RISKS-LIST: Risks-Forum Digest Monday 1 April 2024 Volume 34 : Issue 12
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, founder and still moderator
***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <
http://www.risks.org> as
<
http://catless.ncl.ac.uk/Risks/34.12>
The current issue can also be found at
<
http://www.csl.sri.com/users/risko/risks.txt>
Contents: somewhat backlogged, but No Fooling yet today!
Two major losses (PGN)
America's Nuclear War Plan in the 1960s Was Utter Madness.
It Still Is. (Mother Jones)
FDA Warning Links Heart Pump to Deaths (Christina Jewett)
Persist (NYTimes)
Ransomeware Attack Against UnitedHealth Shows Flaws in Cybersecurty
Iowa fertilizer spell kills 750K fish in Iowa and Missouri over
60-mile stretch of rivers (NYTimes)
Red Hat Fedora 41 hacked (Tom Van Vleck)
Unpatchable vulnerability in Apple chip leaks secret encryption keys
(ArsTechnica via Gabe Goldberg, Gabe Goldberg)
The race between positive and negative applications of Generative
AI is on - and not looking pretty (Gary Marcus via Gabe)
U.S. Military's Investments into AI Skyrocket (Will Henshall)
AI bots hallucinate software packages and devs download them
(Steve Bacher via The Register)
OpenAI Reveals but Will Not Release Human Voice Cloning Feature (WSJ)
The Online Degradation of Women and Girls That We Meet With a Shrug
(The New York Times)
America's first biometric 'smart gun' is finally here. Will it work?
(SmartGun)
Hackers Found a Way to Open Any of 3 Million Hotel Keycard Locks in Seconds
(WiReD)
AT&T Resets Millions of Passcodes After Customer Records Are Leaked
(Jan Wolitzky)
Time for Social Engineering Training (Kingfish1935 via Ben Moore)
Internet Age Verification schemes -- e.g., Florida's new law
(Lauren Weinstein)
Scientists aghast at bizarre AI rat with huge genitals in peer-reviewed
article (ArsTechnica)
Israel Deploys Expansive Facial Recognition Program in Gaza (NYTimes)
Facebook snooped on users' Snapchat traffic in secret project,
documents reveal (TechCrunch)
Elon Musk's Starlink Terminals Are Falling Into the Wrong Hands?
(Henry Baker)
Explanations of Australian emergency phone number failure (John Colville) Abridged info on RISKS (comp.risks)
----------------------------------------------------------------------
Date: Sat, 30 Mar 2024 9:02:31 PDT
From: Peter Neumann <
neumann@csl.sri.com>
Subject: Two major losses
Ross Anderson
https://twitter.com/duncan_2qq/status/1773752269395099774 https://alecmuffett.com/article/109513
From Ross's University of Cambridge:
Ross pioneered the field of security engineering. Our students were very
fortunate to learn from him over the last few years. In fact, he gave 2
seminars just last Wednesday. He researched many topics within computer
science including cryptology, steganography, dependability, security
economics, adversarial machine learning and more. Ross also used his
position as a researcher to actively advocate for a more secure
world. This included championing individual privacy rights, research into
payments security in developing countries, and protecting vulnerable
people from scams. On a personal level, he will be greatly missed by
students and staff.
Dan Lynch
https://www.nytimes.com/2024/03/31/technology/daniel-c-lynch-dead.html?unlocked_article_code=1.hE0.tCVR.8ASMr_sTSh3W&smid=url-share
Dan's era was long before Ross's. Lauren Weinstein had this note: Dan
Lynch, one of the key people involved in building the Internet and ARPANET
before it, has died. Dan was director of computing facilities at SRI
International, where ARPANET node #2 was located. He worked on
development of TCP/IP, and where the first packets were received from our
site at UCLA node #1 to SRI, and later at USC-ISI led the team that made
the transition from the original ARPANET NCP protocols to TCP/IP for the
Internet. And much more.
https://www.internethalloffame.org/inductee/dan-lynch/
Both of them were major figures in their respective eras, and wonder
friends, Ross much too young at 56, Dan at 82.
------------------------------
Date: Thu, 28 Mar 2024 13:11:21 -0400
From: Gabe Goldberg <
gabe@gabegold.com>
Subject: America's Nuclear War Plan in the 1960s Was Utter Madness.
It Still Is. (Mother Jones)
We rarely consider the dangers these days, but our existence depends on it.
Nuclear war is the only scenario other than an asteroid strike that could
end civilization in a matter of hours. The soot from burning cities and
forests will blot out the sun and cause a nuclear winter. Agriculture will fail. State-of-the-art climate modeling predicts five billion humans will
die. In the words of Nikita Khrushchev, the survivors will envy the dead.
https://www.motherjones.com/politics/2024/03/nuclear-war-scenario-book-siop-weapons-annie-jacobsen/
------------------------------
Date: Sat, 30 Mar 2024 12:07:54 PDT
From: Peter Neumann <
neumann@csl.sri.com>
Subject: FDA Warning Links Heart Pump to Deaths (Christina Jewett)
Christina Jewett, *The New York Times*, 30 Mar 2024
A troubled Impella heart pump that has now been linked to 49 deaths
and dozens of injuries worldwide will be allowed to remain in use,
despite the FDA's decision to issue an alert about the risk that it
could puncture a wall of the heart.
The FDA said Abiomed (the manufacturer of the device) should have
notified the agency more than two years ago, when the company first
posted an updatte on its website about the perforation risk. [Abiomed
was then acquired by Johnson and Johnson in 2022.] [Half-page article
PGN-ed]
``To say that you're addressing 49 deaths by saying `be careful' is not addressing the problem at all.'' Rita Redberg, UCSF cardiologist and professor.
------------------------------
Date: Sat, 30 Mar 2024 18:23:42 PDT
From: Peter Neumann <
neumann@csl.sri.com>
Subject: Ransomeware Attack Against UnitedHealth Shows Flaws in Cybersecurty
Persist (NYTimes)
Reed Ableson and Margot Sanger-Katz, *The New York Times*, 30 Mar 2024
The recent cyberattack on the billing and payment colossus Change Healthcare (Making Change as well as Changing Healthcare?) revealed just how serious
the vulnerabilities are throughout the U.S. healthcare system, and alerted industry leaders and policymakers in the urgent need for better digital security.
[They clearly have not been reading RISKS for any of the past 38 years!
And this is on top of HIPAA, where none of the systems are secure enough
to begin with and privacy is a huge problem already. PGN]
------------------------------
Date: Sat, 30 Mar 2024 14:44:31 PDT
From: Peter Neumann <
neumann@csl.sri.com>
Subject: Iowa fertilizer spell kills 750K fish in Iowa and Missouri over
60-mile stretch of rivers (NYTimes)
Mitch Smith and Catrin Einhorn (*The New York Times, 30 Mar 2024)
Single valve left open over a weekend.
Lessons from our RISKS community need to be practiced elsewhere.
Flow control Systems? Probably none.
Monitoring? Probably none.
Diagnostics? Probably none.
Risks to human and other lives? Rampant.
[Einhorn is Unicorn in German. I am delighted Einhorns are not totally
extinct, with two in the same issueq. Katrin and Bruce (below) need to
work together -- if they are not already. PGN]
------------------------------
Date: Fri, 29 Mar 2024 15:16:48 -0400
From: Tom Van Vleck <
thvv@multicians.org>
Subject: Red Hat Fedora 41 hacked
Red Hat Fedora 41 had a backdoor installed.
The latest version of the "xz" compression tools and libraries had
malicious code inserted that appears to attack SSH authentication. CVE-2024-3094
Some details at
https://www.openwall.com/lists/oss-security/2024/03/29/4
[Hassen Saidi remarked on the fascinating story:
https://boehs.org/node/everything-i-know-about-the-xz-backdoor
Victor Miller noted
https://infosec.exchange/@tinker/112181161329268317
and Technologist vs spy: the xz backdoor debate
https://lcamtuf.substack.com/p/technologist-vs-spy-the-xz-backdoor
PGN]
------------------------------
Date: Sun, 24 Mar 2024 18:18:12 -0400
From: Gabe Goldberg <
gabe@gabegold.com>
Subject: Unpatchable vulnerability in Apple chip leaks secret encryption
keys (Ars Technica)
Are these exotic/esoteric threats meaningful in the real
non-high-value-target world?
How is it weaponized?
The attack, which the researchers have named GoFetch
<
https://gofetch.fail/>, uses an application that doesnt require root access, only the same user privileges needed by most third-party
applications installed on a macOS system. M-series chips are divided into
what are known as clusters. The M1, for example, has two clusters: one containing four efficiency cores and the other four performance cores. As
long as the GoFetch app and the targeted cryptography app are running on the same performance clustereven when on separate cores within that clusterGoFetch can mine enough secrets to leak a secret key. [...]
End users who are concerned should check for GoFetch mitigation updates that become available for macOS software that implements any of the four
encryption protocols known to be vulnerable. Out of an abundance of caution, its probably also wise to assume, at least for now, that other cryptographic protocols are likely also susceptible.
https://arstechnica.com/security/2024/03/hackers-can-extract-secret-encryption-keys-from-apples-mac-chips/
...so attacker must get malware installed, THEN it gathers data, THEN it
exfiltrates it?
------------------------------
Date: Sun, 24 Mar 2024 18:55:47 -0400
From: Gabe Goldberg <
gabe@gabegold.com>
Subject: Unpatchable vulnerability in Apple chip leaks secret
encryption keys
Well, friend answered:
Cloud is a big issue here, since you may be running on a CPU with other customers.
Lots of threats are relatively low-risk; the thing is, those risks can
be additive. I forget who, but someone talks about a Swiss cheese model: you take a bunch of minor risks, each of which is a small hole
in the cheese, and sometimes they line up, leaving a hole all the way
through. Those of you who have read /Normal Accidents/ will recognize
this failure chain concept.
So yeah, MY machines aren't running other folks' stuff, or unvetted applications, so I probably don't care. But your bank might be (yes,
banks are doing cloud too, more fools they. ...)
------------------------------
Date: Fri, 29 Mar 2024 16:13:02 -0400
From: "Gabe Goldberg" <
gabe@gabegold.com>
Subject: The race between positive and negative applications of Generative
AI is on - and not looking pretty
Lets look at the race itself first. Opinions could vary, but in my
opinion, the race is not going great. One the one hand, we have big
promises for AI helping in domains like medicine, and computer
programming, but the inherent unreliability in these systems is deeply worrisome. An example in a story I just saw that could unravel some of
the gains in programming is this: [...]
From a security perspective, thats terrifying. If lots of code gets
written, fast, but that code is riddled with security problems, the net
advantage on the positive side of the ledger may be less than anticipated.
As noted here before, one study indicates that code quality is going down.
https://garymarcus.substack.com/p/the-race-between-positive-and-negative
------------------------------
Date: Mon, 1 Apr 2024 11:09:41 -0400 (EDT)
From: ACM TechNews <
technews-editor@acm.org>
Subject: U.S. Military's Investments into AI Skyrocket (Will Henshall)
Will Henshall, *Time*, 29 Mar 2024, via ACM TechNews
The Brookings Institution reported a nearly 1,200% surge in the potential
value of AI-related U.S. government contracts, from $355 million in the year ending in August 2022 to $4.6 billion in the year ending in August 2023. The U.S. Department of Defense accounted for the majority of the total, with
$557 million committed by the agency to AI-related contracts, rising to $4.3 billion if each contract were extended to its fullest terms.
[How much of that will be devoted to evidence-based assurance of low-risk
AI's total-system trustworthiness? Close to ZERO, if past experience is
any guide. This fantastic AI spurge sounds like the definition of a
sailboat -- a hole in the ocean into which you pour money. PGN]
------------------------------
Date: Sat, 30 Mar 2024 06:57:29 -0700
From: Steve Bacher <
sebmb1@verizon.net>
Subject: AI bots hallucinate software packages and devs download them
Simply look out for libraries imagined by ML and make them real, with
actual malicious code. No wait, don't do that.
https://www.theregister.com/2024/03/28/ai_bots_hallucinate_software_packages/
------------------------------
Date: Mon, 1 Apr 2024 08:42:23 -0700
From: "Peter G. Neumann" <
peter.neumann@sri.com>
Subject: OpenAI Reveals but Will Not Release Human Voice Cloning Feature
https://www.wsj.com/tech/ai/openai-reveals-audio-feature-that-clones-human-voices-30f066ea?st=765urbqcxvhpuxs&reflink=desktopwebshare_permalink
------------------------------
Date: Sat, 23 Mar 2024 11:20:13 -0400
From: Monty Solomon <
monty@roscom.com>
Subject: The Online Degradation of Women and Girls That We Meet With a Shrug
https://www.nytimes.com/2024/03/23/opinion/deepfake-sex-videos.html
------------------------------
Date: Sat, 23 Mar 2024 16:00:52 -0700
From: Steve Bacher <
sebmb1@verizon.net>
Subject: America's first biometric 'smart gun' is finally here. Will it work?
(
*Biofire says its gun will be in people's hands this month. The company
has walked a careful line to avoid blowback from the gun-rights movement*
The company behind Americas first biometric smart gun one that
fires only when gripped by authorized users will face a crucial test
in the coming weeks.
After decades of failed attempts by other manufacturers to bring a reliable smart gun to market, Biofire, a Colorado-based startup, says its shipping its first batch of 9 mm handguns equipped with fingerprint and facial-recognition technology by the end of the month. The companys smart gun is designed to serve a very specific purpose: a weapon that can be
quickly accessed to defend against a home intruder, but that cant be used by anyone unauthorized, particularly children.
As Biofire markets its gun to firearm enthusiasts and skeptics alike, the company is walking a careful line to avoid the massive blowback from the gun-rights movement that derailed previous iterations of smart guns.
Gun control advocates have long seen biometric technology as a game changer
for reducing gun violence, and Biofire has drawn their praise by emphasizing safety and the need to prevent children from accessing guns. At the same
time, the company has built ties with the gun industry and opposes any government mandates <
https://smartgun.com/explore/videos/biofire-s-stance-on-mandates> to
require biometric features in guns, trying to head off fears that the technology is a Trojan horse for gun control.
So far, Biofires approach has been received with a mix of cautious optimism, curiosity and distrust. But the most important question wont be fully answered until the gun is in peoples hands: Does it really work? [...]
https://www.nbcnews.com/news/us-news/biofire-smart-gun-biometric-safety-rcna143637
------------------------------
Date: Sun, 24 Mar 2024 01:40:37 -0400
From: Gabe Goldberg <
gabe@gabegold.com>
Subject: Hackers Found a Way to Open Any of 3 Million Hotel Keycard
Locks in Seconds (WiReD)
The company behind the Saflok-brand door locks is offering a fix, but it
may take months or years to reach some hotels.
https://www.wired.com/story/saflok-hotel-lock-unsaflok-hack-technique
------------------------------
Date: Sat, 30 Mar 2024 19:49:43 -0400
From: Jan Wolitzky <
jan.wolitzky@gmail.com>
Subject: AT&T Resets Millions of Passcodes After Customer Records Are
Leaked
The telecommunications giant AT&T announced on Saturday that it had reset
the passcodes of 7.6 million customers after it determined that compromised customer data was *released on the dark web*. ``Our internal teams are
working with external cybersecurity experts= to analyze the situation. To
the best of our knowledge, the compromised data appears to be from 2019 or earlier and does not contain personal financial information or call
history.'' [...]
https://www.nytimes.com/2024/03/30/business/att-passcodes-reset-data-breach.html
[Also noted by Gabe Goldberg and Matthew Kruk. Thanks! PGN]
------------------------------
From: Ben Moore <
ben.moore@juno.com>
Date: Tue, 26 Mar 2024 21:55:34 -0500
Subject: Time for Social Engineering Training
Based on a spoofed e-mail, a county comptroller paid $2.7 million to a man
with a thick Middle-Eastern accent in Germany. I think it's time for a
little social engineering training.
https://kingfish1935.blogspot.com/2024/03/madison-county-scammed-out-of-27-million.html
------------------------------
Date: Mon, 25 Mar 2024 17:35:54 -0700
From: Lauren Weinstein <
lauren@vortex.com>
Subject: Internet Age Verification schemes -- e.g., Florida's new law
It's important to understand that "age verification" schemes being
passed by states, ostensibly to "protect the children", won't do that
and will bring about incredible abuses.
In order to age verify children, obviously EVERYBODY of any age must
be verified, for every account, under every name or pseudonym,
ultimately on every site no matter how public or private the topic,
and before downloading any apps.
Children will find ways to work around this. They'll use the accounts
of adults, which will be openly traded. But because these age
verification systems must by definition be based on government IDs,
the verification process creates a linkage between your account names
and your actual identity, subjecting you to all manner of leaked
personal information, government abuses (think MAGA in charge), and
worse. Firms will claim their systems either don't keep this data or
can't be abused. History strongly suggests otherwise, and when courts
step in, those firms will have to do what the courts say, often in
secret, when it comes to collecting data.
Age verification is in actuality a massive Chinese-style Internet
identity tracking project -- nothing less -- and there are many
politicians in the U.S. who look with envy at how China controls their
Internet and keeps their Internet users under police state controls. -L
------------------------------
Date: Sun, 31 Mar 2024 06:55:02 -0700
From: Steve Bacher <
sebmb1@verizon.net>
Subject: Scientists aghast at bizarre AI rat with huge genitals in
peer-reviewed article
It's unclear how such egregiously bad images made it through peer-review.
https://arstechnica.com/science/2024/02/scientists-aghast-at-bizarre-ai-rat-with-huge-genitals-in-peer-reviewed-article/
[Maybe it was pier-reviewed as the rats were leaving the ship. PGN]
------------------------------
From: Jan Wolitzky <
jan.wolitzky@gmail.com>
Date: Wed, 27 Mar 2024 07:14:27 -0400
Subject: Israel Deploys Expansive Facial Recognition Program in Gaza
(The New York Times)
The experimental effort, which has not been disclosed, is being used to
conduct mass surveillance of Palestinians in Gaza, according to military officials and others.
The facial recognition program, which is run by Israel's military
intelligence unit, including the cyber-intelligence division Unit 8200,
relies on technology from Corsight, a private Israeli company, four intelligence officers said. It also uses Google Photos, they said.
Combined, the technologies enable Israel to pick faces out of crowds and
grainy drone footage.
https://www.nytimes.com/2024/03/27/technology/israel-facial-recognition-gaza.html?unlocked_article_code=1.f00.UuRb.B3-bbKoxaWrf&smid=url-share
[False positives? negatives? undecideds? Basically unreliable? PGN]
------------------------------
Date: Tue, 26 Mar 2024 14:24:10 -0700
From: Lauren Weinstein <
lauren@vortex.com>
Subject: Facebook snooped on users' Snapchat traffic in secret project,
documents reveal (TechCrunch)
https://techcrunch.com/2024/03/26/facebook-secret-project-snooped-snapchat-user-traffic/
------------------------------
Date: Tue, 26 Mar 2024 14:34:52 +0000
From: Henry Baker <
hbaker1@pipeline.com>
Subject: Elon Musk's Starlink Terminals Are Falling Into the Wrong Hands?
For many years in the 1970's, a (physical) bulletin board at MIT's AI Lab had an article posted with the headline 'ARPAnet accused of transmitting data'.
I'm sure that there must have been many articles in the 1920's with the headline 'Henry Ford's Automobiles are Falling into Criminal Hands', and
many articles in the 1700's with the headline 'Johannes Gutenberg's Printing Presses are falling into Papist Hands'.
https://www.freep.com/story/money/cars/ford/2019/02/09/bonnie-clyde-chestnut-barrow-ford/2812888002/
"I have drove Fords exclusively when I could get away with one." signed
"Yours truly Clyde Champion Barrow." [of 'Bonnie & Clyde' fame]
Criminals breath air, drink water, eat food, use the telephone, drive the roads, etc., -- in short -- they utilize everything that non-criminals do in order to commit their crimes. But restricting access to air, water, food,
etc., hurts everyone a lot more than it hurts criminals -- we cut off our
nose to spite our face.
Once again, be very, very, very careful what you wish for when you start to regulate technology that everyone wants (and needs) to use.
https://www.yahoo.com/news/elon-musk-starlink-terminals-falling-210028713.html
Elon Musk's Starlink Terminals Are Falling Into the Wrong Hands
Bruce Einhorn, Loni Prinsloo, Marissa Newman and Simon Marks
Mon, March 25, 2024 at 2:00 PM PDT
(Bloomberg) -- SpaceX's Starlink touts its high-speed internet as
``available almost anywhere on Earth.'' In the real world, its reach
extends to countries where Elon Musk's satellite-enabled service has no agreement to operate, including territories ruled by repressive regimes. A Bloomberg News investigation identified wide-spanning examples of Starlink
kits being traded and activated illegally. How they are smuggled and the
sheer availability of Starlink on the black market suggests that its misuse
is a systemic global problem, raising questions about the company control of
a system with clear national security dimensions. In Yemen, which is in the throes of a decade-long civil war, a government official conceded that
Starlink is in widespread use. Many people are prepared to defy competing warring factions, including Houthi rebels, to secure terminals for business
and personal communications, and evade the slow, often censored internet service that's currently available. Or take Sudan, where a year-long civil
war has led to accusations of genocide, crimes against humanity and millions
of people fleeing their homes. With the regular internet down for months, soldiers of the paramilitary Rapid Support Forces are among those using the system for their logistics, according to Western diplomats. ``It is deeply concerning because it's unregulated and headed by a private company, Emma Shortis, a senior researcher in international and security affairs at the Australia Institute, an independent think tank in Canberra, said of the Starlink system. ``There's no accountability on who has access to it and how it's being used.'' Starlink delivers broadband Internet beamed down from a network of roughly 5,500 satellites that SpaceX started deploying in
2019. With some 2.6 million customers already, Starlink has the potential to become a major moneymaker for SpaceX, a company that began as Musk's way to fulfill his dream of exploring Mars and has now become the most important private-sector contractor to the US government's space program and a
dominant force in national security. Musk, until recently the world's
richest person, has said there will be a cap to how much money SpaceX's
launch services business will make, while Starlink could eventually reach revenue of $30 billion a year. Starlink plans to launch tens of thousands of additional satellites to connect places that are too remote for ground-based broadband or that have been cut off by natural disasters or conflict. But given the security concerns around a private American company controlling Internet service, SpaceX first needs to strike agreements with governments
in each territory. Where there are none, people are ``proceeding to use Starlink without the proper coverage'' that is quite illegal and of course should not be allowed, but it's difficult to control and manage,'' said
Manuel Ntumba, an Africa geospatial, governance and risk expert based in New York. In central Asia, where Starlink deals are rare, a government
crackdown on illicit terminals in Kazakhstan this year has barely made a
dent on its use. All it did was lead to higher prices on the black market, according to a trader who imports the gear and who didn't want to speak publicly for fear of retribution. Prior to the government intervention, customers were able to buy the company's equipment and have it shipped via
the local postal service, the trader said. SpaceX didn't respond when asked
to comment on a written list of questions submitted on Thursday. ``If
SpaceX obtains knowledge that a Starlink terminal is being used by a
sanctioned or unauthorized party, we investigate the claim and take actions
to deactivate the terminal if confirmed,'' the company said in a post on X
in February. The growing black market for Starlink has emerged in regions
with patchy connectivity, where the allure of high speed, dependable
Internet in an easy-to-use package is strong for businesses and consumers alike. In many ways, it's Starlink's effectiveness as a communications tool that has made it such a sensitive matter. The US military is a customer: The Air Force has been testing terminals in the Arctic, calling them *reliable
and high-performance*. Those same properties made it vital to Ukraine's military in its defense against invading Russian forces. SpaceX provided the technology to Kyiv in the early days of Russia's invasion, and Starlink has since become crucial to the Ukrainian communications infrastructure. The US Departcment of Defense later struck a deal with Starlink to supply Ukraine
with equipment, the terms of which were not made public. Then in February
of this year, Ukraine said that Russia was deploying Starlink in its own war efforts, while unverified posts on X, Musk's social network, appeared to
show Russian soldiers unpacking kits. Two House Democrats wrote a letter to SpaceX President Gwynne Shotwell pressing her on Ukraine's claims. ``To the best of our knowledge, no Starlinks have been sold directly or indirectly to Russia,'' Musk wrote on X. Itquo;s the uncertainty about where the
satellite dishes are landing that as security officials around the world concerned. Starlink kits are being sold for use in Venezuela, where individuals and entities have been subject to US sanctions for almost a
decade, most recently under President Nicolas Maduro's authoritarian rule. A map of coverage areas on Starlink's website shows the South American nation blacked out. Yet social media ads promote package deals for Starlink
equipment, which is widely available and admired for its reliability and portability in a country of isolated cattle ranches and gold mines. SpaceX should be able to prevent Russian use of Starlink in occupied Ukraine, since ``basically every single transmitter can be identified,'' said Candace
Johnson, director at NorthStar Earth & Space Inc., a Montreal company that
in January successfully launched four satellites -- on a rocket from SpaceX competitor Rocket Lab USA Inc. -- to identify and track objects in space. ``There needs to be more accountability: to your country, to your company,
to your shareholders, to your stakeholders,'' said Johnson, who is also a partner with Seraphim Capital, a venture-capital firm that invests in space startups. In North Africa, Starlink's use in Sudan shows how terminals
arrive in a country subject to international sanctions. There has been no Internet in Sudan since early February. Both the Sudanese Armed Forces and Rapid Support Forces have blamed each other for cutting the service while
the CEO of Zain Sudan, a mobile operator, said his company's engineers had
been prevented from reaching parts of the country to reconnect the network
due to insecurity and a lack of fuel. To bypass the blackout, members of
the RSF and local business owners have smuggled Starlink devices into
Sudan's Darfur region using an organized network that registered the units
in Dubai before transporting them into Uganda by airplane and then by road
to Sudan via South Sudan, according to interviews with Western diplomats and business owners using the devices.
Gold miners in remote areas along the borders of South Sudan and the Central African Republic were provided with Starlink services even prior to the war
by traders working in South Darfur's Nyala City. Starlink says on its
website that a ``service date is unknown at this time'' for Sudan.
Haroun Mohamed, a trader in Nyala who transports goods across the border to Chad and South Sudan, said the use of Starlink by RSF soldiers and civilians was widespread. ``Ever since the eruption of war in Darfur, a lot of people
are bringing in Starlink devices and use it for business. People are paying between $2 or $3 per hour, so it's very good business.''
In South Africa, where Musk was born, the government hasn't yet approved Starlink's application to operate. But that hasn't prevented a flourishing trade in terminals there. Facebook groups feature providers that offer to
buy and activate the kits in Mozambique, where it is licensed, and then
deliver them over the border to South African customers.
There were enough users of the service in the country as of Nov. 28 that the regulator felt the need to issue a statement reminding people that Starlink
has no license for South Africa. Unlawful use could result in fines of as
much as 5 million rand ($265,000), or 10% of annual turnover.
Regulators in other countries in Africa have issued similar
warnings. Ghana's National Communications Authority in December released a statement demanding that anyone involved in selling or operating Starlink services in the country ``cease and desist immediately.''
In Zimbabwe, authorities threatened raids in response to online advertising
for Starlink equipment, H-Metro newspaper reported in January. Prices for Starlink gear on the black market ranged from $700 to $2,000, according to local technology blog Techzim. Government officials in Ghana and Zimbabwe
have recently said they hope to allow licensed service.
Countries have different reasons for declining to cooperate with Starlink, including stipulations that it have a local partner and concerns around data use.
Starlink service is currently available --legally -- in eight countries in sub-Saharan Africa, and the US company has big plans to build its user
base. It is working with local marketing partners such as Jumia Technologies AG, an e-commerce company backed by Pernod Ricard SA that has an agreement
to sell Starlink equipment for residential use in Nigeria and Kenya. There
has been significant demand, with the first shipment to Nigeria selling out
in a few hours, according to Chief Commercial Officer Hisham El Gabry.
``Jumia is aware that there are some unofficial distributors of these
kits,'' El Gabry said in an interview. While the number of devices is not
yet at an alarming level, ``it is a point of discussion between us and
Starlink that this needs to be brought under control,'' he said. Jumia verifies customers, and cancels orders if they are going to traders or
[continued in next message]
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)