TechLetters #100 - Ukraine's professional information operations/propaganda operations. Hacking via wifi. Hospitals/governments do not count the human cost of cyberattacks. My book?

Oct 17, 2022

100th edition. What should I do about it? I’m still not sure how long I’ll continue this, to be fair. In any case - it is definitely not funded in any way, and sometimes I do find it difficult to allocate the time. I’ll think through the options.

Security

Interesting strategy of Ukraine use of information operations. Or PR, or trolling, name it as you please. They do so to gain supporters of their defensive war cause. I mean - this is smart, useful, and clever. They are also smart choosing not to be named out of caution over safety. That's how we know this is a serious activity. When someone engaging in such (info/cyber) activity chooses to go overly public, it doesn't sound compelling.

Defense of Ukraine @DefenceU

Sophie Marceau… Isabelle Adjani… Brigitte Bardot… Emmanuel Macron! … and CAESARs! 🇺🇦❤️🇫🇷

The simplest messages often work best, said Taras. He singled out a photo of four soldiers and a scowling cat in a Humvee, which his team found on Telegram and tweeted. “Five of us,” read the message, which struck a chord with the public and was retweeted 110,000 times. “Ukraine gives the world a beautiful story, full of tragedy and pain, but also beauty and humour and compassion,” said Anna. “We are brave on the battlefield but we also save cats and dogs, have weddings on the frontline — we are fighting for these values.” The team’s most effective weapon has turned out to be the merciless trolling of their foe. After Ukrainian forces seized ammunition and armour from the Russian army during its chaotic retreat from the Kharkiv region in late summer, Taras and his colleagues tweeted: “We do not accept gifts from murderers, torturers, looters or rapists . . . we will return everything, down to the last shell.”

Hacking systems by sending simple network packets? Remote code execution vulnerability found in Linux kernel 5.2x— wifi implementation. Since version 5.2, so… this may affect Android smartphones…? Likely can be used wirelessly, for example in open, public places . For example, in a cafe, at the train station, etc. Relates to scanning for networks. It so happens that devices scan for wifi networks regularly, very often… Many opportunities to trigger this.

Irish HSE cyberattack costs at €70 million. And “€657 million over 7 years to implement cyber security improvements”. So… €657m on cybersecurity improvements “thanks to” a cyberattack…? And mentioned as a cost? What conclusions should we draw? Funds only allocated once something happens…? Also: human cost was not counted. No one is held accountable.

International Committee of the Red Cross on cyberattacks in United Nations. They said that the world is facing risks due to cyberattacks on nuclear weapons systems. “This risk fuelled by … command-and-control systems to human or machine errors and cyberattacks”. Sounds serious? But the ICRC is mistaken when saying that cyberattacks “have affected states' critical civilian infrastructure, such as nuclear plants”. I would be more careful. Policy interpretation of tech developments is still challenging it seems. At the UN diplomacy level, too. Imprecise at best. In fact, no nuclear power plant was ever affected by a cyberattack.

Backdooring neural networks “AI” layer. Is machine learning robust and secure when there are able and determined (intent) attackers? Can it be trusted (yes: trusted)?

Greek parliament completed an investigation into the use of 'spyware' hacking/surveillance software. Like Pegasus. Surprise: Nothing was agreed. One party says one thing, the other party says another. The ruling party says this, and the opposition says that. That's about it. So the net result is nil.

Also, my book on cybersecurity/cyberwarfare etc below :-) I reckon it will be put to a good use by this cyber army general! If you know of EN-language publisher, please get me in touch with them: me@lukaszolejnik.com