A Simple Question: Just One Cyber Security Firm?
August 17, 2021
There are quite a few cyber security, cyber intelligence, and cyber threat companies. I have a list of about 100 of the better known outfits in this business. Presumably there are dozens, maybe hundreds of trained analysts and finely tuned intelware programs looking for threats and stolen data 24×7.
I read “Secret Terrorist Watchlist with 2 million Records Exposed Online.” The write up states:
July this year, Security Discovery researcher Bob Diachenko came across a plethora of JSON records in an exposed Elasticsearch cluster that piqued his interest.
Here’s my question: Why was a single researcher the only expert aware of this serious breach (if indeed it is valid)?
My hunch is that the Fancy Dan 24×7 smart systems and the legions of developers refining smart intelware have produced systems that simply don’t work. If they did, numerous alerting services would have spotted the alleged do not fly data. The “single researcher” would have been late to the party. He wasn’t. Thank goodness for this research, Mr. Diachenko.
Those systems, as far as I know, did not. The question remains, “Maybe these commercial services don’t work particularly well?” Marketing is really easy, even fun. Delivering on crazy assertions is a different sort of job.
Stephen E Arnold, August 17, 2021
Online and In Control: WhatsApp Fingered
August 17, 2021
I read an interesting article called “Did America just lose Afghanistan because of WhatsApp?” I am not sure the author is going to become the TikTok sensation of policy analysis. The point of view is interesting, and it may harbor some high-value insight.
The write up states:
Open source reporting shows that rather than rocking up and going toe to toe with the Afghan national army, they appear to have simply called everyone in the entire country, instead, told them they were in control, and began assuming the functions of government as they went:
The Taliban let the residents of Kabul know they were in control through WhatsApp, gave them numbers to call if they ran into any problems. https://t.co/TPOZt8AQsm pic.twitter.com/QhggIWYymx
The article contains other references to Taliban communications via social media like Twitter and WhatsApp. The author notes:
WhatsApp is an American product. It can be switched off by its parent, Facebook, Inc, at any time and for any reason. The fact that the Taliban were able to use it at all, quite apart from the fact that they continue to use it to coordinate their activities even now as American citizens’ lives are imperiled by the Taliban advance which is being coordinated on that app, suggests that U.S. military intelligence never bothered to monitor Taliban numbers and never bothered to ask Facebook to ban them. They probably still haven’t even asked Facebook to do this, judging from the fact that the Taliban continues to use the app with impunity. This might explain why Afghanistan collapsed as quickly as it did.
The articles makes another statement which is thought provoking; to wit:
And as a result, they [the Taliban] took Afghanistan with almost no conflict. I suspect this is because they convinced everyone they would win before they showed up.
The write up contains links and additional detail. Consult the source document for this information. I am not sure how long the post will remain up, nor do I anticipate that it will receive wide distribution.
Stephen E Arnold, August 17, 2021
Europe: Privacy Footnote
August 11, 2021
If you are not familiar with Chatcontrol, there’s a mostly useful list of resources on the Digital Human Rights blog. The article “Messaging and Chat Control” offers some context as well as a foreshadowing of the possible trajectory of this EU initiative.
The Chatcontrol legislation meshes with Apple’s recent statement that it would be more proactive and transparent about its monitoring activity. You can get a sense of this action in “Expanded Protections for Children.”
A schism exists between those who want to move whatever content is of interest freely. On the other side of the gap are those who want to put controls on digital content flow.
Observations I noted on a flight home from Washington, DC Monday, August 10, 2021, included:
- Digital content flows accelerate and facilitate some unpleasant facets of human behavior. Vendors have done little since the dawn of “online” to manage corrosive bits. Is this now a surprise that after 50 years, elected officials are trying to take action.
- The failure to regulate has been a result of generate misunderstanding of the nature of unfettered digital information flows. As I have pointed out, digital content works exactly like glass beads propelled at a rusted fender. Once the rust is gone, keeping the nozzle aimed at the fender blasts the fender away as well. Hence, we have the social fabric in its present and rapidly deteriorating condition.
- One property of digital information is that those with expertise in digital information can innovate. Thus, there will be workarounds. Some of these will be deployed more rapidly than the filtering and control mechanisms can be updated. I point this out because once a control system is imposed, it becomes increasingly difficult and expensive to keep in tip top shape.
Net net: China has been the pace-setter in this approach to digital information. How easy is it to sketch the trajectory of these long-overdue actions? That’s an interesting question to ponder after a half century to stumble into the school room with a mobile phone and a perception that the online equipped person is a wizard.
Stephen E Arnold, August 11, 2021
NSO Group: Origins
August 11, 2021
I read “Israel Tries to Limit Fallout from the Pegasus Spyware Scandal.”
I noted this statement which is has been previously bandied about:
Israel has been trying to limit the damage the Pegasus spyware scandal is threatening to do to France-Israel relations. The Moroccan intelligence service used the software, made by an Israeli company with close ties to Israel’s defense and intelligence establishments, to spy on dozens of French officials, including fourteen current and former cabinet ministers, among them President Emmanuel Macron and former prime minister Edouard Phillipe.
The write up reports:
There were reasons for Macron’s irritation: The NSO Group was established in 2009 by three Israelis — Niv Carmi, Shalev Hulio, and Omri Lavie. Contrary to popular belief, the three were not veterans of the vaunted Unit 8200, the IDF’s signal intelligence branch (although many of the company’s employees are). It is generally accepted by intelligence services around the world that many Israeli high-tech companies share information they glean from their contracts abroad with the Israeli security services, if they think such information is vital to Israel’s security (this is why the Committee on Foreign Investment in the United States, or CFIUS, has been reluctant to allow Israeli cyber companies access to the U.S. market).
Interesting.
Stephen E Arnold, August 11, 2021
Who Phoned Home Those Research Results?
August 9, 2021
A routine at universities with grant hungry tenure surfers works like this: Recruit smart grad students, gin up a magnetic research project, chase grants, and publish in a “respected” peer reviewed journal. A bonus is a TED Talk. Winner, right?
I read “A Tweet Cost Him His Doctorate: The Extent of China’s Influence on Swiss Universities.” The write up points out as allegedly really true:
Education is a key aspect of China’s global power strategy. The Chinese government wants to control the country’s image throughout the world. To this end, it exerts influence abroad, and has no compunction about engaging in repressive actions.
I am not affiliated with any university. I don’t do academic anything. I do pay attention, however, to what probably are irrelevant and minor factoids; for example:
ITEM: The participation of Chinese nationals in assorted University of Tennessee activities; for example, research associated with fission and fusion with field trips to interesting places
ITEM: The number of Chinese professionals’ names appearing on papers related to smart software with possible relevance to autonomous systems
ITEM: The confluence of a research center and a PhD student writing tweets someone in the Middle Kingdom does not appreciate.
Important items or not, the fate of a student in a Swiss university is sealed. The write up states:
Only a few people in Switzerland have sought to disclose and criticize Chinese attempts to influence universities here… Cooperation between Chinese and Swiss universities has expanded in recent years. The University of St. Gallen has 15 such agreements, almost twice as many as ETH Zurich. For the last eight years, St. Gallen has also been home to a «China Competence Center,» the aim of which is to «strengthen and deepen productive relations with China».
The article points out:
Today, Gerber says starting to tweet was a mistake. The fact that he could lose three years of research work because of this still leaves him stunned. Yes, he was publicly critical of China, and once shared a cartoon that he would not share today. «But I didn’t do anything wrong,» he said. Gerber has now given up pursuit of his doctorate. «I don’t want to have to censor myself, certainly not in Switzerland,» he said. In the meantime, he has found a job that has nothing to do with China.
One question: What about American universities or a tour of ORNL?
Stephen E Arnold, August 9, 2021
Thailand Does Not Want Frightening Content
August 6, 2021
The prime minister of Thailand is Prayut Chan-o-cha. He is a retired Royal Thai Army officer, and he is not into scary content. What’s the fix? “PM Orders Internet Blocked For Anyone Spreading Info That Might Frighten People” reported:
Prime Minister Prayut Chan-o-cha has ordered internet service providers to immediately block the internet access of anyone who propagates information that may frighten people. The order, issued under the emergency situation decree, was published in the Royal Gazette on Thursday night and takes effect on Friday. It prohibits anyone from “reporting news or disseminating information that may frighten people or intentionally distorting information to cause a misunderstanding about the emergency situation, which may eventually affect state security, order or good morality of the people.”
So what’s “frightening?” I for one find the idea of having access to the Internet blocked. Why not just put the creator of frightening content in one of Thailand’s exemplary and humane prisons? These, as I understand the situation, feature ample space, generous prisoner care services, and healthful food. With an occupancy level of 300 percent, what’s not to like?
Frightening so take PrisonStudies.org offline I guess.
Stephen E Arnold, August 6, 2021
Facebook, Booze, Youngsters, and Australia: Shaken and Stirred
August 6, 2021
Quite a mixologist’s concoction: Facebook, booze, young people, and the Australian government. The country seems to be uncomfortable with some of Facebook’s alleged practices. I would assume that some Australian citizens who hold shares in the social media outfit are pleased as punch with the company’s financial results.
Others are not amused. “Facebook to Limit Ads Children See after revelations Australian Alcohol Companies Can Reach Teens” reports:
Facebook will impose more control on the types of ads that children as young as 13 are exposed to on Instagram and other platforms, as new research finds Australian alcohol companies are not restricting their social media content from reaching younger users.
How many companies targeted the youngsters down under? The write up asserts:
The paper examined the use of social media age-restriction controls by 195 leading alcohol brands on Instagram and Facebook, and found large numbers were not shielding their content from children. The 195 brands were owned by nine companies, and the research identified 153 Facebook accounts, including 84 based in Australia, and 151 Instagram accounts, of which 77 were Australian-based. The authors found 28% of the Instagram accounts and 5% of Facebook accounts had not activated age-restriction controls.
I did spot a quote attributed to one of the experts doing the research about Facebook, Booze, Youngsters, and Australia; to wit:
it was clear that companies were not complying with the code. “The alcohol industry has demonstrated that it is unable to effectively control its own marketing…
Shocking that about self regulation. Has anyone alerted the US financial sector?
Stephen E Arnold, August 6, 2021
Tit for Tat, Not TikTok, Spurs Chinese Innovation
August 5, 2021
I don’t think of Foreign Affairs magazine as a hot technology read. Its articles conjure memories of political science. Yeah, that’s right “science” in politics.
However, I did read an interesting essay called “China’s Sputnik Moment?” (Get your credit card, gentle reader, the information may be behind a paywall.)
The main point is that the humiliation of a Chinese Go expert sounded the alert to Chinese technologists. The result is that the Middle Kingdom shifted gears and started “innovating.” The idea that China was losing to a group of Westerners was unpalatable.
You may want to check out the original essay. I want to highlight one passage from the write up as characteristic of the article:
China’s industrial policy has failed.
Well, there you have it. And what’s China beavering away at?
Beijing is pushing hard for technological self-sufficiency.
And how is that working out? The article asserts:
The combined efforts of China’s state drive and its innovative industry will accelerate the country’s technological advancement.
What’s the outlook for China with regard to US policies?
The author concludes:At this point, no effort on behalf of the U.S. government can deter China’s state from its end goal of industrial self-sufficiency.
Those US teens’ clicks of TikTok are count downs it seems.
Stephen E Arnold, August 5, 2021
NSO Group and France: Planning a Trip to Grenoble? Travel Advisory Maybe?
August 3, 2021
The PR poster kid for intelware captured more attention from the Guardian. “Pegasus Spyware Found on Journalists’ Phones, French Intelligence Confirms” reports in “real news” fashion:
French intelligence investigators have confirmed that Pegasus spyware has been found on the phones of three journalists, including a senior member of staff at the country’s international television station France 24. It is the first time an independent and official authority has corroborated the findings of an international investigation by the Pegasus project – a consortium of 17 media outlets, including the Guardian.
The consistently wonderful and objective, media hip newspaper provided a counter argument to this interesting finding:
NSO said Macron was not and never had been a “target” of any of its customers, meaning the company denies he was selected for surveillance or was surveilled using Pegasus. The company added that the fact that a number appeared on the list was in no way indicative of whether that number was selected for surveillance using Pegasus.
Is NSO Group adopting a Facebook- or Google-type of posture? I think response to implied criticism is to say stuff and nod in a reassuring manner? I don’t know. The Guardian, ever new media savvy, wraps up the PR grenade with this comment:
The investigation suggests widespread and continuing abuse of Pegasus, which NSO insists is only intended for use against criminals and terrorists.
Should NSO Group professionals consider a visit to France and a side trip to Grenoble in order to ride Les Bulles?
Stephen E Arnold, August 3, 2021
China: Pointing a Way to Technology Solution That Sort of Works?
August 3, 2021
China is reasonably good in technology. China is also okay with facial recognition, facial recognition, and exploiting security vulnerabilities despite the best efforts of US cyber threat defense vendors.
China also may have figured out a way to jerk on the halter of the fast-moving technology stallions. How is this possible that a country many people think of as a producer of the inflatable unicorns favored by some Twitch influencers.
China may have a test underway to determine the efficacy of keeping digital services from altering the course of the good old ship of state in the Middle Kingdom.
“China Cracks Down on Its Tech Giants. Sound Familiar?” reports as only a “real news” outfit can just note that the url available to me could go dead. Not much I can do, gentle reader. Because Microsoft… :
China’s Ministry of Industry and Information Technology announced a six-month campaign on Monday to regulate internet companies, particularly practices that “disrupt market order, damage consumer rights, or threaten data security.” That followed repeated fines against tech giants including Alibaba, Baidu, and Tencent for violating antitrust laws, and a new plan to restrict overseas listings by Chinese companies.
It certainly appears from my vantage point in rural Kentucky that China wants to prevent the social complexities visible to anyone with a TikTok account. Heavy handed? Many may find Chinese regulators’ actions at odds with US methods.
That may be the point. If the crackdown works, China is making clear that the “Pacific century” is indeed the path forward. The interesting behavior of some people in the US, France, and other Western nation states suggests that a fresh or different approach should be tested.
This crackdown is, in my opinion, pretty significant. Will Russia hop on board the repression maglev? Oh, right, Russia boarded at an earlier stop.
Times and policies are changing and in real time.
Stephen E Arnold, August 3, 2021
-
- Subscribe to Beyond Search
Feature archive
News archive
-
