Friday Brief for 18 February 2022
Drones & crypto in Ukraine; Tech legislation is moving; & Iran hacks the Red Cross
End to End Encryption (E2EE) — End-to-end encryption secures data on the user's device and only ever decrypts it on the recipient's device. This means, the data can never be decrypted on the server nor in transit nor on the user's device.
**Heads Up **
First, I’m sorry there is no audio today. My mic decided to give up the ghost and the audio was just awful. I should be squared away soon.
If, however, you’re dying to hear the sultry sound of my voice, checkout the podcast below where I discuss cyber in Ukraine, the “New Right’s” old foreign policy, and flossing (the dance kind, not the dental kind).
Drones & Crypto May Feature in Ukraine Conflict
What’s New: Ukraine is turning to armed drones and cryptocurrency as it prepares to repel a possible Russian invasion.
Why This Matters: Kyiv hopes armed drones will offset Moscow’s military advantages and Ukrainian resistance groups are crowd-funding their potential rebellion.
Over the last year, Ukraine has employed armed drones — like the Turkish-made Bayraktar TB2 — to target Russian artillery and other forces, according to the Wall Street Journal.
The weapons have been effective enough to make Russia complain that the provision of these systems by NATO countries is a threat to Russia’s security. (boo-hoo)
The TB2 is popular around the world because it falls just short of American and other weapons export restrictions, but can still laser-designate targets from 12 miles away.
“Russian antiaircraft systems can’t see the TB2 at this distance,” said Yuriy Butusov, a Kyiv-based defense writer. “Ukraine has connected its camera to the battle management system and can observe at big distances with Russia being unable to take it down.”
Separately, cryptocurrency donations to Ukrainian militias and hackers opposing Russia spiked last year, reports Wired.
According to crypto tracing and blockchain analysis firm Elliptic, “Crowdfunded payments to those organizations in bitcoin, litecoin, ether, and other cryptocurrencies the company tracks reached a total value of around $550,000 last year, compared with just $6,000 or so in 2020.”
One pro-Ukraine hacker collective — called the Ukrainian Cyber Alliance — has used more than $100K in crypto donations to conduct numerous hack-and-leak and web defacement ops.
What I’m Thinking:
Drones won’t be decisive, but they’re good to have around. The TB2 isn’t that sophisticated and it certainly doesn’t offer Ukraine a military advantage over Russia’s larger, more modern, more lethal military. It can, however, be used to harass Putin’s army and to inject a little “friction” into its operations — and who knows what opportunities that might generate.
Crypto crowdfunding will likely become normal from here on out. There are at least two reasons this trend is likely to continue: (1) global and social media are increasingly being used to raise awareness and support among populations far beyond the battlefield; (2) cryptocurrency payments aren’t necessarily illegal, are barely regulated, are easily transacted, and are increasingly easy to spend. It’s not hard to imagine freedom fighters and even terrorists groups (no, they are not the same) starting the equivalent of “go fund me” websites where supporters can make donations or even provide other material support, without ever needing to leave the couch.
Tech Dances as Legislation Advances
What’s New: Senators have passed the EARN IT Act out of the Judiciary Committee, adding it to a growing list of tech-focused legislation that could upend the industry.
Why This Matters: While some of the largest tech companies have opposed the new measures, they have failed to address the grievances and concerns animating these bills and could soon be surprised by sweeping changes in how they do business.
EARN IT, passed out of committee this week with no “no” votes, would constrain Section 230 protections for any company that fails to limit child exploitation materials.
The committee also recently passed the Open App Markets Act — legislation that would force Apple and Google to fundamentally change their app business by allowing users to download apps outside of their stores and by giving app developers the freedom to use other in-app payment services.
Finally, last month, the committee passed the American Innovation and Choice Online Act — a massive antitrust bill aimed squarely at breaking up and punishing “big tech” over their perceived political bias and “anti-competitive” behavior.
What I’m Thinking:
I don’t like any of these bills, but that’s not really my point. I think EARN IT undermines encryption. I think Open Apps hurts cybersecurity. And I think Choice Online abandons principle and imperils national security. But all of that is for a different day. My main concern right now is how tech companies seem to be tuning their fiddles while lawmakers are gathering gasoline and matches.
Many of these companies think they’re untouchable, but they’re wrong. For years, Apple, Google, and others have dared Congress to take meaningful action against them, betting that negative economic impacts and frustrated users in their states and districts would force lawmakers to fold. And they did — for a while. Those political dynamics, however, have changed and now there is broad, bipartisan consensus on doing something, anything, to take “big tech” down a few notches. This is why the steady march of anti-tech legislation is likely to continue and may even become law.
Arrogance is gas on the fire. During debate on the Open App Markets Act, Apple and Google centered their arguments on the idea that, if forced to open devices to third-party app stores, they could no longer protect users’ data because they could no longer guarantee the cybersecurity practices of third-party app developers. This is actually a valid and compelling argument in my view. The problem, however, is that at the exact same time they were making these arguments, both companies were distributing China’s My2022 Olympics app — an app that cybersecurity researchers said was harvesting troves of data, exposing communications, and enabling spying by the Chinese government. Even after these concerns were raised, both app stores kept My2022 where it could be downloaded by Americans and millions of others. This decision, all by itself, decisively undermined these companies’ complaints about the Open App Markets Act and explains how this bill passed out of committee with nary a whisper. Now maybe executives console themselves by reasoning that laws like these have advanced out of committee before but never advanced to a full floor vote or to the President’s desk, and therefore, there’s nothing to worry about. I’m here to tell you, that’s no longer a safe bet.
Iran Suspected in Red Cross Hack
What’s New: Last month, it was discovered that the personal information from more than 500K people was stolen from the International Committee for the Red Cross (ICRC), according to Krebs on Security.
Why This Matters: Forensic evidence suggest the hack was done by Iranian operatives and is tied to a large influence operation.
The intrusion occurred last November and resulted in the loss of data associated with half a million people receiving aid from the non-profit organization.
Part of the evidence tying the attack to Iran includes an email that was used to offer the stolen data to would-be buyers, that the FBI says is linked to an ongoing Iranian government influence effort.
That same email was used to purchase and register several domains associated with the Liberty Front Press, a network of fake news sites assessed to be run out of Iran.
“Right now,” says an ICRC statement, “we do not have any conclusive evidence that this information from the data breach has been published or is being traded. Our cybersecurity team has looked into any reported allegation of data being available on the dark web.”
What I’m Thinking:
Liberty Front Press is not new. In 2020, the U.S. Department of Justice took several actions against domains tied to Liberty Front Press and publicly accused Iran’s Islamic Revolutionary Guard Corps (IRGC) of using these domains for “covert influence.” Later that year, the U.S. Treasury Department sanctioned five Iran-linked organizations for spreading fake news and other efforts to sow discord in the U.S.
It’s not clear why, but this hack had purpose. A lot of the details are still emerging and there’s quite a bit of confusion about aspects of the attack. But, there are reasons to believe this attack was sophisticated and targeted. (1) The bad guys used a set of tools that are often used by advance persistent threat groups (APTs) and that are not broadly available. (2) They were very skilled at hiding their tracks. (3) It looks like these black hats also designed some code that was tailor made for use on ICRC servers. (4) The attackers were very good at moving and removing files in a way that did not trip ICRC anti-malware and other security tools. So bottom line: this wasn’t random but we’re also not sure what the specific objectives of this operation were — stay tuned.
Let’s Get Visual
That’s it for this Friday Brief. Thanks for reading, and if you think someone else would like this newsletter, please share it with your friends and followers. Have a great weekend!