David Auerbach, Author at New ĐÓ°ÉÔ­´´ Science news and science articles from New ĐÓ°ÉÔ­´´ Tue, 15 Jun 2021 11:00:51 +0000 en-US hourly 1 https://wordpress.org/?v=7.0.1 242057827 Dear IRS, why can’t we have a simpler way to do our taxes? /article/2166536-dear-irs-why-cant-we-have-a-simpler-way-to-do-our-taxes/?utm_campaign=RSS|NSNS&utm_content=currents&utm_medium=RSS&utm_source=NSNS /article/2166536-dear-irs-why-cant-we-have-a-simpler-way-to-do-our-taxes/#respond Mon, 16 Apr 2018 14:29:43 +0000 /?post_type=article&p=2166536 /article/2166536-dear-irs-why-cant-we-have-a-simpler-way-to-do-our-taxes/feed/ 0 2166536 Can we trust philanthropists like Zuckerberg to save the world? /article/2067810-can-we-trust-philanthropists-like-zuckerberg-to-save-the-world/?utm_campaign=RSS|NSNS&utm_content=currents&utm_medium=RSS&utm_source=NSNS Thu, 03 Dec 2015 14:45:00 +0000 http://dn28620 Can we trust philanthropists like Zuckerberg to save the world?

The billionaires are here to save us. As the governments of the world , on Monday Bill Gates and Mark Zuckerberg .

That was followed by Zuckerberg and his wife Priscilla Chan’s on Tuesday that he plans to donate nearly all of his money to philanthropic efforts. In a letter to his newborn daughter Max, Zuckerberg poured out the milk of human kindness:

slate_logo“The internet is so important that for every 10 people who gain internet access, about one person is lifted out of poverty and about one new job is created… If our generation connects them, we can lift hundreds of millions of people out of poverty. We can also help hundreds of millions of children get an education and save millions of lives by helping people avoid disease.”

This magnificent magnanimity provokes two inevitable reactions: 1) What great guys! and 2) Wait – are they really so great? As much as we might appreciate the generosity of our software billionaires, their raining of money over good causes also highlights the direness of a world in which a handful of individuals, through a combination of skill and luck, end up with monetary resources beyond that of most small nations. There but for the grace of Zuckerberg go we.

This reaction is natural. Zuckerberg’s announcement is the closest thing we can see to the unconstrained action of a single person shaping the world. President Obama is hamstrung by Congress. Pope Francis exerts indirect influence instead of direct power. Xi Jinping works within the apparatus of the Chinese Communist Party. And Mario Draghi, president of the European Central Bank, spends his time trying to mop up Europe’s messes.

Philanthropic canvas

But a Gates or a Zuckerberg doesn’t face such impediments. When Zuckerberg decides to donate his money after the birth of his child, it feels as though he’s casting himself as the protagonist and the entire world as his philanthropic canvas. It’s natural for the rest of us, who have no say in how he spends his billions, to feel a bit left out.

Spurred by Sean Parker’s for “hacker philanthropy” in the Wall Street Journal, Michael Massing recently about the problems with a philosophy that calls for “hacking” the world’s problems using money instead of code.

Massing is scathing – and rightly so – on Gates’s philanthropic efforts in education. Thanks to a top-down, results-oriented approach but little attention to detail, the efforts of the Gates Foundation have exacerbated the worst instincts of the school-reform movement, embodied in figures such as education-reform advocate Michelle Rhee and Arne Duncan, the outgoing secretary of the US Department of Education (). The problem isn’t the intentions, but the belief that the unilateral throwing of money at a problem alongside performance-based metrics can solve any issue just as easily as Windows was once enabled to crush its competition.

In contrast, efforts in public health and research have gone better. The programmes of the Gates Foundation in Africa have helped to reduce measles by 90 per cent in the past 15 years, among other successes. In realms where a functioning infrastructure already exists – such as medicine – an influx of cash can bolster existing projects and help organisations see them through more quickly and effectively.

Supporting role

Where the infrastructure is poor, outside injections of cash that are meant to fundamentally alter existing ways of doing things simply don’t help. This goes to show that money and philanthropy work best in a supporting role rather than a structuring one. For billionaires to take on the latter, they’d have to become dictators – and unless you’re a Donald Trump supporter, that’s probably not an appealing idea.

Massing bemoans that Gates and Zuckerberg aren’t interested in radical change or wealth redistribution, and it’s true: billionaires tend not to be big advocates for these things. But it’s absurd to expect them to be. Rather, it’s here that they become scapegoats for our own failings.

Although Zuckerberg and Gates have a great deal of influence because of their money, that power is magnified by the sheer lack of public will for governments to fix our most pressing problems. Given the amount of effort it took to make an incremental fix to the US health insurance system in the form of ObamaCare, the next drastic steps in health-care reform may very well come not from government but from the private sector.

There is a massive investment void in the US, and with the inability of the country’s political system to fill it, private parties will inevitably start to come in. Their judgements may be reasonably good (I’ll give this one to Gates), or they may be bad (hello, Koch brothers!), but they definitely will be autocratic. But that’s not on them. It’s on us.

Ironically, asking Gates and Zuckerberg to try to fix the problems of climate change, income inequality, wealth redistribution and the failing US welfare state only confirms this thesis. The futility of public works has become so ingrained as an idea that a return to a Cold War–era public-private partnership – the kind of partnership that drove the creation of the free, public, unified internet rather than the fractured landscape of cloistered social media sites we have today – never even enters our minds.

Even suggestions by Democrat presidential candidate Bernie Sanders for free college are far less radical than the mass education grants of the post-war GI bill and other programmes designed to fight the rise of the Soviets. (This was a time, remember, when as a means to fight communism.) The commitment to making smarter US citizens was one of the best things to come out of the Cold War (even if it brought with it xenophobia and nuclear terror), and for a time it was a reasonably successful effort.

No easy fix

Gates has tried to do the same and is beginning to find that the US education system is far too broken for one person, or even one education-reform movement, to fix. As Massing notes, for example, Gates has backed down on demands for in the face of its utter failure as a metric.

It is that promise to remake the US more thoroughly, gutting public-works infrastructure even further by pushing rabidly anti-tax candidates into local and state office. By stacking local and state governments with allies, they will weaken the ability of the public and the government to resist any intrusion by the ultra-rich, whether good or ill.

Gates and Zuckerberg, I presume, lack the appetite to shove their own ideological allies into fighting those of Griffin. We could still be heading towards a kind of large-scale billionaire proxy war, one in which conservative and neoliberal plutocrats duel to influence our most pressing issues while governments become limper and limper.

While Republicans have taken over local and state governments to an unprecedented degree, progressives are fighting culture wars over Halloween costumes and video games. For now, the US can’t set a safe emissions target, we can’t raise our debt ceiling without throwing a hissy fit, and people can’t figure out that Kynect and ObamaCare are the same thing. There’s only so much blame you can put on the billionaires for this.

Big improvement

Gates and Zuckerberg constitute a massive improvement over the likes of the Kochs, whose interest in criminal-justice reform only went as far as . And, of course, there’s Donald Trump, who is using his money to treat the presidential race as a cross between and .

The hacker philanthropists do seem to share something of a genuine utilitarian sensibility – and in the annals of the uber-rich, that speaks rather well of them. We should fear them less than their possible successors. The world coughs up a lot more Kochs than Zuckerbergs.

Gates and Zuckerberg don’t need me to defend them, of course. What’s important is that we do not allow their generosity to make up for our own lack of agency. Their flaws are not the flaws of horrible men, but of people, period. The real flaws in our world are structural.

This article first appeared on

(Image credit: Mark Zuckerberg via AP)

]]>
2067810
$1 billion bank hack: stopping the next cyber heist /article/2017384-1-billion-bank-hack-stopping-the-next-cyber-heist/?utm_campaign=RSS|NSNS&utm_content=currents&utm_medium=RSS&utm_source=NSNS Wed, 18 Feb 2015 18:04:00 +0000 http://dn26999 $1 billion bank hack: stopping the next cyber heistGone in a puff of smoke Gone in a puff of smoke

Good news! A major hack you don’t have to worry about! Unless, that is, you happen to be an executive or security employee at one of the hundreds of banks targeted by the group that has come to be known as Carbanak or Anunak.

If you are, then you have a problem, because these hackers – and no doubt others to come – aren’t targeting banking consumers but the internal systems of banks, silently monitoring them and subtly defrauding them. Unlike most cybercrime, this wasn’t a hold-up, but a bank heist – the kind that could ultimately affect both consumers and governments. And that’s why we should all be paying attention.

Skill-wise, the attack is at a similar level to November’s Sony Pictures hack. (So much for the FBI’s claim that the Sony hack was unprecedentedly scary.) It was a long-term effort, professionally executed, and required a fair amount of organisation and coordination to pull off.

These aren’t just script kiddies stealing people’s credit-card numbers. The hackers managed to compromise the systems of banks, but rather than immediately grabbing information and alerting targets to their presence, they would quietly observe the inner workings and transactions for months. They were then in a position to subtly manipulate the system in order to cash out. , the hackers obtained up to $1 billion through dozens of attacks over the past two years.

Systems compromised

There are several things worth noticing. One is that the initial compromises of the systems were possibly the simplest and dumbest aspects of the attacks. The hackers would enter a system through the tried-and-true method of “phishing” – sending emails to employees that purport to come from a trusted sender inside the company. (Attacking a specific organisation through this approach is called “spear phishing”.) The employee opens an attachment in the email, which immediately compromises the system.

These hacks used Windows and Office document files that, when opened, injected malware into the target’s computer, more or less giving the hackers total control.

What they did with this control, however, was more sophisticated. The hackers monitored the keystrokes of the computer and took screenshots every 20 seconds, giving them a very clear picture of the daily internal workings of a bank. And instead of attacking customer accounts, which are more closely monitored for fraud, the hackers went after internal fund mechanisms.

First, . Second, and rather ingeniously, they attacked ATMs directly. Seizing central control of the banks’ ATMs, they set them to spit out cash spontaneously and then had their accomplices (“money mules,” as Kaspersky terms them) visit the terminals at the right time to collect the dosh.

The exact scope of the attack is still up for debate. According to Kaspersky, the group targeted banks in 30 countries, though primarily in Russia, and obtained about $1 billion. A more detailed, earlier report from December by Group-IB and Fox-IT and placed the damage in the hundreds of millions.

Phishing threat

Until banks can keep their employees from opening bad links and files inside phishing emails, they must simply assume that they are quite vulnerable to attack.

In terms of efficiency, these attacks are vastly more impressive than most hackers can ever hope to achieve. Though the efforts required time, each individual compromise raked in $10 million. Each hack remained undetected for its duration, and some banks were compromised multiple times.

Because almost none of the money was tied to any particular customer’s account, the thefts were mostly invisible to consumers, so no individuals raised red flags.

Plus, consumers face bigger threats from the more recent and , which hijack browsers to obtain user credentials, even managing to defeat two-factor authentication in some cases.

For banks and other institutions, though, Carbanak’s sophisticated attacks are scary for two reasons. Along with , these kinds of breaches entail obtaining long-term and in-depth access to targeted systems in order to cause the most damage, financial or otherwise. That means there are two facets of security that companies need to worry about.

First, there’s that primitive initial compromise. It’s somewhat embarrassing that a phishing attack can end up compromising more or less all of a bank’s systems, but that’s exactly what happened here. There was no complicated exploit of some unknown security hole or cracking of passwords; an employee just needed to open an attachment (usually a Word document) in a phishing email, which then exploited known vulnerabilities in unpatched Office software. These vulnerabilities were patched by Microsoft (most recently in March 2014).

So, at a minimum, banks need to keep their software updated with security fixes, but beyond that, they also need to scan all incoming attachments and clamp down on the ease with which employees open them.

The manipulation of the system that followed was on a whole other level. Until banks and other institutions can reliably keep their employees from opening bad links and files inside phishing emails, they must simply assume they are quite vulnerable to attack.

Secondly, given that Carbanak/Anunak’s attacks required weeks of monitoring before it could perform its high-stakes thefts, institutions need better internal-auditing mechanisms to make sure their transactions are actually being performed by their employees, rather than by skilful remote hackers.

Dodging bullets

It’s better to assume your system is already compromised and look for evidence of unwanted manipulation than to have faith in a bulletproof outer shell, because let’s face it, if you’re getting compromised by phishing emails, you are a long way from bulletproof.

This may even require setting up fake internal honeypots for thieves and other creative mechanisms, so banks can detect intrusions. Because hackers sometimes look to exploit existing latent malware already present on a network, injecting fake malware into bank networks could help to catch hackers on first contact, like a reverse Trojan horse.

Banks have every incentive to keep these attacks quiet, given that they aren’t keen on losing the confidence of customers or investors. The comparative quiet around them should not be met with complacency. The potential upside for thieves is so great that a lot of evident skill is going into these hacks, resulting in what appears to be a growing arms race between institutions and hackers with increasingly sophisticated arrays of malware and botnets, not to mention tons of time and energy. From the looks of it, the banks are pretty far behind.

David Auerbach is a writer and software engineer based in New York. His website is

]]>
2017384