observed the use of PDF attachments with embedded URLs or other malicious attachments.

The URLs link to a landing page that spoofs a real talent and staffing management company that initiates a download of a weaponized Microsoft Word file created with Taurus Builder. If the victim enables macros, the “More_eggs” payload will be downloaded and executed. Experts also observed the landing page initiating the download of a JScript loader to delivery the More_eggs payload.

Experts used a variety of tools to distribute malware, including the Taurus Builder, the VenomKit, and the More_eggs payload.

Experts observed overlaps between these campaigns and a campaign launched against anti-money laundering officers at various financial institutions that was reported by the popular expert Brian Krebs.

The final payload used in the campaigns were different, while key similarities included:

  • The use of a similar PDF email attachment to the PDFs used in the Fake Jobs campaigns
  • The PDFs of both the anti-money laundering campaign and the Fake Jobs campaigns at one point included URLs hosted on the same domain

Further details on the campaign, including the IoCs are reported here.

Pierluigi Paganini

(SecurityAffairs – LinkedIn phishing, hacking)

The post Campaigns through LinkedIn ’s DM deliver More_eggs backdoor via fake job offers appeared first on Security Affairs.



Security Affairs

XRP Price Analysis: XRP/USD Bulls Eyeing Big Breakout to the Upside

XRP/USD price action is moving within a bullish pennant pattern structure, subject to a potential aggressive breakout to the upside. There is a substantial area of supply that runs from the $0.3500-$0.3600 price range. The price has not traded convincingly above since 10th January. XRP/USD: Recent Price Action Ripple’s XRP price over the last three […]

The post XRP Price Analysis: XRP/USD Bulls Eyeing Big Breakout to the Upside appeared first on Hacked: Hacking Finance.

European Governments Approve Controversial New Copyright Law

An anonymous reader quotes a report from Ars Technica: A controversial overhaul of Europe's copyright laws overcame a key hurdle on Wednesday as a majority of European governments signaled support for the deal. That sets the stage for a pivotal vote by the European Parliament that's expected to occur in March or April. Supporters of the legislation portray it as a benign overhaul of copyright that will strengthen anti-piracy efforts. Opponents, on the other hand, warn that its most controversial provision, known as Article 13, could force Internet platforms to adopt draconian filtering technologies. The cost to develop filtering technology could be particularly burdensome for smaller companies, critics say. Online service providers have struggled to balance free speech and piracy for close to two decades. Faced with this difficult tradeoff, the authors of Article 13 have taken a rainbows-and-unicorns approach, promising stricter copyright enforcement, no wrongful takedowns of legitimate content, and minimal burdens on smaller technology platforms. But it seems unlikely that any law can achieve all of these objectives simultaneously. And digital-rights groups suspect that users will wind up getting burned -- both due to wrongful takedowns of legitimate content and because the burdens of mandatory filtering will make it harder to start a new online hosting service.

Read more of this story at Slashdot.

French Muslims Grapple With a Republic That Codified Their Marginalization

Yasser Louati didn’t usually permit his English students to leave class to make phone calls. On this January day in 2015, however, one asked with such urgency in her eyes that he nodded at her request and let her leave. A few minutes later, the woman walked back into the class, looking just as upset as she did when she left. As she took her seat, Yasser asked her if anything was wrong.

“There’s a been a shooting at the Hypercacher,” she said quietly, referring to the kosher supermarket chain located across the city in Paris’s 20th arrondissement.

Louati’s heart sank. All of Paris had been on edge for the past two days, following a shooting at the offices of the satirical magazine Charlie Hebdo. The assailants were still on the loose and everyone was living in fear of more violence. But the location of this attack also had a personal resonance for Louati: The Hypercacher was just a few doors down from his 6-year-old son’s school.

Suppressing his own feelings of dread, Louati pushed through the final hour of class in a daze. As soon as it ended, he put on his jacket and rushed out the door, jumped on his motorbike and sped toward the 20th arrondissement. The normally bustling district was under siege by heavily armed police. Heart racing, Louati told a police officer he had come to collect his son from a nearby school. The officer said he could pass, but only on foot.

His son and the other students had taken refuge in the school basement and remained safe. Overcome with relief, Louati picked up his son and made his way through a sea of police back to his motorbike. Climbing onto the back seat, Louati’s son, who wanted to be a police officer, asked him what a terrorist was. “It’s a very evil and bad person,” Louati replied, strapping on his helmet.

The attacks and the ensuing climate of fear in Paris had set Louati on edge. Like other Parisians, he was afraid of the terrorists still on the loose in his city — the Hypercacher attack was still ongoing. But Louati also had other worries: He already felt a sense of foreboding about the backlash against French Muslims that was sure to come in the aftermath. As he often did in times of anxiety, Louati stopped by a mosque on the way home with his son to pray.

When he arrived, an imam was seated on the ground at the front of the mosque, with a few congregants before him. Everyone in the mosque knew that the spate of deadly attacks that had rocked the city had been conducted by other Muslims — extremists who claimed to be acting in the name of Al Qaeda and the Islamic State — and the city was still rife with heavily armed police. French public discourse was sure to be dominated in the coming days by questions that would bear directly on the congregants at the mosque — about Islam, terrorism, and whether people like them even belonged in the French Republic.

The imam, however, seemed oblivious. “So, what do people want to talk about?” the preacher asked those assembled. None of the dazed congregants replied. Pausing a moment, the imam continued, “OK, let’s talk about the correct way to make wudu” — the ritual ablution Muslims make before prayer.

Louati was shocked by what the imam just said. “People are being killed outside, in our city, in the name of Islam, and this is what you’re talking about?” he thought with incredulity. The disconnect between the reality of what was happening outside and the bubble inside was too much. He shot a sharp glance across the room, gathered up his son, and walked out the door.

Human rights and civil liberties advocate Yasser Louati poses for a portrait near Porte de Montreuil metro stop on February 6, 2019 in Paris, France. (Pete Kiehart for The Intercept)

Louati sits on a bench near Porte de Montreuil metro stop in Paris, France on Feb. 6, 2019.

Photo: Pete Kiehart for The Intercept

When I met Louati recently at a restaurant in Paris’s 13th arrondissement, he had just returned from teaching the same English class he was teaching the night of the Hypercacher shooting. A former airline pilot who is now 39 years old, Louati was born and raised in Paris, the son of a Tunisian father who worked as an electrician and mother who was a seamstress. Tall, with close-cropped brown hair, trimmed beard, and a youthful appearance, he dresses carefully in a suit and tie to teach, business attire draped over the frame of the pilot he had spent years becoming.

In 2015, Louati had been briefly pushed into the spotlight. A wave of major terrorist attacks in France set off an international media fixation on a community — French Muslims — whose struggles and history had been of little interest to them before. At the time, Louati was working with Collective Against Islamophobia in France, a grassroots group focused on fighting discrimination. That November, extremists attacked the Stade de France and the Bataclan theatre, leaving 130 people dead and horrifying the country.

Louati gave an interview on CNN, his first appearance on television. The clip became notorious. The cable news hosts forthrightly blamed the French Muslim community as a whole for the attacks, demanding that Louati accept responsibility on air. To their visible frustration, he refused: “Sir, the Muslim community has nothing to do with these guys!” Louati said. “Nothing. We cannot justify ourselves for the actions of someone who claims to be Muslim.”

The interview captured a growing sentiment that French Muslims were not just a “problem,” but a possible fifth column inside the country.

While the French Republic does not compile statistics on race and religion, it is estimated that up to 10 percent of its population comes from Muslim backgrounds. France’s Muslims are mostly the descendants of the country’s former colonial territories: Algeria, Mali, Morocco, Niger, Tunisia, and Senegal. Long associated with stereotypes of social delinquency, poverty, and now extremism, French Muslims have been fighting a battle for equality in a manner similar to the U.S. civil rights movement long before the world began noticing them.

Louati’s life stands as a poignant example. As a teenager in Paris’s 94th department, the suburbs south of the city, he was awakened to politics at a young age. It was a sentiment that crystallized when Spike Lee released his biographical film about Malcolm X. “The anger I felt, and the hostility and racism that I experienced as a child, were all distilled in that film,” he recalled. “It was like I was run over by a train watching it. After the movie ended, I stood alone at the back of the theatre and cried. I couldn’t believe that a man gave up his life fighting for these things.”

“It’s because you feel French, and you are French, that you criticize France. If something is wrong in this house, I’m going to say it, because I belong here.”

Louati spent much of his life in the same city, trying to avoid the pitfalls of crime, delinquency, and drug use that plague many young men there. He did better than most, managing to get an education and train for a professional career that allowed him to travel and see something of the world outside the concrete blocks of Paris’s suburbs. Activism kept its pull on him, though, drawing him to a life of organizing that led him to give up the career he trained for.

The failures of modern France weigh on Louati. The country has become a “laboratory” for discriminatory laws targeting minorities, particularly Muslims, he says. But this isn’t the criticism of an outsider, let alone an ungrateful foreigner. “It’s because you feel French, and you are French, that you criticize France,” he said emphatically when we spoke. “If something is wrong in this house, I’m going to say it, because I belong here.”

I asked him what he would have said if people wanted to understand what led to the attacks in 2015. The shootings at the Hypercacher and Charlie Hebdo, as well as the attacks at the Bataclan, involved young men who were born and raised in the country. “When you have millions of people who are already marginalized, disenfranchised, and without community institutions that can give them answers, you create easy targets for extremists,” Louati responded. “The narrative of these groups is that France exploited and humiliated your parents, they destroyed the countries of your ancestry, and now they hate you, too. Do you want to keep trying to be like them, or do you want to take revenge?”

Over a thousand French citizens went abroad to join the militant group the Islamic State. While statistically, that’s a tiny fragment of France’s roughly 6 million Muslims, even a small number of young adults giving up their lives to join a genocidal terrorist organization should be cause for serious reflection.

“Daesh made a killing in the suburbs,” Louati said forthrightly of ISIS’s recruitment efforts in the outskirts of Paris, referring to the group’s Arabic acronym. “There’s no counternarrative to the extremists. If you want a solution, let French Muslims organize themselves and address the real issues that the terrorists are using to recruit.”

A plaque commemorating the October 17, 1961 Paris massacre of Algerians is seen on February 11, 2019 in Saint-Denis, France. (Pete Kiehart for The Intercept)

A plaque commemorating the October 17, 1961, Paris massacre of Algerians is seen in Saint-Denis, France, on Feb. 11, 2019.

Photo: Pete Kiehart for The Intercept

Over the course of the 19th century, France accumulated a vast colonial empire stretching across Asia and Africa. Its colonization efforts were most intense just across the Mediterranean. In 1830, the French military invaded Algeria, deposed the local Ottoman governor, and undertook a ruthless campaign to suppress a grassroots resistance movement. For more than a century, the North African country was governed as an extension of France itself. The local French colonists, known as “pied noir,” ruled Algeria as a racially privileged caste, analogous in some ways to Israeli settlers in the West Bank today. “Algérie Française” eventually came to an end in 1962, after colonial rule buckled under the pressure of a grueling revolutionary war. Over a million Algerians are believed to have been killed in the conflict.

During its time as an empire, France periodically brought young men from its colonies to provide cheap labor for its cities. In the decades following World War I, there was a particular need for manpower to rebuild industry and replace the huge numbers of working-age men killed in the fighting. Hundreds of thousands of North Africans took the opportunity to work in France, desperate to escape the grinding poverty of their colonized homelands. North African workers did the jobs that most French people balked at, laying railroad track, working in mines, and paving roads in the scorching heat. They led lives of loneliness and poverty, cut off from their families back home and crowded into tenements in the outskirts of major cities.

The meager wages the workers earned, however, were a godsend for the countries they left behind. By the time the Algerian revolution broke out, there were perhaps half a million Algerians living and working in France. In addition to building France’s industry and infrastructure, colonial soldiers from across Africa gave their lives in huge numbers to defend France in both world wars. During World War II, colonial soldiers comprised a majority of Charles de Gaulle’s Free French army, at a time when many native French people were collaborating with the Vichy regime. These sacrifices won little recognition from French society. The 1944 liberation of Paris was deliberately made a “whites only” affair.

Years of continued discrimination culminated in one of the most shocking incidents in French history. On October 17, 1961, thousands of French Arabs gathered in Paris to march in support of the Algerian independence movement. French police, under the control of Maurice Papon — a local prefect notorious for his collaboration with the Nazis during the Vichy regime — descended on the demonstrators. The police fired live ammunition into terrified crowds of unarmed protestors. Many were detained and then drowned by being thrown into the Seine. While the massacre was studiously ignored for decades in France, historians estimate that as many as 200 people were killed on that day.

In the shadow of these events, a generation of children were born in France who were the descendants of the country’s black and Arab colonial soldiers and laborers. Circumstances forced this generation to look inward: Their parents’ homelands were foreign to them, yet they found that they were not really accepted in France, either. A new wave of popular movements was born as they sought equality in the country in which they were born.

In 1983, discontent over labor discrimination, policy brutality, and a spate of hate crimes against Arabs and Africans led to the organization of the largest anti-racism protest in French history. More than 100,000 people participated in the March for Equality and Against Racism, moving by foot across hundreds of miles from Marseille to Paris. For the first time in France’s history, the country’s minorities were forcing the nation to pay attention. In a statement, the organizers said, ”We want to show that the French and immigrants can live together, in spite of their differences, in an integrated society.”

Abdelaziz Chaambi was one of the organizers of the March for Equality and Against Racism. Now in his late 50s, he has a heavy build and short graying hair and stubble. He immigrated to France from Tunisia as a 12-year-old. Chaambi dedicated his life to the cause of France’s minorities after his brother was murdered in a racist attack when they were both young. I spoke with Chaambi in Vénissieux, a suburb of Lyon marked by a stretch of concrete high-rises and industrial buildings. He carried himself with the unmistakable energy and determination of someone who had been organizing for decades. He periodically stopped to press stickers advertising CRI — Coordination Against Racism and Islamophobia, an activist group he helped found — onto concrete pillars.

“For a long time, minorities in France wanted to assimilate their identities completely. People straightened their hair and wanted to look and dress the way that white French people did,” Chaambi told me, sitting in a sandwich shop near Lyon’s Perrache train station. “But over the years, they realized that whatever they did, they were only considered ‘bougnoule’ by the rest of society” — a racist term for North Africans and blacks.

The 1983 March for Equality and Against Racism began in Vénissieux, after the police shooting of a young man named Toumi Djaidja, who decided to organize the march from his hospital bed. Over three decades later, many of the same grievances that led to the march remain. Unemployment and poverty in Vénissieux are rampant, with up to a third of population living under the poverty line. Along with families and young people walking to school, drug dealers roam between stretches of apartment blocks.

In 2005, riots broke out in cities across France. The triggering event was the deaths of two boys who were killed after reportedly being chased by police officers in Paris. But their deaths were only the spark igniting the long-simmering anger of young “banlieusards” across the country. Decades of discrimination, alienation, and police violence had turned the suburbs into a tinderbox. In Vénissieux and other suburbs across France, young men burned cars and attacked police officers in scenes that were broadcast around the world.

Given the extent to which Islamic radicalism today has become a focus of security officials in France, it’s notable how little the riots in 2005 had to do with religion. Though the anger of the demonstrations intensified after the reported teargassing of a mosque by police, the riots themselves were a generic expression of pure rage and despair. For people like Chaambi who have been watching and warning about conditions for years, they did not come as a surprise.

“In France, there isn’t a door for young people born here to integrate into society,” he told me. “The riots in 2005 were about the frustration of people who have lived their whole lives without equal rights, dignity, access to jobs or proper housing. They were a warning sign to the rest of society that things were getting unbearable for people in the suburbs.”

“Over the years, they realized that whatever they did, they were only considered ‘bougnoule’ by the rest of society.”

Over the past year, French President Emmanuel Macron announced plans to create a “French Islam” that is structured and controlled under the guidance of the state. Not a single person I met in France thought that this was a good idea; most tended to view the plan as either a patronizing intrusion into their personal lives or a surreptitious expansion of the police state. Without popular support, it’s hard to see how such a plan could ever be implemented.

While I was around Vénissieux with Chaambi, he made a point of letting me know how much he identifies the cause of France’s Arabs and Africans with the civil rights struggle of black Americans. (He boasted of meeting former Black Panther activist Angela Davis during a visit to Paris.) His years of activism are a living monument to the longevity of France’s own civil rights struggle.

“There was a black president in America, but people are still fighting against discrimination, police violence, and white supremacy. We are fighting against the same things here, and we feel very close to the struggle of black people in America,” Chaambi said as we drove out of Vénissieux. As we passed, rows of families and young children in backpacks wound their way through corroded apartment buildings and old shopping plazas.

“In France, there are some people who feel like they’re superior and we’re inferior, therefore their job is to ‘civilize’ us,” he said. “We don’t accept this, and the young people especially don’t appreciate this kind of attitude toward them. What they need is hope for a better life, but also to be recognized, acknowledged, and respected in French society for who they are, not what someone else wants to force them to be.”

A street in the suburb of Saint-Denis, north of Paris, France, 18 November 2015. Several suspects were killed in St. Denis today, during a 7-hour police operation against accomplices of the Paris attackers. Photo by: Peter Zschunke/picture-alliance/dpa/AP Images

A street in the suburb of Saint-Denis, north of Paris, on Nov. 18, 2015.

Photo: Peter Zschunke/picture-alliance/dpa/AP

A half-hour train ride north from the opulence of central Paris, the suburb of Seine-Saint-Denis — the 93rd district, or the “neuf trois,” as it’s known colloquially — is the poorest district in France. The area includes the neighborhood of Saint-Denis. Aside from attending matches at Paris’s Stade de France, which is seated near the district, most people in the city seem to avoid Saint-Denis. When I asked Louati and a few other non-locals to give me a ride there, they repeatedly demurred. Eventually, I took the RER train — a commuter rail — to head out on my own.

On the main streets of the district and around the central train station, smoke wafted from skewers of meat being grilled by young men over shopping carts. Blankets laid out on the sidewalks displayed hats, scarves, and cellphone accessories for sale. The clothing stories, bakeries, butcher shops, and restaurants stretched out across the city center buzzed with activity. Along the riverbank, a memorial plaque honored the victims of the 1961 massacre — a monument to a tragedy that occurred some miles away, in central Paris.

For a brief moment in 2015, Saint-Denis seemed like it had become the gateway connecting Europe to the violence then roiling Iraq and Syria. As coordinated attacks struck central Paris, a separate group of attackers set out to target the Stade de France, the massive circular football stadium located in Saint-Denis that plays host to major international matches. The would-be assailants had their eye on a friendly football match between France and Germany. Among the thousands in attendance was then-French President François Hollande. The three suicide bombers, however, failed to execute their plan as intended. Their vests detonated before they could penetrate the massive crowds. One innocent bystander outside the stadium was killed — a 63-year-old chauffeur who had been dropping off spectators running late to the match.

Over the next few days, France continued to reel from the series of rapid-fire attacks and attempted plots. Hundred had been killed and wounded. A massive dragnet swept over the country to find the plotters. Five days later, a massive police operation focused in on a residence in central Saint-Denis. Three militants had hidden out in a small, tan-colored apartment building sitting above a cellphone store on a busy pedestrian street. Police flooded the area, and a massive standoff ensued. Over the next few hours, central Saint-Denis was a war zone. Over 5,000 bullets were fired by police, in an attempt to flush out or kill the attackers.

After several hours, the siege came to an end when one of the suspects detonated a suicide vest. Three people were found dead inside, including the attack’s mastermind, Belgian-born Abdelhamid Abaaoud, 28, and his cousin Hasna Ait Boulahcen, 26.

The building on the Rue du Corbillon where the fatal standoff took place is boarded up and abandoned today. The other tenants inside, as well as the shops below, were evicted following the raid and have yet to return. Covered in graffiti — some of which protests the lack of compensation for the evictees — the building is not out of sight on some quiet residential street. Instead, it stands out like a scar in the middle of one of the district’s busiest shopping streets. Pedestrians mill around the bombed-out structure, chatting and shopping. On a Saturday morning, panhandlers selling purses and jackets laid out their merchandise outside its boarded-up windows.

The attackers killed in the building were not from Saint-Denis, but rather had rented an apartment there from an unwitting landlord to use as a hideout. Nonetheless, the area has taken on a reputation as a den of extremism.

Mamadou Camara poses for a portrait near his home on February 9, 2019 in Épinay-sur-Seine, France. (Pete Kiehart for The Intercept)

Mamadou Camara sits near his home in Épinay-sur-Seine, France, on Feb. 9, 2019.

Photo: Pete Kiehart for The Intercept

For Sihame Assbague, Saint-Denis is just home. She was born in France to a family from Morocco and grew up in and around Paris. Several years ago, she moved to Saint-Denis. When I met her in the district on a Saturday morning, the streets were packed with people shopping and drinking coffee in cheap cafes. The ornate ancient gothic cathedral, bearing the name of the district, towered over the area, though inside it was mostly empty. On a side alley, a small mosque — just a few houses and trailers merged into a single structure — was packed with congregants and children attending weekend Arabic classes.

In Assbague’s telling, the despair of the young, mostly Arab and African residents of the area is most often expressed in the self-destructive behaviors of drugs, street violence, and delinquency.

“When people get to a certain age, and it dawns that there’s no opportunity for them, it’s a turning point.”

“When people get to a certain age, and it dawns that there’s no opportunity for them, it’s a turning point,” she said. “There is a difference between what they thought their life was going to be like and what the reality is that becomes very hard to accept.”

Like many people from the area, Assbague is frustrated with the international’s media fixation on Islam, which she says makes invisible the social pathologies that tend to lead people into crime or extremism.

“If you look at the profiles of the people who were involved in the attacks, they were not even practicing religion,” she said, referring to French media reports about the terrorists’ apparently lax religious practices. “They were drinking, going to nightclubs. For people like this, who are angry in general, religion is a marker of identity. Muslims are killed when terrorist attacks happen too. They’re scared of being hurt when they go out, just like anyone else. The first woman who was killed by the terrorist in Nice was wearing a headscarf.”

The physical distance between Seine-Saint-Denis and central Paris is just a short train ride. But the subtle psychological barriers — as well as the effect of policing on young people in the area — are huge. A kind of apartheid separates lavish central Paris from the great poverty that is so close by.

In March 2017, Mamadou Camara, then 18 years old, was returning from a school trip to Brussels with his class. Pulling into Paris’s Gare du Nord station, he and two other boys, both African and Arab, were taken aside from their class and searched. They were frisked and made to open their luggage in full view of everyone in the packed station, over the protestations of their teacher. Camara lives in the neighborhood of Épinay, just west of central Saint-Denis, where random encounters like this with police are a daily fact of life. But to be humiliated even on a class trip in the middle of Paris was too much. With the help of their teacher, he and the other two boys filed a lawsuit for racial profiling.

Mamadou Camara poses for a portrait near his home on February 9, 2019 in Épinay-sur-Seine, France. (Pete Kiehart for The Intercept)

Camara poses for a portrait near his home in Épinay-sur-Seine.

Photo: Pete Kiehart for The Intercept


Camara is tall and lanky, his short hair neatly trimmed into a geometric design. He has golden ear piercings and was wearing a tracksuit when we met in a library at Épinay. Outside, groups of men smoked cigarettes and drank coffee on a Friday morning. Soldiers armed with assault rifles also milled around the neighborhood, while sirens could be heard in the distance. Camara grew up around this area. He was shy when we first met, but opened up and became more animated as he described what life is like in the area.

“I’m used to being stopped and searched, but not in front of my class in the middle of the city,” Camara said. “That was too much.”

Camara was born in Mali but left with his family for France when he was 1 year old. He grew up in Saint-Denis, though for years his family sent him to a school outside the district in hopes that the quality of education would be better. When getting to school became too difficult, he started attending one of the high schools in the area. After he and the other two boys filed the lawsuit with the help of their teacher, the police in Épinay tended to leave him alone a bit more.

“I’m used to being profiled, because I grew up with it. But I don’t want my brothers to have to have the same experience,” he added, referring to his two younger brothers, both adolescents. “I really like France, actually — it’s my home and I feel at home. There’s some racism, but the thing I really like about this country in the first place is that there are so many different people living here together. We just need to stand up for our rights, and things will be OK.”

Ismael Difallah talks with friends during a break in helping his younger brother, Nasserdine, move on February 10, 2019 in Saint-Michel-sur-Orge, France. (Pete Kiehart for The Intercept)

Ismael Difallah talks with friends during a break in helping his younger brother, Nasserdine, move, in Saint-Michel-sur-Orge, France, on Feb. 10, 2019.

Photo: Pete Kiehart for The Intercept

In mid-2015, a police official working at the Orly Airport south of Paris invited Ismail Difallah for a coffee in the main terminal. For over a decade, Difallah, who was born in France to Algerian parents, had worked at the airport in various roles, most recently in security. Over six feet in height, he is built like a security guard — tall and thickset — yet he is also gregarious and frequently sports the sort of smile that can be disarming.

On the day they met, the police official had an offer for him. “After making some small talk, he asked me if I would ‘work’ for them in the airport,” Difallah told me when I met him.

The police official was inviting Difallah to become an informant for the government — something that happens to huge numbers of Muslim men in Europe and the United States. The job, such that it is, wasn’t always so difficult. In most cases, it entailed meeting with a handler periodically and giving them information about people in one’s network. In some extreme cases, it could involve working on entrapment cases and stings of people that the authorities target.

Difallah quietly let the officer know that he wasn’t interested. “I told them I already have a job, so I’m fine,” Difallah said.

He went back to work, though for a while the conversation left a bad taste in his mouth. Within a few weeks, however, he had largely forgotten it. The next time the conversation popped into his head was at the end of the year, when Difallah needed to get his security clearance renewed to continue working at the airport. He applied, as he had done routinely for more than a decade. This time, however, things didn’t work out.

“They told me that we can’t give you the clearance now,” Difallah told me at a home in the suburbs, not far from the airport. “I asked them why, and they just said they didn’t have any information for me.”

His mind started racing, trying to think back to figure out why he was suddenly being rejected. The only thing that sprang to mind was the conversation with the officer, but he had no way of finding out if that was the real reason for his denial. A denunciation to the local prefect, by a police officer or even another citizen, could be enough to land him on a secret list, like the notorious S-File, that would make him ineligible for a clearance. As many was 20,000 people are believed to be in the S-File database, which can lead to surveillance, prevention of travel, or difficulties getting work.

Suddenly, deprived of the ability to work with no explanation, Difallah’s life was thrown into turmoil. He got a lawyer in an attempt find out what information the state may have used to have his clearance pulled. Due to the opaque nature of France’s system of secret evidence and security listings, however, his legal efforts found no success. Difallah has still not gotten his job back. For now, he is working as a private bus driver to make ends meet. “I’m just tired,” he told me, resignation in his voice. “Honestly, I am tired.”

PARIS, FRANCE - NOVEMBER 18: Armed police asks residents near the assault area to stay inside at Saint-Denis on November 18, 2015 in Paris, France. Officials said police had been hunting Abdelhamid Abaaoud, a Belgian Islamist militant accused of masterminding the Nov. 13 carnage, but more than seven hours after the launch of the pre-dawn raid it was still unclear if they had found him. Seven people were arrested in the operation, which started with a barrage of gunfire, including three people who were pulled from the apartment, officials said.PHOTOGRAPH BY Yann Schreiber / Barcroft USAUK Office, London.T +44 845 370 2233W www.barcroftmedia.comUSA Office, New York City.T +1 212 796 2458W www.barcroftusa.comIndian Office, Delhi.T +91 11 4053 2429W www.barcroftindia.com (Photo credit should read Yann Schreiber / Barcroft USA / Barcroft Media via Getty Images)

Armed police ask residents in Saint-Denis to stay inside on Nov. 18, 2015, as they searched for Abdelhamid Abaaoud, a Belgian Islamist militant accused of organizing terror attacks in Paris on Nov. 13.

Photo: Barcroft Media via Getty Images

One of the quirks of liberal democracies is that, during periods of crisis, they have the ability take on the attributes of authoritarian states. In its effort to confront terrorists after 2015, this is what the French government has done. Immediately after the attacks, France instituted a nationwide state of emergency. The measure allowed security forces to conduct warrantless raids, shut down private institutions, and restrict the movements of targeted people.

While drastic measures were widely seen as necessary to roll up the extremist networks responsible for the wave of attacks, it soon became clear that the dragnet was catching far more than just terrorism suspects. By mid-2016, nearly 3,600 warrantless raids had been carried out across the country. Only six resulted in terrorism charges.

Macron campaigned on a pledge to end the state of emergency. The promise was kept, but only by a sleight of hand. Although the state of emergency was lifted in 2017, its most draconian measures were institutionalized into a new anti-terrorism law called Strengthening Homeland Security and the Fight Against Terrorism. The state of emergency is now permanent.

In an office just off central Paris’s opulent Place de la Concorde, a human rights attorney named Emanuel Daoud is fighting a lonely battle to push back against France’s creeping authoritarianism. Daoud’s office — adorned with upbeat modern art, in juxtaposition to the subject matter of his cases — sees a steady stream of petitioners who have found themselves caught in the dragnet of France’s counterterrorism policies. The volume of casework is such that the office buzzes with activity, even late into the night.

When I visited his office, Daoud told me that the use of secret evidence, blacklists, and denunciations have gradually built an atmosphere of fear in the suburbs and beyond. He singled out the S-File. “The maintenance of secret lists like the S-File — created in part through the use of private denunciations — is taken from the practice of the Vichy regime in World War II, though the consequences of being placed on such a list are ultimately different,” he told me. “There is a general climate of fear and paranoia being created by these measures that is expanding beyond just minority groups living in the suburbs.”

In a meeting with a former high-level French intelligence official, Daoud was told that the state of emergency had only been useful as a counterterrorism tool for a few weeks after the 2015 attacks. After the perpetrators and their network had been rolled up, the draconian measures mostly stayed in place for political reasons.

As Daoud sees it, there is an inexorable shift toward less freedom in France. This is signified in part by the shift in oversight of civil liberties from the judiciary toward the executive, or as the French call it, the administrative. What this means in practice is that local prefects, like the one that denied Difallah his security clearance without explanation, will gain more power to put people on lists or deny them their rights without legal challenges. This dynamic is likely to continue, even if no more attacks happen. If there is more terrorism, Daoud warns of a wider possible breakdown in social cohesion.

“After November 2015, people feared and expected that there would be physical attacks against Muslims and their institutions,” Daoud said. “For the most part, that didn’t happen, and the far-right activists who tried to engage in attacks were intercepted by security forces. This was positive. But it’s an increasingly fragile balance, however, and it’s in danger of breaking.”

“Yes, I’m Muslim, but I’m French, and I feel tired of trying and failing to prove this.”

A situation like this is particularly claustrophobic for people like Difallah. Trapped between an insidiously expanding security state and the multiple threats posed to French Muslims by terrorism, he has no other place to turn if France becomes unwelcoming. Despite losing almost everything in his personal life over the past three years since his clearance was denied, like most other people I met, he said he found it cathartic to be able tell his story. He tried to explain how the targeting by the police over a lifetime, culminating in the loss of his job, has made him feel like an outsider in the city where he was born.

“I’m 38 years old; I don’t know the country of my parents. I’ve been to Algeria maybe one month in six years,” he said. “Yes, I’m Muslim, but I’m French, and I feel tired of trying and failing to prove this.”

A framed verse of the Quran is seen at the home of the brother of Ismael Difallah on February 10, 2019 in Saint-Michel-sur-Orge, France. Difallah was helping his brother, Nasserdine Difallah move.(Pete Kiehart for The Intercept)

A framed verse of the Quran is seen at the home of Ismael Difallah’s brother in Saint-Michel-sur-Orge, France on Feb. 10, 2019.

Photo: Pete Kiehart for The Intercept


In 2015, the French novelist Michel Houellebecq released a book called “Submission.” The novel depicted a near future in which France is ruled by an Islamist government, which comes to power at the head of a coalition created during the 2022 elections. In Houellebecq’s satirical alternate history, an exhausted France eventually decides to lay down in the face of its supposedly virile and determined Muslims. The new French president is a suave intellectual with ties to the Muslim Brotherhood who quietly begins a program of socially re-engineering the country and reorienting it toward the Middle East. Meanwhile, the suburbs become the site of violent gun battles between right-wing activists and young Arab and African youths, which the French media expeditiously choose to ignore.

Louati didn’t like the book.

“France owes people like us its freedom. These kids you see around, Africans and Arabs, whether people like it or not, they’re French.”

“French elites have always had fantasies about civil war and purging people of ‘impure blood’ from the country,” he told me one evening at a mall in the southern Paris suburb of Thiais. On a Sunday night, the mall food court was bustling, mostly with young people and families of Arab and African background. A French rap song pumped out of an Adidas store full of shoppers. “When you are Muslim and French, society pushes these two identities to collide,” Louati told me. “Islam isn’t considered a normal religion of France the way that Catholicism, Protestantism, or Judaism are – even though many of our grandparents were fighting the Nazis to free this country while others were collaborating with Vichy.”

By morbid coincidence, Houellebecq’s novel was released on the day of the Charlie Hebdo shooting in 2015. Those killings marked the start of a cycle of terrorist attacks and government reprisals that began to crystallize a certain image of Muslims as a security threat — or even a fifth column within the French Republic. To say this view is blinkered would be an understatement.

“In the public imagination, the image of a French Muslim remains the disenfranchised youth of suburbs,” said Olivier Roy, a French political scientist and specialist on political Islam. “The reality is that over the past generation, they’ve seen the creation of an educated middle class and professional class, which, due to lack of representation, is mostly ignored. There’s a discrepancy between the public perception and sociological reality. In a sense, it’s normal for the extreme right in France to use cliches about Muslims, but the problem is the clichés are also used by the left, too.”

In France, it’s common to see tributes to African-American freedom fighters like Rosa Parks, Martin Luther King Jr., and Malcolm X. Due to the country’s revolutionary history, the French have a love of egalitarianism that often draws it into competition with the United States. Until France can learn to fulfill the rights of its own minorities — whose efforts helped build the modern nation and who, for the past several decades, have waged a civil rights struggle of their own — its troubles are not going to reach a conclusion.

“France owes people like us its freedom,” said Yasser Louati, passion in his voice as he packed up his belongings. The bistro, Belle-Epine, was set to close. “These kids you see around, Africans and Arabs, whether people like it or not, they’re French. We’re not foreigners or guests who are going to accept being treated as though we’re just lucky to be here. Maybe some of the elites of France don’t like us. But they’re going to have to respect us.”

The post French Muslims Grapple With a Republic That Codified Their Marginalization appeared first on The Intercept.

CVE-2019-9026

An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a heap-based buffer overflow in the function InflateVarName() in inflate.c when called from ReadNextCell in mat5.c.

CVE-2019-9028

An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a stack-based buffer over-read in the function InflateDimensions() in inflate.c when called from ReadNextCell in mat5.c.

CVE-2019-9033

An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a stack-based buffer over-read for the "Rank and Dimension" feature in the function ReadNextCell() in mat5.c.

Whatsapp Asks Apple Users to Beware Of the Touch ID, Face ID Feature




A recently discovered bug in the Touch ID, Face ID feature rolled out on WhatsApp is progressively turning into a grave threat to the iPhone users as it enables anyone to effortlessly sidestep the authentication systems. The support for Touch ID or Face ID to unlock the application is accessible for WhatsApp version 2.19.20 and when enabled correctly, the application requires the user to utilize the Touch ID or Face ID each time they get to access the application.

The Android users are safe, since this specific feature isn't made available for them.

A Reddit user explained in a post with respect to how simple the bypassing of the system is and how nearly anybody can do it. The method fundamentally begins to work when the user gets the choice to unlock the application either immediately or after one moment, after 15 minutes or after an hour and he/she chooses some other option than "Immediately".

It doesn't work in the event that it is set to immediately and this can be changed when "Require Face ID" is enabled from WhatsApp Settings > Account > Privacy > Screen Lock. In the event that the user wishes to sidestep the Touch ID and Face ID feature on the iPhone, they will need to open the iOS Share Sheet on any application and pick WhatsApp.


In the interim, WhatsApp issues an announcement with respect to its awareness with the issue and said that, “We are aware of the issue and a fix will be available shortly. In the meantime, we recommend that people set the screen lock option to immediately,”


Goa DGP calls Alexa a spy

Goa Director General of Police (DGP), Muktesh Chander, while speaking at a cybersecurity seminar on Thursday, 21 February, warned people from excessive use of Amazon's artificial intelligence assistant Alexa, saying that these assistants are acting like spies and collecting private information, The Indian Express reported.

“And what Alexa does. All the time it is listening. Everything. Every word you are saying, Alexa is listening and passing it on to Google. (Chander then corrects himself and says Amazon)."

Chander, who is also a cybersecurity expert, was delivering a keynote address at a seminar on ‘Cyber Security for Industry’ in Panaji.

“Sounds.pk… PK are Pakistani sites. Why are they giving sounds free of cost?” Chander said, adding that the songs.pk website promotes a “compromised Chinese-made browser” to glean information from a user’s phone. “Has anybody tried downloading this songs.pk? All of a sudden if you are trying on mobile, one thing is bound to come up… UC browser. Have you heard of that? Because UC browser is… a Chinese browser. It is collecting all the information. So there is a hidden agenda,” Chander said.

Cr1ptT0r Ransomware targets D-Link NAS Devices and embedded systems

A new piece of ransomware called Cr1ptT0r infects embedded systems and network attached storage (NAS) devices exposed online.

A new piece of ransomware called Cr1ptT0r was discovered by experts, it infects embedded systems and network attached storage (NAS) devices exposed online.

The discovery of the Cr1ptT0r ransomware was first reported on a discussion in the BleepingComputerforums. A user reported that its D-Link DNS-320 device was infected by malicious code.

The D-Link DNS-320 model is no more available for sale, one of the members of
the forum explained that the firmware of its NAS was never updated and its
device was exposed to WAN through ports 8080, FTP port 21, and a range of ports
for port forwarding.

The newest firmware revision is bated back 2016 and its known to be affected by several
bugs that can be exploited to compromise the device.

At the time of the discovery, the malicious ELF binary showed a minimum detection rate on VirusTotal.

Information shared by BleepingComputer forum members suggests attackers leveraged known flaws in old firmware, a circumstance that was confirmed by a member of the Cr1ptT0r team to us, saying that there are so many vulnerabilities in D-Link DNS-320 NAS models that they should be built from scratch to make things better.

The list of flaws in old versions of the firmware for D-Link DNS-320 includes at least a remote code execution vulnerability, and a hard-coded backdoor published in 2018 for ShareCenter DNS‑320L.

At the time of the discovery, the malicious ELF binary showed a minimum detection rate on VirusTotal.

Once the malware has infected a system drops two plain text files, one is a ransom note called “_FILES_ENCRYPTED_README.txt,” which gives information to the victim on what has happened and instruction to pay the ransom.


Cr1ptT0r ransom-note

Like other ransomware, the operators allow victims to unlock a file for free.

The second text file named “_cr1ptt0r_support.txt” includes the onion address for a website that offers support to the victims. The hidden service enables a remote shell on an infected device if it is online.

“The Cr1ptT0r group member added that the URLs and IP addresses are not logged, so there is no correlation between data and the victim.” wrote Bleeping Computer.

“Although the Cr1ptT0r member says they are just interested in getting paid and that spying is not on their agenda, they cannot guarantee privacy.”

Operators offer decryption keys via OpenBazaar marketplace, for BTC 0.30672022 (about $1,200). It is also possible to decrypt single files paying $19.99, in this case, victims have to send the encrypted file to the operators.

Bleeping Computer noticed that operators of the ransomware also offer decryption keys for the Synolocker ransomware for the same price. This second ransomware made the headlines in 2014 when it infected NAS servers from Synology that ran outdated versions of the DiskStation Manager.

No extension added to locked files

The ransomware is an ELF ARM binary that does not append a specific extension to the encrypted files.

The popular malware researcher Michael Gillespie discovered the ransomware adds the end-of-file marker “_Cr1ptT0r_” to the encrypted files.

“He also says that the strings he noticed suggest that this ransomware strain uses the Sodium crypto library and that it uses the “curve25519xsalsa20poly1305″ algorithm for asymmetric encryption. We received confirmation about these details from the Cr1ptT0r group member we talked to.” continues Bleeping Computer.

“The public key (256-bit) used for encrypting the data is available in a separate file named “cr1ptt0r_logs.txt,” which stores a list of the encrypted files as well, and it is also appended at the end of the encrypted files, just before the marker. Gillespie says that it matches the encryption algorithm he noted above.”

Even if Cr1ptT0r has appeared in the threat landscape recently, experts believe it will be a dangerous threats due to its ability to infect embedded systems and the possibility to adapt its code to infect Windows machines.

Further details, including IoCs are reported in the analysis published by Bleeping Computer.


Pierluigi Paganini

(SecurityAffairs – Cr1ptT0r, ranomware)

The post Cr1ptT0r Ransomware targets D-Link NAS Devices and embedded systems appeared first on Security Affairs.

The Justice Department Singled Out This Man in Expanding Efforts to Strip Citizenship. A Judge Doesn’t Think the Case Is Open-and-Shut.

A federal judge on Thursday issued a ruling that could test the strength of the Trump administration’s theory behind stripping naturalized Americans of their U.S. citizenship.

At issue is the question of whether Parvez Khan, a sexagenarian native of Pakistan, became a U.S. permanent resident — and ultimately a naturalized citizen — fraudulently, by concealing the fact that he had previously received an order of deportation under a different name.

The Justice Department contends that the case is simple — that Khan changed his identity in order to game the U.S. immigration system. But Khan, who lives in Florida, argues that he never even knew that an immigration court had ordered his deportation. He says the government’s case against him can be explained by a combination of factors that were outside of his control — including the lack of a proper translator when he was detained by immigration officials in 1991 and applied for asylum, as well as a lawyer who never told him what was going on in his case.

U.S. Magistrate Judge Patricia Barksdale found that enough of the facts are disputed to allow the case to move forward to trial. The ruling was a blow — a rebuke of the government’s portrayal of an open-and-shut case — to the Trump administration’s efforts to use an initiative called Operation Janus for denaturalizing potentially thousands of U.S. citizens.

“We are glad to see that the judge in this case is putting the government to its burden of proving that the very high bar for denaturalization has been met,” said Sirine Shebaya, an attorney at Muslim Advocates who has been pressing the government for information on these efforts. “We continue to have ongoing concerns about Operation Janus and about the government’s denaturalization efforts generally, which appear to be designed to target and scare minority communities.”

On Thursday, Barksdale, of the Middle District of Florida, issued a 59-page order in the case, U.S. v. Parvez Manzoor Khan, denying requests by both parties to resolve the case in their favor before going to trial — what is known in legal parlance as a motion for summary judgment.

Barksdale, in her order, notes that Khan’s denial that he acted intentionally or knowingly in a deceptive manner when applying for a change in immigration status is not alone enough to withstand summary judgment. Nor is his belief that he’s always been in the United States legally. “But Khan presents more,” Barksdale writes, pointing to evidence he provided of a serious language barrier, an ineffective lawyer, and a careless interviewer for his applications for permanent residence and citizenship.

Denaturalization is increasingly looking like the next front in President Donald Trump’s war on immigrants, and the Trump administration, to the extent that it has publicized its efforts, has largely waged that war through one-sided press releases.

Cases like Khan’s make clear that there has been a profound shift in the way the United States approaches the question of what it means to be an American.

Khan is one of three people singled out by the Justice Department when it first made clear its intent to expand the use of denaturalization, but he is the only one of those targets who defended himself against the government’s allegations. (The other two did not respond to the charges against them.) His case, which will go to trial on April 2, shows that when the government is faced with an actual defense, its justification for stripping away citizenship falters.

There is a voluminous history of denaturalization in the United States, which has been frequently used to target immigrants based on their race, ethnicity, or national origin. But for the last 50 years or so, the tactic has been used sparingly — mostly for people who lied on their naturalization applications to cover up war crimes or financial support for terrorists. Once obtained, citizenship — which, among other things, carries with it the right to vote — has had an air of finality about it.

The Trump administration, amid its two-year assault on immigration, seems poised to change that. While much of its denaturalization efforts remain shrouded in secrecy, cases like Khan’s make clear that there has been a profound shift in the way the United States approaches the question of what it means to be an American.

Khan’s ordeal began in September 2017, when the Justice Department issued a press release stating it was going after three men — Khan, Rashid Mahmood, and Baljinder Singh — for obtaining U.S. citizenship after being ordered deported under different names. They were identified under Operation Janus, an initiative of President Barack Obama’s administration that sought to identify people who might have been naturalized despite deportation orders or criminal proceedings because their fingerprints had not been digitized.

Operation Janus specifically targeted nationals of “special interest” countries, defined only as countries “that are of concern to the national security of the United States” in a 2016 report from the Department of Homeland Security’s Office of Inspector General. Mahmood, like Khan, is a native of Pakistan, while Singh is a native of India.

In January 2018, the Justice Department issued a second press release, this time announcing that a federal court had stripped Singh of his citizenship. The release, celebratory in tone, failed to mention how exactly the Justice Department won that case: Singh never responded to the allegations against him, and the court granted the government’s request for summary judgment. It’s unclear whether Singh is even aware that he is no longer a U.S. citizen. Mahmood, likewise, has not responded to the government’s allegations in his case. He missed the deadline to submit an answer, and the court has given the government until March 26 to file a motion for summary judgment. (U.S. v. Rahman, another Operation Janus case filed in February 2018, also seems likely to go to trial.)

Under Operation Janus, U.S. Citizenship and Immigration Services identified about 315,000 cases where some fingerprint data was missing from a central database and combed through those cases to find discrepancies. In the January 2018 release about Singh, the Justice Department wrote that Citizenship and Immigration Services “has stated its intention to refer approximately an additional 1,600 for prosecution.”

The target list, however, appears to have expanded. A budget request by U.S. Immigration and Customs Enforcement for the 2019 fiscal year revealed that the Department of Homeland Security intended to spend $207.6 million to investigate 887 leads uncovered through Operation Janus and to review 700,000 cases under Operation Second Look, a related initiative. Over the last two years, the total number of denaturalization cases has nearly doubled over the total number of cases filed between 2004 and 2016.

“This administration is overusing the very extreme measure of denaturalization against Muslim and other minority communities and effectively creating a second class of citizens who can no longer feel secure in their belonging to the United States.”

There is no comprehensive way to track the Justice Department’s current denaturalization efforts. But there are at least two dozen civil denaturalization cases pending in federal court, according to a review of court records by immigration attorney Matthew Hoppock, who represents clients in these types of cases. (The government is also using criminal charges as a way to secure denaturalization.)

In June, U.S. Citizenship and Immigration Services Director Lee Francis Cissna said his agency would be opening a new office in Los Angeles dedicated to investigating cases under Operation Janus and referring cases to the Justice Department for prosecution.

“I thought there would be more movement by now, because they said they were opening this office in LA,” Hoppock told me recently. He said the fact that the office is run by U.S. Citizenship and Immigration Services is odd, because even though the agency does the initial investigation, it’s the Justice Department that prosecutes these cases. “I don’t know what there is to do for seven or 10 attorneys at this little office in LA,” Hoppock said, “but we just haven’t heard anything more about what they’re up to.”

Still, the mere prospect of hundreds of thousands of old cases being reviewed for discrepancies is enough to sow fear in immigrant communities.

“This administration is overusing the very extreme measure of denaturalization against Muslim and other minority communities and effectively creating a second class of citizens who can no longer feel secure in their belonging to the United States,” Shebaya, the Muslim Advocates attorney, told me.

Among the thousands of cases reviewed under Operation Janus, Khan’s was hand-picked by the Justice Department to be one of the poster boys for the operation. Presumably, then, it would be a slam dunk case. Barksdale’s Thursday order makes clear that it’s not.

Because citizenship is so valuable, the government bears a heavy burden of proof in denaturalization cases; the Supreme Court has likened it to the “beyond a reasonable doubt” standard in a criminal case. Meeting that burden becomes more difficult when a defendant, like Khan, proffers a response that pokes holes in the government’s version of events.

The Justice Department is seeking to denaturalize Khan on three grounds. U.S. government lawyers argue that he lacked the “good moral character” requirement for U.S. citizenship because he lied in his naturalization interview; that he was ineligible to naturalize because he had obtained his permanent resident status by misrepresenting a material fact; and that he became a citizen by concealing or willfully misrepresenting a material fact. In each of these scenarios, the argument rests on a 1992 deportation order against Khan, which the government claims he intentionally concealed while applying for permanent residence and citizenship. (The government’s fingerprint records of Khan from 1991 were never digitized, which is why his previous record did not come up when he applied to change his immigration status years later.)

The truth is a little more complicated. Khan arrived in Los Angeles in December 1991, and immigration officers determined that his Pakistani passport, which bore the name Mohammad Akhtar, had been altered. Because of this, he was detained and ordered to go to immigration court before it could be decided whether he could enter the United States.

Khan, in an affidavit submitted in the denaturalization case, says immigration authorities never provided him with a translator who spoke Urdu, his native language and the official language of Pakistan. (Records from the time say he spoke Punjabi.) He communicated with a lawyer, Howard George Johnson, through an Indian cellmate who did not speak Urdu. The asylum application Johnson eventually submitted on Khan’s behalf included a number of errors, including his mother’s name and referring to Khan as “Jaweed Khan a/k/a Mohammad Akhtar.” Khan signed his asylum application with the name Mohammad Akhtar, he says in his affidavit, because Johnson told him to do so.

Johnson did not give Khan a copy of the paperwork, nor did he ever tell Khan that he would later have a hearing in immigration court, he says in his affidavit. In January 1992, Khan was released on bond. The related paperwork listed Johnson’s address, rather than a Florida address, belonging to Khan’s brother, used in the asylum application. The immigration court later sent a notice of Khan’s asylum hearing to Johnson’s address; Khan says Johnson, who has since died, never informed him of the hearing. The court ordered Khan’s deportation in absentia.

All subsequent correspondence from the immigration court regarding Khan’s deportation was mailed to Johnson, who in 1998 was suspended by the California Bar for misconduct, including in relation to communicating with clients. Khan says he had no idea he was ever ordered deported and thus could not have mentioned it in his applications for permanent residency or citizenship.

The circumstances portrayed by Khan may not ultimately help him win his case. After all, the court also denied his motion for summary judgment. In his motion for pretrial judgement in his favor, Khan, through his Orlando, Florida-based lawyer James LaVigne, argues that even if the government’s allegations were true, he would still be entitled to citizenship, since he became a permanent resident through his marriage to a U.S. citizen. In ruling against Khan’s motion, Barksdale characterized that argument as “unclear.”

Whatever Barksdale decides after the April trial, Khan’s case may be a bellwether of how successful the Trump administration’s denaturalization strategy will be.

The post The Justice Department Singled Out This Man in Expanding Efforts to Strip Citizenship. A Judge Doesn’t Think the Case Is Open-and-Shut. appeared first on The Intercept.

Get ready for the age of sensor panic

A passenger on a Singapore Airlines flight this week noticed a small, circular indentation below the image playing on the seatback in-flight entertainment system in front of him. Could that be, he wondered, a camera?

The passenger did the only logical thing: He tweeted out a photo and asked the Twitterverse for opinions, setting off a chorus of complainers on Twitter.

Singapore Airlines also responded to the tweets, saying that the camera was not used by the airline to capture pictures or video. It then told media outlets in a statement that the embedded cameras “have been intended by the manufacturers for future developments. These cameras are permanently disabled on our aircraft and cannot be activated on board. We have no plans to enable or develop any features using the cameras.”

To read this article in full, please click here

President Trump Wants US To Win 5G Through Real Competition

hackingbear writes: In a tweet, President Trump said he wanted "5G, and even 6G, technology in the United States as soon as possible. I want the United States to win through competition, not by blocking out currently more advanced technologies. American companies must step up their efforts, or get left behind." While he did not specifically mention China's Huawei, many interpreted the comments as Mr Trump taking a softer stance on the firm. The U.S. has been pressuring allies to block out the Chinese telecom giant from their future 5G mobile networks, but the tactic meets considerable resistance. "Mr. President. I cannot agree with you more. Our company is always ready to help build the real 5G network in the U.S., through competition," Huawei President Ken Hu replied in a tweet, mocking Trump's frequent usages of the word "real." Huawei is the second biggest holder of 5G patents after Samsung and the top contributor to the 5G standard, and is setting its sight on 6G.

Read more of this story at Slashdot.

The new battlefield: the race to integrate cyber and electronic warfare – Global Defence Technology Special | Issue 1

defence.nridigital.com - The US DoD is responding. In December, the Terrestrial Layer Intelligence System (TLIS) – which will combine the Army's ground-based electronic attack and military intelligence into a single platform…


Tweeted by @AirSpecInt https://twitter.com/AirSpecInt/status/1099212753389191169

Japan’s Hayabusa 2 Successfully Touches Down On Ryugu Asteroid, Fires Bullet Into Its Surface

Japan's Hayabusa 2 spacecraft has successfully touched down on the asteroid Ryugu at around 11:30 GMT on Thursday. "Data from the probe showed changes in speed and direction, indicating it had reached the asteroid's surface, according to officials from the Japan Aerospace Exploration Agency (JAXA)," reports The Guardian. From the report: The probe was due to fire a bullet at the Ryugu asteroid, to stir up surface matter, which it will then collect for analysis back on Earth. The asteroid is thought to contain relatively large amounts of organic matter and water from some 4.6 billion years ago when the solar system was born. The complicated procedure took less time than expected and appeared to go without a hitch, said Hayabusa 2 mission manager Makoto Yoshikawa. The spacecraft is seeking to gather 10g of the dislodged debris with an instrument named the Sampler Horn that hangs from its underbelly. Whatever material is collected by the spacecraft will be stored onboard until Hayabusa 2 reaches its landing site in Woomera, South Australia, in 2020 after a journey of more than three billion miles. UPDATE: JAXA says it successfully fired a "bullet" into Ryugu, collecting the disturbed material. "JAXA scientists had expected to find a powdery surface on Ryugu, but tests showed that the asteroid is covered in larger gravel," reports CNN. "As a result the team had to carry out a simulation to test whether the projectile would be capable of disturbing enough material to be collected by [the Sampler Horn]. The team is planning a total of three sampling events over the next few weeks."

Read more of this story at Slashdot.

Comprehensive Guide on Snort (Part 1)

This article will introduce a guide to understand IDS using Snort as an example for it.

Table of Content :

  • Introduction to IDS
  • Categories of IDS
  • Types of IDS
  • Introduction to Snort

Introduction to IDS

IDS Stands for Intrusion Detection System. The techniques and methods on which an IDS is founded on are used to monitor and reveal malicious activities both on the host and network level. Once the said activities occur then an alert is issued to aware every one of the attack. It can be hardware or software or a combination of both; depends on the requirement. An IDS use both signature or anomaly based technique together or separately; again depending on requirement. Your network topology determines where to add intrusion detection systems. Whether it should be positioned at one or more places depends on if you want to track internal threat or external threat. For instance, if you want to protect yourself from external traffic then you should place an IDS at the router and if you want to protect the inner network then place the IDS on every network segment.

Categories of IDS

Signature-Based IDS

This IDS verifies signatures of data packets in the network traffic. Basically, it finds the data packets and uses their signatures to confirm whether they are a threat or not. Such signatures are commonly known for intrusion-related signatures or anomalies related to internet protocol. Intruders such as computer viruses, etc, always have a signature, therefore, it can be easily detected by software IDS. As it uses signatures to identify the threats.

Anomaly IDS

This IDS usually detects if a data packet behaves anomaly. It issues an alert if packet anomalies are present in protocol header parts. This system produces better results in some cases than signature-based IDS. Normally such IDS captures data from the network and on these packets, it then applies the rules to it in order to detect anomalies.

Types of IDS

NIDS

NIDS stand for Network Intrusion Detection System. These types of IDS will capture data packets that were received and sent in the network and tally such packets from the database of signatures. if the packet is a match then no alert will be issued otherwise it will issue an alert letting everyone know of a malicious attack. Snort is an excellent example of a NIDS.

HIDS

HIDS stands for Host Intrusion Detection System which, obviously, acts as a host. Such types of IDS monitor system and application logs to detect intruder activity. Some IDS reacts when some malicious activity takes place, others monitor all the traffics coming to the host where IDS is installed and give alerts in real time.

Introduction to snort

Snort is a Network Intrusion Detection System (NIDS). It’s quite popular and is open source software which helps in monitor network traffic in real-time, hence it can also be considered as a packet sniffer. Basically, it examines each and every data packet in depth to see if there are any malicious payloads. it can also be used for protocol analysis and content searching. It is capable of detecting various attacks like port scans, buffer overflow, etc. It’s available for all platforms i.e. Windows, Linux, etc. It doesn’t require any recompilation with the system or hardware to added to your distribution; root privileges are required though. It inspects all the network traffic against the provided set of rules and then alerts the administration about any suspicious activity. it’s divided into multiple components and all the components work together to detect an intrusion. Following are the major components of snort :

  • Packet Decoder
  • Pre-processors
  • Detection Engine
  • Logging and Alerting System
  • Output Modules

Installation of Snort

First, use the ifconfig command in your Ubuntu to check the interface. As you can see the image below the interface is ens33.

Now, let’s install snort by using the following command :

sudo apt-get install snort*

Once the installation starts, it will ask you the interface that we previously checked. Give its name here and press enter.

Then it will ask you about your network IP. Here, you can either provide a single IP or the range of IPs as we have given below in the image :

Then possible, it will again ask you for the name of the interface, provide it again and press enter.

As the snort is installed, open the configuration file using nano or any text editor to make some changes inside. Use the following command to do so :

sudo nano /etc/snort/snort.conf

Scroll down the text file near line number 45 to specify your network for protection as shown in the given image.

#Setup the network addresses you are protecting

ipvar HOME_NET 192.168.1.21

Now run given below command to enable IDS mode of snort :

sudo snort -A console -i ens33 -c /etc/snort/snort.conf

The above command will compile the complete file and test the configuration setting automatically as shown in given below image:

Once the snort is installed and configured, we can start making changes to its rules as per our own requirement and desire. To the rules on which snort works use the following command :

cd etc/snort/rules
ls -la

As shown in the image below, you can find all the documents related to rules.

Snort Rule Format

Snort offers its user to write their own rule for generating logs of Incoming/Outgoing network packets. Only they need to follow the snort rule format where packets must meet the threshold conditions. Always bear in mind that the snort rule can be written by combining two main parts “the Header” and “the Options” segment.

The header part contains information such as the action, protocol, the source IP and port, the network packet Direction operator towards the destination IP and port, the remaining will be considered in the options part.

Syntax: Action Protocol Source IP Source port -> Destination IP Destination port (options)

Header Fields:-

Action: It informs Snort what kind of action to be performed when it discovers a packet that matches the rule description. There are five existing default job actions in Snort: alert, log, pass, activate, and dynamic are keyword use to define the action of rules. You can also go with additional options which include drop, reject, and sdrop.

Protocol: After deciding the option for action in the rule, you need to describe specific Protocol (IP, TCP, UDP, ICMP, any) on which this rule will be applicable.  

Source IP: This part of header describes the sender network interface from which traffic is coming.

Source Port: This part of header describes the source Port from which traffic is coming.

Direction operator (“->”, “<>”): It denotes the direction of traffic flow between sender and receiver networks.

Destination IP: This part of header describes the destination network interface in which traffic is coming for establishing the connection.

Destination Port: This part of header describes the destination Port on which traffic is coming for establishing the connection.

Option Fields:

The body for rule option is usually written between circular brackets “()” that contains keywords with their argument and separated by semicolon “;” from another keyword.

There are four major categories of rule options.

General: These options contains metadata that offers information with reference to them.

Payload: These options all come across for data contained by the packet payload and can be interconnected.

Non-payload: These options come across for non-payload data.

Post-detection: These options are rule specific triggers that happen after a rule has fired.”

General Rule Options (Metadata)

In this article are going to explore more about general rule option for beginners so that they can easily write a basic rule in snort rule file and able to analyst packet of their network. Metadata is part of the optional rule which basically contains additional information of about snort rule that is written with the help of some keywords and with their argument details.

Keyword Description
msg The msg keyword stands for “Message” that informs to snort that written argument should be print in logs while analyst of any packet.
reference The reference keyword allows rules to a reference to information present on other systems available on the Internet such as CVE.
gid The gid keyword stands for “Generator ID “which is used to identify which part of Snort create the event when a specific rule will be launched.
sid The sid keyword stands for “Snort ID” is used to uniquely identify Snort rules.
rev The rev keyword stands for “Revision” is used to uniquely identify revisions of Snort rules.
classtype The classtype keyword is used to assigned classifications and priority numbers to the group and distinguish them a rule as detecting an attack that is part of a more general type of attack class.

Syntax: config classification: name, description, priority number.

priority The priority keyword to assigns a severity rank to your rules.

Let’s start writing snort rule:

To check whether the Snort is logging any alerts as proposed, add a detection rule alert on IP packets in the “local.rules file”

Before writing new rules let’s empty the ICMP rule file by using the following command :

echo "" > icmp.rules
cat icmp.rules

The cat command will confirm whether the file is empty. Now, let’s empty the icmp-info.rules :

echo "" > icmp-info.rules
cat icmp-info.rules

Now let’s write the rule :

alert icmp any any -> 192.168.1.21 any (msg: "ICMP Packet found"; sid:10000001; )

If you observe in the image below, we have used a one-way arrow which means that snort will alert us about incoming malicious traffic :

The IP (192.168.1.10) we will attack from is shown in the image shown below :

Now, we will send two packets with the following command :

ping -n 2 192.168.1.21

You can check the details of the packets that are being sent :

Use the following command to activate snort in order to catch the malicious packets :

sudo snort -A console -q -u snort -g snort -c /etc/snort/snort.conf -i ens33

Here,

-A Set alert mode: fast, full, console, test or none

-q stands for Quiet, Don’t show banner and status report.

Run snort uid as <uname> user

-g Run snort gid as <gname> group (or gid)

-c <rules> Use Rules File

-i listen on interface

And as you can see in the image below the alerts are being issued by snort :

Now, add the following rule to see both incoming and outgoing traffic when an alert is issued :

alert icmp any any <> 192.168.1.21 any (msg: "ICMP Packet found"; sid:10000001; )

As the below image shows in this we have used ‘<>’, it is used in order to monitor both sent and received packets when an alert is issued.

Again we will send two packets like before using the following command :

ping -n 192.168.1.21

And therefore, as a result, you can see both packets as shown in the image below :

Now we will apply rules on port 21, 22 and 80. This way, whenever a suspicious packet is sent to these ports, we will be notified. Following are the rules to apply to achieve the said :

alert tcp any any -> any 21 (msg: "FTP Packet found"; sid:10000002; )
alert tcp any any -> any 22 (msg: "SSH Packet found"; sid:10000003; )
alert tcp any any -> any 80 (msg: "HTTP Packet found"; sid:10000003; )

When the packet is sent to port 80 as shown in the image :

Snort will issue an alert of HTTP packet as its shown in the image below :

Similarly, when a data packet sent to ftp as given in the following image :

The FTP packets will be detected and one will be notified.

Again, in a similar manner, when one tries to send packets to SSH as shown in the image below :

Snort will notify the administration as shown below :

This way, using snort or any other IDS one can be protected from network attacks by being notified of them in time.

AuthorYashika Dhir is a passionate Researcher and Technical Writer at Hacking Articles. She is a hacking enthusiast. contact here

The post Comprehensive Guide on Snort (Part 1) appeared first on Hacking Articles.

Prepare to Be Hacked: Why Realtime Security is Crucial in 2019

The threat of cyberattacks grows each year. According to a recent survey by Pew, cyberattacks now rank as one of the top global threats alongside climate change and terrorism. Attacks are becoming more complex and sophisticated. Malicious actors are now in control of vast resources including massive username and password data dumps that can be used to launch ransomware, distributed denial-of-service (DDoS), and data breach attacks against target networks.

For businesses, cybersecurity should now be an intrinsic part of operations. Falling victim to cyberattacks can have dire consequences. Downtime, loss of intellectual property, and reputation damage can all have significant financial costs. Even governments aren’t sympathetic to companies that get breached due to lax security. Data protection regulations can levy significant fines on companies that fail to protect customer data.

We recently met with Diane Rogers, Product Manager of Realtime Security of IT management platform Cloud Management Suite, to discuss what cybersecurity has in store for companies this year.

Cyberattacks have been a hot topic over the past years. What’s in store for us in 2019?

It’s generally believed that getting attacked is a matter of “when” and not “if.” Attackers now use automation to carry out their attempts. Any network or device that connects to the internet has a high chance of being attacked. By adding more devices and endpoints to their networks, businesses essentially widen their attack surface.


Source: Cloud Management Suite

By the end of 2020, analysts estimate that there will be more than 20 billion connected Internet-of-Things (IoT) devices. If you assume your corporate assets remain secure and untouched by IoT growth, you expose yourself to data breaches, overall outage, and loss of intellectual property. Hackers prey on the weakest link to access devices. Increasingly, these security holes result not just from email links, but smartphone apps, a quick check of social network status, smart sensors on the manufacturing floor, the automatic coffee pot in the break room, anything with access to the internet.

What kinds of threats can we expect?

Over the past years, the biggest attacks involved ransomware, data breaches, and DDoS attacks. We’re likely to see more of the same. Attackers now have control over botnets that could continuously carry out these attacks. Last January, the release of Collection #1 revealed that millions of username and password combinations are available in the black market likely obtained from previous breaches. Since users tend to reuse passwords, hackers can use these data to breach other systems.


Source: Troy Hunt

Social engineering methods are also tried-and-tested means for hackers to gain access to systems. We could expect the continued use of phishing to try and fool users into installing malware, clicking on malicious links, and revealing access credentials. But we also have to be aware that attackers are evolving their methods. They continue to seek ways to exploit the weak links in the security chain.

What are some of these new methods that attackers use?

Hackers are always looking for vulnerabilities so there’s bound to be exploits that will be discovered and used for attacks. Some hacker groups are even experimenting with artificial intelligence to help them get around conventional security measures.

IoT devices have also become popular targets. Businesses and consumers are adopting smart devices at a rapid pace thanks to the deluge of cheap IoT devices entering the market. Unfortunately, many of these cheap gadgets actually lack essential security features making them vulnerable to attacks.

Another emerging threat is extortion through data protection laws. Attackers can threaten companies with data breaches or website defacement to make them non-compliant. Failure to protect private information can result in hefty fines from government agencies. In Europe, GDPR fines can cost as much as €10 million, or 2% of the worldwide annual revenue, whichever is higher. Attackers are banking on this fear to compel companies to pay ransom in exchange for not getting hacked.

How can companies can protect themselves?

There are a host of ways companies could secure their infrastructure from cyberattacks. Installing or enabling antivirus and anti-malware software on each endpoint is a start but this isn’t enough. Improving network security through firewalls prevents malicious traffic from reaching their networks. Educating staff on the proper use of resources and how to avoid falling victim to social engineering attacks also helps.

We at Cloud Management Suite provide a platform to empower users with comprehensive IT management capabilities. Administrators could easily manage any part of their infrastructure through the cloud. They must also know what devices are running on their network, where they are, and what software and processes their devices are running at all times. With a simple, clean, user interface we have abstracted the complexities of visualizing your network, present all possible access points, and flag devices with critical security vulnerabilities.

It’s also critical to have realtime security. If critical updates are released, patches must be immediately deployed to ensure that affected systems are kept secure. Our users could even take advantage of automated patch deployment to ensure that all devices, including IoT, are up-to-date and free from vulnerabilities.

Why does security have to be realtime?

Attackers are constantly probing networks so mitigation and response measures should be running 24/7. Attacks can happen in between scheduled updates and scans. If your data is an hour old and you aren’t tracking suspicious processes, your antivirus solution and firewall won’t protect you.

Our solution tracks roaming and IoT devices and can detect, in realtime, if a virulent process starts running on any desktop, laptop or server. In cases where some questionable processes are detected, administrators must be able to kill these processes or take affected devices offline.


Source: Cloud Management Suite

Attacks could be quite devastating. Just recently, email service provider VFEmail was hit by a catastrophic hack where the attacker was able to successfully wipe servers and backups. Even though it was detected in the middle of the attack, the damage was quite significant that the service fears that it may not be able to recover. I hope they do. But this just goes to show how determined and malicious hackers are.

All this sounds worrying, should companies be afraid?

Companies should definitely be concerned. Dealing with a cyberattack isn’t easy and smaller operations may find it hard to recover should they fall victim. But it’s also important not to be overcome by fear and panic. Cybersecurity threats are part of our reality today. The sooner we all accept this, the sooner we can move forward and take steps to prevent and react to these threats.

Fortunately, there are a wide variety of tools that are now available to deal with most threats. Cloud-based services even make it easy for smaller ventures to acquire the necessary management and security solutions to help them beef up their security.

Cybersecurity also requires a concerted effort from everyone. Companies should put security as a key part of their agenda and encourage vigilance and care from their members.

The post Prepare to Be Hacked: Why Realtime Security is Crucial in 2019 appeared first on TechWorm.

An Old WinRAR Vulnerability Left Users At Risk For Two Decades

Have you ever thought that an apparently harmless yet useful tool like WinRAR could pose security threats? Certainly seems so

An Old WinRAR Vulnerability Left Users At Risk For Two Decades on Latest Hacking News.

Researchers Make Coldest Quantum Gas of Molecules

An anonymous reader quotes a report from Phys.Org: JILA researchers have made a long-lived, record-cold gas of molecules that follow the wave patterns of quantum mechanics instead of the strictly particle nature of ordinary classical physics. The creation of this gas boosts the odds for advances in fields such as designer chemistry and quantum computing. As featured on the cover of the Feb. 22 issue of Science, the team produced a gas of potassium-rubidium (KRb) molecules at temperatures as low as 50 nanokelvin (nK). That's 50 billionths of a Kelvin, or just a smidge above absolute zero, the lowest theoretically possible temperature. The molecules are in the lowest-possible energy states, making up what is known as a degenerate Fermi gas. In a quantum gas, all of the molecules' properties are restricted to specific values, or quantized, like rungs on a ladder or notes on a musical scale. Chilling the gas to the lowest temperatures gives researchers maximum control over the molecules. The two atoms involved are in different classes: Potassium is a fermion (with an odd number of subatomic components called protons and neutrons) and rubidium is a boson (with an even number of subatomic components). The resulting molecules have a Fermi character. Before now, the coldest two-atom molecules were produced in maximum numbers of tens of thousands and at temperatures no lower than a few hundred nanoKelvin. JILA's latest gas temperature record is much lower than (about one-third of) the level where quantum effects start to take over from classical effects, and the molecules last for a few seconds -- remarkable longevity. These new ultra-low temperatures will enable researchers to compare chemical reactions in quantum versus classical environments and study how electric fields affect the polar interactions, since these newly created molecules have a positive electric charge at the rubidium atom and a negative charge at the potassium atom. Some practical benefits could include new chemical processes, new methods for quantum computing using charged molecules as quantum bits, and new precision measurement tools such as molecular clocks.

Read more of this story at Slashdot.

Carlos Bolsonaro tuíta por Jair? Estes indícios mostram que o vereador usa a conta do presidente.

Às 20h de quarta-feira, Carlos Bolsonaro disparou um tuíte saudando a nova reforma da previdência. Vinte minutos depois, seu pai, Jair Bolsonaro, publicou uma mensagem idêntica sobre a proposta apresentada naquele dia. Palavra por palavra, emoji por emoji. Não era um retuíte: era o mesmíssimo texto, colado e publicado em outra conta.

O tuíte reforçou a minha desconfiança sobre quem de fato dá a letra em @jairbolsonaro. Carlos ou o pai?

Estou cada vez mais convencido de que o pai passou uma procuração de plenos poderes para o filho de 36 anos operar o seu Twitter, e de que o vereador está logado na conta do pai no próprio celular. O debate pode parecer pequeno num país que sofre com violência, desigualdade, racismo, intolerância e estagnação econômica. Mas esse foi o canal prioritário que o próprio presidente elegeu para se comunicar com o país. E uma canelada de Carlos com o smartphone coloca fogo no governo – como vimos nesta semana.

Dias atrás, pedi para o jornalista Sérgio Spagnuolo, editor do Volt Data Lab, um levantamento sobre coincidências entre as duas contas em busca de indícios de que Carlos de fato está logado na conta do presidente (junto do Aos Fatos, Spagnuolo criou um arquivo dos tuítes presidenciais). O principal argumento a favor dessa tese é o número de retuítes: a conta do pai replicou as palavras de Carlos mais do que qualquer outra no último ano. Foram 97 retuítes de Carlos, quase 20% do total. Eduardo Bolsonaro, o outro filho e deputado federal, teve 47. Flávio, o primogênito-problema, das laranjas e dos amigos milicianos, recebeu apenas oito.

Para se ter uma ideia da dimensão da presença de @carlosbolsonaro em @jairbolsonaro, interações com o vereador representam cerca de 5% da atividade total do Twitter presidencial – nenhum outro perfil chega perto desse nível de engajamento.

22-02-2019-grafico-bolsie-twitter-2-1550884416

O número não prova nada. Mas se Carlos, tido como o guru das mídias sociais do pai desde a campanha, de fato usa a conta do pai livremente, faria sentido que aproveitasse o perfil do pai para bombar seus próprios posts. Carlos tem 900 mil seguidores. O pai, 3,3 milhões. É um belo empurrão.

Outro indício veio da análise da frequência e proximidade com a qual Carlos e Jair tuitam. O vereador e o presidente são homens ocupados, gastam o dia em reuniões e não podem passar o dia no Twitter como eu e você. Eles usam as redes sociais em determinadas horas do dia. Então, se Jair e Carlos usavam as redes sociais em intervalos próximos, temos um novo indício de que Carlos está operando o perfil do pai. Nessa hipótese, o vereador aproveita os minutos de folga para movimentar a audiência e conferir notificações das duas contas. A análise de Spagnuolo mostrou que a proximidade entre os tuítes dos dois é maior do que a de @jairbolsonaro com outras sete contas analisadas.

Quem realmente aperta o botão?

As contas de Twitter mais próximas de Jair Bolsonaro (a do Palácio do Planalto, do PSL Nacional, do vice Hamilton Mourão, do General Villas Boas, além, claro, de seus outros filhos Flávio e Eduardo) possuem publicações separadas, em geral, por 45 minutos. A grosso modo, isso significa que, num período de 45 minutos após a publicação de um tuíte de uma delas, as outras contas também fizeram publicações.

No caso de Carlos e do pai, esse tempo cai mais de 30%, para 32 minutos.

22-02-2019-grafico-bolsie-twitter-1-1550884845

Outro caso suspeito aconteceu na demissão de Gustavo Bebianno, ex-ministro da Secretaria-Geral da Presidência. Às 12h56 do dia 13, Carlos publicou uma mensagem acusando Bebianno de mentir que havia falado três vezes com o presidente e resolvido suas diferenças (o ex-ministro estava certo, e Carlos, errado). A conta do presidente retuitou a mensagem do filho às 22h31, dando ares de endosso à crítica do filho ao então ministro. A imprensa embarcou no suposto aval. A Folha de S.Paulo manchetou “Bolsonaro endossa ataques de seu filho a ministro Bebianno”. No Jornal Nacional, a repórter Delis Ortiz também disse que “o próprio Bolsonaro endossou a tese da mentira

Mas quem realmente apertou o botão?

Uma hipótese seria a de que o próprio presidente, horas depois da mensagem do filho, de fato decidiu bancar o tuíte e colocar fogo na República.

Outra seria que o vereador, lendo as críticas que recebeu ao longo do dia por prensar o ministro contra a parede, tirou o celular do bolso, selecionou o perfil do pai e retuitou a si próprio com a conta do presidente, numa espécie de autoendosso. Assim, daria um verniz de autoridade à sua opinião e afastaria as críticas de que estava se metendo onde não é chamado. Talvez com o consentimento do pai, é claro, mas, ainda assim, um endosso nascido de um impulso de Carlos a ele mesmo – e não do presidente.

Vácuo legal

Presidentes compõem equipes porque não podem dirigir a nação sozinhos. Natural que Jair, aos 63 anos, peça ajuda do filho “fera em redes sociais” para dar uma força na sua comunicação.

O problema é que Carlos Bolsonaro não faz parte do estafe do pai. Na verdade, em novembro, chegou a anunciar que estava se afastando do governo federal e retomando as atividades de vereador. Hoje, recebe salário líquido de R$ 14 mil dos cidadãos do Rio de Janeiro, cidade que tem problemas suficientes para ocupar sua rotina de trabalho.

Num Brasil utópico, toda a influência no governo deveria ter uma justificativa legal para que os cidadãos pudessem saber exatamente o que cada pessoa faz, sob quais condições, obrigações e deveres, como me disse o professor Rubens Beçak, professor de direito constitucional da USP, quando conversamos sobre a situação de Carlos. Mas o presidencialismo brasileiro é historicamente permissivo com “conselheiros pessoais” rondando o Planalto sem crachá.

Carlos teria de pedir licença da cadeira de vereador para ocupar um cargo na comunicação da Presidência. E, ainda assim, esbarraria num problema: as leis contra o nepotismo impedem a contratação do filho – em tese.

Ninguém sabe as regras, limites e obrigações deste contrato familiar.

Me preocupar com isso talvez seja excessivo apego à legalidade numa era que as instituições estão com a credibilidade no buraco. Mas o Twitter se tornou o principal e mais direto meio de comunicação de alguns dos principais líderes globais. Será que os eleitores de Jair Bolsonaro (e todos os brasileiros, francamente) estão confortáveis com a aparente procuração que o pai deu para o filho que costuma chamar de “meu pitbull” falar em seu nome?

Supostamente logado na conta do pai, Carlos toma o lugar do porta-voz da Presidência, Otávio do Rêgo Barros, e da Secretaria de Comunicação Social da Presidência da República. Os eleitores de Jair tinham noção que o vereador desempenharia papel tão central nesse governo?

Carlos Bolsonaro tem cabeça quente. O jornal O Globo analisou 500 tuítes do vereador entre 15 de dezembro e 15 de fevereiro e constatou que 72,2% são ataques. Consigo imaginar o vereador à noite, sentado no sofá com a cachorrinha Pituka no colo, cansado após um dia de reuniões frustrantes e rosnando silenciosamente de ódio contra inimigos reais e imaginários. Vejo ele sacando o celular do bolso e disparando pela conta do pai palavras descontroladas que podem atrasar ou arrasar planos que afetam as vidas de todos nós.

Sem cargo formal na administração, o tuíte de Carlos não passará pelos filtros do governo que poderiam desarmar a bomba. Ninguém sabe as regras, limites e obrigações deste contrato familiar. Carlos flutua no vácuo legal e não pode ser fiscalizado. E nem demitido.

Perguntamos ao Planalto se Carlos tem acesso à conta do pai. A assessoria da Presidência ainda não respondeu. Quando (e se) o fizer, atualizaremos este texto.

The post Carlos Bolsonaro tuíta por Jair? Estes indícios mostram que o vereador usa a conta do presidente. appeared first on The Intercept.