TechLetters #58 Pegasus use in wild, is it about domestic politics? The alluring vision of approaching cyberwarfare approaching. Log4j still. Can you sue a bitcoin wallet?
Pegasus in use. NSO / Pegasus used to hack the opposition (well, on the opposite side of the political spectrum with respect to the ruling party, at least, but also including some important figures in the opposition election campaign) in Poland, specifically a prosecutor, a former vice-premier, turned attorney (hacked >18 times...), and another lawyer and politician. Unclear who ordered the operations. Suspicion over law enforcement/PL government? Perhaps these are the hidden costs of using such cyber tools (“EU doesn't have the authority to decide how member countries handle their internal security”)? That the information about the use of such tools eventually becomes public. Such costs weren't initially transparently known, definitely not at the time of purchase. Meanwhile, clients of NSO's Pegasus are shifting to other hacking-surveillance systems' suppliers. For some reasons they'd prefer options that are more quiet.
Cyberwarfare is coming? Significant increase in cyberattacks in Ukraine (suspected by Russia). Not necessarily serious events. Not the point. There is no need to cut off the electricity supply right away, even if the goal is to overthrow the government. "In the cyberworld, there is no broad consensus about what constitutes an act of war"? Not really. The lines are surprisingly clear. IF they seem blurred, it's because such an activity is always blurred, and is subject to the attacked (the victim) interpretation. But that was always the case!
Log4j. The vulnerability was used to hack Belgian Ministry of Defence ("activities were paralyzed for several days").
Bad news. “China’s internet security regulator has disciplined Alibaba Group Holding’s cloud computing services unit for failing to first report to the government a critical vulnerability in Apache’s Log4j software that has alarmed the cybersecurity community, Chinese media reported on Wednesday. The Ministry of Industry and Information Technology (MIIT) is suspending work with Alibaba Cloud as a cybersecurity threat intelligence partner for six months because the company did not immediately report a severe bug in the widely used logging software to the government agency”
Political data control. Irish DPA checked how political parties handle private data.
In case you feel it's worth it to forward this letter further, I leave this thingy below:
You may also share here: