Y2K Reminder

   

   At the start of a new year, I was reminded of how we all feared the start of the one at the beginning of this century. We were very uncertain as to whether moving from 19... to 20... might bring down everything. The reminder came in the form of this headline: "More Frequent -- And Disruptive --Tech Outages Are On the Way". It was in an article that recalled the big crash many of us experienced in July when a "routine software update containing a bug that crashed 8.5 computers. It was the largest IT outage in history, grounding 17,000 flights, preventing doctors from accessing medical records, interrupting 911 services and plunging broadcasters into blackouts. Such massive outages are rare, but here's why smaller outages and data breaches will happen more often in 2025."
   Some crashes will happen because of accidents or mistakes. The author points out that:
   "The logic is simple: more complex systems contain more vulnerabilities. For example, software engineers today often rely on open-source code, which performs simple tasks like calculating time zone differences. The code is free and saves time. But it can also be buggy and plagued with compatibility problems, leading to accidental disruptions. This past March, a misconfiguration in OpenSSL—an open-source software library that encrypts a large volume of internet traffic—triggered crashes in web services and databases. It took days to patch the issue."
  Another author, just yesterday, wrote about giving out "Good Tech Awards", 
  "To Andres Freund, and every open-source software maintainer saving us from doom. The most fun column I wrote this year was about a Microsoft database engineer, Andres Freund, who got some odd errors while doing routine maintenance on an obscure open-source software package called xz Utils. While investigating, Mr. Freund inadvertently discovered a huge security vulnerability in the Linux operating system, which could have allowed a hacker to take control of hundreds of millions of computers and bring the world to its knees.It turns out that much of our digital infrastructure rests on similar acts of nerdy heroism."
   That sentence indicates that some crashes will be intentional or deliberate. The day after reading the first article, I was having breakfast with friends, and one of them asked another why he had not been responding to his emails and the answer turned out to be that they had been sent to the company for which he worked and that company had been the victim of a cybercrime. The company has since paid the criminals.
  There have been many articles about such attacks, which bring down systems if a ransom is not paid. Even systems in hospitals, or libraries like those in Calgary, Toronto and the British Library. 
  If you search for examples involving cybercrime or ransomware they are easy to find and attacks are found daily in many different publications that focus on these subjects. The illustration above, came from one, Cybercrime Magazine. In it, under "Latest Security and Privacy News", one finds many and here are just a few recent, Canadian cases:
Auto parts giant LKQ says cyberattack disrupted Canadian business unit.
Cyberattack hits third-party service provider that collects Manitoba court fines.
Outage at Winnipeg schools confirmed as cyberattack.
 LifeLabs data breach report released after firm loses four-year bid to keep it quiet.
Canada Arrests Man Suspected of Hacks of Snowflake Customers.
Chinese state-backed hackers breached 20 Canadian government networks over four years, agency warns.

   Even if you are someone who doesn't rely on computers and the Internet, you are reading this. Even a pure Luddite these days would be surprised by how much could not be done if systems go down. A major internet crash could be worse than a stock market meltdown. We are lucky every day when the power comes on, water pours from the faucet and the computer and TV work.
Sources: 
"More Frequent—and Disruptive—Tech Outages Are on the Way: As companies offload tech systems to third-party suppliers, their supply chains will become vulnerable," Kami Vaniea, Maclean's, Dec. 17, 2024.
"The 2024 Good Tech Awards," Kevin Roose, NYT, Dec. 30, 2024.  

The Hacking of Libraries

 

Even Libraries Are Not Safe From Cyber Saboteurs

  If you live in Ontario you will know that five southwestern Ontario hospitals have been hit by a cyberattack. 

  You may not know that the Toronto Public Library has also been brought down by such an attack. I only know because I attempted to see if the TPL had a particular book and was greeted with a message that said: "We are actively addressing a cyber security incident that came to our attention on Saturday, October 28." As of today, the website is still down.

   The only reason I an focusing on a current event is that I read this morning that the British Library website is also down and, so far, no one has noticed that two major libraries in two major cities are inaccessible. The news presented here constitutes a "scoop," of sorts. I suppose I should have included the words, "Breaking News" since they are now often found in any reports or broadcasts (no matter how dated) produced by the legacy media.

Something Else to Worry About

   I recalled that MM has dealt with this issue before. Back in the spring of 2018, I mentioned that even islands weren't safe from such sabotage since the PEI website was breached, (see: "Cybercrime and Cyberwarfare.) More recently it was reported in MM  that a "Ransomware Attack Leads to Shutdown of Major U.S. Pipeline System." In that post you will find a link to a long report with the title: "Combatting Ransomware: A Comprehensive Framework for Action: Key Recommendations From the Ransomware Task Force." The post is: "Pipelines."

Sources:

  There has not been much about the TPL incident, but the CBC did notice when it happened: "Toronto Public Library Dealing WIth Cybersecurity 'Incident' Impacting Some Services," CBC News, Oct. 29. 2023.

  For the British Public Library see: "An Apparent Cyberattack Hushes the British Library," Alex Marshall, New York Times, Nov.3, 2023. And this from Artlyst, Nov.5, 

"British Library Knocked Offline Due to Major Cyberattack."

"Amidst Digital Chaos, the British Library is currently in the clutches of a major cyberattack. The assault, which has crippled the library’s online services and impacted its physical sites in London and Yorkshire, has left scholars, researchers, and the general public grappling with unanticipated disruptions. When Artlyst checked the website this morning it was still down with the exception of the shop, which seemed to be up and running."

Is Nothing Sacred?

Pipelines

Line 5    

  In clear violation of my blogging protocols, I will discuss a couple of current issues, but at least not the pandemic. In my defence I will say that I will focus only on the aspects of the issues which are underreported. Also, it is the case that one of the issues is "Looming", as all the headlines indicate, and by later in the week we will have been dramatically affected by it - or not. 

   Line 5 is the 'looming' issue and I will say little about it since I have already done so in the post which clearly has one of my clearest titles: Line 5.  I even provided a map. It is also is the case that there have been many stories about it. I think it is fair to say, however, that most of them indicate that clearly the shutdown will not happen and that it shouldn't because the economic results would be devastating. That is, our politicians and we Canadians mostly seem concerned only with the economic consequences, while the Governor of Michigan is worried more about the possible environmental impact on the Great Lakes if the pipeline was to burst. The irony was noticed by Rex Murphy as this headline indicates: "How's Trudeau Going to Get Out of this Line 5 Pickle and Keep Oil Flowing?" He notes: "The threat that by May 12, Gov. Whitmer will shut down Line 5 to Ontario, is so beautiful an issue it should be hanging in an art gallery.... For what have we to look at? We have two leaders, Greener than shamrocks, Prime Minister Justin Trudeau and Gov. Whitmer, who see themselves plucked by the goddess of destiny herself, as human ambulances rushing to save the Earth from global warming."

   Although I am sure that environmental groups and Indigenous ones think a break in the pipeline would not be a good thing for the Great Lakes, the 'mainstream media' seem to worry only about the business disruption. It is sometimes mentioned obliquely that the environmental impact would be more negative if the line is shutdown, because thousands of rail cars and trucks would have to be utilized to keep us supplied. I have not yet read a good newspaper piece that discusses directly what would happen if millions of gallons of petroleum products started pouring into the Great Lakes.  I suppose it is natural to pay more attention to an event that is supposed to happen on May 12, rather than to hypothesize about one that may or may not occur a few months or years from now. It is also the case that our 'mainstream media' now have few tributaries, most of them issuing from the same source. The only Canadian newspaper I am aware of that has presented the environmental side, is one you probably don't read and may not know about - The National Observer, which recently published this article: "Line 5 is an Environmental Disaster Waiting to Happen," Trevor Greene, April 6, 2021. 

The Colonial Pipeline

   Pipeline problems developed south of the border just a couple of days ago and have yet to be resolved. In this case, the problem is not a pipeline rupture, but rather, a computer breach.  Although the headline in the Washington Post says that a "Ransomeware Attack Leads to Shutdown of Major U.S. Pipeline System," the subject of "Ransomware" is not in the newspapers as much as it could be, and deliberately so. As the article indicates:

"Ransomware attacks, in which hackers lock up computer systems — usually by encrypting data — and demand payment to free up the system, are a global scourge. In recent years, they have affected everyone from banks and hospitals to universities and municipalities — almost 2,400 organizations in the United States were victimized last year alone, one security firm reported. But the attackers are increasingly targeting industrial sectors because these firms are more willing to pay up to regain control of their systems, experts say.

“The downtime for industrial companies can cost millions,” said Robert M. Lee, the chief executive of Dragos, a major cybersecurity firm that handles incidents in the industrial control sector. U.S. officials and experts in industrial control security said such attacks are more common than is publicly known and that most just do not get reported.

Even though many cases are not made public, we sometimes learn about them and they even happen close by.  In December, 2019 you may recall that a ransomware attack cost the city of Woodstock over $600,000 even though the city didn't pay the ransom.

   There is some good news to report from the United States about concerted efforts to deal with the ransomware threat.

A task force of more than 60 experts from industry, government, nonprofits and academia last month urged a series of coordinated actions by industry, government and civil society. Their recommendations include mandating that organizations report ransom payments and requiring them to consider alternatives before making payments. Governments, they said, could provide support to help firms hold out longer. The recommendations also call for global diplomatic and law enforcement efforts to induce countries from providing safe havens to ransomware criminals.

The title of the report: Combatting Ransomware: A Comprehensive Framework for Action: Key Recommendations From the Ransomware Task Force. The link will take you to the 80 pp. report and here is the first paragraph from it:

"Ransomware is not just financial extortion; it is a crime that transcends business, government, academic, and geographic boundaries. It has disproportionately impacted the healthcare industry during the COVID pandemic, and has shut down schools, hospitals, police stations, city governments, and U.S. military facilities. It is also a crime that funnels both private funds and tax dollars toward global criminal organizations. The proceeds stolen from victims may be financing illicit activities ranging from human trafficking to the development and proliferation of weapons of mass destruction."

The Bonus:

   The attack on the Colonial Pipeline appears to have come from an an Eastern European-based criminal gang known as "Darkside" and it was done for money, not for political reasons. The same is true for the major hacking and ransomware assaults initiated by the government of North Korea - they are done mainly for the money. You may recall a hacking event from a few years ago involving North Korea. When Sony Pictures released a trailer for a Seth Rogen comedy about an attempted assassination of Kim Jong Un, a computer attack against Sony was launched that did considerable personal and financial damage (Rogen remarked, "People don't usually wanna kill me for one of my movies until after they've paid 12 bucks for it.")

   That information is from an article that will keep you up at night, or at least make you realize how big a problem 'cyber-warfare' is. Hackers seem to be able to easily get into our computers, so I hope you are able to get behind the firewall to read the article which is a fascinating and scary one: "The Incredible Rise of North Korea's Hacking Army: The Country’s Cyber Forces Have Raked in Billions of Dollars for the Regime by Pulling Off Schemes Ranging from A.T.M. Heists to Cryptocurrency Thefts. Can they be stopped?" The New Yorker, April 26 & May 3, 2021.

I thought former President Trump had solved the North Korea problem. but apparently not. 

  

Year Ends & Odds

    There has been enough ranting this year so I will usher it out by offering some short posts related to past ones. They are meant as rewards for my loyal readers, but those of you who are locked in and desperate for something to do are welcome to read along. 

Book Thieves Caught!

   First, some good news. A while back I posted about the big book heist at Heathrow, during which several rare and very valuable books were stolen in a 'Mission Impossible Raid' - see The Great British Book Burglary.  Using surveillance footage and the latest in DNA analysis it was finally determined that the culprits were not the usual suspects (cardigan wearing bibliophiles), but Romanian nationals. 300 officers in three countries searched 45 addresses and twelve men have been put away for almost 50 years. "Of around 240 books that were stolen, four were still missing, according to the Met police. One in three had suffered some kind of damage." See: "Tome Raiders: Solving the Great Book Heist," Mark Wilding, The Guardian, Dec. 13, 2020.

The History of Smell

   To help you through the pandemic I posted about The History of Everything, to which was attached "A History for Every Letter" (28pp).  For the letter "S" I included, Sleep, Salt, Seduction, Solitude and Snow, but nothing stinky. Studying the smells of the past is rather tricky, but now olfactory assistance is on the way since over $3 million has been awarded for a project, "on the collection and recreation of smells in 16th- to early 20th-century Europe that will marry historical and literary analysis with machine learning and chemistry." For all the details see: ODEUROPA.  Here are two books on the subject for those of you who can't wait:

Skin Books

 

Skin Books (not pornography)

   In my series "The University of the Unusual (4)", the subject of Anthropodermic Bibliopegy was covered. It will be of interest to those who want to know more about books that are bound with human skin. A new book on the subject is now available, but I think the binding is a normal one. See: Dark Archives: A Librarian's Investigation Into the Science and History of Books Bound in Human Skin, by Megan Rosenbloom. ( I also mention in my post that heavily tattooed individuals can now leave behind their skin so their next of kin can continue to enjoy the art work.)

The Dreaded Name Problem

   During our delicate times there are many delicate people who are offended by the names of many of our ancestors, or towns, or buildings, etc. and I have offered many, related indelicate posts. I will not link to them, but instead point you to two solutions to the problem which come from unlikely places.

   The first is from the Baseball Hall of Fame which contains many now problematic names. Instead of removing them, patrons are reminded that the recipients of the awards were given them for their accomplishments in the game and that details about their dark side will be found elsewhere in the museum. The suggestion, by the way, is approved of by Jane Forbes Clark, the chairman of the HOF board of directors, who is likely a woman. For more details see: "The Hall of Fame Tries to Contextualize Baseball’s Racist Past Rather Than Remove the Plaques of its Most Problematic Inductees, the Baseball Hall of Fame is hoping to Explain Them,"Tyler Kepner, NYT, Dec. 21, 2020.

   The second solution is from Down Under. Down there they are way ahead of us in terms of digitizing the past. Millions of old newspapers, magazines, etc. are viewable for free on TROVE. Naturally most of those publications will contain material that is now not acceptable, particularly for the "First Australians" (Indigenous peoples) and some members of the professoriate. So, warnings are provided and "Cultural Advice" is given, to wit: 

Aboriginal and Torres Strait Islander people should be aware that Trove contains images, voices or names of deceased persons in photographs, websites, film, audio recordings or printed material.

Some material contains terms that reflect authors’ views, or those of the period in which the item was written or recorded, but may not be considered appropriate today. These views are not necessarily the views of the National Library of Australia or Trove Partners. While the information may not reflect current understanding, it is provided in an historical context.

By selecting "Show cultural advice", please be advised that you will continue to receive subsequent cultural advice notices before viewing materials on Trove that may be considered culturally sensitive. You can opt out at any time.

Rather sensible, don't you think?

Downtown Dollars

   Near the beginning of the month I wrote about LETS - Local Currencies.  A few days later I noticed this letter in the London Free Press (Dec.11). It shows how they can be used:

I am a server at a downtown restaurant. Saturday night a customer paid his bill using downtown dollars. He told me that because of COVID his company was not having a Christmas party, instead giving all its employees downtown dollars to spend locally.

What a great idea.

New Initialisms You Should Know

   Continuing on the subject of nomenclature, here are some new abbreviations which will be handy in the new year:

BAME - Black Asian Minority Ethnic

AAPI - Asian-American and Pacific Islanders

IBPOC - Indigenous Black People of Color (colour may be too colonial)

   While people of color may be appropriate, women of color may not be. This is getting to be almost as complicated as gender. Here is a relevant article:

"We Are Black Women: Stop Calling Us Women of Color." Donna F. Edwards & Gwen McKinney, Washington Post, Sept. 14, 2020:

  Ironically, the WOC terminology was coined by Black women in the late 1970s as a rejection of the disparaging label “minority.” Similar to notions of “post-racial” and "colorblind," the term “WOC” negates racial identity in the service of racial unity. Over time, the contrast has become not one of multiethnicities but simply a White/non-White binary.

We are Black. The term is direct and invokes something visceral and difficult for those who are non-Black to embrace or understand. In our lifetime, the more comfortable identifiers have morphed from “Colored,” to “Negro,” to “Afro-American,” to “African American.” The explosion of multiculturalism created a “we are the world” rainbow. Through it all, we remained Black. Not a label or a color, Black is an experience; it is the glue of our unique legacy in this country.

WAP - This is an acronym you do not need to know since it does not apply to a person, only to a part of a person.

Another Major Hacking

   Back in the spring of 2018 I noted that even the Island of Prince Edward was not isolated enough to avoid a ransomware attack - see Cybercrime & Cyberwarfare.  Although most of the news about the recent major episode has come from the United States, Canada did not escape the latest internet attack since SolarWinds, the company whose code was hacked, has 18,000 customers, including the U.S. Treasury and the Department of Commerce. It gets worse: Canada Pension Plan Investment Board agreed to buy a stake in SolarWinds Corp. for U.S. $315 million just days before the company disclosed it was the target of a major global hacking campaign that has compromised multiple U.S. computer systems. "To say the timing is unfortunate is an understatement," CPPIB spokesman Michael Leduc said Friday." "CPPIB Agrees to Buy Stake in SolarWinds Days Before Firm Discloses Major Hack," David Milstead, G&M, Dec. 19, 2020.

BIG WATER

   I recently wrote about "Long Tail" (Lake Erie) and provided in that post links to the others I have done on the Great Lakes. The question now is "Can We Make These Lakes Great Again?"  particularly since we can't drive long distances to swim and fish in others. That question was addressed in the latest National Geographic and the cover story is "Saving the Great Lakes: The Irreplaceable Fragile Ecosystem Holds Six Quadrillion gallons of Freshwater That Our Planet Needs to Survive," -see, "So Great, So Fragile," by Tim Folger in the December issue. It is full of interesting statistics and photos. 

   Less Poop in the Pacific

 

      Thanks partially to POOP - People Opposed to Outflow Pollution - there is some good news from the West Coast. People living in the Victoria area have been crapping in the Strait of Juan de Fuca since the 19th century. Finally, a Wastewater Treatment Project has been completed and the sewage treated. See: "I Was Wondering Why the Water Looked So Clean [said the Governor of Washington State]: CRD's Sewage Treatment Plant Up and Running," Lindsay Kines, Times Colonist, Dec. 5, 2020.

Mr. Floatie, the man-sized turd, who used to show up to draw attention to the problem is pictured above.

   About the Gulf of Mexico - I'm Not So Sure

     The Deepwater Horizon Disaster was ten years ago, but I wouldn't rush to buy property in Louisiana when the border reopens. Back in 2004 Hurricane Ivan destroyed Taylor Energy's oil platform, but not much was said about it. More recently, two scientists at the National Oceanic and Atmospheric Administration, along with and a Florida State University professor, found that up to 108 barrels of oil, or more than 4,500 gallons, is being released from the site off of the Louisiana coast every day. That is not something Taylor Energy really wanted to let the world know. The oil spill went undiscovered until about a decade ago when environmental watchdog groups found oil slicks while monitoring the BP Deepwater Horizon disaster. "The Energy 202: The Truth Comes Out About the Longest Lasting Oil Spill in Gulf of Mexico, Washington Post, June 25, 2019.

Bruce McCall

   I began the year with a post about Bruce McCall and also included him in an earlier one about Canadian Cartoonists.  I will end it by calling attention to his second memoir which is now available and which will give you something else to read in the new year. 

HOW DID I GET HERE? A Memoir, by Bruce McCall. (Blue Rider, $27.) The writer and illustrator looks back on a career that took him from advertising to comedy writing for National Lampoon and ''Saturday Night Live'' to his current work for The New Yorker and other magazines.

For a recent interview with him see: "New Yorker Writer and Artist Bruce McCall: 'I'm Proud to be Canadian, but I Don't Want to Live in Canada," Emily Donaldson, Globe & Mail, Dec. 17, 2020. For a brief review see: "How Did I Get Here: A Review, Marissa Moss, The New York Journal of Books. 

Post Script: 

   An excerpt from the book appears in The New Yorker and it has to do with McCall's fascination with automobiles and the drawing of them: "My Life in Cars: I Tucked Into the Romance of Driving at its Fervent Peak," (Dec. 12, 2020). Here is the first sentence:

Cars had gripped my imagination almost since I had one, as a boy growing up in Ontario. I loved to draw them as they appeared on the pages of magazines. First, in the immediate postwar era, the foggy reprints from British racing journals of prewar Grand Prix.

   And here are a few about his exit from Canada:

Canada jiggled in the rearview mirror, receded, and disappeared as I drove into the tunnel conveying me from Windsor to Detroit on a gray afternoon in December, 1962. By this time, the suspicion that I wasn’t cut out for a contented Canadian life had become a conviction. I was temperamentally too antsy for that conspiracy of calm, phlegmatism, and compulsive self-effacement. It increasingly irked me that Canada shunned all extremes, breeding what I saw as a wallflower mentality and a bland tolerance for mediocrity. With J.F.K. cheering up the White House, it felt like a propitious moment to immigrate to America. I exited the tunnel in the unglamorous Volvo I was driving then and found no welcoming committee, no Emma Lazarus scenario. A customs officer waved me through, and the most significant act of my life passed with all the drama of paying last month’s water bill.

All the best in 2021.

Cybercrime & Cyberwarfare

Ransomware Again

   
 
      By now you are very much aware of this subject and I was reminded of it because of another recent attack. It appears that even small islands are not safe from the extortionists. (See: “P.E.I. Government Website Down for Several Hours After Ransomware Attack,” Toronto Star (CP), April 23, 2018). The growing problems associated with Internet use sent me looking for the following article which I remembered and noted. It points out that although the Internet is not as important as many earlier discoveries, we are now all more vulnerable because of it. While we may overstate the importance of the Internet, we surely underestimate the damage that will be done when it goes down.

      “If I could, I would repeal the Internet. It is the technological marvel of the age, but it is not — as most people imagine — a symbol of progress. Just the opposite. We would be better off without it. I grant its astonishing capabilities: the instant access to vast amounts of information, the pleasures of YouTube and iTunes, the convenience of GPS and much more.   
     But the Internet’s benefits are relatively modest compared with previous transformative technologies, and it brings with it a terrifying danger: cyberwar. Amid the controversy over leaks from the National Security Agency, this looms as an even bigger downside.
     By cyberwarfare, I mean the capacity of groups — whether nations or not — to attack, disrupt and possibly destroy the institutions and networks that underpin everyday life. These would be power grids, pipelines, communication and financial systems, business record-keeping and supply-chain operations, railroads and airlines, databases of all types (from hospitals to government agencies). The list runs on. So much depends on the Internet that its vulnerability to sabotage invites doomsday visions of the breakdown of order and trust...."
     All this qualifies our view of the Internet. Granted, it’s relentless. New uses spread rapidly. Already, 56 percent of U.S. adults own smartphones and 34 percent have tablets, says the Pew Internet & American Life Project. But the Internet’s social impact is shallow. Imagine life without it. Would the loss of e-mail, Facebook or Wikipedia inflict fundamental change? Now imagine life without some earlier breakthroughs: electricity, cars, antibiotics. Life would be radically different. 
     The Internet’s virtues are overstated, its vices understated. It’s a mixed blessing — and the mix may be moving against us.”

Source: Robert Samuelson, "Of Internet Threats and Cyberattacks,"Washington Post,  June 30, 2013.
P.S. (P.E.I. was able to resolve the problem -this time.)