TechLetters #25 - no-deepfake political deception, tactics, advice, cyberattacks tampering with domestic politics, Covid-19 certificates
Security
Deepfake videoconference? Dutch parliamentarians were fooled in a conversation with an alleged advisor of a Russian activist (Navalny). How? Supposedly, deepfake filter was in use. However, not so fast! It turns out that these were not deepfakes, only cheap fakes. It seems that (surprise surprise!) it did not use deep fake technology, or any technology at all. Simple methods: an actor, makeup, camera angles. That’s it. Moral to the story? Pay attention to who says that something (here, deepfakes) is or is not used.
Russian cyber tactics. “Russian Foreign Intelligence Service (SVR) Cyber Operations: Trends and Best Practices for Network Defenders” (link)
Cybersecurity advice? “21 years of asking people to do the “same old” and expecting a different result calls into question the sanity of those giving the advice, and the advice itself … maybe expecting the largest segment of the economy (small and medium sized businesses) to carry on like they are JPMorgan Chase with its half-billion-dollar security budget is a bridge too far … If history is any indication, we are a few short months away from the release of another set of policy recommendations that will encompass most of the ideas put forth previously. It will almost certainly contain nothing novel, but it will be received with a great deal of sound and fury, repeated over again annually, signifying nothing.”(link).
Supply-chain risk advice. "Defending Against Software Supply Chain Attacks" (link)
Influencing politics debate with cyberattacks. Threat actor targeting Lithuania, Latvia, Poland, Germany with cyber enabled information operations. Targeting domestic politics affairs... This did have effects. (link).
Deepfake technology in geospatial imaging. Where’s your Cuban Missile Crisis now? (link)
Post-quantum difficulties. “Many information technology (IT) and operational technology (OT) systems are dependent on public-key cryptography, but many organizations have no inventory of where that cryptography is used. This makes it difficult to determine where and with what priority post-quantum algorithms will need to replace the current public-key systems” (link)
Covid-19 vaccination certificates. European Parliament adopted an opinion about the EU Covid-19 certificates, an example of a very sensitive technology that potentially may be used to restrict fundamental rights and freedoms (such as freedom of movement). EU Parliament wants to have a 1-year "kill switch" to to this system, requiring a report to be prepared and a new legal grounds prepared if necessary. The system will work with the use of public-key cryptography. (link)
Privacy
App Transparency Controversy. Apple turned on their much-discussed feature Application Transparency that requires every app to ask the user for consent for tracking with the IDFA, the advertiser identifier. Media group already filed a complaint at the German anticompetition authority. Users can also turn the global switch this way:
In case you feel it's worth it to forward this letter further, I leave this thingy below: