TechLetters #113 - Cyber-enabled information operations. Non-event cyberattacks for sending tanks. 10-year-old bug in Apple iOS fixed. Quantum hype. Ransomware group down. #GDPR fines.
My analysis of impactful and possibly notable cyber-enabled information operation as a potential prelude to the later kinetic war in Ukraine. I explain why this is the most relevant cyber-related event of the kind.
There was no newsletter last week due to… unscheduled health-related emergency. Also of note, if you’re seeking people with free cycles for contractual work, consider getting in touch :)
Security
Key decoding app. Make a photo, the app will reveal the details (measurement) facilitating an easy duplication of the key… For security purposes, obviously this should better not be abused.
Ukraine's assessment of Russian cyberwarfare activity during the current war. Highlights coordination between cyber and kinetic attacks.
Germany got DDoSed after a decision to send tanks to Ukraine. By “Russian” k***et group, which is mostly an information operation. But yes, some German sites had to cope with it. It’s a non-event, the most important and interesting aspect is the political one. Kremlin denied it. German society has to cope with it, somehow.
Apple fixes 10-year old bug in iOS. In unsupported devices back to iPhone 5S. It’s a web security issue. It was being used by attackers. It’s impressive that Apple cares about security at a scale — fixing something that is in use by people, even if it’s officially not supported. The newer iOS 16.3 has more fixes of other important stuff, but naturally it does not tick the box of “fix 10-year-old-bug in unsupported software/hardware”. Such a responsible approach. only says great things about Apple’s stance to security.
Be careful about quantum computer hype. Breaking encryption with quantum computers is far from now, if at all. “In the near term, quantum computers are good for one thing, and that is getting papers published in prestigious journals, The second thing they are reasonably good at, but we don’t know for how much longer, is they’re reasonably good at getting funding.”
FBI hacked Hive ransomware cybercriminals. It worked. Europol, US, and authorities of 11 others, conducted operations to take down Hive ransomware operators. “Law enforcement identified the decryption keys and shared them with many of the victims, helping them regain access to their data”
Privacy
Privacy abuse when bringing electronics for a repair. Misuse is routine: they may access private data, including pictures, chat logs, browsing history, and so on... Protection could include encryption and device locks, perhaps vendor license agreements. But often repairpeople require having access to the system/software. That is the risk point.
GDPR fines flowing. Including the really big ones. Max fines from Ireland (€1,303,514,500). 109,000 personal data breaches notified to regulators.
Technology Policy
Other
In case you feel it's worth it to forward this content further:
If you’d like to share: