April 7th, cyber summary
Stupid security reactions.
Looks like more stupid security disclosure stuff.
Logistics is a superpower. The ability to project power sometimes means things like: adopting pallets and forklifts. And then it reveals itself in things like: can send arbitrary quantities of any item to anywhere in the world in under a week.
Truth bomb
There is a market for knowing how to use the tools people already have.
An interesting issue with NFT trading platform UI/UX. By making it easy to impersonate a verified check mark and hard to examine the provenance chain KiwiSwap enabled a fraudulent swap. In this case the loss was over half a million dollars in NFTs. It’s a ridiculous amount for ugly ape jpegs, but that just makes the surrounding security even more more important. Anyone who’d pay that money for an NFT is probably not the most security savvy person. Case in point, almost all the security ppl I know stayed away from NFTs and most avoided crypto… now they’re all not-multimillionaires. So. Just goes to show…
An interesting issue with an NFT trading platform enabling fraud. No this is not a repeat from one entry ago.
There are weird parts of the cyber war. This one, the availability of apps where the government disapproves, is a very important part. We saw this during the Hong Kong protests.
Censorship is not just about websites, but about apps. Making something inconvenient is a way of limiting the audience. Limiting the audience limits the dissemination of information. Restricting dissemination of information is the whole point of censorship. Which is to say, “adding friction to discovery and access is information warfare.” App availability in App Stores is actually part of the cyber warfare domain.
Here’s something worth reading. This examines how the Ukrainians and NATO exploited Russian military corruption to gain access to the new Russian encrypted radios. Analysis of the devices uncovered critical problems:
enabling encryption halved the effective range
range was abysmal and required repeaters to work any distance
Also, Ukraine keeps destroying all the repeaters.
In addition, there simply aren’t enough radios to go around. The solutions adopted by the Russians to mitigate all these problems have created vulnerabilities the Ukrainians are exploiting.
Soldiers disable encryption so they could get better range.
Exploit: This allowed SIGINT collection of the classic kind.
Soldiers used mobile phones with Ukrainian SIM cards
Exploit: The phones are geolocated through the phone network and hit with fires
Soldiers brought Chinese walkie-talkies for tactical level communications
Exploit: SIGINT by everyone mad easier by the fact that Ukrainians all speak Russian
Exploit: primitive electronic warfare as everyone can flood the channels with noise
Generals moved closer to the front lines to compensate for the limited C2 range
Exploit: the generals and other commanding officers get killed
A truly beautiful set of moving the enemy and exploiting some serious problems in their communications technology.
https://www.strategypage.com/htmw/htecm/articles/20220328.aspx
Russian is starting to have some success in the infowar department. So far it’s nothing too amazing, they have lost the sort of capacity they wielded in 2016-17.
