The Info Op

Share this post
May 20, 2022
grugq.substack.com

May 20, 2022

the grugq
May 20
2
Share this post
May 20, 2022
grugq.substack.com

Huge news. The Feds won’t use the CFAA to go after security researchers, pinky promise!

Twitter avatar for @zackwhittakerZack Whittaker @zackwhittaker
Wow. DOJ has announced a significant policy shift in how it will bring computer hacking charges under CFAA in the future. "The policy for the first time directs that good-faith security research should not be charged."
justice.gov/opa/pr/departm…

May 19th 2022

207 Retweets606 Likes

Very important caveat.

Twitter avatar for @blakereidBlake E. Reid @blakereid
@thegrugq NB: this doesn't extend to civil liability, which is a major practical problem for many researchers.

May 19th 2022

1 Retweet4 Likes

The EFF is all over it.

Twitter avatar for @WeldPondChris Wysopal @WeldPond
…it stops far short of requiring that a defendant defeat a technological restriction in order to exceed authorized access.
DOJ’s New CFAA Policy is a Good Start But Does Not Go Far Enough to Protect Security ResearchersThe Computer Fraud and Abuse Act (CFAA), the notoriously vague anti-hacking law, is long overdue for major reform. Among many problems, the CFAA has been used to target security researchers whose work uncovering software vulnerabilities frequently irritates corporations (and U.S. Attorneys). The...eff.org

May 20th 2022

3 Retweets4 Likes


https://arxiv.org/abs/2205.07759

There are so many problems with this paper I’m not sure where to start. I guess I’ll start with the conclusion: they are correct. Many APTs use public vulnerabilities rather than 0day.

A short summary of some problems with the paper. Their goal when writing this paper was to answer the question “does timely patch protect an enterprise against APT threats? If so, how timely?” Keep this in mind, they’re thinking about enterprises and patching.

So an early problem is that they assume APTs are an ontological unit. They are not. The term “APT” is a broad generalisation used to collectively refer to many different kinds of these actor.

Another issue is that they assume the reports from as far back as 2008 are reliable, which I am not sure is a safe assumption.

The paper uses APT clusters which are known to be flawed. For example, the WINTI group was more of an umbrella term for different people using the same tools from a particular vendor. Much like one could talk about the “REvil group” to collectively refer to everyone using that ransomware brand, the reality is that affiliates each have different threat profiles. What they use post exploitation says nothing about how they gain access.

These are more epistemology failures.

Understanding campaigns is complicated. Firstly, for a nation state the purpose of breaking into a computer is to do something after breaking in. Gaining access is just step 0. A chore that needs to be done before moving on to the scut work of cyber espionage.

They need to gain access, but they don’t have many concerns about *how* they gain access. Of course, cheaper is better, and faster is better, but those are just guidelines. There are many conditions which could change the calculus here, such as expediency, security, time pressure, resource constraints, procurement pipeline issues, and so on.

For the majority of cases though, they can use whatever works and just get on with the job. Not every operation is about disrupting an adversary before a deadline.

Twitter avatar for @campuscodiCatalin Cimpanu @campuscodi
A recent academic paper studied data from 86 APTs and 350 campaigns carried out from 2008 to 2020 and found that APTs rarely rely on zero-days and typically use public known vulnerabilities for their attacks
arxiv.org/abs/2205.07759
Image

May 19th 2022

161 Retweets374 Likes


Twitter avatar for @uamemesforcesUkrainian Memes Forces @uamemesforces
Image

May 19th 2022

1,115 Retweets11,319 Likes


The EU is intent on fucking up a critical thing for a theoretically noble reason in a very dumb way.

Twitter avatar for @matthew_d_greenMatthew Green @matthew_d_green
Very clear explanation of how the EU’s anti-grooming law will affect end-to-end encrypted messaging.
End-to-End Encryption and the EU’s new proposed CSAM Regulationeducatedguesswork.org

May 19th 2022

26 Retweets51 Likes


Update your incident response handling to include better messaging to attackers.

Twitter avatar for @cyb3ropsFlorian Roth ⚡️ @cyb3rops
🍆
bleepingcomputer.com/news/security/…
Image

May 18th 2022

129 Retweets428 Likes


Twitter is on the case for Ukraine disinformation

Twitter avatar for @psywarorgPsyWar.Org 🇺🇦🌻 @psywarorg
Twitter steps up Ukraine misinformation fight
Twitter steps up Ukraine misinformation fightThe social media platform says it will put false claims from official accounts behind warning notices.bbc.co.uk

May 19th 2022

4 Retweets3 Likes


If Halvar has seen further it is because he is a giant. Possibly standing on his own shoulders.

Twitter avatar for @halvarflakeHalvar Flake @halvarflake
Some thoughts on startups, Figmaization, and AI: 1) I strongly believe that every heavyweight desktop application that still exists will be replaced by a SaaS-y in-browser collaborative version. Docs, Figma were the start, and the few things that remain (CAD? EDA?) will be next.

May 19th 2022

7 Retweets78 Likes

-

Twitter avatar for @windowWindow Snyder @window
Attention aged exploit writers: If you were a ninja in the late 90s-early 00s, turn your attention to embedded devices, bootloaders and firmware. All your old skills are new again.

May 18th 2022

123 Retweets591 Likes


Here’s a PDF book (short) on The Trust, an incredibly effective counterintelligence operation run by the Cheka (earliest incarnation of the KGB).

https://jmw.typepad.com/files/simpkins---the-trust-security-intelligence-foundation.pdf

Here’s another document on the same topic, because it is really an awesome op.

https://www.centerforintelligencestudies.org/the-trust.html

-

Reviews from the front lines on what matters in equipment,

Twitter avatar for @RALee85Rob Lee @RALee85
Some gear reviews from RAZVEDOS. He says that VSS and AS Val rifles haven't proven themselves during the war. Both require a lot of cleaning and maintenance. He also said they lack enough penetration, but Russia lacks enough suppressors for AKs.
vk.com/public21006822…
Image
Image
Image

May 20th 2022

115 Retweets862 Likes

-

ESET finding more Russian malware

Twitter avatar for @ESETresearchESET research @ESETresearch
#BREAKING #Sandworm continues attacks in Ukraine 🇺🇦. #ESETresearch found an evolution of a malware loader used during the #Industroyer2 attacks. This updated piece of the puzzle is malware @_CERT_UA calls #ArguePatch. ArguePatch was used to launch #CaddyWiper. #WarInUkraine 1/6
Image

May 20th 2022

110 Retweets170 Likes

-

Supply chain attacks. Trust is the root of all compromise…

Twitter avatar for @dcuthbertDaniel Cuthbert @dcuthbert
We've heard a lot about supply chain risks but rarely do we see actual solid attacks. @SentinelOne has investigated one targeting the Rust dev community and it's pretty interesting, to me at least
CrateDepression | Rust Supply-Chain Attack Infects Cloud CI Pipelines with Go MalwareSoftware developers using GitLab CI are being targeted with malware through a typosquatting attack, putting downstream users at risk.sentinelone.com

May 20th 2022

7 Retweets7 Likes

-

The future is kinda crazy. Costa Rica is at war with Conti.

https://www.bbc.co.uk/news/technology-61323402

-

Russian offensive cyber supply chain

Twitter avatar for @PJ47596176PJ⌨🖱🏋🏻‍♂️🥃🗺🌎🌻🇺🇦 @PJ47596176
👀👀🇷🇺companies InformInvestGroup and software company ODT (Zer0day) LLC created Froton for FSB. Fronton is a system developed for coordinated inauthentic behavior on a massive scale - not just DDoS.
nisos.com/blog/fronton-b…Fronton: A Botnet for Creation, Command, and Control of Coordinated Inauthentic BehaviorMay 2022 Investigative Report Release: Nisos analysts determined that Fronton is a system developed for coordinated inauthentic behavior on a massive scale. Read more.nisos.com

May 20th 2022

1 Retweet3 Likes

-

Strongmen regimes and military blunders.

https://warontherocks.com/2022/05/when-strongmen-invade-they-bring-their-pathologies-with-them/

Share this post
May 20, 2022
grugq.substack.com
Comments

Create your profile

0 subscriptions will be displayed on your profile (edit)

Skip for now

Only paid subscribers can comment on this post

Already a paid subscriber? Sign in

Check your email

For your security, we need to re-authenticate you.

Click the link we sent to , or click here to sign in.

TopNewCommunity

No posts

Ready for more?

© 2022 the grugq
Privacy ∙ Terms ∙ Collection notice
Publish on Substack Get the app
Substack is the home for great writing