A company you’ve probably never heard of caused half the internet to go dark

Link: https://www.vox.com/recode/2021/6/8/22524024/fastly-web-outage-news-websites?mc_cid=1581e9eab7&mc_eid=983bcf5922

Excerpt:

One of the reasons the Fastly outage seems so wide scale is that cloud computing service companies like Fastly are consolidating, leaving websites dependent on a shrinking number of providers. Even if there aren’t that many total outages, the fact that so many everyday sites rely on fewer cloud providers makes each individual outage feel pretty significant to an average internet user who just wanted to buy some stuff on Amazon and read the New York Times early Tuesday morning.

There are benefits to consolidation, explains Doug Madory, the head of internet analysis at the network monitoring company Kentik. For instance, a smaller number of cloud providers means it’s much easier to get those providers to deploy a particular security change. “The flip side is the liability [of] having a few megacompanies, whether they’re CDNs or other types of internet firms, responsible for a lot of our internet activities,” Madory told Recode.

In other words, when one of these megacompanies updates its systems and inadvertently causes an outage, the damage radius could be quite wide. This is what happened in 2011 when one of Amazon’s cloud computing systems, Elastic Block Store (EBS), crashed and brought Reddit, Quora, and Foursquare offline. After the incident, Amazon explained that engineers inadvertently caused technical problems that trickled down through its systems and caused the outage.

Author(s): Rebecca Heilweil

Publication Date: 8 June 2021

Publication Site: Vox recode

Return of the IRS Scandal

Link: https://www.wsj.com/amp/articles/return-of-the-irs-scandal-11623191964

Excerpt:

 Less than half a year into the Biden Presidency, the Internal Revenue Service is already at the center of an abuse-of-power scandal. That news broke Tuesday when ProPublica, a website whose journalism promotes progressive causes, published information from what it said are 15 years of the tax returns of Jeff Bezos, Warren Buffett and other rich Americans.

Leaking such information is a crime, since under federal law tax returns are confidential. ProPublica says it received the files from “an anonymous source” and doesn’t know who provided them, how they were obtained, or what the source’s motives are.

Allow us to fill in that last blank. The story arrives amid the Biden Administration’s effort to pass the largest tax increase as a share of the economy since 1968. The main Democratic argument for a tax hike is that the rich should pay their “fair share.” The ProPublica story is a long argument that somehow the rich don’t pay enough. The timing here is no coincidence, comrade.

….

This still leaves the real scandal, which is that someone leaked confidential IRS information about individuals to serve a political agenda. This is the same tax agency that pursued a vendetta against conservative nonprofit groups during the Obama Administration. Remember Lois Lerner?

This is also the same IRS that Democrats now want to infuse with $80 billion more to chase a fanciful amount of uncollected taxes. As part of this effort, Mr. Biden wants the IRS to collect “gross inflows and outflows on all business and personal accounts from financial institutions.” Why? So the information can be leaked to ProPublica?

Author(s): Editorial board of WSJ

Publication Date: 8 June 2021

Publication Site: Wall Street Journal

Schoolyard Justice in Federal Court

Link: https://www.wsj.com/articles/schoolyard-justice-in-federal-court-11623171249

Excerpt:

 The bank administered a loan of some $1 billion, sending payments from Revlon to the lenders. Citibank mistakenly sent a wire transfer of the entire principal amount due when it only intended a single installment.

Under established law, the money that Citibank wired should be repaid because it was sent by mistake. But U.S. District Judge Jesse Furman upset settled law and allowed lenders to keep the money on the ground that the recipients did not have notice that the funds had been sent erroneously. If that became the rule, it would upset the important relationships among lenders, borrowers and trusted intermediaries.

….

Mistakes like this occur with surprising frequency. In 2017, the German bank KfW mistakenly transferred $5.4 billion to lenders. In China, the bank Rural Commercial Bank in Changsha thought that a customer’s 10-digit account number was actually the amount of money to be transferred, and mistakenly sent 1.2 billion yuan (around $190 million) to the customer. Deutsche Bank recently sent $6 billion to a U.S.-based hedge fund in error. In all these cases, the banks recovered the errant funds transfers almost immediately.

Author(s): Jonathan Macey

Publication Date: 8 June 2021

Publication Site: Wall Street Journal

Summary of June 8 outage

Link: https://www.fastly.com/blog/summary-of-june-8-outage

Excerpt:

On May 12, we began a software deployment that introduced a bug that could be triggered by a specific customer configuration under specific circumstances.

Early June 8, a customer pushed a valid configuration change that included the specific circumstances that triggered the bug, which caused 85% of our network to return errors.

Author(s): Nick Rockwell

Publication Date: 8 June 2021

Publication Site: fastly

The Science Suggests a Wuhan Lab Leak

Link: https://www.wsj.com/articles/the-science-suggests-a-wuhan-lab-leak-11622995184

Excerpt:

In gain-of-function research, a microbiologist can increase the lethality of a coronavirus enormously by splicing a special sequence into its genome at a prime location. Doing this leaves no trace of manipulation. But it alters the virus spike protein, rendering it easier for the virus to inject genetic material into the victim cell. Since 1992 there have been at least 11 separate experiments adding a special sequence to the same location. The end result has always been supercharged viruses.

A genome is a blueprint for the factory of a cell to make proteins. The language is made up of three-letter “words,” 64 in total, that represent the 20 different amino acids. For example, there are six different words for the amino acid arginine, the one that is often used in supercharging viruses. Every cell has a different preference for which word it likes to use most.

In the case of the gain-of-function supercharge, other sequences could have been spliced into this same site. Instead of a CGG-CGG (known as “double CGG”) that tells the protein factory to make two arginine amino acids in a row, you’ll obtain equal lethality by splicing any one of 35 of the other two-word combinations for double arginine. If the insertion takes place naturally, say through recombination, then one of those 35 other sequences is far more likely to appear; CGG is rarely used in the class of coronaviruses that can recombine with CoV-2.

In fact, in the entire class of coronaviruses that includes CoV-2, the CGG-CGG combination has never been found naturally. That means the common method of viruses picking up new skills, called recombination, cannot operate here. A virus simply cannot pick up a sequence from another virus if that sequence isn’t present in any other virus.

Author(s): Steven Quay, Richard Muller

Publication Date: 6 June 2021

Publication Site: Wall Street Journal

MTA scare highlights public finance cyber woes

Link: https://fixedincome.fidelity.com/ftgw/fi/FINewsArticle?id=202106070952SM______BNDBUYER_00000179-d86e-df56-a3fd-f8fe8d120001_110.1

Excerpt:

Subway safety in New York took on a new meaning when the Metropolitan Transportation Authority acknowleged a cyber intrusion, which set off loud alarm bells about the rising threat of system hacks.

The MTA is one of the largest municipal issuers and reports linked China’s government to the episode.

Despite MTA officials? assurances of quick troubleshooting and no evidence of compromise to its operational systems, employee or customer information, this marked the latest chilling cybersecurity event for public finance.

Author(s): Paul Burton

Publication Date: 7 June 2021

Publication Site: Fidelity Fixed Income

Pennsylvania’s Biggest Pension Racks Up Costs After Misreporting Returns

Link: https://www.wsj.com/articles/pennsylvanias-biggest-pension-racks-up-costs-after-misreporting-returns-11620990002

Excerpt:

The board of trustees overseeing the $62 billion Pennsylvania School Employees Retirement System has spent more than $1 million so far to investigate and contain fallout from an inaccurate report on investment results delivered late last year. The report led to a mistaken conclusion that no increase in employee pension contributions would be needed this year.

The system’s trustees have hired batteries of lawyers since the mistake was revealed. The board said in April that it had hired law firms to conduct an investigation into the miscalculation and to respond to a federal grand jury subpoena requesting documents. It couldn’t be determined whether the subpoena relates to the miscalculation.

…..

However, in March the pension system said that the actual nine-year return came to 6.34%, triggering an increase in employee pension contributions reportedly affecting some 100,000 workers whose contributions will increase by 0.50% to 0.75% starting July 1. For instance, a school worker who earns about $45,000 annually would have roughly $8.65 withheld from each biweekly paycheck, the system’s website explains.

Author(s): Preeti Singh

Publication Date: 14 May 2021

Publication Site: Wall Street Journal

Con of the Week: Greensill Capital

Link: https://taibbi.substack.com/p/con-of-the-week-greensill-capital

Excerpt:

In finance there regularly appears a character who stands on a soapbox and claims to have re-discovered the natural laws of the universe. Go ahead, jump: with 10 shares of Invest-O, you won’t come down! Alan Greenspan’s declaration in the middle of the first tech bubble that we might be in the middle of a “once-or twice-in-a-century phenomenon that will carry productivity trends to a new higher track” helped birth the “new paradigm” theory, which denounced caution before investing in companies without revenues or plans as anachronistic timidity.

Greensill prophesied a revolution in his erstwhile dull trade. He hammered the theme that “AI” and “Big Data” were bringing about a “tectonic shift,” described by one writer as “the biggest revolution in history.” 

Author(s): Matt Taibbi

Publication Date: 19 May 2021

Publication Site: TK News

7 Investigates: Federal Pension Problems

Excerpt:

The average pension is processed in two to three months.

So why wasn’t Karen getting her checks?

The government agency that processes pensions for federal workers, the Office of Personnel Management, tells 7-Investigates it has a backlog of more than 25,000 and that “the COVID-19 pandemic has disrupted normal operations.”

An agency spokesperson says that’s because the work is “paper-based,” and need to be shared with different agencies.

Anna-Marie Tabor, director of the Pension Action Center at UMass Boston, says that’s surprising to hear.

“It’s a big problem especially during the pandemic when people can’t just go into the office and pull out a box of documents. These records really should be converted to electronic documents so that they can be accessed in 2021, especially in case of a pandemic,” says Tabor.

Author(s):

Publication Date: 18 May 2021

Publication Site: 7 News Boston

Colonial Pipeline Hack Reveals America’s Vulnerabilities

Link: https://www.governing.com/security/colonial-pipeline-hack-reveals-americas-vulnerabilities

Excerpt:

If you want to get Americans’ attention, hit their ability to drive. Panic buying and gas lines were quickly seen in the Southeast. Midweek, 71 percent of the gas stations in car-burdened Charlotte, North Carolina, were dry.

Ransomware takes control of a company’s or organization’s software or data until the owners make a payment. Even paying a ransom doesn’t guarantee the owners will get control again.

Initial reports said Colonial refused to pay ransom. But Colonial handed over nearly $5 million to the hackers. Bloomberg reports that the payment was in difficult-to-trace cryptocurrency. In exchange, Colonial received a decrypting tool to help restore its disabled network.

DarkSide, believed to be based in Eastern Europe, released a statement saying, “We are apolitical, we do not participate in geopolitics … Our goal is to make money, and not creating problems for society.”

But no one is safe from cybercrime, whether the attacker is a shadowy group or tied to a nation-state, whether they want money or data or to paralyze infrastructure. Whether the victim is an individual who opened an email containing malware or a leading technology company.

Author(s): Jon Talton, The Seattle Times

Publication Date: 14 May 2021

Publication Site: Governing

Colonial pipeline hack: Key takeaways from Biden’s first energy crisis

Link: https://www.axios.com/colonial-pipeline-hack-biden-energy-crisis-e004b745-43ee-4963-81d7-b10765215a9d.html

Excerpt:

It’s a stunning real-world example of how many types of infrastructure remain vulnerable to hackers.

The Atlantic Council’s Cynthia Quarterman, a top Transportation Department official in the Obama era, said it “exposes the soft underbelly of the nation’s critical energy infrastructure.”

Quarterman, in comments on the council’s site, notes that if a company like Colonial can be breached, smaller companies are even more vulnerable to attack.

Author(s): Ben Geman

Publication Date: 13 May 2021

Publication Site: Axios

How To Stop Ransomware Attacks? 1 Proposal Would Prohibit Victims From Paying Up

Link: https://www.npr.org/2021/05/13/996299367/how-to-stop-ransomware-attacks-1-proposal-would-prohibit-victims-from-paying-up

Excerpt:

Colonial has acknowledged that its computer networks were hit by a ransomware attack — in essence, an attack in which a hacker or criminal group breaks in and encrypts the contents of a victim’s computers until a ransom is paid. And while the company has declined to say whether it has offered a ransom, the attack is focusing new attention on a potentially radical proposal to stem the growing threat posed by ransomware: making it illegal for targets to pay their attackers.

….

Callow says a ban is just part of the answer, and in its report, the ransomware task force said governments would need to ease the transition before moving to a world where ransom payments are prohibited. Changes would need to be phased in, it said, and allow time for governments to set up protection and support programs for victims. A bipartisan bill introduced last year in the Senate, for example, called for study into the creation of a federal fund to help support the recovery and response to significant cyber-incidents.

The clock may already be ticking — at least for some. In what is likely a first, the global insurance company Axa announced last week that it would stop offering policies in France that reimburse customers for extortion payments made to cybercriminals.

Author(s): Jason Breslow

Publication Date: 13 May 2021

Publication Site: NPR