TechLetters #112 Cyberattack as the scene-setter/prelude to war in Ukraine. Cyberattacks as war crimes (not), Cyber United Nations (nope). Is storing logs for security purposes illegal? Quantum hype
My analysis of impactful and possibly notable cyber-enabled information operation as a potential prelude to the later kinetic war in Ukraine. I explain why this is the most relevant cyber-related event of the kind.
There was no newsletter last week due to… unscheduled health-related emergency. Also of note, if you’re seeking people with free cycles for contractual work, consider getting in touch :)
Security
Cyberattacks as war crimes. This concept again. Ukraine maintains that some Russian cyberattacks may be war crimes. Of those publicly known cyber events, it is highly doubtful if they would fulfil the definition of 'war crimes', from what we know - they would not. However, maybe they could be seen as 'part' of war crimes? Like including the link to kinetic engagement of infrastructure, or supporting the operation of ‘filtration camps’ (for the population). But then it is not justified to speak of cyberattacks as the war crime in and o themselves.
Security analysis of Threema end-to-end instant messenger. Useful lessons-learned considerations for the design modern security infrastructure. That should be repeated: "Using modern, secure libraries for cryptographic primitives does not on its own lead to a secure protocol design".
Weak encryption (RSA) keys identified. In several devices of Fujifilm or Canon. Such cryptography was supposed to be unbreakable - but for that software/hardware must be reliable. “This vulnerability was found in a cryptographic module from a 3rd party used for the multi-function printers and single-function printers, and the secret key of RSA cryptography used for SSL/TLS encrypted connection can be guessed. If the vulnerability is exploited, there is a possibility that the contents of the connection with the affected devices can be revealed or tampered.”
UK’s Royal Mail hit with a cyberattack. Ransomware (LockBit) infection disrupted some services of the postal service, like ability to send out parcels/letters overseas.
Ukraine wants Cyber United Nations. It would be very difficult to have it in practice. For many reasons. How to guarantee its independence that is world-recognised is only one issue. It also cannot work during wartime as is suggested by the proponent.
Russia said that 'the UK is systematically targeting (simulating) Russia with offensive cyberoperations'. They said something along the lines several times over the previous days.
Privacy
Explanation of recent GDPR fined for Meta. Lots of legalese and formality. Here and here.
Technology Policy
Very interesting, big problem for entire industry. It's a standard measure to store data for security purposes. But EU laws put constraints here. Now German anti-competition authority sees the problem. It’s both competition, security, and privacy issue.
In case you feel it's worth it to forward this content further:
If you’d like to share: