The Weekly Weird #33
Crowdstrike crashes everything, "nearly every" AT&T customer hacked, US Postal Service gives away addresses, Evan Gershkovich convicted in Russia, Bangladesh goes bananas, trust goes to the woodshed
Welcome once more to this weekly opportunity to whistle at the worrisome bounty bestowed on us by the converging forces of dystopia and, of course, human indifference, foolishness, and hubris.
Apologies for getting this out later than usual, but the delay ended up adding to the list of things to include - so much so, in fact, that there are things I had to leave out because too many crazy dystopian developments came in on the wire this week.
For example, there’s no space to get into this wild Christian ministry talk show from four months ago, in which a ‘prophecy-off’ resulted in one of the participants describing an attempt on Trump’s life involving a bullet whizzing past his ear close enough to ‘burst his eardrum’ and leaving him a changed man ‘on fire for Jesus.’
Spooky.
I had to include this video of Hulk Hogan going retro for “Trumpamania” somehow though, it’s too funny1:
What’s next, Bushwhackers for Biden? Kamala for Kamala?
But I digress.
The next episode of the podcast is out tomorrow. I speak with the best-selling author Christina Dalcher about her work conceiving and shaping dystopias in fiction, especially her first novel VOX, which is well-worth a read if you haven’t already read it.
Well then, without further ado, let’s get to it…
Crowdstrike Crashes Everything
“This was not a cyberattack.”
So reads the second sentence of the statement released by cybersecurity company Crowdstrike after “a defect found in a single content update for Windows hosts” on Friday caused a worldwide computer crash that left banks, airlines, hospitals, and helpless IT bods staring at Microsoft’s infamous Blue Screen of Death wondering if the Rapture was finally here.
Sky News in the UK was unable to broadcast live, as they described in a live broadcast.
Oh, the humanity.
An estimated 15 million computers running Windows were affected, and even with a reboot time of 30 seconds once the patch is in place, one cybersecurity expert suggested the issue could take “longer than a weekend” to fix.
Those of us given to Schadenfreude might appreciate this pompous video from Crowdstrike a couple of years ago declaring that their service will help businesses “outsmart the adversary.” Who could have predicted that the call would come from inside the house?
From Wired:
…the ongoing digital catastrophe that rocked the internet and IT infrastructure around the globe over the past 12 hours appears to have been triggered not by malicious code released by hackers, but by the software designed to stop them.
Crowdstrike exhibited insufficient contrition for the multitude of people affected by cancelled flights and medical appointments, failed transactions, and even the inability to collect prescription medication.
We understand the gravity of the situation and are deeply sorry for the inconvenience and disruption. We are working with all impacted customers to ensure that systems are back up and they can deliver the services their customers are counting on.
South Park’s riff on BP’s apology for an oil spill comes to mind…
At least it’s one for the record books, as per Wired:
“It's the biggest case in history. We’ve never had a worldwide workstation outage like this,” says Mikko Hyppönen, the chief research officer at cybersecurity company WithSecure.
[…]
“The fixes we’ve seen so far mean that you have to physically go to every machine, which will take days, because it’s millions of machines around the world which are having the problem right now.”
Wired expressed the situation pithily, with wistful philosophical melancholy:
“The catastrophic situation reflects the fragility and deep interconnectedness of the internet.”
“Nearly Every” AT&T Customer Hacked
This week was a hot dose of Everything Everywhere All At Once. American telecoms giant AT&T confessed, via an SEC filing, that massive hacks of their customers’ data had taken place in 2022 and 2023.
From NBC News:
Hackers stole six months' worth of call and text message records of nearly every AT&T cellular network customer, the company said Friday, a breach that has the potential to reveal sensitive information about millions of Americans.
This news was swiftly followed by a report in Wired that AT&T “paid a member of the hacking team more than $300,000 to delete the data and provide a video demonstrating proof of deletion.”
How sweet! They actually believe that someone who stole all that data, and took a ransom payment, would be so honourable as to permanently delete the definitely-only-one copy.
How much was the payment in real money? According to Wired, “5.7 bitcoin.”
Need to pay a hacker for data you failed to protect properly by using an unsecured third-party cloud supplier?
Isn’t it great that we can rely on technology to secure our digital identity, provide a centralised digital currency, permit the filming and tracking and AI-powered algorithmic measurement and assessment of our biometrics, place all our personal and professional communications and images and videos into cloud storage, and generally enable the Fourth Industrial Revolution?
What could possibly go wrong?
US Postal Service Gives Away Addresses
Perhaps the old ways are best. At least good old rain-or-shine mail is impervious to this sort of 21st century intrusion, right?
Wrong!
TechCrunch broke a story this week putting the US Postal Service in the crosshairs for another dramatic data breach.
TechCrunch found USPS was sharing customers’ information by way of hidden data-collecting code (also known as tracking pixels) used across its website. Tech and advertising companies create this kind of code to collect information about the user — such as which pages they visit — every time a webpage containing the code loads in the customer’s browser.
In the case of USPS, some of that collected data included the postal addresses of logged-in USPS Informed Delivery customers, who use the service to see photos of their incoming mail before it arrives.
It’s not clear how many individuals had their information collected or for how long. Informed Delivery had more than 62 million users as of March 2024.
How could something like that happen at a time when we’re being told that personal data and security are paramount, and being encouraged to give up more and more of our sensitive information in exchange for the convenience of doing pretty much anything?
More from the Crunch (emphasis mine):
In a statement to TechCrunch, USPS spokesperson Jim McKean said: “The Postal Service leverages an analytics platform for our own internal purposes, so that we understand the usage of our products and services and which we use on an aggregated basis to market our products.”
“The Postal Service does not sell or provide any personal information that is collected from this analytics platform to any third party, and we were unaware of any configuration of the platform that collected personal information from the URL and that shared it without our knowledge with social media.”
“We have taken immediate action to remediate this issue,” the spokesperson said, without saying what action was taken. The spokesperson declined to comment further.
“We didn’t read the small print.” Really?
Spokes-bots from Meta and LinkedIn offered up non-apologies along the lines of “We said we didn’t want that data, so if we ended up with it, blame the people who let us access it, who are not us” (not a verbatim comment).
Meanwhile:
Our testing showed the data-collecting code on USPS’ website was scraping the customer’s address from the Informed Delivery landing page after customers logged in, and then sending it to the companies.
The code also collected other data, such as information about the user’s computer type and browser, which appeared as partly pseudonymized — essentially scrambled in a way that makes it more difficult for humans to know where data came from, or who it relates to, by using randomized identifiers in place of real customer names. But researchers have long warned that pseudonymous data can still be used to re-identify seemingly anonymous individuals.
TechCrunch also found that tracking numbers entered into the USPS website were also shared with advertisers and tech companies, including Bing, Google, LinkedIn, Pinterest and Snap. Some in-transit tracking data was also shared, such as the real-world location of the mail in the postal system, even if the customer was not logged in to USPS’ website.
USPS’ spokesperson declined to say if the postal service will ask the tech companies to delete the data that they collected.
Elsewhere in dystopia…
Evan Gershkovich Convicted In Russia
American Wall Street Journal reporter Evan Gershkovich has been sentenced to 16 years for spying by a Russian court.
From The Wall Street Journal:
The court’s Friday verdict—after three days of hearings—was widely viewed as a foregone conclusion, since acquittals in Russian espionage trials are exceedingly rare. Gershkovich was afforded few of the protections normally accorded to defendants in the U.S. and other Western countries.
The Journal continues:
Gershkovich, a 32-year-old U.S. citizen, has been imprisoned since March of last year, when he was detained by the country’s Federal Security Service, or FSB, while on a reporting assignment in Yekaterinburg, around 900 miles east of Moscow.
In June, Russian prosecutors approved an indictment of Gershkovich, falsely alleging that he was gathering information about a Russian defense contractor on behalf of the Central Intelligence Agency.
In fact, Gershkovich, who was accredited as a foreign correspondent by Russian authorities, was in Yekaterinburg and elsewhere in the Sverdlovsk region for the sole purpose of reporting for the Journal.
Is it possible that Russia was in a hurry to make Gershkovich a prisoner so that they could engage in a prisoner swap?
Last month, Sergei Ryabkov, Russia’s deputy foreign minister, again raised the prospect of a prisoner exchange with the U.S. In February, Putin indicated that he would be open to a prisoner swap for Gershkovich and others. He made clear reference to Vadim Krasikov, an FSB operative now serving a life sentence in Germany for killing a Chechen émigré in Berlin in 2019.
Shenanigans aside, let’s hope this guy gets out of the penal colony and onto a plane home sometime soon.
Bangladesh Goes Bananas
A widespread revolt has broken out in Bangladesh after the government reinstated an unpopular quota system that gives preferential job opportunities to specific types of citizens.
The protests are led by students who feel their job prospects are being negatively affected.
Al Jazeera English has more:
Since July 1, university students have been protesting across the country to demand the removal of quotas in government jobs after the High Court reinstated a rule that reserves nearly one-third of posts for the descendants of those who participated in the country’s 1971 liberation movement.
Following the High Court’s ruling in June, 56 percent of government jobs are now reserved for specific groups, including children and grandchildren of freedom fighters, women, and people from “backward districts”.
WION (The World Is One News) have a live-stream of what is going on in the densely-populated country, where “67 percent of Bangladesh’s 170 million people are aged 15-64 and more than a quarter are aged 15 and 29, according to the International Labour Organization.”
Part of the government’s response to the unrest has been “a near-total national internet shutdown,” as per NetBlocks.
The saga is ongoing.
Trust Goes To The Woodshed
In news likely to shock precisely nobody, the 2024 Edelman Trust Barometer shows that trust in institutions and government is low in most Western democracies, and high in China.
From Visual Capitalist:
Other “shockers” from the ‘top findings’ of the report are that people trust tech but not AI, and among industries, tech is losing the trust of the public noticeably and rapidly.
Edelman also announced their forthcoming in-depth study on the wetness of water. Just kidding, but only just.
That’s it for this week’s Weird, everyone. Thank you as always for reading.
Outro music is the soothing balladry of the Dave Matthews Band with Crash Into Me, in honour of the sadness some hapless cubicle drone at Crowdstrike must be dealing with as they realise they’ve accidentally ruined countless summer holidays and prevented at least a hundred life-saving operations, all in their battle to “outsmart the adversary.”
Stay sane, friends.
If you like his endorsement of Trump, you’ll love the scandal over “his” crypto token.
Another great installment!
So many ways to look at the Crowdstrike debacle. Personally, I’m leaning towards the notion that it was a test run of code that will have a negative effect on the election process. But that’s just conjecture and the Cabal is vast in the reach of its tentacles!
Funny how USPS pretends it wasn’t intentionally collecting data…I don’t know if you have moved in recent years yet, if you want to have your mail forwarded to a new address and have the sender be informed of the change, you must provide the USPS with your Driver’s License which they scan into their system. Unlike years past, if you have mail that arrives with a slightly different name, you can no longer authorize mail forwarding! Which means, USPS, in cahoots with the Cabal, has verification of your legal name and a recent photo of you that, IMO, will be used when they come to arrest us and march us off to the concentration camps or into 15 minute cities or other nefarious acts.