Water distress

 

Image generated by ChatGPT

Apeldoorn (the Netherlands), Friday 4 October 2024, 18:22 – 70 thousand households receive a mail bomb: the tap water is contaminated with the e.coli bacteria (lovingly referred to in the newspaper as the 'poo bacteria'). We need to boil the water for three minutes before drinking it. We should also use boiled water for brushing our teeth and washing vegetables. [For some context to strangers: tap water is delicious in this country.]

People are rushing to the supermarket en masse to stock up on bottled water. The need is great – in one supermarket people are even fighting over the last few bottles. We see images that we know from faraway countries, with people pushing shopping carts that are filled to the brim. By the end of the evening there are no more bottles for sale anywhere. The next step would be looting. A shopkeeper tells the newspaper how quickly the water was sold out, and that he has ordered not the usual thousand litres (264 US gal), but ten times as much for the next day. The local press photographer captures a car with a boot completely filled with water bottles. I counted them: there are around 140 litres (37 gal) of water in that car.

And us? We stayed home quietly. Because on the one hand we trust that the water company when they say that boiling for a few minutes is sufficient, and on the other hand we have had an emergency supply of drinking water for years, precisely for these kinds of occasions. And we pay attention to the expiration date, so that the water is swapped in time (nevertheless it tastes a bit stale). And there are more things that you better have in the house in case something strange happens. A supply of food is of course obvious; remember that you may not have gas or electricity to prepare it and that you must be able to eat it cold. Rechargeable lamps are only of service as long as there is power - lamps that (also) work on batteries are better, provided you have enough fully charged batteries in the house. A battery-powered radio is handy to stay informed about the progress of the misery.

In IT, this is the field of Business Continuity Management. BCM professionals ensure, among other things, that if something goes terribly wrong, if our IT is hit by a disaster, the impact is limited and we return to normal as quickly as possible. They do this by ensuring that teams responsible for keeping IT services up and running are optimally prepared for eventualities. Plans are ready and these plans are tested. And for major, far-reaching events, they train the crisis management team, so that these people also know what to do if things go completely off track.

As the example of the water distress in Apeldoorn and the surrounding villages indicates, it is also useful to do something about BCM at home (although I would perhaps rather call it HCM: Home Continuity Management). Above I already gave an idea of a shopping list; on the government website denkvooruit.nl you can find even more information. There you can read, for example, that it is also useful to have some cash at home. Because in the event of a massive power failure or network failure, you will no longer be able to shop cashless, and the ATM will also show its sorry screen. Then you are happy if you have emergency cash at home and can still go shopping. [For you strangers: the Netherlands is rapidly transforming into a cashless society, where paying with your phone or debit card is common and where people often don’t have any cash on them.]

But don't start hoarding right away, okay? Here in our city, the mayor had to intervene to call on the population not to grab what you can grab and to take each other into account – let others have some water too, he begged. I had to think back to that video from the covid period, in which a forklift driver, roaring with laughter, drove through an immense warehouse that was filled to the brim with toilet paper. That was the product that we then feared to run out of. The run on water in Apeldoorn is even more remarkable because it is a local problem. Incidentally, many people have already moved to surrounding cities to get water.

Meanwhile, boiling tap water is a great alternative. Admittedly, it is a bit tricky. I am so used to tapping my tea water from the boiling water tap that this morning I looked right past the filled thermos and filled my mug under the tap and only when the tea was ready did I realize that I was wrong. For brushing our teeth, we have a bottle of water in the bathroom, simply because it is more convenient. Boiled water has to cool down before you can use it for such applications.

In the meantime, the water company is busy inspecting four water reservoirs, each containing three million litres of water (792.516 gal). They have to be emptied for this, but it has to be done one by one because else our taps would run dry. That’s why it’s taking so long – at least until the 14th, we have to be suspicious of our tap water. Today (Friday) we’ll get another update. Hopefully with good news. And I’m also curious about the cause. In the meantime, I just wiped my daily apple with a paper towel instead of washing it with water. Oh well, those minor inconveniences.

 

And in the big bad world…

• An American water company has been hacked.
• Dutch police have arrested a dark web drug market administrator.
• of course air-gapped computers can also be hacked.
• Australia has a reporting requirement for paying a ransom in the event of a ransomware attack. [DUTCH]
• Private data and photos of several police officers were also stolen in the major police hack. [DUTCH]
• cybercriminals are trying to steal athletes' loyalty points. [DUTCH]
• The data of 31 million users of The Internet Archive have been stolen.
• The Chinese have hacked the wiretaps of American telecom companies.
• Most Dutch civil servants think they understand cybersecurity. [DUTCH]

 

The Sandman

 

Image from Pixabay

In some countries in the world, criminal organizations kidnap poor devils and force them to send out scams seventeen hours a day, said Nathaniel Gleicher, global head of counter fraud from Meta this week at the annual ONE Conference in The Hague.

Meta, the parent company of Facebook, Instagram and WhatsApp, among others, is not exactly the darling of privacy-minded citizens. But what Gleicher had to say at this conference matters. Because let the above sink in for a moment: people are being held against their will to bombard you, with bags under their red-rimmed eyes, with deceptive messages. In my world, scam refers to deception via false messages. For example, that text message about a troubled delivery, a WhatsApp message that starts with "Hi dad, I have a new phone number" or an email in which "the bank" announces a security check for which they need your cooperation. In short, pretty much everything that can be classified as phishing.

The reprehensible activities of cybercriminals are a problem for Gleicher, because they abuse his platforms. And apart from the moral obligation to do something about it, Meta also has a clear business interest here: if users are confronted with fraud on Instagram over and over again, they will eventually stay away, or at the very least they will become so suspicious that they will no longer click on anything, not even on bona fide contributions. And that means loss in revenues.

Meta divides fraud and scams into three types of problems: actors, behavior, and content. Actors include everything that has to do with false identity: you think a message is from a friend or a celebrity, but in fact there is a criminal behind it. Behavior includes everything a criminal does: deception, spam, even playing on your (romantic) feelings. The content type of problem encompasses celebrity bait, financial deals and charity, to name a few.

Gleicher wants to combat this vigorously, but his billions of normal, well-intentioned users should not suffer too much from it, because that would be bad for business. And so he focuses on the malicious ones. An important part of that is taking down fake accounts as quickly as possible. To do that, they look at the behavior of an account. For example, if a biography states that you live in the Netherlands, but all activity comes from a country far away, that is a red flag. And they use artificial intelligence to detect whether someone is misusing photos of celebrities. Think of a photo of Elon Musk with a golden tip to purchase bitcoins 'via this link' .

Criminals use mechanisms that are intended for honest people. Did you forget your password? Then click on a link and you can set a new password via the email sent to you. But if a criminal has hacked your email, he can do so on your behalf (it is therefore important to realize that your email is by far your most important account). Meta is trying to put a stop to this with innovative developments. For example, they are currently piloting a new method for account recovery: you have to supply a new selfie, which they compare to photos in your profile. The idea behind this is that criminals cannot simply get a fresh selfie of you.

Scams run across multiple layers, such as social media and banks. This makes it difficult for one party alone to recognize scams. At the ONE Conference, Gleicher announced the FIRE program ( Fraud Intelligence Reciprocal Exchange), in which British and Australian banks provide information to Meta. In an earlier phase of the program, this had already led to the removal of some 20,000 fake accounts.

The British talk about throwing a spanner in the works, the Americans throw a wrench, but the Dutch throw sand. Hence the title of this blogpost: Meta throws as much sand as possible in the works of internet criminals. You could say that Gleicher is the sandman of social media.

 

And in the big bad world…

• Meta still has a long way to go. [DUTCH]
• Meta has been heavily fined for insecurely storing millions of passwords.
• American customers of Kaspersky, which has since been banned there, were given an unsolicited installation of a different virus scanner.
• A British nuclear complex has been fined over cybersecurity shortcomings.
• Many solar panel inverters contain a default password, rendering them vulnerable. [DUTCH]
• The Netherlands Cybercrime Monitor has been published. [DUTCH]
• The Netherlands withheld its support for the European CSAM proposal, which aims to combat child pornography by monitoring all devices. [DUTCH]
• Of course, even the police employ people who do not recognize all phishing.
• police officers were on the payroll of an American cybercriminal.
• you may not need a VPN at all.