Month: December 2018

Enlarge (credit: Niantic)

How could Niantic, the leading developers of Pokémon Go, possibly top its augmented-reality (AR) gaming sensation? Today's announcement from the studio hints at its future strategy: find someone else to do it.

The Niantic Beyond Reality Developer Contest talks up a prize pool of more than $1 million, but the real meat of this "contest" is a brand-new incubator program that seeks to marry nimble, indie teams with Niantic's proprietary "Real World Platform" toolset. Interested developers need to come up with a team of at least five people with demonstrable experience in Unity and Java Server and send a 10-page pitch document (as opposed to a working prototype).

Where’s Simon Cowell?

Niantic has also asked for pitch videos of up to five minutes in length from each interested developer, which somewhat resembles a reality-TV contest. However, a quick scan of the contest's rules includes no mention of contestants agreeing to any sort of ongoing filmed content as part of the contest (especially since most of the three-month period will be spent in participants' home cities).

Enlarge / A screenshot of VirusTotal showing only two AV providers detected malware, four weeks after it was outed. (credit: Patrick Wardle)

Four months after a mysterious group was outed for a digital espionage operation that used novel techniques to target Mac users, its macOS malware samples continued to go undetected by most antivirus providers, a security researcher reported on Thursday.

Windshift is what researchers refer to as an APT—short for "advanced persistent threat"—that surveils individuals in the Middle East. The group operated in the shadows for two years until August, when Taha Karim, a researcher at security firm DarkMatter, profiled it at the Hack in the Box conference in Singapore. Slides, a brief description, and a report from Forbes are here, here and here, respectively.

A few things make Windshift stand out among APTs, Karim reported in August. One is how rarely the group infects its targets with malware. Instead, it relies on links inside phishing emails and SMS text messages to track the locations, online habits, and other traits of the targets. Another unusual characteristic: in the extremely rare cases Windshift uses Mac malware to steal documents or take screenshots of targets' desktops, it relies on a novel technique to bypass macOS security defenses. (The above-linked Forbes article has more on how this technique, known as a custom URL scheme, allows attacker-controlled sites to automatically install their malware on targeted Macs.)

Enlarge (credit: Jaap Arriens/NurPhoto via Getty Images)

The American Civil Liberties Union, along with Privacy International, a similar organization based in the United Kingdom, have now sued 11 federal agencies, demanding records about how those agencies engage in what is often called "lawful hacking."

The activist groups filed Freedom of Information Act requests to the FBI, the Drug Enforcement Agency, and nine others. None responded in a substantive way.

"Law enforcement use of hacking presents a unique threat to individual privacy," the ACLU argues in its lawsuit, which was filed Friday in federal court in New York state.

Enlarge (credit: Erin Hecht, Dietrich Stout)

Most genes encode proteins and are transcribed from DNA into RNA before they're translated into a protein. In complex cells, however, there are lots of added layers of complexity. The RNA typically has chunks cut out of it, has its start and end modified, and more. Collectively, these changes are called RNA processing.

Xinshu Xiao's lab at UCLA studies RNA processing in all of its many forms. RNA editing is a type of modification that involves the alteration of RNA sequences by swapping in different bases. This has the effect of increasing the number of different protein products that can be generated from a single gene.

RNA editing is known to be important in nervous system development, specifically the formation of connections between nerve cells, called synapses. Synaptic development is abnormal in autism spectrum disorders. So Xiao and her colleagues decided to look at RNA editing in the brains of people with autism. They found that RNA editing was reduced in multiple areas of the brain, and multiple genes were affected.

Enlarge (credit: Aurich / Getty)

Over the past decade, many attackers have exploited design weaknesses in the Internet’s global routing system. Most commonly, the Border Gateway Protocol (BGP) is abused to divert gigabytes, or possibly even petabytes, of high-value traffic to ISPs inside Russia or China, sometimes for years at a time, so that the data can be analyzed or manipulated. Other times, attackers have used BGP hijackings more surgically to achieve specific aims, such as stealing cryptocurrency or regaining control of computers monitored in a police investigation.

Late last month came word of a new scheme. In one of the most sophisticated uses of BGP hijacking yet, criminals used the technique to generate $29 million in fraudulent ad revenue, in part by taking control of IP addresses belonging to the US Air Force and other reputable organizations.

In all, "3ve," as researchers dubbed the ad fraud gang, used BGP attacks to hijack more than 1.5 million IP addresses over a 12-month span beginning in April 2017. The hijacking was notable for the precision and sophistication of the attackers, who clearly had experience with BGP—and a huge amount of patience.

Enlarge (credit: Benno Hansen)

What makes some people radical and prone to taking extreme views on topics? Radical, violent political movements have received a lot of attention in the news cycle, while non-violent radicalism is a significant impediment to the compromises that are necessary to build a functional society. At the same time some things we now take as accepted, like women having the right to vote or same-sex couples the right to marry, were once at the radical fringes of society. Given its importance for the evolution of societies, radicalism seems worth exploring.

One common feature of radicalism is a confidence in the rightness of your ideas, even if they go against those of society at large. So why do radicals have so much certainty? A new study pins the blame on a faulty metacognition, the process by which people recognize when their ideas might not be correct and update their beliefs accordingly.

Cognition, how meta

Our brains are not simply decision-making boxes. We're constantly evaluating how certain we are about our ideas, which can help us minimize risks—if we're not sure whether our opponent is bluffing, we're less likely to go all-in on a bet. Then, as more information becomes available, we'll generally re-evaluate our former beliefs. If we end up watching a player make a series of bluffs, then we'll include that information the next time we need to evaluate the probability.

Enlarge / Developers working in the "pit" at the MGM Grand's Garden Arena in Las Vegas during Amazon's re:Invent conference to prepare their DeepRacers for competition. (credit: Jason Levitt)

Sadly, there's one tech toy that Amazon won't be able to sell you for Christmas this year. DeepRacer is an autonomous 1/18th scale race car that was unveiled at Amazon re:Invent in November. But it won't be available until March 2019 at the soonest, so all you can do now is pre-order it on Amazon. It's too bad we'll have to wait, because this car could help developers understand reinforcement learning, a type of machine learning commonly associated with self-driving cars, and it should entertain hackers of all ages.

DeepRacer is really a full-blown Linux computer with wheels, running on an Intel Atom processor with 4GB of RAM. A closer look at its guts reveals that the car is essentially a modification of DeepLens, the video camera and computer combination released at re:Invent last year. For the new product, DeepLens has been set on wheels and seen the addition of an extra battery and some other bells and whistles. The earlier product has proven to be a popular learning tool for neural networks, but DeepRacer has an added bonus: competition.

The AWS DeepRacer League, Amazon's competition system for DeepRacer developers, will culminate with a championship each year at re:Invent. At the recent re:Invent conference, there were barely 24 hours allotted for developers to attempt to program DeepRacer cars and compete—but we were there to check out the action. DeepRacer cars, AWS accounts, and the entire MGM Grand Arena were pimped out to help developers create and test models. Participants could quickly get up to speed using two labs provided in Amazon's Github account.