TechLetters #17 - Cyberattacks (India vs Pakistan? China vs India?), but did not cause power outages in India. Is RSA is broken? Ad Technology wars are here!
Security
India vs Pakistan? Pakistani military investigating reports of pro-India malware spying targeting military and government institutions. "Indian cyberattacks" would be serious - considering the frequent tensions there, this would be big. They refer to recently identified malware.
China vs India? China-linked cyber actor targeting India power sector. Interesting report, framed with a geopolitical and border tensions angle (be careful here). One suspected reason of the cyber activity: signaling, or preparing the grounds for the future. No cyberattack is a matter of mere clicks. Unless you're already inside, when potentially serious damage can happen instantaneously, when the "ground" is already prepared, with the adversary already in. Armed, diplomatic or political tensions escalations may go out of hand abuptly.
RSA broken?! Research paper authored by a credible scientist claims a breakthrough in RSA factorisation (with a now famous phrase: "This destroys RSA"). That would be very interesting but not without practical consequences World's cybersecurity depends on RSA, encryption and digital signatures. There's no way it would be possible to quickly replace this system. Breaking it would mean we're all vulnerable. Will the claims hold? Let’s see how this unfolds. Some informed criticism slowly appears.
Cyberattack did not cause power outage. Indian authorities confirmed that cyberattacks happen on their energy infrastructure. But the power outage from the last year happened due to a human mistake, NOT the cyberattack. These allegations are denied. Reminder: be careful with jumping to far-fetched conclusions. At the same time, report of malware infecting 40 power sub-stations?
Adversarial AI. Fooling AI systems to recognize objects as something else entirely is the domain of adversarial AI attacks. Interesting research paper.
Bombs, missiles, malware? The Intenational Committee of the Red Cross released a provocative video where bombs, missiles and malware are equated. While international humanitarian law obviously applies to cyberwarfare, malware rarely explodes.
Privacy
Digital Vaccination Pass. Digital Green Pass.
Vaccination certificate - however you call this. Legislation proposal to come this month. My privacy and freedoms/rights assessment here.
Google’s new privacy-preserving (?) ads idea. Google updated its plan on the phasing out of third-party cookies (that today are used to track web users on industrial scale). They announced that they will not use any “custom” user tracking IDs. Soon after the announcement Google’s steam roller is deploying their testing system ultra-rapidly, with federated learning of cohorts, and the supposedly privacy-preserving ad targeting Fledge quickly released. My assessment of privacy-preserving ads landscape is here. In 2019 I predicted that web technology/standards will be the field of competition, with the landscape quickly moving (but I have the lantern to navigate these changes). Not only privacy at stake - also competition. My comments in: Washington Post, Daily Telegraph, Die Zeit.
Other Ad Tech unimpressed, will track the users all the way. Google’s competitors accept Google’s announcement with mixed feelings. They will construct and try to use custom user tracking technologies, and maybe even track the users with everything at their disposal. See for example: 1, 2. Ad Tech Tracking wars?
Technology Policy
Vaccine disinformation. Twitter will fight (label) misinformation (or propaganda) concerning vaccines, their effects, productions, etc.
That’s it this time, thanks!
In case you feel it's worth it to forward this letter further, I leave this thingy below: