TechLetters #37 - China accused of cyberattacks, hiding malware in AI models; Clubhouse leak(?); Privacy Sandbox; crushing bitcoin with a steamroller
Éditorial
Security
US, European Union, NATO, UK, Australia, accuse China of cyberattacks. “criminal contract hackers to conduct unsanctioned cyber operations globally, including for their own personal profit” (1). It’s also about ransomware (2). European Union is definitely onboard with the condemnation of China for cyberattacks "significantly affected our economy, security, democracy and society at large" (3). Technical details here. And here’s an indictment, because on the internet nobody knows you’re a dog? There’s also evidence of no-respect for an alleged no-hacking USA-China agreement (2015)
French advisory. France warns about organised cyberattack campaign of a Chinese state group APT31 "threat actor uses a network of compromised home routers as operational relay boxes in order to perform stealth reconnaissance as well as attacks".
Norway’s parliament hack? Norway said that the 10-March cyberattack on the country parliament system was conducted “from China”. China demanded evidence backing up these statements.
Voice from China. "The vicious accusations made by Washington have almost destroyed any trust between China and the US in the field of cyberspace. Their mutual suspicion is bound to significantly increase. There will be a higher probability that both sides could misjudge that the other side is launching cyber attacks. Washington must bear responsibility for this scenario. US allies which follow the US won't benefit either" (link). China followed with even more stern refutations concerning their alleged cyberattack campaign. They demand "evidence". “Chinese government is a staunch defender of cyber security and firmly opposes and fights all forms of cyber attacks and crimes in accordance with law. Given the virtual nature of cyberspace, one must have clear evidence when investigating and identifying cyber-related incidents. Making accusations without prove is malicious smear”. Indeed, all United Nations countries agreed that evidence should follow any accusations. So view it as a cyberpolitics move.
Hiding malware in AI models. Hiding malware (steganography) in deep neural network models. The use is limited because something (i.e. malware…?) needs to already operate on the targeted hosts (so it’s already under control/infected) to 'extract' the malware from the model. But perhaps the technique of information hiding could be useful for hiding attack payloads. (paper 1, paper 2)
French cyber sovereignty. French parliament issued a long assessment of the current state of “digital sovereignty” and how to attain it. “Within the new battlefield of cyberspace, a country can in fact adopt two strategies: acquire the capacity for action and response if it has the means to do so, or find a protector. which is hardly compatible with an ambitious defense of its sovereignty”
Low adoption of two factor authentication. Only 2.3% of Twitter users use two-factor authentication (like SMS or app-code). Very low adoption. In practice, this method greatly improves account security (esp. for ordinary users, against phishing; or improves the security of account recovery) (link)
Clubhouse database stolen. Allegedly. Supposedly contains 3.8bn phone numbers (also of contacts of the users). The supposed attackers actually call out and expect a… GDPR enforcement of the company.
Privacy
Privacy Sandbox timeline. Google now shared the potential timelines concerning its Privacy Sandbox proposal stack. It’s not firm: “Dates are subject to change … The timeline will be updated monthly”, “the timeline for testing and ready for adoption of use cases might change”
Technology Policy
Regulating internet. Around 40 new regulations around the world adopted. They relate to internet and social media. Not the end. This whole decade will be devoted to the topic. It will change how technology looks like. Curbing misuses? Introducing censorship? That depends on who you ask.
Control over internet. China and Russia entered in an alliance to work towards seizing control over key internet-regulating institutions, like the UN ITU. “To paraphrase the famous European tycoon N. Rothschild, we can say: "who controls the ICT sphere controls the world."“. Additional reasons: “The world is facing turbulence, with markedly increased instability and uncertainty. Humanity has been afflicted by a growing lack of governability and trust in international affairs, increased disparities in development and the rise in the potential for conflict”.
Forged vaccine certificates. Web security weakness lead to a possibility of issuing forged/counterfeit Covid-19 vaccination certificates in Germany. Similarly in Poland there is a ‘practice’ of issuing forged certificates. To do this, the vaccine dose of course need to be wasted (destroyed) since the official national vaccination registers are linked to the physical dose being actually used.
Malaysian police crushing bitcoin miners. Literally.
Other
Puzzling issues of medical research. "We have long known that peer review is ineffective at detecting fraud ... It may be time to move from assuming that research has been honestly conducted and reported to assuming it to be untrustworthy until there is some evidence to the contrary"? (link)
Late Steven Weinberg. One of the physics giants of XX century passed. He got a Nobel prize for very theoretically-practically enriching our knowledge of “how the world works”. “his 1967 work on unification of the weak and electromagnetic interactions was a huge breakthrough, and remains to this day at the center of the Standard Model, our best understanding of fundamental physics”
In case you feel it's worth it to forward this letter further, I leave this thingy below:
You may also share: