TechLetters #78 - cyber tools market reality, executives fear death from cyberattacks, security research in good faith is fine, information operations on Ukraine, GDPR fines guide
Security
Manufacturing and selling of cyber capability tools. 55-year-old French-Venezuelan cardiologist charged with creation and selling of cyber tools (ransomware) to Iran's state cyber units. As you can see, cyber tools may be created by many actors. Cyber is a very democratic place, where skills are the most important.
Using relay attacks to open a Tesla Model 3 and Model Y via Bluetooth Low Energy (BLE) based passive entry system. Advisory.
Exfiltrating what the users are typing on the keyboard. Based on audio recording of keystroke typing... Recovering text from audio, the tools is here, and some description here.
Some energy executives expect death from cyberattacks. "within the next two years". Technically possible, but is there such a tangible risk? It’s also a question of accidental/intentional aspect.
US Dept of Justice won't chase people doing security research in "good faith" (like, laws against hacking like CFAA won't be used). This is a great development. How is it actually defined? it's actually implemented. "in a manner designed to avoid any harm". Good! https://www.justice.gov/opa/press-release/file/1507126/download
“good faith security research” means accessing a computer solely for purposes of good-faith testing, investigation, and/or correction of a security flaw or vulnerability, where such activity is carried out in a manner designed to avoid any harm to individuals or the public, and where the information derived from the activity is used primarily to promote the security or safety of the class of devices, machines, or online services to which the accessed computer belongs, or those who use such devices, machines, or online services. Security research not conducted in good faith—for example, for the purpose of discovering security holes in devices, machines, or services in order to extort the owners of such devices, machines, or services—might be called “research,” but is not in good faith.
Information operations in war in Ukraine. Interesting analysis of Russian information operations in Ukraine war. The authors do not mention that it's actually a war-mode information operation/propaganda. It includes content input also from state/diplomatic persons/accounts. What's notable are the multiple information operations intending to sow divisions between Poland (biggest humanitarian aid provider) and Ukraine, which started in January. "narratives included falsehoods that sought to portray the refugees as overly burdening Poland’s economy and healthcare system and to stoke fears among Polish citizens that “neo-Nazis”, or other undesirable immigrants, would begin exploiting mass border crossings to carry out attacks on Polish soil”, report says. Then again: “Ukrainians have been playing a masterful game of information operations, and accurate views of their casualties are not widely publicized or even discussed”.
Privacy
On GDPR fines. Some thoughts.
Technology Policy
Taiwan introduces a 12-year-in-prison for stealing technology secrets. Semiconductors and beyond.
Other
In case you feel it's worth it to forward this content further:
If you’d like to share: