
Maker of US border's license-plate scanning tech ransacked by hacker - prostoalex
https://www.theregister.co.uk/2019/05/23/perceptics_hacked_license_plate_recognition/
======
dev_dull
Are they worth it as a target? With an RPI and openalpr I can easily build my
own license plate reader in one evening. This technology is so far out of the
bag already.

I’m critical of people like me (millennial, working in tech) and I think I
have good reason. I hear so many bizarre technological “solutions” to what are
ultimately policy issues. If we spent half that time instead lobbying our
representatives we would be in a much better place as a society. Can you name
your state rep? How about you write them a little today rather than succumb to
cynicism or spitballing tech.

~~~
jstarfish
> I hear so many bizarre technological “solutions” to what are ultimately
> policy issues.

Tech is empowering, much moreso than playing politics.

Consider something like the Kafkaesque nightmare that is applying for (and
keeping) food stamps. It doesn't need to be complicated (nor should it be!),
but you can either try to convince elected officials to make the poor a
priority and fix the process or roll up your sleeves and write a script to
complete the forms in triplicate, generate mailing labels with delivery
confirmation, remind users of deadlines and pull phone records to prove the
social worker never called like they said they did in the denial letter.

Or you could petition, harass, bribe and cajole your way into enacting change,
and have it all overturned with a change in administration.

In some part these technical solutions exist to fix people problems. Look at
the internet itself-- where problems exist (a country's politicians/dictator
makes the nation unroutable), you don't wait for a coup, you route around it.

But also in some part these solutions are just modern rent-seeking, so...

~~~
rarecoil
> Or you could petition, harass, bribe and cajole your way into enacting
> change, and have it all overturned with a change in administration.

This is the reason why technological solutions are popular among the Silicon
Valley crowd. No matter what, political solutions are plagued by human emotion
and self-interest, and thus they become sticky, "corrupt", and slow.
Technological solutions are subversive of that structure at the least, and a
force multiplier in others.

The computer will generally do what you tell it to do. You can spend hours of
effort on something and get a deterministic result that will do the thing. You
can spend your whole life in politics and get nothing out of it because the
entrenched power structures won't let it happen.

~~~
zepto
The computer will do what people tell it to do, so it’s just as plagued by
human emotion and the self-interest of those who program it.

It’s just a different form of the same corrupt politics.

The biggest problem with technology is this delusion that it somehow isn’t a
reflection of human failings.

If we at least admitted that then we’d be able to reason about it responsibly.

------
canada_dry
Related to this, I'd love to see some in-depth wire brushing done on how the
US got blanketed with 4 way cameras at every intersection and how this data is
used/kept, and by whom.

I first noticed it in major centers years back, but now it seems even small
towns have cameras at every intersection.

From an IT perspective it's a pretty interesting project, but from a tin-foil-
hat perspective it's astonishing when you imagine the ability to link all
these cameras together in real-time.

~~~
LeifCarrotson
We have them all over the place in Michigan. I specifically asked my friend
who's a civil engineer with the county road commision when some were being
installed just down the road from my house why they were being added. I was
personally concerned at the prospect of red light cameras, which are currently
banned in the state.

The explanation was that they were updating the stoplight controls. One of the
inductive sensors in the road had failed, and it was cheaper to have a guy in
a bucket truck stick a couple cameras on the pole than to rip up the road. The
cameras are used to see the volume of vehicles in each lane and dynamically
adjust light timings. And since I drive through the intersection multiple
times a day, I have noticed an improvement. They skip the left turn sequence
if no one is waiting, and rarely have a big backup when volume is high in one
direction for the commute. Also, the left turn timer used to be very short
(like 2 cars making it through on green, one on yellow, and the 4th car often
took control and went on red), which was nice when there was only one car and
you wanted to go straight, but annoying when you were one of 6 or 7 cars in
line and an extra five seconds would let everyone make the turn but instead
you had to wait through multiple light cycles. Now it seems to often hold the
turn cycle long enough to let the whole line empty out.

But I totally agree that the idea of a soft update to either issue red light
tickets or track license plate activity is extremely concerning. Might end up
with a stray paintball from my backyard accidentally hitting the lens if they
make that a policy change.

~~~
Shivetya
Camera control of lights is a blessing for many motorcyclist, there are just
some lights that will not trip. Plus like the guy told you, it is far cheaper.
Plus I know in Atlanta they use the cameras to adjust timing and such and did
show improvements.

if there is no retention, or a press here to save last five minutes in case
they witness an accident that would be good

------
module0000
Good job vetting your vendors Uncle Sam! Somehow, we'll end up paying
(taxpayers) to clean this up - just like we paid to deploy it. Sure would be
nice if we had any voice/vote in these things...

~~~
wbronitsky
If you are a citizen and have not been disenfranchised, and I grant you that
many fall outside of these buckets, you absolutely have a say. That say is
that you can elect whomever you want to decide these things for you. It is the
central mechanism in a representative democracy.

~~~
pingucrimson
Re representative democracies, why are opinions on disparate issues like the
economy, abortion, climate change, etc. all packaged into one party? At least
99% of people won't find a party that agrees with them on every single issue,
so it feels like there should be a better system.

~~~
mrguyorama
Because the US has first past the post. Sure you could vote for someone who
matches every single one of your ideologies, but the chance that they win is
zero.

~~~
craftyguy
Ergo: need a better system

~~~
cr0sh
But first past the post already works...

...for the people who would need to vote to change it.

They ain't gunna change something that will work against them after they
change it...

~~~
craftyguy
Yea, you nailed it.

------
glitcher
> The files also include .mp3 files, presumably from someone's desktop or
> laptop PC. Among the songs: Superstition, by Stevie Wonder, and Wannabe by
> Spice Girls, and a variety of AC/DC and Cat Stevens songs.

Quite an odd detail to add to the article, why was this seen as relevant?

~~~
sct202
It humanizes the victim from computer hard drive hacked to this is a person
with quirks who you could know.

~~~
rdiddly
Also allows me to do some musical profiling. This identifies them as probably
a GenXer or so. Because you would've had to be between about 15 and 25 to like
the Spice Girls in 1997, let's say up to 30 y.o. to keep their MP3 ironically
and/or nostalgically. And I'm claiming there's no way in hell you would've
"discovered" them later, so that's a 15-year age range, birth years bounded
1967-1982, current ages 37-52.

Stevie Wonder and Cat Stevens tend to push it more toward the older end of
that range.

AC/DC correlates with that entire cohort, so doesn't provide any additional or
contradictory information. Unless we knew whether it was Bon Scott era or
Brian Johnson, heh heh.

Expected age 46 ± 5.

------
nikisweeting
Were logs of license plate scans leaked, if so, is there anywhere we can find
the dump to see if our plates are in it?

------
throw2016
This is dystopia, but this is not just any dystopia, this is dystopia with
'justification', this dystopia is 'legal' and for many that word somehow makes
everything ok, but for the rest of us trivializes everthing of value.

There is so much cognitive dissonance and denial in the tech community and
their role not just in building but also defending and whitewashing narratives
that its becomes difficult to see movies and read about surveillance dystopia
and be expected to feel creeped out and then return to current reality where
its sort of normalized and ok.

------
blibble
so it's probably some off the shelf ANPR tech that sends info into a database?

same as my local supermarket's car park?

------
atemerev
Looks like Russians (disclaimer: am Russian, work in infosec).

Some previous hacks that were attributed to Russians, like Shadow Broker leak,
actually were executed by somebody else, I think. This one is more suspicious,
in my opinion.

~~~
sschueller
Wouldn't the first thing a good hacker would do is to make sure he doesn't get
cought? A good start would be to make it look like someone else did it,
especially a entity that can't be checked or would cooperate to catch the
actual hacker like the Russians or Chinese.

~~~
mirimir
Yes, that's standard practice. Even hobbyists like me do it.

Also, any good hacker would be sure to leave behind multiple access paths. But
maybe a professional hacker would refrain from dumping stuff, because that
alerts the target. So the dump implies that they're not very professional.

~~~
atemerev
This dump was made public on purpose. So were other dumps in cases like that.

~~~
mirimir
OK, what's the advantage for the hacker? Except fame, I mean.

Isn't it better to stay quiet, to help ensure long-term access?

~~~
gubbrora
It all depends on the goal right? In this case it seems the goal was to harm
the company because they didn't pay ransom. Not to perform long term
espionage.

