Skip to content

Nick L

What would happen if Facebook was turned off?

Quote

Imagine a world without the social network

THERE HAS never been such an agglomeration of humanity as Facebook. Some 2.3bn people, 30% of the world’s population, engage with the network each month. Economists reckon it may yield trillions of dollars’ worth of value for its users. But Facebook is also blamed for all sorts of social horrors: from addiction and bullying to the erosion of fact-based political discourse and the enabling of genocide. New research—and there is more all the time—suggests such accusations are not entirely without merit. It may be time to consider what life without Facebook would be like.

To begin to imagine such a world, suppose that researchers could kick a sample of people off Facebook and observe the results. In fact, several teams of scholars have done just that. In January Hunt Allcott, of New York University, and Luca Braghieri, Sarah Eichmeyer and Matthew Gentzkow, of Stanford University, published results of the largest such experiment yet. They recruited several thousand Facebookers and sorted them into control and treatment groups. Members of the treatment group were asked to deactivate their Facebook profiles for four weeks in late 2018. The researchers checked up on their volunteers to make sure they stayed off the social network, and then studied what happened to people cast into the digital wilderness.

Facebook is also blamed for all sorts of social horrors: from addiction and bullying to the erosion of fact-based political discourse and the enabling of genocide. New research—and there is more all the time—suggests such accusations are not entirely without merit. It may be time to consider what life without Facebook would be like.

 

THERE HAS never been such an agglomeration of humanity as Facebook. Some 2.3bn people, 30% of the world’s population, engage with the network each month. Economists reckon it may yield trillions of dollars’ worth of value for its users. But Facebook is also blamed for all sorts of social horrors: from addiction and bullying to the erosion of fact-based political discourse and the enabling of genocide. New research—and there is more all the time—suggests such accusations are not entirely without merit. It may be time to consider what life without Facebook would be like.

To begin to imagine such a world, suppose that researchers could kick a sample of people off Facebook and observe the results. In fact, several teams of scholars have done just that. In January Hunt Allcott, of New York University, and Luca Braghieri, Sarah Eichmeyer and Matthew Gentzkow, of Stanford University, published results of the largest such experiment yet. They recruited several thousand Facebookers and sorted them into control and treatment groups. Members of the treatment group were asked to deactivate their Facebook profiles for four weeks in late 2018. The researchers checked up on their volunteers to make sure they stayed off the social network, and then studied what happened to people cast into the digital wilderness.

Meanwhile back at the ranch – Alexa,Google Home, etc. are flying off the shelves.

Retail Arbitrage – Not everything on Amazon, eBay is a good deal

…And here is why

Quote

The Herberts were on the hunt for all of the Contigo water bottles the store had in stock, and kept the camera rolling for their 6,400 YouTube subscribers. Within minutes, an employee pulled out 32 two-packs — sold on clearance for $5 each — from a back storage room. For two people who recently left their jobs in finance, the blue-and-black plastic bottles might as well have been made of gold. The Herberts would resell the two-packs on Amazon for $19.95. Subtracting some taxes and fees, they’d clear $6.16 in profit. All told, the Herbert’s 10-minute Target run earned them $198.

Juston, 30, and Kristen, 28, estimate they can reel in $150,000 this year from their newest gig: retail arbitrage. The basic idea is to buy up a bunch of the same item — from water bottles to vacuums to Monopoly boards — and then resell them online for a handsome profit.

Chris Green wrote one of the go-to how-to books on the topic, titled “Retail Arbitrage.” And he’s helped popularize the moniker.

…..

The term seems to be having a moment. In December, according to Google Trends, searches for “retail arbitrage” spiked on YouTube, where aficionados post videos of their shopping and reselling sprees. (One reseller, who has more than 52,000 YouTube subscribers, filmed his 22-hour buying binge through 17 Walmarts. He filled his trunk with 182 Monopoly games and flipped most of them in one night for $2,500.)

In the early 2000s, resellers started flipping products on eBay. But Green’s guide focused on the engine behind many of these small businesses: Fulfillment By Amazon, or FBA.

Chris Green wrote one of the go-to how-to books on the topic, titled “Retail Arbitrage.” And he’s helped popularize the moniker.

The term seems to be having a moment. In December, according to Google Trends, searches for “retail arbitrage” spiked on YouTube, where aficionados post videos of their shopping and reselling sprees. (One reseller, who has more than 52,000 YouTube subscribers, filmed his 22-hour buying binge through 17 Walmarts. He filled his trunk with 182 Monopoly games and flipped most of them in one night for $2,500.)

In the early 2000s, resellers started flipping products on eBay. But Green’s guide focused on the engine behind many of these small businesses: Fulfillment By Amazon, or FBA.


Amazon “needs people like me to fill all the holes in the marketplace,” he said.

“We’re literally flesh-and-blood robots for Amazon,” Rezendes said.

The retail giant hasn’t shied away from promoting its small businesses: In 2018, the number of small and medium-size businesses that passed $1 million in sales in Amazon stores worldwide grew by 20 percent. Third-party sales are growing at a faster rate than first-party sales online, the company said last month.

You’ll find Shane Myers on YouTube as the “Rise N Grind Picker” — with 15,000 YouTube subscribers.

Three years ago, with $20 in his savings account, Myers started reselling thrift store merchandise on eBay. He turned to Amazon in August. By September, Myers had churned out more than $2,000 selling used books alone. In his first three months back on retail arbitrage, he’d paid off all his credit card debt and car payments.

Myers, 31, pays $30 a month for an app called BrickSeek, which helps him find markdowns at big-box stores like Walmart and Target. A few weeks ago, Myers hit multiple Walmarts within a 150-mile radius and came home with 218 packages of lightbulbs. He found them on clearance for $2 each. He marked up the price and netted $4 to $5 on each package.

The grand total: more than $1,100 in profit.

Myers hopes that within the next year and a half he can move to retail arbitrage full time and will have paid off his house. And he hopes he’ll never miss his daughter’s birthday again for work, like when he was clocking in at his old day job in retail.

“I see money everywhere,” Myers said. “If I walk into a store, it’s just like a dollar sign sitting on the shelf.”

While one might conclude retail arbitrage hurts only the big box stores, it is untrue. It hurts the smaller retailers & shops much much more. The monopolist Amazon enables and encourages this as it helps them do further damage to the brick and mortar retailers.

Economics 101
A company wanting to monopolize a market may engage in various types of deliberate action to exclude competitors or eliminate competition. Such actions include collusion, lobbying governmental authorities, and force (see anti-competitive practices).” https://en.wikipedia.org/wiki/Monopoly

Sounds like modus operandi of big tech these days

Zucked: Waking Up to the Facebook Catastrophe -Book Review

Quote

An important investor explains how his enthusiasm has turned to shame

As the so-called Techlash gains pace and polemics on the downsides of the internet flood the book market, one omission seems to recur time and again. Facebook, Google, Amazon and the rest are too often written about as if their arrival in our lives started a new phase of history, rather than as corporations that have prospered thanks to an economic and cultural environment established in the days when platforms were things used by trains. To truly understand the revolutions in politics, culture and human behaviour these giants have accelerated, you need to start not some time in the last 15 or so years, but in the 1980s.

Early in that decade, the first arrival of digital technology in everyday life was marked by the brief microcomputer boom, which was followed by the marketing of more powerful personal computers. Meanwhile, Margaret Thatcher and Ronald Reagan were embedding the idea that government should keep its interference in industry and the economy to a minimum. In the US, a new way of thinking replaced the bipartisan belief that monopolies should always be resisted: concentrations of economic power were not a problem as long as they led to lower prices for consumers. And at the same time as old-school class politics was overshadowed, the lingering influence of the 60s counterculture gave the wealthy a new means of smoothing over their power and privilege: talking in vague terms about healing the world, and enthusiastically participating in acts of spectacular philanthropy.

If there was one period when all this cohered, it was between 1984 to 1985: the time of Band Aid and Live Aid, the launch of both Bill Gates’s Microsoft Windows operating system and the Apple Macintosh, and the advent of Reagan’s second term as president. And in 1984 Mark Zuckerberg, who would grow up in a country and culture defined by these events and forces, was born; he invented Facebook while he was at Harvard, and made his fortune via an intrusive, seemingly uncontrollable kind of capitalism, sold with the promise of “bringing the world closer together”.

Roger McNamee is a little longer in the tooth. Aged 62, he is old enough to know that the US beat the depression and won the second world war when “we subordinated the individual to the collective good, and it worked really well”. He knows that the anti-state, libertarian mores that define what we now know as Big Tech were born in the 1980s, and that by the early 21st century, “hardly anyone in Silicon Valley knew there had once been a different way of doing things”. Laissez-faire ideas, he says, joined with a bombastic arrogance in the minds of the “bros” who flocked to northern California to make their fortune from the mid 1990s onwards. What they did was founded on cutting-edge technology – but in terms of its underlying economic ideas, their business represented recently established nostrums being taken to their logical conclusion.


Should political will and public alarm eventually combine to finally break Silicon Valley’s remarkable power, McNamee knows roughly what ought to happen. He points to giving people control and ownership of their data, and the need to push through years of free-market dogma and convince the US authorities to reinvent anti-monopoly rules, and to take some action. What exactly this might entail remains frustratingly unclear, but he wants his readers to know he has made the ideological leap required. “Normally, I would approach regulation with extreme reluctance, but the ongoing damage to democracy, public health, privacy and competition justifies extraordinary measures,” he says. Unwittingly, the way he frames his point speaks volumes about how much we lost in the laissez-faire revolutions of the 1980s: what, after all, is so extraordinary about democratically elected governments taking action against corporations that are out of control?


 
This may suggest the perspective of an outsider, but McNamee does not quite fit that description. As a high-profile investor in tech businesses, he was co-founder of Elevation Partners, a private equity firm established with U2 frontman Paul “Bono” Hewson, the very embodiment of the 80s’ uneasy mixture of profit and philanthropy. In 2010, the firm acquired 1% of Facebook for $90m, but McNamee had already put money into the company, become a source of occasional advice for its founder, and been key in the appointment as chief operating officer of Sheryl Sandberg, the former Bill Clinton administration insider who brought business acumen and political connections to Zuckerberg’s inner circle. But now McNamee has come to the conclusion that what he helped bring about is a blend of hubris and dysfunction: Zucked is partly the story of his early enthusiasm giving way to mounting alarm at Facebook’s failure to match its power with responsibility, and what he has tried to do about it.

It is an unevenly told tale. McNamee wants readers to think of him as a player in the events he describes, but the text regularly has a sense of things viewed from too great a distance. That said, he knows enough about Facebook and its contexts to get to the heart of what its presence in our lives means for the world, and is bracingly blunt about the company’s threat to the basic tenets of democracy, and his own awakening to its dangers. In early passages about the initial occasions when he met Zuckerberg, he writes of a man then aged 22 appearing “consistently mature and responsible”, and “remarkably grown-up for his age”. He goes on: “I liked Zuck. I liked his team. I liked Facebook.” But by the time of the 2016 presidential election, everything had changed. In a memo to Zuckerberg and Sandberg, McNamee was blunt: “I am disappointed. I am embarrassed. I am ashamed.” And he had a keen sense of what had gone wrong, summarised here in the kind of aphoristic phrase for which he clearly has a talent: “Facebook has managed to connect 2.2 billion people and drive them apart at the same time.”

The account of how this played out is now familiar, and ends with the election and subsequent revelation that 126 million Facebook users were exposed to messages authored in Russia. McNamee deals with the Cambridge Analytica scandal, and how it highlighted Facebook’s blithe attitude to its users’ personal data (though he really should have mentioned the Observer journalist Carole Cadwalladr, whose curiosity and resilience ensured that the story broke, and Facebook was called to account). But some of his best material is about the elements of Facebook’s organisation and culture that created the mess, and the work he has done trying to alert powerful people to the need for action.

Once Zuckerberg realised his creation was eating the world, he and his colleagues did what “bros” do, and embraced a mindset known as “growth hacking”, whereby what mattered was “increasing user count, time on site, and revenue”: unrestrained capitalism, in other words. And as all these things endlessly increased, the company simply sped on. “In the world of growth hacking, users are a metric, not people,” McNamee writes. As Facebook expanded, he says, “it is highly unlikely that civic responsibility ever came up.”
Roger McNamee, founder of Elevation Partners.

If Facebook looks like a borderline autocracy (Zuckerberg controls around 60% of the company’s voting shares, because his stock has a “class B” status that gives him unchallengeable power), that is partly because it is different from comparable companies in one crucial sense: the simplicity of its business model. “The core platform consists of a product and a monetisation scheme,” McNamee points out, which “enables Facebook to centralise its decision making. There is a core team of roughly ten people who manage the company, but two people – Zuck and Sheryl Sandberg – are the arbiters of everything.” In the final analysis, Zuckerberg “is the undisputed boss”, both “rock star and cult leader”. It was always going to be a dangerous combination: global reach, a vast influence on events across the world, and a command structure too often reducible to the strengths and weaknesses of one man.

McNamee has worked hard to hold Facebook to account. His key ally is Tristan Harris, a former Google insider who is now an expert critic of Big Tech and its apparent ethical vacuum. As the most compelling passages here recount, while anxiety about the company began to spread, the pair lobbied members of Congress, and were not surprised to find that Washington “remained comfortably in the embrace of the major tech platforms” – but did their best to educate them on a subject many US legislators still seem to barely understand. Their efforts led to two hearings in late 2017, attended only by the big tech companies’ lawyers. Six months later, Zuckerberg finally went to Capitol Hill to testify over two days, but was initially confronted with some of the moronic questions imaginable (“How do you sustain a business model in which users don’t pay for your service?” asked Utah’s 84 year-old Senator, Orrin Hatch). His second session, in front of the House Of Representatives’ Committee on Energy And Commerce, was much better, full of biting criticism. But, as McNamee sighingly acknowledges, his former friend “caught a break”: TV news was suddenly consumed by fallout from the FBI raiding the home and office of Donald Trump’s attorney Michael Cohen, and Zuckerberg went back to northern California looking remarkably untroubled.

Should political will and public alarm eventually combine to finally break Silicon Valley’s remarkable power, McNamee knows roughly what ought to happen. He points to giving people control and ownership of their data, and the need to push through years of free-market dogma and convince the US authorities to reinvent anti-monopoly rules, and to take some action. What exactly this might entail remains frustratingly unclear, but he wants his readers to know he has made the ideological leap required. “Normally, I would approach regulation with extreme reluctance, but the ongoing damage to democracy, public health, privacy and competition justifies extraordinary measures,” he says. Unwittingly, the way he frames his point speaks volumes about how much we lost in the laissez-faire revolutions of the 1980s: what, after all, is so extraordinary about democratically elected governments taking action against corporations that are out of control?

Zucked! Why We Keep Forgiving Facebook

Here is an excellent Pod cast from the NPR 1A show on Facebook. Joshua Johnsonm is interviewing Roger McNamee, the author of ‘Zucked: Waking up to the Facebook Catastrophe’

You may have lots of friends on Facebook. But are you friends with Facebook?

It’s been 15 years since a Harvard student named Mark Zuckerberg co-created the social network in his dorm room. But like many teenagers, it’s prone to misbehave and worry the grown-ups. Some expect Facebook to implode before it turns sweet sixteen.

No one intended Facebook to cause the problems that it has: not Zuckerberg, its engineers, its early investors or advisors.

We spoke with Roger McNamee, former advisor and early investor, about how the company changed the world in unexpected ways and — in his view — refused to do right by its users in times of trouble.

Monopolists – Adding New Category

I am adding the new category of Monopolists and the sub-category Tech Monopolists. With the current state of things in high tech these days, what with kill zones, rampant bad corporate behavior, rampant tracking, black box user data sharing and daily new intentional breaches of privacy, industrial concentration especially in the tech sector and lax regulatory oversight  (to name a few), I hope to encourage discussion and eventually a change to a more equitable and more competitive environment.

Deleting Linkedin

Wow, what a disgusting company Linkedin (Microsoft Owner) has become. Today: 160 trackers (and counting) and canvas tracking. Linkedin is now little more than spyware and on par with the likes of that disgusting company Facebook. In case anyone interested: https://www.linkedin.com/help/linkedin/answer/63/closing-your-linkedin-account?lang=en One can download all data prior to closing account. We are in the process of doing this.

By the way, don’t take my word “The People Agree: Twitter, Facebook, and LinkedIn Are All Worse than Bank of America” Motley Fool: https://www.fool.com/investing/general/2014/01/05/the-people-agree-twitter-facebook-and-linkedin-are.aspx

Wow – worse than Bank of America. I did not think that possible!

How to Stop Facebook’s Dangerous App Integration Ploy

Here is a great op. ed. piece by Sally Hubbard who is a former assistant attorney general in the New York State Attorney General’s Antitrust Bureau and an editor at The Capitol Forum, where she covers technology and monopolization. She makes two points 1) Facebook is a monopolist and 2) the FTC is toothless. Both need to change.
Quote

In response to calls that Facebook be forced to divest itself of WhatsApp and Instagram, Mark Zuckerberg has instead made a strategic power grab: He intends to put Instagram, WhatsApp and Facebook Messenger onto a unified technical infrastructure. The integrated apps are to be encrypted to protect users from hackers. But who’s going to protect users from Facebook?

Ideally, that would be the Federal Trade Commission, the agency charged with enforcing the antitrust laws and protecting consumers from unfair business practices. But the F.T.C. has looked the other way for far too long, failing to enforce its own 2011 consent decree under which Facebook was ordered to stop deceiving users about its privacy claims. The F.T.C. has also allowed Facebook to gobble up any company that could possibly compete against it, including Instagram and WhatsApp.

Not that blocking these acquisitions would have been easy for the agency under the current state of antitrust law. Courts require antitrust enforcers to prove that a merger will raise prices or reduce production of a particular product or service. But proving that prices will increase is nearly impossible in a digital world where consumers pay not with money but with their personal data and by viewing ads.

The integration Mr. Zuckerberg plans would immunize Facebook’s monopoly power from attack. It would make breaking Instagram and WhatsApp off as independent and viable competitors much harder, and thus demands speedy action by the government before it’s too late to take the pieces apart. Mr. Zuckerberg might be betting that he can integrate these three applications faster than any antitrust case could proceed — and he would be right, because antitrust cases take years.

Luckily, the F.T.C. has a way to act quickly. Prompted by the Cambridge Analytica scandal, the agency has been investigating Facebook for violating that 2011 consent decree, which required it, among other things, to not misrepresent its handling of user information and to create a comprehensive privacy program. The F.T.C. can demand Facebook stop the integration as one of the conditions for settling any charges related to the consent decree, rather than just imposing an inconsequential fine.

If not stopped, the integration will cement Facebook’s monopoly power by enriching its data trove, allowing it to spy on users in new ways. Facebook might decide to sync data from one app to another so it can better track users. And Facebook needs user data: The reason it commands such a large share of digital advertising is that it tracks users — and even people without Facebook accounts — across millions of sites. It gathers data that allows it to target ads more precisely than many of its rivals for digital ad dollars, including news media sites and content creators.

After stopping Mr. Zuckerberg’s integration plan, the F.T.C. should reverse the WhatsApp and Instagram acquisitions as illegal under the Clayton Act, which prohibits mergers and acquisitions where the effect “may be substantially to lessen competition, or to tend to create a monopoly.” Undoing the mergers would give consumers an alternative to Facebook-owned apps and force Facebook to do better.

Without meaningful competition, Facebook has little incentive to protect users by making changes that could reduce profits. Users unhappy about data collection and algorithms that promote fake news and political polarization don’t have anywhere to go.

Any future Facebook acquisitions, no matter what the size, should be strictly reviewed because of the company’s history of deceiving users. Facebook uses technology, like its Onavo and Research apps, that monitor consumers’ app usage to identify potential rivals even before they are big enough to get on antitrust enforcers’ radars. Internal Facebook documents published by the British Parliament show Facebook used Onavo data to identify WhatsApp as a competitive threat, only to convince regulators otherwise.

Congress also should write legislation to overrule misguided cases that have neutered antitrust enforcement, and pass a strong privacy law with enough resources to enforce it. Only then, perhaps, will we be protected from Facebook.

The Unfinished Business of the Equifax Hack

Congress needs to address the failures of credit reporting.They also need to put teeth into privacy laws and enact stiff fines for breaches.

Quote

Remember the Equifax breach? In late 2017, the credit-reporting company revealed that hackers had stolen the personal data of more than 145 million people — including Social Security numbers, addresses, and in some cases even credit-card details. The incident was remarkable not only in scale, but also for the scant regard the company apparently showed for the individuals whose sensitive information it was supposed to manage.

Almost a year and a half later, almost nothing has changed. Authorities have neither sanctioned Equifax nor addressed the deeper industry-wide flaws that the incident exposed. It’s an omission that Congress must correct.

Equifax and its two main competitors, Experian and TransUnion, provide a valuable service. Their databases grease the wheels of commerce, allowing banks, employers and government agencies to quickly and easily check almost anyone’s identity and credit history. Yet their interests don’t always align with the public good. The people whose information they maintain are not their primary customers, so the firms lack an adequate incentive to ensure privacy and security, and to fix errors that can severely complicate lives. Breaches and bad data can even benefit them, helping sell products such as credit monitoring to frightened consumers.

 

Here’s what Congress can do:

  • Require the companies to meet more ambitious benchmarks for data privacy, security and accuracy. In security, for example, government and nonprofit organizations have created guidelines that supervisors could use to set standards and assess compliance.
  • Place the burden of proof on companies in consumer disputes. If they can’t demonstrate that the information in question is correct, they should remove it.
  • Make security freezes the default option, by requiring the companies to release personal information only with a consumer’s express consent.
  • Give the CFPB responsibility for overseeing all aspects of credit reporting. Overlap with the FTC on data security, for example, has bred confusion and threatens to render the agencies collectively ineffective.
  • Give consumers the power to sue for injunctive relief. This would allow courts to compel the credit-reporting companies — and those that provide them with data — to fix practices that harm consumers, as opposed to merely paying damages.


 

Over the years, authorities have tried to adjust the incentives. The Fair Credit Reporting Act requires “reasonable” efforts to keep information accurate and prevent it from falling into the wrong hands — and empowers consumers to sue for damages. The 2010 Dodd-Frank Act gave the Consumer Financial Protection Bureau broad powers to supervise the largest credit-reporting companies. A 2015 settlement with state attorneys general requires the companies to deal with disputed information more effectively, and aims to curb the common practice of hard-selling paid services to people seeking to correct their credit reports.

Yet there’s been little real progress. In the last three months of 2018, consumers submitted almost 27,000 credit-reporting complaints to the CFPB, up from fewer than 11,000 two years earlier, before the Equifax hack. Granted, this is only a small fraction of the more than 200 million people with credit reports, and various factors — such as greater awareness — could contribute to the increase. But it certainly doesn’t suggest things are improving.

The Equifax case is especially discouraging. After its security failures exposed millions to identity theft, the company responded with a glitchy website and an offer of “free” credit monitoring — a service of dubious value, given that it alerts consumers only after their identity has been stolen. It fell to Congress to demand a basic concession from the industry: free security “freezes,” which allow consumers to prevent new accounts from being opened in their name. The Trump administration has shown little interest in further action. A joint investigation by the CFPB and the Federal Trade Commission has yet to yield results.

Consumers deserve better. Here’s what Congress can do:

Require the companies to meet more ambitious benchmarks for data privacy, security and accuracy. In security, for example, government and nonprofit organizations have created guidelines that supervisors could use to set standards and assess compliance.
Place the burden of proof on companies in consumer disputes. If they can’t demonstrate that the information in question is correct, they should remove it.
Make security freezes the default option, by requiring the companies to release personal information only with a consumer’s express consent.
Give the CFPB responsibility for overseeing all aspects of credit reporting. Overlap with the FTC on data security, for example, has bred confusion and threatens to render the agencies collectively ineffective.
Give consumers the power to sue for injunctive relief. This would allow courts to compel the credit-reporting companies — and those that provide them with data — to fix practices that harm consumers, as opposed to merely paying damages.

Democratic legislators — including Senator Jack Reed and Representative Maxine Waters, the new head of the House Financial Services Committee — have introduced bills that would make many of these changes. All that remains is to get them to the president’s desk.

It’s unacceptable for credit-reporting companies to pose a threat, or even merely be a nuisance, to millions of people who never chose to do business with them. They must show that they can take responsibility for personal data, rather than leaving the task to consumers or charging for the service. They seem to need a firmer nudge, and Congress should provide it.

Avast Highlights the Threat Landscape for 2019

Heads up, it will not get easier.

Quote
The Dawn of Adversarial AI

We foresee the emergence of a class of attacks known as ‘DeepAttacks’, which use AI-generated content to evade AI security controls. In 2018, the team observed many examples where researchers used adversarial AI algorithms to fool humans. Examples include the fake Obama video created by Buzzfeed where President Obama is seen delivering fake sentences, in a convincing fashion.

We have also seen examples of adversarial AI deliberately confounding the smartest object detection algorithms, such as fooling an algorithm into thinking that a stop sign was a 45-mph speed limit sign.

In 2019, we expect to see DeepAttacks deployed more commonly in an attempt to evade both human detection and smart defenses.

IoT Threats Will Become More Sophisticated

The trend toward smart devices will be so pronounced in the coming years that it will become difficult to buy appliances or home electronics that are not connected to the internet.

Avast research has shown that security is often an afterthought in the manufacturing of these devices. While the big name smart devices often do come with embedded security options, some producers skimp on security either to keep costs low for consumers or because they are not experts in security. Considering a smart home is only as secure as its weakest link, this is a mistake. History tends to repeat itself, so we can expect to see IoT malware evolve and become more sophisticated and dangerous, similar to how PC and mobile malware developed.

Router Attacks Will Advance

Routers have proven to be a simple and fertile target for a growing wave of attacks. Not only have we seen an increase in router-based malware in 2018, but also changes in the characteristics of those attacks.

In 2019, we expect to see the increased hijacking of routers used to steal banking credentials, for example, where an infected router injects a malicious HTML frame to specific web pages when displayed on mobile. This new element could ask mobile users to install a new banking app, for instance, and this malicious app will then capture authentication messages. Routers will continue to be used as targets of an attack, not just to run malicious scripts or spy on users, but also as an intermediate link in chain attacks.

The Evolution of Mobile Threats

In 2019, well known tactics such as advertising, phishing and fake apps will continue to dominate the mobile threat landscape. In 2018, we tracked and flagged countless fake apps using our apklab.io platform. Some were even found on the Google Play Store. Fake apps are the zombies in mobile security, becoming so ubiquitous that they barely even make the headlines as new fake apps pop up to take the place of the ones already flagged for removal. They will continue to persist as a trend in 2019, exacerbated by fake versions of popular app brands doing their rounds on the Google Play Store.

In 2018, the return of banking Trojans was also particularly pronounced on the mobile side, growing 150 percent year-on-year, from three percent to over seven percent of all detections we see worldwide. While perhaps not a big shift in terms of the overall volume, we believe that cybercriminals are finding banking to be a more reliable way to make money than cryptomining.

“This year, we celebrated the 30th anniversary of the World Wide Web. Fast forward thirty years and the threat landscape is exponentially more complex, and the available attack surface is growing faster than it has at any other point in the history of technology,” commented Ondrej Vlcek, President of Consumer at Avast.

“PC viruses, while still a global threat, have been joined by a multitude of malware categories that deliver more attacks. People are acquiring more and varied types of connected devices, meaning every aspect of our lives could be compromised by an attack. Looking ahead to 2019, these trends point to a magnification of threats through these expanding threat surfaces.”

These trends form part of Avast’s annual Threat Report. To download the full report please click here.

VPNfilter – Re-post

I am re-posting info on the VPNfilter. In 2018 security researchers around the globe sounded the alarm about the Russian hacker group APT28 (AKA Fancy Bear – the same ones who most likely hacked the 2016 U.S. presidential election.) This group is purportedly responsible for a global attack called VPNFilter. This attack use a global botnet of over more than half a million routers and storage devices ((and growing).

Sadly and as has been the norm, businesses and especially small business and home networks, fail to head the warning and take action.

Cisco Talos, while working with our various intelligence partners, has discovered additional details regarding “VPNFilter.” In the days since we first published our findings on the campaign, we have seen that VPNFilter is targeting more makes/models of devices than initially thought, and has additional capabilities, including the ability to deliver exploits to endpoints. Talos recently published a blog about a broad campaign that delivered VPNFilter to small home-office network devices, as well as network-attached storage devices. As we stated in that post, our research into this threat was, and is, ongoing. In the wake of that post, we have had a number of partners step forward with additional information that has assisted us in our work. This post is an update of our findings over the past week.

First, we have determined that additional devices are being targeted by this actor, including some from vendors that are new to the target list. These new vendors are ASUS, D-Link, Huawei, Ubiquiti, UPVEL, and ZTE. New devices were also discovered from Linksys, MikroTik, Netgear, and TP-Link. Our research currently shows that no Cisco network devices are affected. We’ve provided an updated device list below.

We have also discovered a new stage 3 module that injects malicious content into web traffic as it passes through a network device. At the time of our initial posting, we did not have all of the information regarding the suspected stage 3 modules. The new module allows the actor to deliver exploits to endpoints via a man-in-the-middle capability (e.g. they can intercept network traffic and inject malicious code into it without the user’s knowledge). With this new finding, we can confirm that the threat goes beyond what the actor could do on the network device itself, and extends the threat into the networks that a compromised network device supports. We provide technical details on this module, named “ssler” below.

Additionally, we’ve discovered an additional stage 3 module that provides any stage 2 module that lacks the kill command the capability to disable the device. When executed, this module specifically removes traces of the VPNFilter malware from the device and then renders the device unusable. Analysis of this module, called “dstr,” is also provided below.

Finally, we’ve conducted further research into the stage 3 packet sniffer, including in-depth analysis of how it looks for Modbus traffic.

If you want an idea of how VPNfilter works, here is a great article on the details
VPNfilerdetails

Here is a list of known vulnerable routers.

List of known Routers with VPNFilter Vulnerbilities

Asus Devices:D-Link Devices:Huawei Devices:Linksys Devices:
RT-AC66U DES-1210-08P HG8245 E1200
RT-N10 DIR-300 E2500
RT-N10E DIR-300A E3000
RT-N10U DSR-250N E3200
RT-N56U DSR-500N E4200
RT-N66U DSR-1000 RV082
DSR-1000N WRVS4400N
Mikrotik Devices:Netgear Devices:QNAP Devices:TP-Link Devices:
CCR1009 DG834 TS251R600VPN
CCR1016DGN1000 TS439 ProTL-WR741ND
CCR1036DGN2200Other QNAP NAS devices running QTS softwareTL-WR841N
CCR1072DGN3500
CRS109 FVS318N Ubiquiti Devices:Upvel Devices:
CRS112 MBRN3000 NSM2 Unknown Models*
CRS125 R6400PBE M5
RB411 R7000
RB450 R8000ZTE Devices:
RB750 WNR1000ZXHN H108N
RB911 WNR2000
RB921 WNR2200
RB941 WNR4000
RB951 WNDR3700
RB952 WNDR4000
RB960 WNDR4300
RB962 WNDR4300-TN
RB1100 UTM50
RB1200
RB2011
RB3011
RB Groove
RB Omnitik
STX5