The Daily Parker

Politics, Weather, Photography, and the Dog

Massive security failure in Washington

A total failure to imagine a likely risk scenario has lost the State of Washington possibly hundreds of millions of dollars to thieves who defrauded the state unemployment agency:

Employment Security Department Commissioner Suzi LeVine says the names of potentially thousands of Washingtonians, many who remain employed, were used to make fake unemployment claims and defraud the state of hundreds of millions of dollars.

The state was hit especially hard in the early weeks of the coronavirus pandemic, as state and federal benefits ramped up to handle the sharp and staggering number of claims. 

Commissioner LeVine says she will make sure victim’s rights are protected, and those where benefits were paid out to the criminals won’t be liable for any sort of repayment.

“I will say this again because it’s really important. We did not have a data breach,” said Levine. “And the information was not stolen from us. It was the utilization of stolen information on our site.”

The identity information most likely came from multiple earlier data breaches, including from credit-reporting agencies. Washington State simply didn't authenticate applications properly before disbursing money: 

“These are very sophisticated criminals who have pretty robust collections of information on people, and they are activating and monetizing that information,” [LeVine] said.

No, these are, in fact, really dumb criminals who exploited the eagerness of LeVine's department getting money to claimants before employers returned validation letters. And the fact that LeVine and her department's security folks couldn't see this possibility ahead of time means they may not have the skills to do their jobs in the Internet era.

 

Domestic terrorism in Michigan

Charlie Pierce, noting that "[p]eople with firearms forced the civil government of the state of Michigan to shut itself down," wants to know in what sense this isn't terrorism. In other fun weekend stories:

And it's pouring, and will continue to do so for several more hours.

Disbar Barr

I read the news today, oh boy:

Finally, the USS Nevada, a battleship that survived World War I and Pearl Harbor until the Navy scuttled her in 1948, has been found.

What's a Wednesday again?

Remember slow news days? Me neither.

  • Republican legislators and business owners have pushed back on Illinois Governor JB Pritzker's plan to re-open the economy, preferring instead to force their employees into unsafe situations so they can return to making money.
  • Professional dilettante Jared Kushner's leadership in getting a bunch of kids to organize mask distribution went about as well as one might predict.
  • More reasonable people simply see how it means we're going to be in this a while.
  • California has sued Uber and Lyft for violating AB5, claiming the two ride-sharing companies “gain an unfair and unlawful competitive advantage by inappropriately classifying massive numbers of California drivers as independent contractors,” according to California Attorney General Xavier Becerra.
  • Assuming states were allowed to go bankrupt, Crain's Steven Strahler believes an Illinois bankruptcy might not be what anyone actually wants.
  • Illinois' $560m shortfall in gasoline taxes right now has put transit projects at risk.
  • The BBC tries to help the rest of the world understand why the US has a backlash against face masks, as does NBC.
  • If you take New York, New Jersey, and Connecticut out of the equation, the number of Covid-19 cases continues to rise in the US.
  • Bottled water sales have gone up 57% year-over-year, so Consumer Reports wants to know why people are paying so much for someone else's tap water? Especially since bottlers often don't pay their water bills while residents are getting their water shut off.
  • Anyone remember that it's the 20th anniversary of the ILOVEYOU virus?

And finally, a cute diner in Toronto where I had breakfast last June has moved to delivery service during the lockdown. Too bad they can't deliver to Chicago.

Zoom is out of the doghouse (for now)

Security guru Bruce Schneier says Zoom has cleaned up its act a lot, judging by recent surveys of video conferencing apps by the NSA and Mozilla:

The company has done a lot of work addressing previous security concerns. It still has a bit to go on end-to-end encryption. Matthew Green looked at this. Zoom does offer end-to-end encryption if 1) everyone is using a Zoom app, and not logging in to the meeting using a webpage, and 2) the meeting is not being recorded in the cloud. That's pretty good, but the real worry is where the encryption keys are generated and stored. According to Citizen Lab, the company generates them.

There is nothing in Zoom's latest announcement about key management. So: while the company has done a really good job improving the security and privacy of their platform, there seems to be just one step remaining to fully encrypt the sessions.

The other thing I want Zoom to do is to make the security options necessary to prevent Zoombombing to be made available to users of the free version of that platform. Forcing users to pay for security isn't a viable option right now.

So, we'll keep using Zoom (mainly because everyone else is). And maybe, in the future, we'll have a serious discussion about security and privacy regulations in the US.

Please have sympathy for the mentally ill and the elderly

The President of the United States, a man who literally has the power to kill billions of people in an hour, made a suggestion at his press briefing yesterday:

(NBC's report on the incident includes the line "He didn't specify the kind of disinfectant." Also, retired General Wesley Clark actually predicted it would come to this.)

The Post:

In a statement Friday, White House Press Secretary Kayleigh McEnany noted that Trump had said Americans should consult with their doctors about treatment. U.S. Surgeon General Jerome Adams released a statement reiterating that on Friday morning.

McEnany accused the media of taking Trump’s words out of context.

“President Trump has repeatedly said that Americans should consult with medical doctors regarding coronavirus treatment, a point that he emphasized again during yesterday’s briefing," she said.

Trump’s eyebrow-raising query came immediately after William N. Bryan, the acting undersecretary for science and technology at the Department of Homeland Security, gave a presentation on the potential impact of summer heat and humidity, which also included references to tests that showed the effectiveness of different types of disinfectants. He recounted data from recent tests that showed how bleach, alcohol and sunlight could kill the coronavirus on surfaces.

Well, the video above gives you about 75 full seconds of context, so you can make up your own mind on what he meant.

Fine, whatever. In real news:

Finally, Bill Gates lays out what we'll need to open up the economy again.

The Endorsement

It's official:

I mean, we all knew this was coming, especially after Bernie Sanders endorsed Biden yesterday. Because, I mean, he had to. Lookit:

And finally, despite my grocery bill, I'm going to take a look at these upside-down drink recipes to preserve my liver through the crisis.

Ten million unemployed

More than 6.6 million Americans filed for unemployment insurance last week (including 178,000 in Illinois), following the 3.3 million who filed the week before. This graphic from The Washington Post puts these numbers in perspective:

Hotel occupancy has crashed as well, down 67% year-over-year, with industry analysts predicting the worst year on record.

In other pandemic news:

Finally, unrelated to the coronavirus but definitely related to our natural environment, the Lake Michigan/Huron system recorded its third straight month of record levels in March. The lake is a full meter above the long-term average and 30 cm above last year's alarming levels.

Extraordinary measures in the UK

I'm trying to get my mind around a Conservative government announcing this a few minutes ago:

The chancellor, Rishi Sunak, has announced the government will pay the wages of British workers to keep them in jobs as the coronavirus outbreak escalates.

In an unprecedented step, Sunak said the state would pay grants covering up to 80% of the salary of workers kept on by companies, up to a total of £2,500 per month, just above the median income.

“We are starting a great national effort to protect jobs,” he said. “It’s on all of us.”

Sunak said there would be no limit on the funding available to pay people’s wages.

The government is also deferring the next quarter of VAT payments, which is the equivalent of injecting another £30bn into the economy and is designed to help companies stay afloat.

(Another thing that I just learned: Sterling has dropped 12% against the dollar in the past week, hitting £1 = $1.1641 a few minutes ago.)

Closer to home:

And finally, Mother Jones asks "How do you know if you're living through the death of an empire?"

Shaka, when the walls fell

I have tons of experience working from home, but historically I've balanced that by going out in the evenings. The pandemic has obviously cut that practice down to zero. Moreover, the village of Oak Park will start shelter-in-place measures tomorrow, so I expect Chicago to do the same in the next couple of days. The Oak Park order seems reasonable: stay home except for essentials like food and medicine, stay two meters away from other people, it's OK to walk your dog, and so on. Since I'm already doing all of those things, a Chicago order would only affect my friends who, for example, own book shops and can't work remotely for other reasons.

In other pandemic news:

  • As of yesterday a record 41,000 Illinois residents filed for unemployment benefits in a 48-hour period.
  • Two luxury hotels have closed in Chicago with others expected to follow.
  • Bruce Schneier calls attention to a work-from-home security awareness kit and worries about how the pandemic will increase overall infosec vulnerability because people don't actually know how to secure their home offices.
  • Josh Marshall worries we're flying totally blind, because we haven't collected vital data about the pandemic's spread.
  • The pub where citizens took refuge in the Zombie apocalypse comedy Sean of the Dead has shut because of the pandemic. “We stayed open during a zombie plague, ISIS attacks on London, an alien invasion and the news that Genesis were reforming, but we’ve had to take expert advice and close our doors this time”, said landlord Simon Williams.
  • Republican US Senator Richard Burr briefed "a small group of well-connected constituents" about COVID-19 three weeks ago, according to a secret recording obtained by NPR. Another Republican asshat, US Representative Don Young (R-AK), joked about the "beer virus" and suggested people continue going out as normal. (Even if I hadn't specified the party affiliations of these tools, you'd know which party, wouldn't you?)
  • Former US Senator Al Franken calls Trump's response "the last straw."
  • Peter Nicholas writes in the Atlantic that "this is how Donald Trump will be remembered."

Also, today is the 92nd anniversary of the debut of "Amos 'n' Andy" on Chicago's WMAQ radio.