In April the U.S. Space Force began testing "a new ground-based satellite jamming weapon to help keep U.S. military personnel safe from potential 'space-enabled' attacks" (according to a report from Space.com). The weapon was "designed to deny, degrade, or disrupt communications with satellites overhead, typically through overloading specific portions of the electromagnetic spectrum with interference," according to the article, with the miitary describing it as a small form-factor system "designed to be fielded in large numbers at low-cost and operated remotely" and "provide counterspace electronic warfare capability to all of the new Space Force components globally."

And now, Bloomberg reports that the U.S. is about to deploy them: The devices aren't meant to protect U.S. satellites from Chinese or Russian jamming but "to responsibly counter adversary satellite communications capabilities that enable attacks," the Space Force said in a statement to Bloomberg News. The Pentagon strives — on the rare occasions when it discusses such space capabilities — to distinguish its emerging satellite-jamming technology as purely defensive and narrowly focused. That's as opposed to a nuclear weapon the U.S. says Russia is developing that could create high-altitude electromagnetic pulses that would take out satellites and disrupt entire communications networks.

The first 11 of 24 Remote Modular Terminal jammers will be deployed in several months, and all of them could be in place by Dec. 31 at undisclosed locations, according to the Space Force statement... The new terminals augment a much larger jamming weapon called the Counter Communications System that's already deployed and a mid-sized one called Meadowlands "by providing the ability to have a proliferated, remotely controlled and relatively relocatable capability," the Space Force said. The Meadowlands system has encountered technical challenges that have delayed its delivery until at least October, about two years later than planned.

China has "hundreds and hundreds of satellites on orbit designed to find, fix, track, target and yes, potentially engage, US and allied forces across the Indo-Pacific," General Stephen Whiting, head of US Space Command, said Wednesday at the annual Aspen Security Forum. "So we've got to understand that and know what it means for our forces."
Bloomberg also got this comment from the chief director of space security and stability at the Secure World Foundation (which produces reports on counterspace weapons). The new U.S. Space Force jamming weapons are "reversible, temporary, non-escalatory and allow for plausible deniability in terms of who the instigator is."

A solar superstorm in May caused thousands of satellites to simultaneously maneuver to maintain altitude due to the thickening of the upper atmosphere, creating potential collision hazards as existing prediction systems struggled to cope. Space.com reports: According to a pre-print paper published on the online repository arXiv on June 12, satellites and space debris objects in low Earth orbit -- the region of space up to an altitude of 1,200 miles (2,000 kilometers) -- were sinking toward the planet at the speed of 590 feet (180 meters) per day during the four-day storm. To make up for the loss of altitude, thousands of spacecraft began firing their thrusters at the same time to climb back up. That mass movement, the authors of the paper point out, could have led to dangerous situations because collision avoidance systems didn't have time to calculate the satellites' changing paths.

The solar storm that battered Earth from May 7 to 10 reached the intensity of G5, the highest level on the five-step scale used by the National Oceanic and Atmospheric Administration (NOAA) to assess the strength of solar storms. It was the strongest solar storm to hit Earth since 2003. The authors of the paper, however, pointed out that the environment around the planet has changed profoundly since that time. While only a few hundred satellites were orbiting Earth twenty years ago, there are thousands today. The authors of the paper put the number of "active payloads at [low Earth orbit]" at 10,000. [...] The new paper points out that space weather forecasts ahead of the May storm failed to accurately predict the duration and intensity of the event, making satellite collision predictions nearly impossible.

On the upside, the storm helped to clear out some junk as defunct satellites and debris fragments spiraled deeper into the atmosphere. The authors of the report estimate that thousands of space debris objects lost several kilometers in altitude during the storm. More powerful solar storms can be expected in the coming months as the peak of the current solar cycle -- the 11-year ebb and flow in the number of sunspots, solar flares and eruptions -- is expected in late 2024 and early 2025. The paper can be found here.

Bangladesh is experiencing a "near-total" nationwide internet shutdown amid government efforts to control widespread student protests against the country's quota system for government jobs. The country's quota system requires a third of government jobs be reserved for relatives of veterans who had fought for independence from Pakistan.

According to Reuters, the protests "have opened old and sensitive political fault lines between those who fought for Bangladesh's independence from Pakistan in 1971 and those accused of collaborating with Islamabad." Analysts say the protests have also been "fueled by high unemployment among young people" and "wider economic woes, such as high inflation and shrinking reserves of foreign exchange." Engadget reports on the internet disruptions: To control the situation, Bangladeshi authorities shut down internet and phone access throughout the country, a common practice in South Asia to prevent the spread of rumors and misinformation and exercise state control. NetBlocks, a global internet monitor that works on digital rights analyzed live network data that showed that Bangladesh was in the middle of a "near-total national internet shutdown." [...]

Bangladesh has frequently blacked out the internet to crack down on political opposition and activists. At the end of 2023, research tool CIVICUS Monitor, which provides data on the state of civil society and freedoms in nearly 200 countries, downgraded Bangladesh's civic space to "closed," its lowest possible rating, after the country imposed six internet shutdowns the previous year. That made Bangladesh the fifth-largest perpetrator of internet shutdowns in 2022, Access Now said.

The country's telecom regulator had pledged to keep internet access on through Bangladesh's general elections at the beginning of 2024, but that electoral period is now over. Despite the pledge, Bangladesh blocked access to news websites during its elections.

An anonymous reader quotes a report from Ars Technica: Citing frustration with mobile carriers enforcing different phone-unlocking policies that are bad for consumers, the Federal Communications Commission is proposing a 60-day unlocking requirement that would apply to all wireless providers. The industry's "confusing and disparate cell phone unlocking policies" mean that "some consumers can unlock their phones with relative ease, while others face significant barriers," Commissioner Geoffrey Starks said at yesterday's FCC meeting. "It also means certain carriers are subject to mandatory unlocking requirements while others are free to dictate their own. This asymmetry is bad for both consumers and competition."

The FCC is "proposing a uniform 60-day unlocking policy" so that "consumers can choose the carrier that offers them the best value," Starks said. Unlocking a phone allows it to be used on a different carrier's network as long as the phone is compatible. The FCC approved the Notice of Proposed Rulemaking (NPRM) in a 5-0 vote. That begins a public comment period that could lead to a final rulemaking. A draft of the NPRM said the FCC "propose[s] to require all mobile wireless service providers to unlock handsets 60 days after a consumer's handset is activated with the provider, unless within the 60-day period the service provider determines the handset was purchased through fraud."

"You bought your phone, you should be able to take it to any provider you want," Rosenworcel said. "Some providers already operate this way. Others do not. In fact, some have recently increased the time their customers must wait until they can unlock their device by as much as 100 percent." Rosenworcel apparently was referring to a prepaid brand offered by T-Mobile. The NPRM draft said that "T-Mobile recently increased its locking period for one of its brands, Metro by T-Mobile, from 180 days to 365 days." The 365-day rule brought Metro into line with other T-Mobile prepaid phones that already came with the year-long lock. We reached out to T-Mobile and will update this article if it provides a comment. A merger condition imposed on T-Mobile's purchase of Sprint merely requires that it unlock prepaid phones within one year. T-Mobile imposes different unlocking policies on prepaid and postpaid phones. For postpaid devices, T-Mobile says it will unlock phones that have been active for at least 40 days, but only if any associated financing or leasing agreement has been paid in full.

An anonymous reader quotes a report from Ars Technica: The Federal Communications Commission today voted to lower price caps on prison phone calls and closed a loophole that allowed prison telecoms to charge high rates for intrastate calls. Today's vote will cut the price of interstate calls in half and set price caps on intrastate calls for the first time. The FCC said it "voted to end exorbitant phone and video call rates that have burdened incarcerated people and their families for decades. Under the new rules, the cost of a 15-minute phone call will drop to $0.90 from as much as $11.35 in large jails and, in small jails, to $1.35 from $12.10."

The new rules are expected to take effect in January 2025 for all prisons and for jails with at least 1,000 incarcerated people. The rate caps would take effect in smaller jails in April 2025. Worth Rises, a nonprofit group advocating for prison reform, said it "estimates that the new rules will impact 83 percent of incarcerated people (about 1.4 million) and save impacted families at least $500 million annually." The nonprofit Prison Policy Institute said that prison phone companies charge ancillary fees for things "like making a deposit to fund an account." The ban on those fees "also effectively blocks a practice that we have been campaigning against for years: companies charging fees to consumers who choose to make single calls rather than fund a calling account, and deliberately steering new consumers to this higher-cost option in order to increase fee revenue," the group said.

The ancillary fee ban is a "technical-sounding change," but will help "eliminate some of the industry's dirtiest tricks that shortchange both the families and the facilities," the group said.

Rite Aid, the third-largest U.S. drug store chain, reported it a ransomware attack that compromised the personal data of 2.2 million customers. The data exposed includes names, addresses, dates of birth, and driver's license numbers or other forms of government-issued ID from transactions between June 2017 and July 2018.

"On June 6, 2024, an unknown third party impersonated a company employee to compromise their business credentials and gain access to certain business systems," the company said in a filing. "We detected the incident within 12 hours and immediately launched an internal investigation to terminate the unauthorized access, remediate affected systems and ascertain if any customer data was impacted." Ars Technica's Dan Goodin reports: RansomHub, the name of a relatively new ransomware group, has taken credit for the attack, which it said yielded more than 10GB of customer data. RansomHub emerged earlier this year as a rebranded version of a group known as Knight. According to security firm Check Point, RansomHub became the most prevalent ransomware group following an international operation by law enforcement in May that took down much of the infrastructure used by rival ransomware group Lockbit.

On its dark web site, RansomHub said it was in advanced stages of negotiation with Rite Aid officials when the company suddenly cut off communications. A Rite Aid official didn't respond to questions sent by email. Rite Aid has also declined to say if the employee account compromised in the breach was protected by multifactor authentication.

NASA: The stars above and on Earth aligned as an inspirational message and lyrics from the song "The Rain (Supa Dupa Fly)" by hip-hop artist Missy Elliott were beamed to Venus via NASA's DSN (Deep Space Network). The agency's Jet Propulsion Laboratory in Southern California sent the transmission at 10:05 a.m. PDT on Friday, July 12. As the largest and most sensitive telecommunication service of NASA's Space Communications and Navigation (SCaN) program, the DSN has an array of giant radio antennas that allow missions to track, send commands, and receive scientific data from spacecraft venturing to the Moon and beyond. To date, the system has transmitted only one other song into space, making the transmission of Elliott's song a first for hip-hop and NASA.

"Both space exploration and Missy Elliott's art have been about pushing boundaries," said Brittany Brown, director, Digital and Technology Division, Office of Communications at NASA Headquarters in Washington, who initially pitched ideas to Missy's team to collaborate with the agency. "Missy has a track record of infusing space-centric storytelling and futuristic visuals in her music videos, so the opportunity to collaborate on something out of this world is truly fitting." The song traveled about 158 million miles (254 million kilometers) from Earth to Venus -- the artist's favorite planet. Transmitted at the speed of light, the radio frequency signal took nearly 14 minutes to reach the planet. The transmission was made by the 34-meter (112-foot) wide Deep Space Station 13 (DSS-13) radio dish antenna, located at the DSN's Goldstone Deep Space Communications Complex, near Barstow in California. Coincidentally, the DSS-13 also is nicknamed Venus.

An anonymous reader quotes a report from TorrentFreak: Just before the weekend, dozens of record labels including UMG, Warner, and Sony, filed a massive copyright infringement lawsuit against Verizon at a New York federal court. In common with previous lawsuits that accused rivals of similar inaction, Verizon Communications Inc., Verizon Services Corp., and Cellco Partnership (dba Verizon Wireless), stand accused of assisting subscribers to download and share pirated music, by not doing enough to stop them. The labels' complaint introduces Verizon as one of the largest ISPs in the country, one that "knowingly provides its high-speed service to a massive community of online pirates."

Knowledge of infringement, the labels say, was established at Verizon over a period of several years during which it received "hundreds of thousands" of copyright notices, referencing instances of infringement allegedly carried out by its subscribers. The complaint cites Verizon subscribers' persistent use of BitTorrent networks to download and share pirated music, with Verizon allegedly failing to curtail their activity. "While Verizon is famous for its 'Can you hear me now?' advertising campaign, it has intentionally chosen not to listen to complaints from copyright owners. Instead of taking action in response to those infringement notices as the law requires, Verizon ignored Plaintiffs' notices and buried its head in the sand," the labels write.

"Undeterred, infringing subscribers identified in Plaintiffs' notices continued to use Verizon's services to infringe Plaintiffs' copyrights with impunity. Meanwhile, Verizon continued to provide its high-speed service to thousands of known repeat infringers so it could continue to collect millions of dollars from them." Through this lawsuit, which references piracy of songs recorded by artists including The Rolling Stones, Ariana Grande, Bob Dylan, Bruno Mars, Elvis Presley, Dua Lipa, Drake, and others, the labels suggest that Verizon will have no choice but to hear them now. [...]

Attached to the complaint, Exhibit A contains a non-exhaustive list of the plaintiffs' copyright works allegedly infringed by Verizon's subscribers. The document is over 400 pages long, with each track listed representing potential liability for Verizon as a willful, intentional, and purposeful contributory infringer, the complaint notes. This inevitably leads to claims based on maximum statutory damages of $150,000 per copyrighted work infringed on Count I (contributory infringement). The statutory maximum of $150,000 per infringed work is also applied to Count II (vicarious infringement), based on the labels' claim that Verizon derived a direct financial benefit from the direct infringements of its subscribers. The labels' complaint can be found here (PDF).

On July 12, 1999, the last Morse code message was sent from a Bay Area radio station, marking the end of an era. Every July 12, the Historic KPH Maritime Radio Receiving Station in Point Reyes revives the golden age of maritime radio, with volunteers exchanging Morse code messages worldwide. The Mercury News reports: Friday's "Night of Nights" event, which commemorates the long-gone stations and the skilled radiotelegraph operators who linked ships to shore, starts at 5:01 p.m. -- precisely one minute after the 1999 message ended. Operators will keep working until 11 p.m. "We're carrying on," said historical society president Richard Dillman, 80, who learned Morse code as a boy. "Morse code is not dead."

The event, based at KPH's stations that are now part of the wild and windswept Point Reyes National Seashore, northwest of San Francisco, is not open to the public. But amateur radio operators around the world can participate by sending messages and exchanging greetings. The operating frequencies of the historical society's amateur station, under the call sign K6KPH, are 3550, 7050, 14050, 18097.5 and 21050. Radiogrammed messages arrive from as far away as New Zealand and Europe, rich with memories of rewarding careers or poignant tributes to lost loved ones. "Dear dad, we love you and we miss you so much," said one. The station uses the original historic KPH transmitters, receivers, antennas and other equipment, carefully repaired and restored by the society's experts. [...]

All over the Pacific coast, stations closed. KPH's receiving headquarters -- an Art Deco cube built between 1929 and 1931, its entrance framed by a tunnel of cypress trees -- was acquired by the National Park Service in 1999. Its transmission station is located on a windswept bluff in Bolinas. [Historical society president Richard Dillman] and friend Tom Horsfall resolved to repair, restore and operate KPH as a way to honor the men and women who for 100 years had served ships in the North Pacific and Indian Ocean. "It was a brotherhood," said Dillman. "There was camaraderie -- a love of Morse code and the ability to do a job well." [...] They pitched their ambitious plan to the National Park Service.

"At first, I was skeptical about their proposal," said Don Neubacher, the Seashore's former Superintendent. "But over time, I realized the Maritime Radio Historical Society, led by Richard Dillman, was a gift for the National Park Service." "I was impressed by the overwhelming knowledge of early wireless and ship-to-shore communication," he said, "and their lifelong commitment to saving this critical piece of Point Reyes history." With a dozen society volunteers from all over the Bay Area -- all over the age of 60, self-described "radio squirrels" -- they went to work. They meet on Saturday mornings over coffee and breakfast "services" dubbed "The Church of the Continuous Wave," sometimes ogling over radio schematics. Then, for a few hours, they broadcast news and weather.

An anonymous reader quotes a report from The Verge: A federal appeals court has agreed to halt the reinstatement of net neutrality rules until August 5th, while the court considers whether more permanent action is justified. It's the latest setback in a long back and forth on net neutrality -- the principle that internet service providers (ISPs) should not be able to block or throttle internet traffic in a discriminatory manner. The Federal Communications Commission has sought to achieve this by reclassifying ISPs under Title II of the Communications Act, which gives the agency greater regulatory oversight. The Democratic-led agency enacted net neutrality rules under the Obama administration, only for those rules to be repealed under former President Donald Trump's FCC. The current FCC, which has three Democratic and two Republican commissioners, voted in April to bring back net neutrality. The 3-2 vote was divided along party lines.

Broadband providers have since challenged the FCC's action, which is potentially more vulnerable after the Supreme Court's recent decision to strike down Chevron deference -- a legal doctrine that instructed courts to defer to an agency's expert decisions except in a very narrow range of circumstances. Bloomberg Intelligence analyst Matt Schettenhelm said in a report prior to the court's ruling that he doesn't expect the FCC to prevail in court, in large part due to the demise of Chevron. A panel of judges for the Sixth Circuit Court of Appeals said in an order that a temporary "administrative stay is warranted" while it considers the merits of the broadband providers' request for a permanent stay. The administrative stay will be in place until August 5th. In the meantime, the court requested the parties provide additional briefs about the application of National Cable & Telecommunications Association v. Brand X Internet Services to this lawsuit.

In a perplexing turn of events that has raised concerns about the vulnerability of critical undersea infrastructure, Norway's Institute of Marine Research is reconfiguring its sophisticated underwater observatory after a mysterious incident left a section of its seafloor cable cleanly severed. The Lofoten-Vesteralen Ocean Observatory (LoVe), an advanced array of sensors designed to monitor marine life and environmental conditions off Norway's rugged coastline, unexpectedly went silent in April 2021, prompting an investigation that would uncover more questions than answers.

As the institute's acoustic engineer Guosong Zhang delved into the mystery, he meticulously traced ship movements in the area, uncovering a curious pattern: a Russian trawler had repeatedly crossed the cable's location at the precise time the outage occurred, a coincidence that seemed too striking to ignore. Despite this compelling lead, subsequent police investigations proved inconclusive, leaving the institute grappling with the unsettling possibility of deliberate sabotage.

The incident, compounded by similar damage to a communications cable serving the remote Svalbard archipelago, has cast a spotlight on the potential vulnerabilities of submarine assets in an era of heightened geopolitical tensions, with some experts pointing to the possibility of Russian intelligence activities targeting Norway's undersea infrastructure. In response to these challenges and the unresolved nature of the cable damage, the Institute of Marine Research has made the difficult decision to adapt its approach, opting to replace the compromised cable section with wireless modules -- a solution that, while sacrificing some data transmission capacity, aims to enhance the security and resilience of this vital scientific installation in the face of evolving threats beneath the waves.

"Signal is finally tightening its desktop client's security," reports BleepingComputer — by changing the way it stores plain text encryption keys for the SQLite database where users' messages are stored: When BleepingComputer contacted Signal about the flaw in 2018, we never received a response. Instead, a Signal Support Manager responded to a user's concerns in the Signal forum, stating that the security of its database was never something it claimed to provide. "The database key was never intended to be a secret. At-rest encryption is not something that Signal Desktop is currently trying to provide or has ever claimed to provide," responded the Signal employee...

[L]ast week, mobile security researchers Talal Haj Bakry and Tommy Mysk of Mysk Inc warned on X not to use Signal Desktop because of the same security weakness we reported on in 2018... In April, an independent developer, Tom Plant, created a request to merge code that uses Electron's SafeStorage API "...to opportunistically encrypt the key with platform APIs like DPAPI on Windows and Keychain on macOS," Plant explained in the merge request... When used, encryption keys are generated and stored using an operating system's cryptography system and secure key stores. For example, on Macs, the encryption key would be stored in the Keychain, and on Linux, it would use the windows manager's secret store, such as kwallet, kwallet5, kwallet6, and gnome-libsecret... While the solution would provide additional security for all Signal desktop users, the request lay dormant until last week's X drama.

Two days ago, a Signal developer finally replied that they implemented support for Electron's safeStorage, which would be available soon in an upcoming Beta version. While the new safeStorage implementation is tested, Signal also included a fallback mechanism that allows the program to decrypt the database using the legacy database decryption key...

Signal says that the legacy key will be removed once the new feature is tested.
"To be fair to Signal, encrypting local databases without a user-supplied password is a problem for all applications..." the article acknowledges.

"However, as a company that prides itself on its security and privacy, it was strange that the organization dismissed the issue and did not attempt to provide a solution..."

Slashdot reader joshuark shared this report from BetaNews: Check Point Research has identified a critical zero-day spoofing attack exploiting Microsoft Internet Explorer on modern Windows 10/11 systems, despite the browser's retirement.

Identified as CVE-2024-38112, this vulnerability allows attackers to execute remote code by tricking users into opening malicious Internet Shortcut (.url) files. This attack method has been active for over a year and could potentially impact millions... Attackers use a sophisticated trick to mask the malicious .hta extension, making use of the outdated security of Internet Explorer to compromise systems running updated Windows operating systems.
From Check Point Research: Even though IE has been proclaimed "retired and out-of-support," technically speaking, IE is still part of the Windows OS and is "not inherently unsafe, as IE is still serviced for security vulnerabilities, and there should be no known exploitable security vulnerabilities," according to our communications with Microsoft.

An anonymous reader quotes a report from Reuters: SpaceX's workhorse Falcon 9 rocket was grounded by the U.S. Federal Aviation Administration (FAA) on Friday after one broke apart in space and doomed its payload of Starlink satellites, the first failure in more than seven years of a rocket relied upon by the global space industry. Roughly an hour after Falcon 9 lifted off from the Vandenberg Space Force Base in California on Thursday night, the rocket's second stage failed to reignite and deployed its 20 Starlink satellites on a shallow orbital path where they will soon reenter and burn up in Earth's atmosphere.

The attempt to reignite the engine "resulted in an engine RUD for reasons currently unknown," SpaceX CEO Elon Musk wrote early on Friday on his social media platform X, using an industry acronym for Rapid Unscheduled Disassembly that usually means explosion. The Falcon 9 will be grounded until SpaceX investigates the cause of the failure, fixes the rocket and receives the agency's approval, the FAA said in a statement. That process could take several weeks or months, depending on the complexity of the failure and SpaceX's plan to fix it. Musk said SpaceX was updating the software of the Starlink satellites to force their on-board thrusters to fire harder than usual to avoid a fiery atmospheric re-entry. "Unlike a Star Trek episode, this will probably not work, but it's worth a shot," Musk said.

The satellites' altitude is so shallow that Earth's gravity is pulling them 3 miles (5 km) closer toward the atmosphere with each orbit, SpaceX later said, confirming they would inevitably "re-enter Earth's atmosphere and fully demise." SpaceX said the second stage's failure occurred after engineers detected a leak of liquid oxygen, a propellant. The mishap occurred on Falcon 9's 354th mission. It was the first Falcon 9 failure since 2016, when a rocket exploded on a launch pad in Florida and destroyed its customer payload, an Israeli communications satellite. The failure "breaks a success streak of more than 300 straight missions," notes Reuters.

"We knew this incredible run had to come to an end at some point," Tom Mueller, SpaceX's former vice president of propulsion who designed Falcon 9's engines. "... The team will fix the problem and start the cycle again."

The Federal Communications Commission said it is preparing to block a phone company that carried illegal robocalls pushing fake programs that promised to wipe out consumers' tax debt. From a report: Veriwave Telco "has not complied with FCC call blocking rules for providers suspected of carrying illegal traffic" and now has two weeks to contest an order that would require all downstream voice providers to block all of the telco's call traffic, the FCC announced yesterday.

Robocalls sent in the months before tax filing season "purported to provide information about a 'National Tax Relief Program' and, in some instances, also discussed a 'Tax Dismissal Program,'" the FCC order said. "The [Enforcement] Bureau has found no evidence of the existence of either program. Many of the messages further appealed to recipients with the offer to 'rapidly clear' their tax debt." Call recipients who listened to the prerecorded message and chose to speak to an operator were then asked to provide private information. Nearly 16 million calls were sent, though it's unclear how many went through Veriwave.

A U.S. government agency tasked with supporting the nation's nuclear deterrence capability has bought access to a data tool that claims to cover more than 90 percent of the world's internet traffic, and can in some cases let users trace activity through virtual private networks, according to documents obtained by 404 Media. From the report: The documents provide more insight into the use cases and customers of so-called netflow data, which can show which server communicated with another, information that is ordinarily only available to the server's owner, or the internet service provider (ISP) handling the traffic. Other agencies that have purchased the data include the U.S. Army, NCIS, FBI, IRS, with some government clients saying it would take too long to get data from the NSA, so they bought this tool instead. In this case, the Defense Threat Reduction Agency (DTRA) says it is using the data to perform vulnerability assessments of U.S. and allied systems.

A document written by the DTRA and obtained by 404 Media says the agency "has a requirement to support ongoing assessments of the vulnerability of critical U.S. and allied national/theater mission systems, networks, architectures, infrastructures, and assets." The tool "is capable of following communications between servers, even private servers," which allows the agency to identify infrastructure used by malicious actors, the document continues. That contract was for $490,000 in 2023, according to the document. 404 Media obtained the document and others under a Freedom of Information Act (FOIA) request.

An anonymous reader quotes a report from Fortune: On February 1st last year, Montana residents gawked upwards at a large white object hovering in the sky that looked to be another moon. The airborne object was in fact a Chinese spy balloon loaded with cameras, sensors, and other high-tech surveillance equipment, and it set off a nationwide panic as it drifted across the midwestern and southern United States. How much information the balloon gathered -- if any -- remains unknown, but the threat was deemed serious enough that an F-22 U.S. Air Force jet fired a Sidewinder missile at the unmanned balloon on a February afternoon, blasting it to pieces a few miles off the coast of South Carolina. At the same time that the eyes of Americans were fixed on the Chinese intruder in the sky, around 30 cars owned by Chinese companies and equipped with cameras and geospatial mapping technology were navigating the streets of greater Los Angeles, San Francisco, and San Jose. They collected detailed videos, audio recordings, and location data on their surroundings to chart out California's roads and develop their autonomous driving algorithms.

Since 2017, self-driving cars owned by Chinese companies have traversed 1.8 million miles of California alone, according to a Fortune analysis of the state's Department of Motor Vehicles data. As part of their basic functionality, these cars capture video of their surroundings and map the state's roads to within two centimeters of precision. Companies transfer that information from the cars to data centers, where they use it to train their self-driving systems. The cars are part of a state program that allows companies developing self-driving technology -- including Google-spinoff Waymo and Amazon-owned Zoox -- to test autonomous vehicles on public roads. Among the 35 companies approved to test by the California DMV, seven are wholly or partly China-based. Five of them drove on California roads last year: WeRide, Apollo, AutoX, Pony.ai, and DiDi Research America. Some Chinese companies are approved to test in Arizona and Texas as well.

Fitted with cameras, microphones, and sophisticated sensors, self-driving cars have long raised flags among privacy advocates. Matthew Guariglia, a policy analyst at the digital rights nonprofit Electronic Frontier Foundation, called self-driving cars "rolling surveillance devices" that passively collect massive amounts of information on Americans in plain sight. In the context of national security however, the data-hungry Chinese cars have received surprisingly little scrutiny. Some experts have compared them to Chinese-owned social media site TikTok, which has been subjected to a forced divestiture or ban on U.S. soil due to fears around its data collection practices threatening national security. The years-long condemnation of TikTok at the highest levels of the U.S. government has heightened the sense of distrust between the U.S. and China.

Some Chinese self-driving car companies appear to store U.S. data in China, according to privacy policies reviewed byFortune -- a situation that experts said effectively leaves the data accessible to the Chinese government. Depending on the type of information collected by the cars, the level of precision, and the frequency at which it's collected, the data could provide a foreign adversary with a treasure trove of intelligence that could be used for everything from mass surveillance to war planning, according to security experts who spoke withFortune. And yet, despite the sensitivity of the data, officials at the state and federal agencies overseeing the self-driving car testing acknowledge that they do not currently monitor, or have any process for checking, exactly what data the Chinese vehicles are collecting and what happens to the data after it is collected. Nor do they have any additional rules or policies in place for oversight of Chinese self-driving cars versus the cars in the program operated by American or European companies. "It is literally the wild, Wild West here," said Craig Singleton, director of the China program at the Foundation for Defense of Democracies, a conservative-leaning national security think tank. "There's no one in charge."

NATO is helping finance a project aimed at finding ways to keep the internet running should subsea cables shuttling civilian and military communications across European waters come under attack. From a report: Researchers, who include academics from the US, Iceland, Sweden and Switzerland, say they want to develop a way to seamlessly reroute internet traffic from subsea cables to satellite systems in the event of sabotage, or a natural disaster. The North Atlantic Treaty Organization's Science for Peace and Security Programme has approved a grant of as much as $433,600 for the $2.5 million project, and research institutions are providing in-kind contributions, documents seen by Bloomberg show.

Eyup Kuntay Turmus, adviser and program manager at the NATO program, confirmed the project was recently approved and said by email that implementation will start "very soon." The initiative, which hasn't yet been publicly announced, comes amid intensifying fears that Russia or China could mine, sever or otherwise tamper with undersea cables in an attempt to disrupt communications during a military crisis. Data carried through cables under the sea account for roughly $10 trillion worth of financial transactions every day, and nearly all of the NATO's internet traffic travels through them, according to the treaty organization. As a result, NATO has been ramping up efforts to protect cables over the course of the past several months.

In Communications of the ACM, long-time FreeBSD contributor Poul-Henning Kamp mocks the idea that the free and open-source software movement has "come apart" and "will end in tears and regret." Economists and others focused on money — like my bank — have had a lot of trouble figuring out the free and open source software (FOSS) phenomenon, and eventually they seem to have reached the conclusion that it just makes no sense. So, they go with the flow. Recently, very serious people in the FOSS movement have started to write long and thoughtful opinion pieces about how it has all come apart and will end in tears and regret. Allow me to disagree...
What follows is a humorous history of how the Open Source movement bested a series of ill-conceived marketing failures starting after the "utterly bad" 1980s when IBM had an "unimaginably huge monopoly" — and an era of vendor lock-in from companies trying to be the next IBM: Out of that utter market failure came Minix, (Net/Free/Open)BSD, and Linux, at a median year of approximately 1991. I can absolutely guarantee that if we had been able to buy a reasonably priced and solid Unix for our 32-bit PCs — no strings attached — nobody would be running FreeBSD or Linux today, except possibly as an obscure hobby. Bill Gates would also have had a lot less of our money...
The essay moves on to when "that dot-com thing happened, fueled by the availability of FOSS operating systems, which did a much better job than any operating system you could buy — not just for the price, but in absolute terms of performance on any given piece of hardware. Thus, out of utter market failure, the FOSS movement was born."

And ultimately, the essay ends with our present day, and the phenomenon of companies that "make a business out of FOSS or derivatives thereof..." The "F" in FOSS was never silent. In retrospect, it seems clear that open source was not so much the goal itself as a means to an end, which is freedom: freedom to fix broken things, freedom from people who thought they could clutch the source code tightly and wield our ignorance of it as a weapon to force us all to pay for and run Windows Vista. But the FOSS movement has won what it wanted, and no matter how much oldsters dream about their glorious days as young revolutionaries, it is not coming back; the frustrations and anger of IT in 2024 are entirely different from those of 1991.

One very big difference is that more people have realized that source code is a liability rather than an asset. For some, that realization came creeping along the path from young teenage FOSS activists in the late 1990s to CIOs of BigCorp today. For most of us, I expect, it was the increasingly crushing workload of maintaining legacy code bases...

"Images captured from space show the growth of Cuba's electronic eavesdropping stations," reported the Wall Street Journal this week, citing a new report from the Center for Strategic and International Studies, a Washington-based think tank.

But they added that the stations "are believed to be linked to China," including previously-unreported construction about 70 miles from the U.S. naval base at Guantanamo Bay. (The Journal had previously reported China and Cuba were "negotiating closer defense and intelligence ties, including establishing a new joint military training facility on the island and an eavesdropping facility.") At the time, the Journal reported that Cuba and China were already jointly operating eavesdropping stations on the island, according to U.S. officials, who didn't disclose their locations. It couldn't be determined which, if any, of those are included in the sites covered by the CSIS report.

The concern about the stations, former officials and analysts say, is that China is using Cuba's geographical proximity to the southeastern U.S. to scoop up sensitive electronic communications from American military bases, space-launch facilities, and military and commercial shipping. Chinese facilities on the island "could also bolster China's use of telecommunications networks to spy on U.S. citizens," said Leland Lazarus, an expert on China-Latin America relations at Florida International University... Authors of the CSIS report, after analyzing years' worth of satellite imagery, found that Cuba has significantly upgraded and expanded its electronic spying facilities in recent years and pinpointed four sites — at Bejucal, El Salao, Wajay and Calabazar... "These are active locations with an evolving mission set," said Matthew Funaiole, a senior follow at CSIS and the report's chief author.
The CSIS web site shows some of the satellite images. "Pinpointing the specific targets of these assets is nearly impossible," they add — but since Cuba has no space program, "the types of space-tracking capabilities observed are likely intended to monitor the activities of other nations (like the United States) with a presence in orbit." While China's own satellites could also benefit from a North America-based groundstation for communications, the Cuban facilities "would also provide the ability to monitor radio traffic and potentially intercept data delivered by U.S. satellites as they pass over highly sensitive military sites across the southern United States."

The think tank points out that one possibly-installed system would be within range to monitor rocket launches from Cape Canaveral and NASA's Kennedy Space Center. "Studying these launches — particularly those of SpaceX's Falcon 9 and Falcon Heavy reusable first-stage booster rocket systems — is likely of keen interest to China as it attempts to catch up to U.S. leadership in space launch technology."