TechLetters #35 -quantum computing, terrorist AI, Russian military cyber strategy, more ransomware, what's best response to ransomware - diplomacy, nuclear weapons, or cyberattacks?
Éditorial
Security
Russian cyber strategy. New Russian State Security Strategy says that the "... activity of special services of foreign states to conduct intelligence and other operations in the Russian information space is intensifying. Armed forces of such states are practicing actions to disable critical infrastructure". The strategy identified a over a dozen of points how to counter the "foreign attacks", among them is the "development of forces and means of information warfare" (so here also: cyber warfare). The document says that additional cybersecurity improvements will happen through the "use of quantum computing" (which is probably not the case because we’re long from the use of quantum computers in practice - someone possibly used a bad wording here? alternatively: someone does not know what they are talking about, but hey, this is an official document!) (document)
Ransomware continued. Even 1500 firms breached. From the small ones, via medium, to big ones. New Zealand schools hacked by 'accident'. But Swedish supermarket chain Coop is a - "just business activity". Their business representative said that they're open to negotiations. They demand $70m for a decryption. Albeit subtstantial, “This attack was never a threat nor had any impact to critical infrastructure,”. And who is REvil, anyway? “REvil is one of the most prominent providers of ransomware as a service (RaaS). This criminal group provides adaptable encryptors and decryptors, infrastructure and services for negotiation communications, and a leak site for publishing stolen data when victims don’t pay the ransom demand. For these services, REvil takes a percentage of the negotiated ransom price as their fee.”
Ransomware payment. Nice tracker here. And this is only the beginning.
Japan cyber. In September, Japan will endorse a new cybersecurity strategy. China and Russian governments identified among the cyber threats source.
NATO cyber. NATO is adapting warfighting stance to modern challenges: cyberwarfare, multi-dimensional battlespace, non-linear challenges!
RSA is dead? Or so is claimed by a scientific paper saying that it has a method of "destroying" RSA, with example 3200-bit key supposedly factored in 5.55 days. If it's doable, then RSA and our cybersecurity is in trouble - IF.
Is responding to cyberattacks using nuclear weapons legal? No, they say. For sure not to ransomware, let’s hope.
But is a USA response with cyberattacks to ransomware possible? Yes, Biden said.
In other words. USA is threatening to conduct offensive cyber operations versus infrastructure on Russian soil. It’s not the first such time.
Privacy
Technology Policy
Why share misinformation? "Social media context focuses attention on other factors than accuracy such as the desire to attract and please followers/friends or to signal one’s group membership … shifting attention to the concept of accuracy can cause people to improve the quality of the news that they share. Furthermore, we found a dissociation between accuracy judgments and sharing intentions that suggests that people may share news that they do not necessarily have a firm belief in." (paper)
Terrorist AI. Irish AI Strategy identifies AI as a cybersecurity challenge but also "as well as the potential for adversarial AI and for manipulation of AI for criminal or terrorist purposes". Details of the "terrorist uses of AI" are not included.
Other
Fast progress in quantum computing. 256-qubit "analog" quantum computer reported. Caution: this is not a “normal” quantum computing device.
In case you feel it's worth it to forward this letter further, I leave this thingy below: