1. Forum
  2. Usenet
  3. COMP.RISKS

  • Risks Digest 33.23 (2/2)

    From RISKS List Owner@21:1/5 to All on Fri May 27 21:41:34 2022
    [continued from previous message]

    for telephone calls. The other was to be used for WhatsApp conversations.
    The inclusion of WhatsApp is interesting. Subsequent to Gloria's death, I reassigned the number on Gloria's phone and found that WhatsApp continued to receive messages from original groups set up prior to Gloria's death and
    using her original phone number, but also received messages to the same
    groups from the same people when the new number was used. WhatsApp has some intriguing addressing going on.

    In addition we did some searching on the phone numbers provided. One
    number seems to have been registered in the Cayman Islands. And, of
    course, we all know how much fraud there is associated with the Cayman
    Islands. The other number popped up some rather interesting results, indicating a connection to Russian criminals. In any case, the fraudster
    was pretty clearly identified as such by the use of these numbers. In addition, the fraudster's story of both his own position in relation to personnel associated with the death, and the conspiracy that was supposedly associated with the death, are fairly clearly, and demonstrably, untrue. However, they are not completely improbable and, for someone who was not a professional paranoid, no one would think to check that these situations
    were questionable.

    I do not know how the fraudster obtained information about the family. I do have some suspicions, given some of the mistakes that the fraudster made in identifying the family. The fraudster initially contacted someone in a
    place where the family had been, but no longer resided. When the fraudster then contacted the family directly, the fraudster did claim to be local to
    the area. (This seems to be an attempt to appear trustworthy due to proximity.) Although not too terribly local. No really detailed
    information was provided. In any case the phone numbers provided definitely did not match the supposed location of the fraudster.

    I do not know how much information above the actual death the fraudster had, although I'm sure that information was not difficult to come by. (Probably
    a basic newspaper obituary would provide most details.) However, I am reasonably certain that the family did, unwittingly, provide information to
    the fraudster on specific details of the death, and their unhappiness with
    the investigation. The fraudster of course, used this further information
    to refine their social engineering approach to the family. (I hope that I wouldn't be gullible enough to betray information to a fraudster, but, being
    a bereaved widower and therefore having questionable judgment in any case,
    as well as being sleep deprived, and therefore having my judgment denigrated even further. It is likely that I might provide such information. It
    certainly would not be beyond the bounds of possibility.)

    As I said, I was involved only peripherally. Hopefully I provided some
    advice in the situation, and hopefully helped the family to come to a
    decision. In the end, the decision seems to have been to turn to the
    police, and not engage the fraudster anymore. I believe this to be the
    correct decision. But I understand the difficulty in coming to that
    decision.

    ------------------------------

    Date: Thu, 19 May 2022 13:30:22 -0700
    From: Lauren Weinstein <lauren@vortex.com>
    Subject: ACM makes back archives available for free

    ACM (Association for Computing Machinery) makes their archive from
    1951 to 2000 available for free

    Very cool to see this big chunk of the ACM archive no longer being
    paywalled. It seems quite comprehensive -- I've already located a number of CACM articles I authored or coauthored during this period, including both serious ones and from my series of April Fool's Day CACM columns. Long time since I've seen those in their original form!

    ACM announcement:

    https://associationsnow.com/2022/05/the-way-things-were-why-open-access-to-the-acm-digital-library-matters/

    ACM library search:

    https://dl.acm.org/

    Bonus: Ken and Dennis discuss UNIX (1973):

    https://dl.acm.org/doi/10.1145/800009.808045

    [Also the first 10 years of *Inside Risks* -- 126 monthly articles,
    many of which are now old-hat, but some of which represent RISKS issues
    that are still problematic. PGN]

    ------------------------------

    Date: Thu, 26 May 2022 14:41:18 -0400
    From: Gabe Goldberg <gabe@gabegold.com>
    Subject: Cybercriminals target metaverse investors with phishing scams
    (CNBC)

    The metaverse, the new digital frontier where users can attend virtual
    concerts or purchase digital assets like land, has been hit with fraud.

    Cybercriminals use phishing links that imitate the legitimate metaverse platforms to drain investors' digital wallets of assets.

    While metaverse platforms are increasing their security measures and
    educating consumers about fraud prevention, they say they're not responsible for refunding money to phishing scam victims.

    A nurse in rural Maine. A fitness instructor in Colorado. A venture
    capitalist in Florida. All three invested in the metaverse, buying land they say they thought was a solid investment.

    "I was really excited about it," said Kasha Desrosiers, a long-term care
    nurse. "And hopeful for, you know, whatever projects that would come out of it."

    But in just days or months, all their virtual land was gone. And each of
    them says that there was simply no way to get it back.

    Investors across the country told CNBC that hackers stole their land in the metaverse by tricking them into clicking on links they believed were genuine portals to the virtual universe, but which turned out to be phishing sites designed to steal user credentials. What they wanted was a piece of the metaverse — a new, blockchain-based virtual set of platforms that has recently come to prominence because of significant involvement from celebrities, fashion shows and investors.

    Instead, they say they got a lesson in the dangers of high-risk investing.

    https://www.cnbc.com/2022/05/26/cybercriminals-target-metaverse-investors-with-phishing-scams.html

    I think they mean, "investing".

    ------------------------------

    Date: Fri, 20 May 2022 13:19:52 -0400
    From: Gabe Goldberg <gabe@gabegold.com>
    Subject: 'Elon Musk's Crash Course' shows the tragic cost of his leadership
    (NPR)

    Just as his effort to buy Twitter has led the world to focus on Elon Musk's management style and business strategies, FX and The New York Times have stepped up with a documentary taking a close look at how Musk responded to crashes involving the Autopilot function in cars from his company, Tesla.

    For those watching Musk's fitful attempt to buy Twitter, the film also
    serves as a pointed comparison; showing how his penchant for bold moves and provocative statements can lead fans to see what they want in his words – regardless of whether what he says is actually possible.

    As part of FX's The New York Times Presents documentary series, Elon Musk's Crash Course suggests that Musk oversold the cars' self-driving
    capabilities, leading to public confusion over what it could actually
    do. And when federal authorities began an investigation into a fatal crash involving the technology, the program says Musk pressured officials to curb
    the investigation.

    https://www.npr.org/2022/05/20/1100022168/elon-musks-crash-course-new-york-times-fx-hulu-twitter-tesla-self-driving-cars

    ------------------------------

    Date: Fri, 20 May 2022 10:43:42 +0800
    From: Richard Stein <rmstein@ieee.org>
    Subject: Re: ACM, Ethics, and Corporate Behavior (RISKS-33.20)

    Via private communication, Prof. Moshe Vardi notified me about his essay: "Artificial Intelligence: Ethics Versus Public Policy" (01APR2022) https://sinews.siam.org/Details-Page/artificial-intelligence-ethics-versus-public-policy,

    Prof. Vardi argues that legislation and regulation, aka public policy, is an appropriate measure to deter deployment of exploitative AI applications endangering public health, safety and privacy interests.

    Ethical restraints have failed to slow AI product introductions that
    jeopardize public interests. Ethics, it appears, no longer concern professionals from contributing their skills and energies to create and
    deploy hazardous AI products and services. As aphorisms that once guided responsible professional action, ethics are diminished by corporate
    governance directives that demand organizational behavior compliance.

    A brand outrage incident can arise from corporate employee ethics
    breach. These occurrences are often excused under the "better to ask forgiveness than to get permission" expedient when profit flows from their outcome. No matter the merit and justification, ethical protests by brave technology professionals seldom prevent for-profit deployment of product
    that jeopardizes public wellbeing.

    Regulations, historically, are cautiously introduced to improve public
    safety outcomes. Vehicle head and taillights, mirrors, seat belts, air bags, turn signals, and horns exemplify the benefits of regulation that strengthen public safety and health interests without detriment to corporations or products.

    Enacting and enforcing regulations that penalize rapacious AI deployments
    will establish corporate accountability for their public health, safety, and privacy consequences. Reminding CxOs and boards of directors that
    exploitation of public data entitled by commercial impunity claimed with product indemnification and terms of service exposes their governance
    decisions to personal legal jeopardy.

    ------------------------------

    Date: Mon, 1 Aug 2020 11:11:11 -0800
    From: RISKS-request@csl.sri.com
    Subject: Abridged info on RISKS (comp.risks)

    The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
    comp.risks, the feed for which is donated by panix.com as of June 2011.
    SUBSCRIPTIONS: The mailman Web interface can be used directly to
    subscribe and unsubscribe:
    http://mls.csl.sri.com/mailman/listinfo/risks

    SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line that
    includes the string `notsp'. Otherwise your message may not be read.
    *** This attention-string has never changed, but might if spammers use it.
    SPAM challenge-responses will not be honored. Instead, use an alternative
    address from which you never send mail where the address becomes public!
    The complete INFO file (submissions, default disclaimers, archive sites,
    copyright policy, etc.) is online.
    <http://www.CSL.sri.com/risksinfo.html>
    *** Contributors are assumed to have read the full info file for guidelines!

    OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's
    searchable html archive at newcastle:
    http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
    Also, ftp://ftp.sri.com/risks for the current volume/previous directories
    or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
    If none of those work for you, the most recent issue is always at
    http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-33.00
    ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
    *** NOTE: If a cited URL fails, we do not try to update them. Try
    browsing on the keywords in the subject line or cited article leads.
    Apologies for what Office365 and SafeLinks may have done to URLs.
    Special Offer to Join ACM for readers of the ACM RISKS Forum:
    <http://www.acm.org/joinacm1>

    ------------------------------

    End of RISKS-FORUM Digest 33.23
    ************************

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)