TechLetters #170 XZ. Civilian involvement in Ukraine war. $7 million for iPhone zero-day. Breakthrough in quantum computers. AI-recommender for targets of military strikes
Security
XZ backdoor progress. Let’s make it clear: it’s a professional cyber operations with elements of humint and info ops. Here's a great analysis of XZ system. It requires cryptographic signatures to sign commands to be executed. Amazing stuff!
Civilian cyber operations in support of Ukraine. It was long discussed/suspected that US/UK/EU-based folks participate in cyberoperations in support of Ukraine against Russia. Now Ukraine recognized such efforts, giving awards to the team. So what did they do? Mapping and hacking of webcams, hacking weapons manufacturers and stealing data. If tried to frame in context of military operations it would then be cataloged as "espionage" or "reconnaissance", perhaps information operations. Congratulations! But… This adds to the debate about blurring of combatant-civilian distinction, cornerstone of International Humanitarian Law. Legal assessment is tricky. While Ukraine-based person contributed to the armed conflict, this is not the case for the EU-based folks. Domestic law is clear. The @ICRC recently strongly called on States to stop the involvement of civilians in armed conflict. Specifically, in cyber domain.
Disappearing messages. “Set your WhatsApp messages to auto-delete to avoid information theft by foreign spies”. “That’s the advice that GCHQ. Morgan Stanley was fined £5.4mn by energy market regulator for failing to keep records of communications between traders on WhatsApp"
Price update on cybersecurity exploits market. Prices of security breach tools are rising. As much as $50k for WinZip, $7 million for zero-day for iPhone, $5m for Android up to $5m for "hardware" running on WhatsApp and iMessage. Higher cost = better security. Would you sell now or wait with a bet of further price increases?
Technology Policy
AI recommender for military strikes. Description of AI system to advise the Israeli army on the choice of targets.. Allegedly it was to be used to target people in their homes (among their families etc), sometimes with 20s to decide about attack. Supposedly a statistical recommender system. Very difficult assessment from the point of view of international humanitarian law.
Other
Breakthough in quantum computers with error correction. That would be the most powerful quantum computer to date. Four reliable logical qubits (with small error rate for two-qubit gate) from 30 physical qubits.. Uses ion-trap technology.
In case you feel it's worth it to forward this content further:
Subscribed
If you’d like to share: