TechLetters #148 Cyberwarfare; ICRC recommendation for private companies to stay away from wars; how to spot as fake remote worker; measuring quantum computing progress to loose investor funding
Security
Hack.lu conference. Video. Slides. Summary of the event here.
The ICRC (sth advisory board) releases recommendations tor cyberwarfare conduct. Here. “Belligerents should not encourage civilians to take a direct part in hostilities through digital operations…”. Can they prohibit them? The ICRC in itself, cannot. Cyber tools to be regulated “To prevent harm to civilians, states need to regulate the growing market of tech companies that develop and sell capabilities and services developed with the objective of harming civilians” Also, perhaps some will find this inconvenient (e.g. for IT tech like cloud providers): “companies that operate in situations of armed conflict should understand and monitor if the services they provide may amount to a direct participation in hostilities by their EMPLOYEES and if the company might qualify as a military objective;”. This is a consequence of war in Ukraine and the use(s) of technology.
Cyberattack and hacking of the International Criminal Court. Well, an attempt. ICC is the permanent international tribunal empowered to investigate and prosecute genocide, crimes against humanity and war crimes - was an espionage operation. Currently, it is not known whose. This is an ambiguous territory because according to international law espionage is “not not legal” (actually, undefined).
Weird, faked remote workers. Thousands of IT workers contracting with U.S. companies have for years secretly sent millions of dollars of their wages to North Korea for use in its ballistic missile program. IT workers have been using false identities to get the jobs. They physically worked from China/Russia, masking source address to make it look like they were working in the U.S., including by paying Americans to use their home Wi-Fi. Full indictment here. How to avoid fake employees.
Cyberattacks on EU's female policymakers/leaders using a gender equality lever. Only executes for those people using specific web browsers.
Russian Jabber server eavesdropped. "Someone" eavesdropped on jabber.ru instant messenger servers "created a SSL certificate and MiTM/proxied connections to TCP:5222. Could have been organized with access to providers' infrastructure. Wiretapping last for up to 6 months".
Privacy
Technology Policy
Why don’t we measure progress in quantum computing by advances of integer factorisation using Shor’s algorithm. Because such a measure would be highly inconvenient: ~no progress in the previous >25 years. So not the best metric, for many reasons.
Other
The joys of AI. Voice assistant Alexa has told users the 2020 presidential election was 'stolen by a massive amount of election fraud’
In case you feel it's worth it to forward this content further:
Subscribed
If you’d like to share: