How I hacked the government (it was easier than you may think)

first_img Inside the hacked U.S. election “Most of those websites really just have a text box for your public comments and then a submit button,” he said.In the course of writing the Tech Science paper, Weiss realized that cybersecurity experts have been sounding the alarm on federal website vulnerability for years, but previous transgressions had used relatively unsophisticated substitution methods. “In 2017, there were 22 million comments posted for the FCC proposal to repeal net neutrality,” he recalled. “And it was found that 96 percent of those were part of duplicative campaigns.”Weiss used AI methods to generate a high volume of unique Deepfake comments about a proposed Medicaid waiver. He then wrote a program that automated the submission process, and ran it from a laptop in his dorm room over the course of a few days. He submitted more than 1,000 fake comments that comprised 55 percent of the total submissions and that were found by survey respondents to be indistinguishable from human comments. Afterward, he notified the federal Centers for Medicare and Medicaid Services which comments were part of his demonstration to prevent their interference with authentic public comment evaluation.Among the scarier revelations was Weiss’ admission that he was successful without being an expert coder and without special equipment. “I’ve learned to code in the last four years, just through a series of personal projects and summer jobs, and one class,” said Weiss, who has taken some courses in the new program in technology science. “I think one of the very important findings from the study is that someone like me who’s a very novice coder was able to Google his way through hacking the government. Max Weiss ’20 never intended to hack the government. His discovery of how easy it is to do — outlined in a new paper he authored — came of the best of intentions.Weiss, a government concentrator from Cincinnati, was doing advocacy work for state expansion and defense of Medicaid last summer, a project that combined his interests in public policy and health care. While studying the ways in which various advocacy groups can influence pending legislation, he learned how valuable such groups find the federal government’s comment period, when members of the public are invited to weigh in on new or pending legislation via online forms. He realized how easy it would be to manipulate the results using bots — computer programs that generate automated responses — to flood the sites with fake responses for or against any proposal.The 21-year-old detailed his findings in a recent Technology Science piece, “Deepfake Bot Submissions to Federal Public Comment Websites Cannot Be Distinguished from Human Submissions.”“We were spending a lot of time and energy getting high-quality comments from constituents,” said Weiss. “I wanted to make sure these federal agencies understood the potential consequences of their policies, and I had the idea that I could use a bot and submit a lot of fake comments.”He paused, recognizing that corrupting the process was fraught: “This would be bad for democracy.”But the Leverett House resident couldn’t shake the idea, and he began to research the feasibility of such a scheme. Turns out submission is easy to automate. Federal agencies have some leeway to discount comments that are obviously duplicated or irrelevant. But the typical technological defenses against attack, including CAPTCHAS, anomaly detection, and outside verification — all of which are integrated into online activity from banking to email log-in — were pretty much absent. “One of the very important findings from the study is that someone like me who’s a very novice coder was able to Google his way through hacking the government.” — Max Weiss ‘We know’ Russia hacked election Panelists at Kennedy School discuss DNC attacks and wider vulnerabilities Related The Daily Gazette Sign up for daily emails to get the latest Harvard news. In Harvard remarks, Sen. Angus King also says such cyberattacks can happen again An analyst on Russian security issues explains how the U.S. probe likely played out, and where it may yet lead As Americans vote, will hackers pounce? “I’ve always been very interested in public policy,” said Weiss, who also enjoys writing and performing comedy. “Most of my government study has been in health policy or in technology policy or public interest technology, so this was just kind of a synthesis of a lot of different things that I’d learned in the Government Department and just some personal tech projects that I have done in the past.”“Max did groundbreaking work, exactly the kind of real-world-impact work we encourage our students to do” in technology science classes, said Latanya Sweeney, professor of government and technology in residence and director of the Data Privacy Lab at the Institute for Quantitative Social Science, who serves as editor-in-chief of Technology Science. “Thanks to Max’s work, several groups within the federal government are now actively making changes to combat these kinds of vulnerabilities,” she added.last_img read more

Winterize outdoor pipes

first_imgBy Brad HaireUniversity of GeorgiaFreezing temperatures will likely hit north Georgia later this month and begin to creep down to south Georgia in November. It’s time to think about properly winterizing outdoor pipes and lawn sprinklers. A few precautions now can save a lot of time, money and headaches later.Freezing temperatures can cause the water in an exposed pipe to expand. If the water expands too much, the pipe bursts.”With home irrigation systems, you probably wouldn’t know you had any pipe damage until you turned it on for the first spring watering,” said Kerry Harrison, a University of Georgia Cooperative Extension irrigation specialist.Most in-ground sprinkler pipes will be OK. Only the top 2 inches of the ground will freeze in most of Georgia. Pipes should be well below this level. Other irrigation components, such as backflow-prevention valves, are at ground level, though, and could be in danger.If any exposed valves or pipes are around your home, tape them up or “use a good old sack to wrap them,” Harrison said. Home-improvement stores have many tapes, foams and gadgets to keep these pipes warm on cold, winter nights.The tips of sprinkler heads can hold water. When frozen, they can rupture. The whole sprinkler system holds water, too, even when it isn’t being used. Don’t forget to drain the system, Harrison said. If you don’t drain it properly in the winter, your sprinkler could be a geyser when you turn it on next spring.”Arrangements should have been made in the installation process to have a way to drain those lines that would hold water through a buried valve in a pit,” he said.If you bought a home with an installed irrigation system, find this drain valve. Some systems are equipped with automatic drain valves.Don’t forget about outside water hoses. Just do one of two things:* Leave the hoses hanging outside. But disconnect them from faucets.* Disconnect, drain and store hoses someplace with a constant temperature. This will prolong the life of the hoses.If you leave hoses undrained outside in the winter, don’t move them or touch them in freezing weather. Frozen hoses are fragile. You could be the one to break them.Private water users and rural residents with wells should check out their main water pump. Usually a quarter-inch pipe connects to the pressure switch. If it’s metal, it likely won’t freeze. But if it’s plastic, it might freeze and burst. This could cause the water pump to fail or continue to run and cause some major winter repairs.If all these precautions fail and a pipe bursts anyway, there’s still one thing to remember: “Know where your main water cutoff is,” Harrison said.To find out more about historical weather data in your area, go to the Web site, read more