Paul McLellan

Community Member

Blog Activity
Options

June Update: PCIe 6.0, Ransomware, Mars, Turing Award...and CadenceLIVE

4 minute read

I have decided to put these "Update" posts that I do from time to time on a more regular basis. Going forward, they will appear on the last Friday of the month, unless that is a holiday or something, in which case I'll pull it forward a day or two.

CadenceLIVE New Dates

cadencelive india and taiwan new datesCadenceLIVE Taiwan has been moved to October 8.

CadenceLIVE India is now scheduled for September 7-8 (note: two days)

PCIe version 6

Let's start with PCIe 6.0, which is an update to The History of PCIe: Getting to Version 6. Cadence recently put out a video Cadence Solutions for the Latest PCIe 6.0 and 5.0 Specifications (7 minutes):

Ransomware

This is an update to Evolving Maturity in Ransomware, Update: CadenceLIVE India, Ransomware, 2nm, and More, and several earlier posts.

Ransomware has been a growing problem for a couple of years. It is up about 100% year-on-year. I've heard ransomware described as "the most successful business model in cyberattacks".

But then the Colonial Pipeline was shut down by ransomware (and apparently opened up again after paying a $5M ransom). This was not a sophisticated attack. The reports are that it came about due to very poor security hygiene. Here's a quote from a Bloomberg piece:

Hackers gained entry into the networks of Colonial Pipeline Co. on April 29 through a virtual private network account, which allowed employees to remotely access the company’s computer network, said Charles Carmakal, senior vice president at cybersecurity firm Mandiant, part of FireEye Inc., in an interview. The account was no longer in use at the time of the attack but could still be used to access Colonial’s network, he said.

The effect of the attack was dramatic, with lines outside gas stations along much of the East Coast. This finally got the attention of the government and law enforcement.

Reuters reported that:

The U.S. Department of Justice is elevating investigations of ransomware attacks to a similar priority as terrorism in the wake of the Colonial Pipeline hack and mounting damage caused by cyber criminals, a senior department official told Reuters.

In fact, the government was already somewhat involved, with the Department of Treasury's Office of Foreign Assets Control (OFAC) publishing a document in October last year Advisory on Potential Sanctions Risks for Facilitating Ransomware Payments. Here are a few paragraphs from this document:

OFAC has imposed, and will continue to impose, sanctions on these actors and others who materially assist, sponsor, or provide financial, material, or technological support for these activities.
...
Ransomware payments benefit illicit actors and can undermine the national security and foreign policy objectives of the United States. For this reason, license applications involving ransomware payments demanded as a result of malicious cyber-enabled activities will be reviewed by OFAC on a case-by-case basis with a presumption of denial.

The other amazing thing that I don't quite understand is that (according to the BBC):

The US has recovered most of the $4.4m (£3.1m) ransom paid to a cyber-criminal gang responsible for taking the Colonial Pipeline offline last month. ...On Monday, Deputy Attorney-General Lisa Monaco said investigators had "found and recaptured" 63.7 Bitcoin worth $2.3m - "the majority" of the ransom paid.

My understanding of Bitcoin is that it is anonymous and secure. So it shouldn't be possible for investigators to have "found and recovered Bitcoin worth $2.3M". Of course, this was done with court orders and is above board, but if the government can "steal" money from the Colonial Pipeline attackers, then it would seem nobody's Bitcoin is safe. Or is something else going on?

Ingenuity Mars Helicopter

This is an update to It's Mars Month and Update: Hogan, Mars, Australia, Solarwinds.

The Ingenuity Helicopter flew successfully. You've probably heard already, but just in case here's the amazing video of the first time humans flew on another planet (1 minute):

This Year's Turing Award

Normally I report on the Turing Award ("the Nobel Prize of Computer Science") in late March when it is actually awarded. Officially, it is actually the award for the year before, so this year's award is the 2020 Turing Award. I was reminded of this when I wrote Wednesday's post New Banknote with Alan Turing: "This Is a Foretaste of What Is to Come, and the Shadow of What Is Going to Be"

This year the award went to Columbia's Alfred Aho and Stanford's Jeffrey Ullman. They developed tools and algorithms that are fundamental to computer science. But, perhaps, more importantly, they wrote some of the standard textbooks used by generations of computer science students, in particular the "Dragon book", actually called Compilers: Principles Techniques and Tools, and the standard work on algorithms for many years, simply called Data Structures and Algorithms. A belated congratulations from Breakfast Bytes.

 

Sign up for Sunday Brunch, the weekly Breakfast Bytes email.