From the “No good deed goes unpunished” files, this week came news of a German programmer who probably wishes he had selected better clients. According to Heise Online (English translation), a freelance programmer — referred to only as “defendant” in the article — was retained by a company to look into a database problem in their system. His investigation revealed that the customer’s database was being filled with log messages from a third-party service called Modern Solution GmbH & Co. KG. over a MySQL connection to a remote server. Assuming this connection was dedicated for his client’s use, the programmer looked at the executable used to make the connection with a text editor, which revealed a password in plain text. Upon connecting to the remote database, he found that it not only contained data for all of Modern Solution’s customers, but also data for all the end users of their customers.
Realizing he’d unintentionally wandered into verboten territory, the programmer immediately backed out and contacted Modern Solutions. They quickly fixed the issue, and then just as quickly reported him to the police. Their “investigation” revealed that the programmer had “decompiled” the executable to obtain the password, in violation of German law. The judge agreed, stating that merely looking at and using the password constituted a criminal offense, regardless of intent and despite the fact that Modern Solution had provided the password to the programmer’s client when they sold them the software. The upshot of all of this nonsense? A €3,000 fine for the programmer, if the verdict stands on appeal. It could have been worse, though; German law allows for up to three years in prison for such offenses.
The dystopian future you’ve been expecting is here now, at least if you live in New York City, which unveiled a trio of technology solutions to the city’s crime woes this week. Surprisingly, the least terrifying one is “DigiDog,” which seems to be more or less an off-the-shelf Spot robot from Boston Dynamics. DigiDog’s job is to de-escalate hostage negotiation situations, and unarmed though it may be, we suspect that the mission will fail spectacularly if either the hostage or hostage-taker has seen Black Mirror. Also likely to terrify the public is the totally-not-a-Dalek-looking K5 Autonomous Security Robot, which is apparently already wandering around Times Square using AI and other buzzwords to snitch on people. And finally, there’s StarChase, which is based on an AR-15 lower receiver and shoots GPS trackers that stick to cars so they can be tracked remotely. We’re not sure about that last one either; besides the fact that it looks like a grenade launcher, the GPS tracker isn’t exactly covert. Plus it’s only attached with adhesive, so it seems easy enough to pop it off the target vehicle and throw it in a sewer, or even attach it to another car.
Something odd is afoot in the mountains around Salt Lake City, Utah, at least according to local media reports of remote radio installations that have been popping up for at least the past year. The installations consist of a large-ish solar panel, a weatherproof box full of batteries — and presumably other electronics, including radios — and a mast bearing at least one antenna. Local officials aren’t quite sure who these remote setups belong to or what they’re intended to do, but the installations obviously represent a huge investment in resources.
The one featured in the story was located near the summit of Twin Peaks, which is about 11,000 feet (3,300 meters) in elevation, which with that much gear was probably a hell of a hike. Plus, the owner took great pains to make sure the site would withstand the weather, with antenna mast guy wires that must have required lugging a pretty big drill up with them. There aren’t any photos of the radios in the enclosure, but one photo shows a 900-MHz LORA antenna, while another shows what appears to be a panel antenna, perhaps pointing toward another site. So maybe a LORA mesh network? Some comments in the Twitter thread show most people are convinced this is a Helium crypto mining rig, but the Helium Explorer doesn’t show any hotspots listed in that area. Either way, the owners are out of luck, since their gear is being removed if it’s on public land.
ATM skimmers are electronic devices designed to read financial card information, and they are usually paired with a camera to capture a user’s PIN. These devices always have to hide their presence, and their design has been a bit of an arms race. Skimmers designed to be inserted into a card slot like a parasite have been around for several years, but [Brian Krebs] shows pictures of recently captured skimmer hardware only a fraction of a millimeter thick. And that’s including the battery.
As hardware gets smaller, cameras to capture PIN entry are more easily hidden in things like fake panels.
The goal of these skimmers is to read and log a card’s magnetic strip data. All by itself, that data is not enough to do anything dastardly. That’s why the hardware is complemented by a separate device that captures a user’s PIN as they type it in, and this is usually accomplished with a camera. These are also getting smaller and thinner, which makes them easier to conceal. With a copy of the card’s magnetic strip data and the owner’s PIN, criminals have all they need to create a cloned card that can be used to make withdrawals. (They don’t this so themselves, of course. They coerce or dupe third parties into doing it for them.)
It looks like the ongoing semiconductor shortage isn’t getting any better, and if the recent spate of computer thefts from semi trucks is any indication, it’s only going to get worse. Thieves seem to be targeting the Freightliner Cascadia, probably the most popular heavy freight truck on the road in North America today, with “smash and grab” thefts targeting the CPC4, or Common Powertrain Control module. These modules are sitting ducks — they’re easy to locate and remove, the chip shortage has made legit modules nearly unobtanium from dealers, and the truck won’t run without them. That’s driven the black market price for a CPC up to $8,000 or more, making them a tempting target. And it’s not only individual trucks parked in truck stop lots that are being hit; gangs are breaking into trucking company lots and bricking dozens of trucks in short order. So the supply chain problem which started the semiconductor shortage caused the module shortage, which drives the thieves to steal modules and take trucks off the road, which only worsens the supply chain shortage that started the whole thing. Nice positive feedback loop.
Tell the world that something is in short supply, and you can bet that people will start reacting to that news in the ways that make the most sense to them — remember the toilet paper shortage? It’s the same with the ongoing semiconductor pinch, except that since the item in short supply is (arguably) more valuable than toilet paper, the behavior and the risks people are willing to take around it are even more extreme. Sure, we’ve seen chip hoarding, and a marked rise in counterfeit chips. But we’d imagine that this is the first time we’ve seen chip smuggling quite like this. The smuggler was caught at the Hong Kong-Macao border with 256 Core i7 and i9 processors, valued at about $123,000, strapped to his legs and chest. It reminds us more of “Midnight Express”-style heroin smuggling, although we have to say we love the fact that this guy chose a power of 2 when strapping these babies on.
Speaking of big money, let’s say you’ve pulled off a few chip heists without getting caught, and have retired from the smuggling business. What is one to do with the ill-gotten gains? Apparently, there’s a big boom in artifacts from the early days of console gaming, so you might want to start spreading some money around there. But you’d better prepare to smuggle a lot of chips: last week, an unopened Legend of Zelda cartridge for the NES sold for $870,000 at auction. Not to be outdone, two days later someone actually paid $1.56 million for a Super Mario 64 cartridge, this time apparently still in the tamperproof container that displayed it on a shelf somewhere in 1996. Nostalgia can be an expensive drug.
And it’s not just video games that are commanding high prices these days. If you’ve got a spare quarter million or so, why not bid on this real Apollo Guidance Computer and DSKY? The AGC is a non-flown machine that was installed in LTA-8, the “lunar test article” version of the Landing Module (LM) that was used for vacuum testing. If the photos in the auction listing seem familiar, it’s with good reason: this is the same AGC that was restored to operating condition by Carl Claunch, Mike Stewart, Ken Shiriff, and Marc Verdiell. Sotheby’s estimates the value at $200,000 to $300,000; in a world of billionaire megalomaniacs with dreams of space empires, we wouldn’t be surprised if a working AGC went for much, much more than that.
Meanwhile, current day space exploration is going swimmingly. Just this week NASA got the Hubble Space Telescope back online, which is great news for astronomers. And on Mars, the Ingenuity helicopter just keeps on delivering during its “operations demonstration” mission. Originally just supposed to be a technology demonstration, Ingenuity has proven to be a useful companion to the Perseverance rover, scouting out locations of interest to explore or areas of hazard to avoid. On the helicopter’s recent ninth flight, it scouted a dune field for the team, providing photographs that showed the area would be too dangerous for the rover to cross. The rover’s on-board navigation system isn’t great at seeing sand dunes, so Ingenuity’s images are a real boon to mission planners, not to mention geologists and astrobiologists, who are seeing promising areas of the ancient lakebed to explore.
And finally, most of us know all too well how audio feedback works, and all the occasions to avoid it. But what about video feedback? What happens when you point a camera that a screen displaying the image from the camera? Fractals are what happens, or at least something that looks a lot like fractals. Code Parade has been playing with what he calls “analog fractals”, which are generated just by video feedback and not by computational means. While he’d prefer to do this old school with analog video equipment, it easy enough to replicate on a computer; he even has a web page that lets you arrange a series of virtual monitors on your screen. Point a webcam at the screen, and you’re off on a fractal journey that constantly changes and shifts. Give it a try.
Normally we like hearing about old military gear going on the surplus market. But if you encounter some late-model Russian radio and crypto equipment for sale you might want to make sure it isn’t hot (English translation). If you prefer not picking through the machine translation to English, the BBC also has a good write-up.
The Russians maintain four large planes set up as flying command and control bunkers in case of nuclear war — so-called “doomsday planes.” Like the U.S. ABNBC (better known as Looking Glass) fleet, the planes can provide the President or other senior leaders a complete command capability while in flight. As you might expect, the radios and gear on the plane are highly classified.
