TechLetters #66 - cyberwarfare on Ukraine, offensive retaliation vs ransomware group, quantum risk, and NASA warning.
TechLetters #66 - cyberwarfare on Ukraine, offensive retaliation vs ransomware group, quantum risk, and NASA warning.
A lot is happening, the newsletter may be less tidy than the usual.
Security
Memory safety and exploitation. Nice introduction.
Send in cyber military reinforcements? Ukraine requested cyber-reinforcements from European Union. But who would agree to send reinforcements to a possible conflict zone? This is not a joke. A lot of issues here: employer liability, personal insurance of the operative, potentially becoming a party to a conflict... These people could become military targets. Anyway, it was too late…
Cyberwarfare on Ukraine. The cyberwarfare 'wiper' tool that was used as the prelude to the armed conflict on Ukraine analysed here. Ruse tactics: "ransomware being used as a possible decoy". Spilled to NATO countries (Lithuania) already. Designed to be executed at exact time. Authoritative description/analysis of destructive cyberattack tool used in cyberwarfare on Ukraine (yes, cyberwarfare is a legitimate term this time!). "manipulating the master boot record and resulting in subsequent boot failure". It may spread via worms.
Cyberattack on border control on Ukraine. Forces guards to go to pen-and-pencil, makes work (processing refugee flow) difficult.
Ukraine is calling the hacker underground for help. Help to defend, but also to attack. I can understand this. Still, these people should be aware of the risks. At the very least they should make sure the activities are well stealthy.
Facebook and Twitter took down Russian propaganda campaign. (link, it’s ghost-writer)
UK was prepared to respond with cyberattacks. “In a Commons statement, Ben Wallace pointed to the “offensive cyber capability” the UK is already developing from a base in the north west of England. “I’m a soldier – I was always taught the best part of defence is offence,” he told an MP who urged him to “give as good as we get back to Russia” if necessary.””. But it seems that what matters more now is kinetic force.
Alleged reports of offensive cyberattack retaliation executed against a ransomware threat actor. Are concerning. Executed by a private company. That would be very significant, very unclear legally (well, illegal, destabilising), and unprecedented. If true. But with a high-intensity armed conflict in Europe, perhaps forget about cyber negotiations for a while, anyway?
Quantum risk. Cloudflare is preparing itself. But more down to the earth: while the risk is somewhere 10-500 years from now, still maybe good to be prepared and limit the risk.
Privacy
Google proposing a supposed automated privacy-audit-checkup. For mobile apps for $249/app/month. It may help but be very careful: it is not a proper privacy impact assessment.
Google claiming that the Topics API is reducing "the risk of fingerprinting" (here). But: with respect to what? Assuming it did not exist in the first place, it is actually increasing the risk! By introducing new information. Such is life: such a feature comes at a price. It's better to be honest about it rather than spin it.
Technology Policy
Russia begins to restrict/block Facebook. Under the pretext of "protecting local media". Facebook allegedly "violated the rights and freedoms of Russian citizens" and allegedly it reported "23 cases of censorship since October 2020".
Other
NASA warning. The further expansion of the Starlink satellite internet infrastructure will jeopardize the ability to detect dangerous (potentially catastrophic) asteroids. Now humanity will have to find an answer to the question of what is more important.
In case you feel it's worth it to forward this content further:
If you’d like to share: