Went to a Police sponsored Security meeting

[Kurt]

The Feebs were not present.
State PD and MTAPD with one Postal Inspector.
I got Jammies like that Soi Boi.
Its cozy.

Postal Inspectors fly under the radar but I've heard they are pretty serious.

We had some mail stolen in my building. LAPD didn't give a crap about the break in but USPS actually wanted details and a report, plus they turned me onto the cool delivery digest where you can get scans of your incoming mail.

Usually radical right wing groups tend to commit mail fraud and illegal firearms are often sent to NYC (and elsewhere) using the mail. Plus "Gays Against Groomers" have been mailing threatening letters to a gay member of City Hall who was a counter protester against a Drag Queen Story time hour at Lincoln Center.

[Kurt]

What about lead paint?

What? I am your Lead clearing house now?

I was just as surprised to not find that either but I wonder if it is something we were more afraid of since lead oxide is sweet tasting (it was used as a sweetener in Rome) and kids will munch it once they get a taste for it.

Lead in gas was really weird. I remember when it was banned here. I was a car loving young dude and I was convinced that within a year all the classic pre-1972 engines were going to friction themselves to death. Then when they banned lead "supplements" for cars I just assumed that every single car was gonna burn up and we just had to wait for that sad event to happen.

Then nothing. Turns out lead was the biggest con job ever. Not needed, and still killing thousands per year.

Lead paint on the other hand is awesome but I totally understand not having it. My ex girlfriend and I found a door at her house covered in fake wood veneer and removed it and inside was this lavender and green painted door with a metallic sheen to it. It was gorgeous. I could picture an old house lit by candled and oil lamps having bright colors reflected back at them at night. But would'nt want to paid those houses myself that is for sure.

[Alphabet]

The Feebs were not present.
State PD and MTAPD with one Postal Inspector.
I got Jammies like that Soi Boi.
Its cozy.

Postal Inspectors fly under the radar but I've heard they are pretty serious.

We had some mail stolen in my building. LAPD didn't give a crap about the break in but USPS actually wanted details and a report, plus they turned me onto the cool delivery digest where you can get scans of your incoming mail.

Usually radical right wing groups tend to commit mail fraud and illegal firearms are often sent to NYC (and elsewhere) using the mail. Plus "Gays Against Groomers" have been mailing threatening letters to a gay member of City Hall who was a counter protester against a Drag Queen Story time hour at Lincoln Center.

Not the USPS unless you want it lost forever. FedEx employee will steal it.

If you're shipping firearms/drugs on the downlow, UPS is the way. Even if they did check (they don't) the massive volume they deal with would percentage wise be in your favor of package going through undetected.

And lead based paint saved Homer, Marge, Lisa, Bart and Maggie from the nukes, so can't be all that bad.

[Kurt]

The best paint is Paris Green (Copper Arsenide). Apparently U.S Grant has a whole room painted in Paris Green that looked like you were inside of an Emerald.

But it had to be shellacked once per year or the paint would oxidize and turn black and then it would leak arsenic out into the room.

But I bet it looked really cool.

[vagabond]

Looks like the hackers already got you Kurt:

Russian Hackers’ Latest Target Is Cab Dispatch Line at J.F.K., U.S. Says (NYT)

NYT: https://www.nytimes.com/2022/12/20/nyregion/russian-hackers-jfk-taxis.html
Paywall bypass: https://archive.vn/JWaAD#selection-285.0-285.72

Russian hackers have carried out cyberattacks on hospitals, oil and gas companies, a presidential election and a massive fuel pipeline. But cyberwarfare reached a new battlefield on Tuesday when the authorities said that two Queens men working with Russians had been able to hack the electronic taxi dispatch system at Kennedy International Airport.

The goal? To allow taxi drivers in a holding lot waiting to pick up their next fare to jump the line — for a $10 fee.

The Queens men discussed their plans in messages to their Russian counterparts, a federal indictment charged. The defendants credited that nation’s hackers with great technical prowess.

“I know that the Pentagon is being hacked,” one of the defendants, Daniel Abayev, wrote. “So, can’t we hack the taxi industry?”

On Tuesday, Damian Williams, the U.S. attorney in Manhattan, and John Gay, the inspector general of the Port Authority of New York and New Jersey, announced the indictments of Mr. Abayev and another man, Peter Leyman, each 48.

“The Port Authority has zero tolerance for bad actors violating the law at our facilities,” Mr. Gay said in a statement.

The scheme “enabled as many as 1,000 fraudulently expedited taxi trips a day,” the indictment said.

Each defendant was charged with two counts of conspiracy to commit computer intrusion. Mr. Abayev’s lawyer, Matthew Myers, said his client would plead not guilty.

“A proper investigation must be conducted before anyone jumps to conclusions about the involvement or role Mr. Abayev did or did not play in this international matter,” Mr. Myers said.

Full story at NYT link.

[Tarkan]

What about lead paint?

What? I am your Lead clearing house now?

I was just as surprised to not find that either but I wonder if it is something we were more afraid of since lead oxide is sweet tasting (it was used as a sweetener in Rome) and kids will munch it once they get a taste for it.

Lead in gas was really weird. I remember when it was banned here. I was a car loving young dude and I was convinced that within a year all the classic pre-1972 engines were going to friction themselves to death. Then when they banned lead "supplements" for cars I just assumed that every single car was gonna burn up and we just had to wait for that sad event to happen.

Then nothing. Turns out lead was the biggest con job ever. Not needed, and still killing thousands per year.

It's not really a con job, tetraethyl lead (TEL) is a very effective octane booster. It's also the cheapest octane booster. So what if it lowers IQ a few points, right? Straight drip gas (basically ethanes and some benzene mixed in) has an octane of around 50. That doesn't really work in modern high compression engines. Modern refining for commercial gasoline mixes in some pretty gnarly chemicals besides TEL to get the octane up (MBTE for example). When they phased out TEL they phased in other compounds to keep the octane up.

We really should be trying to optimize production of butanol. Unlike ethanol, it doesn't corrode rubber gaskets, emulsify water and destroy IC engines with rust (high temperature steam + high pressure = instant rust). Unlike ethanol, which has about 75% of the energy density of gasoline (with the resulting reduction in mileage per gallon), butanol has almost the exact energy density of gasoline. And, unlike ethanol, it's a drop in fuel for gasoline engines requiring no modification. And it can be created using the same feedstocks as ethanol (i.e., corn). Ok, rant over.

[Kurt]

Here is Jamie Kitman's history of Lead in gas.

https://www.roadandtrack.com/car-cultur ... -gasoline/

https://jalopnik.com/a-brief-history-of ... 1846790331

He and I have similar tastes in cars and food (weird little manual transmission cars and French food)

[Alphabet]

Looks like the hackers already got you Kurt:

Russian Hackers’ Latest Target Is Cab Dispatch Line at J.F.K., U.S. Says (NYT)

NYT: https://www.nytimes.com/2022/12/20/nyregion/russian-hackers-jfk-taxis.html
Paywall bypass: https://archive.vn/JWaAD#selection-285.0-285.72

Russian hackers have carried out cyberattacks on hospitals, oil and gas companies, a presidential election and a massive fuel pipeline. But cyberwarfare reached a new battlefield on Tuesday when the authorities said that two Queens men working with Russians had been able to hack the electronic taxi dispatch system at Kennedy International Airport.

The goal? To allow taxi drivers in a holding lot waiting to pick up their next fare to jump the line — for a $10 fee.

The Queens men discussed their plans in messages to their Russian counterparts, a federal indictment charged. The defendants credited that nation’s hackers with great technical prowess.

“I know that the Pentagon is being hacked,” one of the defendants, Daniel Abayev, wrote. “So, can’t we hack the taxi industry?”

On Tuesday, Damian Williams, the U.S. attorney in Manhattan, and John Gay, the inspector general of the Port Authority of New York and New Jersey, announced the indictments of Mr. Abayev and another man, Peter Leyman, each 48.

“The Port Authority has zero tolerance for bad actors violating the law at our facilities,” Mr. Gay said in a statement.

The scheme “enabled as many as 1,000 fraudulently expedited taxi trips a day,” the indictment said.

Each defendant was charged with two counts of conspiracy to commit computer intrusion. Mr. Abayev’s lawyer, Matthew Myers, said his client would plead not guilty.

“A proper investigation must be conducted before anyone jumps to conclusions about the involvement or role Mr. Abayev did or did not play in this international matter,” Mr. Myers said.

Full story at NYT link.

Yes, the entire military might of Russia is hacking cab drivers in NYC. Because that's a strategic target.

Fucking lol...

Oh, and Nazis.

[vagabond]

Looks like the hackers already got you Kurt:

Russian Hackers’ Latest Target Is Cab Dispatch Line at J.F.K., U.S. Says (NYT)

NYT: https://www.nytimes.com/2022/12/20/nyregion/russian-hackers-jfk-taxis.html
Paywall bypass: https://archive.vn/JWaAD#selection-285.0-285.72

Russian hackers have carried out cyberattacks on hospitals, oil and gas companies, a presidential election and a massive fuel pipeline. But cyberwarfare reached a new battlefield on Tuesday when the authorities said that two Queens men working with Russians had been able to hack the electronic taxi dispatch system at Kennedy International Airport.

The goal? To allow taxi drivers in a holding lot waiting to pick up their next fare to jump the line — for a $10 fee.

The Queens men discussed their plans in messages to their Russian counterparts, a federal indictment charged. The defendants credited that nation’s hackers with great technical prowess.

“I know that the Pentagon is being hacked,” one of the defendants, Daniel Abayev, wrote. “So, can’t we hack the taxi industry?”

On Tuesday, Damian Williams, the U.S. attorney in Manhattan, and John Gay, the inspector general of the Port Authority of New York and New Jersey, announced the indictments of Mr. Abayev and another man, Peter Leyman, each 48.

“The Port Authority has zero tolerance for bad actors violating the law at our facilities,” Mr. Gay said in a statement.

The scheme “enabled as many as 1,000 fraudulently expedited taxi trips a day,” the indictment said.

Each defendant was charged with two counts of conspiracy to commit computer intrusion. Mr. Abayev’s lawyer, Matthew Myers, said his client would plead not guilty.

“A proper investigation must be conducted before anyone jumps to conclusions about the involvement or role Mr. Abayev did or did not play in this international matter,” Mr. Myers said.

Full story at NYT link.

Yes, the entire military might of Russia is hacking cab drivers in NYC. Because that's a strategic target.

Fucking lol...

Oh, and Nazis.

¯\_(ツ)_/¯

I mean, they were indicted.

Now, if it's just that they happen to be working with people of a Russian background vs any sort of state-sanctioned action (which seems doubtful) instead of criminal remains to be seen.

It's like when I first started learning about crypto not because Bitcoin was cool (still isn't) but because of ransomware attacks become more widespread on customers. Behind those attacks were mainly Russian criminal networks. There's not exactly a hard line between them and the state and probably hasn't been since the Tsar got popped.

[Kurt]

APT (Advanced Persistent Threat) groups operate to get money too. So it is kind of like the BFC shitshow a few years ago when some guys (Now dead) met up with conman Vincent Churchill in Cuba to capture Assata Shakur in order to get $1 million from the Government and maybe like $3 million from retired cops from Yonkers and New Jersey. The CIA "knew" about it but was not going to sanction or interfere it since it was technically in US interests to get a fugitive back but they were not going to shell out any cash for semi pros who fucked up or succeeded.

The only time the Russians have arrested hackers of "Foreign" assets was when they hit Russian adjacent stuff or got pressured by Germany and the UK to arrest someone or ??? Who knows how they convinced them.

Hitting Taxi Queueing systems is not a big deal but they hit something and got in at an airport. That is like capturing a Dinghy dock at a naval yard, not a big deal but they are in the yard. They get paid via crime and maybe sell more useful information to someone else.

Or they are just Russian Crims doing Russian crim things, but if we approach it like a paranoid, as Critical Infrastructure people are supposed to do now, we are more likely to catch other groups.

If the Taxi stand stuff went to a Russian IP and payments went to Russia then it is likely not Russian Government. For example, Conti Ransomware (now on vacation for a bit) had infrastructure based in Staten Island and from there the payments went to multiple addresses in Bulgaria but the hosting and IP addresses were located in LA by an Australian company hidden by a DDoS company with one client (Conti) out of Windsor Ontario.
Crypto laundering seemed to end up in Varna Bulgaria with Monero going to Sochi Russia.

Seemed. Still seeing if I can pull the reward $$$ for this but no one is biting yet.

The Taxi people are probably just criminals and this is their "Oh fuck" moment, but for those not busted it might lead to bigger and better things.

[Alphabet]

I know fuck all about the actual application of coding.

What I do actually have some knowledge about is that we can have someone sitting behind a desk in NOVA, attacking the US "from" Russia, and that being the narrative.

Don't act like we haven't faked shit for our own agenda in the past.

[vagabond]

Hitting Taxi Queueing systems is not a big deal but they hit something and got in at an airport. That is like capturing a Dinghy dock at a naval yard, not a big deal but they are in the yard. They get paid via crime and maybe sell more useful information to someone else.

Or they are just Russian Crims doing Russian crim things, but if we approach it like a paranoid, as Critical Infrastructure people are supposed to do now, we are more likely to catch other groups.

Yeah exactly. They've found a path into a system (whether cyber or human) and can exploit it from there. Brainstorm other 'fun' activities from there.

If the Taxi stand stuff went to a Russian IP and payments went to Russia then it is likely not Russian Government. For example, Conti Ransomware (now on vacation for a bit) had infrastructure based in Staten Island and from there the payments went to multiple addresses in Bulgaria but the hosting and IP addresses were located in LA by an Australian company hidden by a DDoS company with one client (Conti) out of Windsor Ontario.
Crypto laundering seemed to end up in Varna Bulgaria with Monero going to Sochi Russia.

Seemed. Still seeing if I can pull the reward $$$ for this but no one is biting yet.

The Taxi people are probably just criminals and this is their "Oh fuck" moment, but for those not busted it might lead to bigger and better things.[/quote]

So you might get a finder's fee for backtracking all that? Not bad :)

The two incidents I have first-hand experience of I don't think we would get very far. One was the aforementioned ransomware, with a secretary probably opening / clicking on something, which luckily didn't spread too far. The second was at a hospital where someone high up in Medical Records had clicked on something 'from' the hospital's lawyer. Led her to a beautiful imitation of a MS 365 login screen but wouldn't accept any of her passwords - used her work and her home backup email / phone number before she had a second thought about it. That's when she called me. She said she had been suspicious of the email he sent at first, had emailed him, and received an email back saying 'it was legit'. That was the attacker emailing her, as they had obviously gained access to the lawyer's inbox. I reported it to our Infosec team and never heard about it again. No idea if the lawyer ever changed anything. Tried to report to HIPAA but they wouldn't let me report anonymously. Oh well.

From my limited understanding, this is how N Korean hackers, who I have to assume cannot operate without state-sanctioning, fund their activities.

[Kurt]

The Norks are all tor end nodes. If a bank is hit and finances drained it is gonna be the Norks converting stolen $$$ to foie gras and caviar for the Kims.

The big one for Norks is also BTC > Monero > BTC > Rhingit > Dollar conversions starting with ransomware.

With Quantum computing around the bend the US and Japan could probably bankrupt Kim's spending cash but there is too much money to be made converting crime money to real money after it has been washed a few times via "technically hard currency" like Malaysian but that people still want to convert to dollars.

I did a report on Quantum computing and Operational Technology where I wrote in 4 pages "Why fucking bother?" since Operational Tech and Industrial Control Systems are so slow to upgrade and update anyway (most of the systems I work with can still be cracked by a laptop while playing a shoot em up game.) but to kill cryptocurrency. That would be really something.

[vagabond]

The Norks are all tor end nodes. If a bank is hit and finances drained it is gonna be the Norks converting stolen $$$ to foie gras and caviar for the Kims.

The big one for Norks is also BTC > Monero > BTC > Rhingit > Dollar conversions starting with ransomware.

With Quantum computing around the bend the US and Japan could probably bankrupt Kim's spending cash but there is too much money to be made converting crime money to real money after it has been washed a few times via "technically hard currency" like Malaysian but that people still want to convert to dollars.

I did a report on Quantum computing and Operational Technology where I wrote in 4 pages "Why fucking bother?" since Operational Tech and Industrial Control Systems are so slow to upgrade and update anyway (most of the systems I work with can still be cracked by a laptop while playing a shoot em up game.) but to kill cryptocurrency. That would be really something.

As someone remarked on HackerNews when discussing the Southwest meltdown, we, the public, don't want to know the amount of systems that are archaic and held together by retiring greybeards and hope. Hospital systems and, from what I understand, banking, is not much different.

Crypto still seems like a 'solution in search of a problem'. It's great for criminals though. Saw a sad and unintentionally funny long post on LinkedIn where this guy was warning of a job scam he fell for. He said in one part:

"I chatted with a friend from Binance. Her feedback was: "everything in the crypto world is quite shady and new. Is not that awkward receiving a job offer in 24h."

Like...is that not already a red flag? If it's open secret that the entire industry you're considering working in knows it's shady?

Really interesting about the N Koreans. Any idea why they're willing to take off a percentile exchanging BTC to another coin and back to BTC? Thought the whole point of going with BTC is that it's untraceable after you've received it so could just convert and extract in whatever currency you need.