RISKS-LIST: Risks-Forum Digest Sunday 4 June 2023 Volume 33 : Issue 72

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.72>
The current issue can also be found at
<http://www.csl.sri.com/users/risko/risks.txt>

Contents:
How A Dark Fleet Moves Russian Oil (The New York Times)
Metro Breach Linked To Computer In Russia, Report Finds (DCIST)
Kaspersky Says New Zero-Day Malware Hit iPhones, Including Its Own (WiReD)
$528 Billion Nuclear Cleanup Plan at Hanford Site in Jeopardy (NYTimes)
Secret industry documents reveal that makers of PFAS 'forever chemicals'
covered up their health dangers (phys.org)
Japanese Moon Lander Crashed Because of a Software Glitch (NYTimes)
Millions of Gigabyte Motherboards Were Sold With a Firmware Backdoor (WiReD)
Fake students stealing aid from colleges (Nanette Asimov)
Tesla leak reportedly shows thousands of Full Self-Driving safety complaints
(The Verge)
Tesla data leak reportedly details Autopilot complaints (LATimes)
Social Media and Youth Mental Health (U.S. Surgeon General)
Meta slapped with record $1.3 billion EU fine over data privacy (CNN)
Flaws Found in Using Source Reputation for Training Automatic Misinformation
Detection Algorithms (Carol Peters)
Failed Expectations: A Deep Dive Into the Internet's 40 Years of Evolution
(Geoff Huston)
AI Poses 'Risk of Extinction,' Industry Leaders Warn (Kevin Roose)
What we *should* be worrying about with AI (Lauren Weinstein)
Artificial intelligence system predicts consequences of gene modifications
(medicalxpress.com)
How to fund and launch your AI startup (Meetup)
Rise of the Newsbots: AI-Generated News Websites Proliferating Online
(NewsGuard)
Some thoughts on the current AI storm und drang (Gene Spafford)
Massachusetts hospitals, doctors, medical groups pilot ChatGPT technology
(The Boston Globe)
The benefits and perils of using artificial intelligence to trade and other
financial instruments (TheConversation.com)
Professor Flunks All His Students After ChatGPT Falsely Claims It Wrote
Their Papers (Rolling Stone)
Top French court backs AI-powered surveillance cameras for Paris Olympics
(Politico)
Meta's Big AI Giveaway (Metz/Isaac)
Meta hit with record fine by Irish regulator over U.S. data transfers (CBC)
AI scanner used in hundreds of US schools misses knives (BBC)
Milton resident's against CVS raises questions about the use of AI lie
detectors in hiring (The Boston Globe)
EPIC on Generative AI (Prashanth Mundkur)
Reality check: What will generative AI really do for cybersecurity?
(Cyberscoop)
Moody's cites credit risk from state-backed cyber intrusions into
U.S. critical infrastructure (cybersecuritydive.com)
What Happens When Your Lawyer Uses ChatGPT (NYTimes)
Anger over airports' passport e-gates not working (BBC News)
Longer and longer trains are blocking emergency services and killing people
(WashPost)
Denials of health-insurance claims are risingm and getting weirder
(WashPost)
Small plane crashes after jet fighter chase in WashDC area (WashPost)
Response from American Airlines for delay (Steven J. Greenwald)
Microsoft Finds macOS Bug That Lets Hackers Bypass SIP Root Restrictions
(Sergiu Gatlan)
Apps for Older Adults Contain Security Vulnerabilities (Patrick Lejtenyi)
India official drains entire dam to retrieve phone (BBC)
Google's Privacy Sandbox (Lauren Weinstein)
WebKit Under Attack: Apple Issues Emergency Patches for 3 New Zero-Day
Vulnerabilities (Apple)
Q&A: Why is there so much hype about the quantum computer? (phys.org)
Report Estimates Trillions in Indirect Losses Would Follow Quantum Computer
Hack (nextgov.com)
Don't Store Your Money on Venmo, U.S. Govt Agency Warns (Gizmodo)
Re: An EFF Investigation: Mystery GPS Tracker (Steve Lamont)
Re: Three Companies Supplied Fake Comments to FCC (NY AG), but John Oliver
didn't (John Levine)
Re: Near collision embarrasses Navy, so they order public San Diego
(Michael Kohne)
Abridged info on RISKS (comp.risks)

----------------------------------------------------------------------

Date: Sat, 3 Jun 2023 13:15:46 PDT
From: Peter G Neumann <neumann@csl.sri.com>
Subject: How A Dark Fleet Moves Russian Oil (The New York Times)

This article is by Christian Triebert, Blacki Migliozzi, Alexander Cardia,
Muyl Shao, and David Botti. It covers pages 6-7 in today's National
Edition, and has a front-page satellite image above the fold showing the
Cathay Phoenix tanker docked at the Russian oil terminal in Kozmino,
although its GPS showed it many miles southeast, near to the coast of Japan.
Actually, the ship had left from China for a scheduled stop in South Korea,
and then switched its GPS location to a spoofed fixed FAKE location near
Niigata (Japan) while returning to Kozmino. According to the article, three
tankers tracked by *The NYTimes* from Kozmino had made 13 trips loading
Russian oil and delivering it to China, each using GPS spoofing to mask
their whereabouts.

[Just another instance of spoofed GPS locations, which have been
discussed in earlier RISKS issues, such as these:
Russia Regularly Spoofs Regional GPS (RISKS-31.15)
Ghost ships, crop circles, and soft gold: A GPS mystery in Shanghai,
RISKS-31.48)
Mysterious GPS outages are wracking the shipping industry (RISKS-31.59)
High Seas Deception: How Shady Ships Use GPS to Evade International
Law (RISKS-33.43)
PGN]

------------------------------

Date: Wed, 17 May 2023 17:04:22 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: Metro Breach Linked To Computer In Russia, Report Finds (DCIST)

A former WMATA contractor using a personal computer in Russia breached
Metro's computer system earlier this year, according to a report from
WMATA's Office of the Inspector General, revealing *grave concerns* in the
system's cyber-vulnerabilities.

The investigation by Metro OIG Rene Febles into the hacking revealed several
weaknesses in WMATA operations regarding data protection and cyberscurity,
and a failure by the agency to address its vulnerabilities.

``Evidence has surfaced that WMATA, at all levels, has failed to follow its
own data handling policies and procedures as well as other policies and
procedures establishing minimum levels of protection for handling and
transmitting various types of data collected by WMATA,'' OIG report, made
public Wednesday.

https://dcist.com/story/23/05/17/metro-breach-linked-russian-computer

------------------------------

Date: Fri, 2 Jun 2023 18:19:28 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: Kaspersky Says New Zero-Day Malware Hit iPhones, Including Its Own
(WiReD)

On the same day, Russia's FSB intelligence service launched wild claims of
NSA and Apple hacking thousands of Russians.

https://www.wired.com/story/kaspersky-apple-ios-zero-day-intrusion

------------------------------

Date: Thu, 1 Jun 2023 11:08:36 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: $528 Billion Nuclear Cleanup Plan at Hanford Site in Jeopardy
(The New York Times)

A $528-billion plan to clean up 54-million gallons of radioactive
bomb-making waste may never be achieved. Government negotiators are looking
for a compromise.

https://www.nytimes.com/2023/05/31/us/nuclear-waste-cleanup.html

[WOPR in *War Games* strikes again?
``The only winning strategy is not to play.''
A compromise here seems like a lose-lose strategy.
PGN]

------------------------------

Date: Fri, 02 Jun 2023 02:21:34 +0000
From: Richard Marlon Stein <rmstein@protonmail.com>
Subject: Secret industry documents reveal that makers of PFAS 'forever
chemicals' covered up their health dangers (phys.org)

https://phys.org/news/2023-05-secret-industry-documents-reveal-makers.html

.... From the department of environment pollution risks.

Is another master settlement agreement, similar to that imposed on tobacco
companies, for cancer-causing PFAS -- forever chemical pollution -- in the
works?

------------------------------

From: Jan Wolitzky <jan.wolitzky@gmail.com>
Date: Sat, 27 May 2023 08:36:07 -0400
Subject: Japanese Moon Lander Crashed Because of a Software Glitch
(NYTimes)

A software glitch caused a Japanese robotic spacecraft to misjudge its
altitude as it attempted to land on the moon last month leading to its
crash, an investigation has revealed.

Ispace of Japan said in a news conference on Friday that it had finished
its analysis of what went wrong during the landing attempt on April 25. The
Hakuto-R Mission 1 lander completed its planned landing sequence, slowing
to a speed of about 2 miles per hour. But it was still about three miles
above the surface. After exhausting its fuel, the spacecraft plunged to its
destruction, hitting the Atlas crater at more than 200 miles per hour.

<https://www.nytimes.com/2023/05/26/science/moon-crash-japan-ispace.html>