Daily Drop (551): GlobalFoundries: TSMC Germany, DC: Adding teeth to cyber policy, Ukraine’s War ran like a Startup, TETRA: Backdoor, China: IO in Washington,
07-25-23
Tuesday, Jul 25, 2023 // (IG): BB // Financial Enabler PODCAST // Coffee for Bob
Pro-China influence campaign allegedly financed staged protests in Washington
Analyst Comments: The report indicates a marked shift in tactics by entities supporting China's political narratives, signaling a potential escalation in information warfare. While the success of these campaigns seems to be limited thus far, their continued persistence suggests a sustained effort to influence public opinion, with the potential for more sophisticated techniques to be employed in the future. It underscores the importance of vigilance by cybersecurity entities and the need for robust mechanisms to detect and counter such influence campaigns. The report also raises concerns about the exploitation of legitimate platforms, such as newswire services and freelancing websites, underlining the challenge of maintaining the integrity of information in the digital age.
FROM THE MEDIA: Cybersecurity firm Mandiant has reported on a Chinese influence campaign that allegedly uses newswire services, staged protests, and billboard ads to spread pro-Beijing propaganda in the U.S. The campaign is linked to Shanghai-based marketing firm Haixun, which has Chinese police and government agencies among its clients. This firm was involved in an earlier campaign, HaiEnergy, which ran 72 fake news sites worldwide, spreading content that aligned with China's political interests. Haixun's latest efforts involve using newswire services to disseminate pro-China content to U.S. news outlets, organizing protests in Washington for media coverage, and placing pro-China messages on a Times Square billboard. Despite these efforts, the impact of these campaigns appears to be limited, circulating mostly within their own echo chambers.
READ THE STORY: The Record
Mykhailo Fedorov Is Running Ukraine’s War Like a Startup
Analyst Comments: Ukraine's approach to digital transformation has showcased its resilience, agility, and innovation in governance. Even in the face of conflict, the government has found ways to adapt and leverage technology for its survival and resistance efforts. Its readiness to innovate under pressure demonstrates the value of digital readiness in modern governance, especially in times of crisis. The digital transformation, however, doesn't come without potential risks. Issues such as data security, privacy, and potential for disinformation should be carefully managed as these digital platforms become more pervasive in society. Nevertheless, the case of Ukraine presents a compelling example of how digital transformation can play a pivotal role in a nation's response to adversities, strengthening its resilience and keeping citizens engaged and informed.
FROM THE MEDIA: Under the leadership of Vice Prime Minister Mykhailo Fedorov and President Volodymyr Zelenskyy, Ukraine has harnessed digital transformation to modernize its governance and respond to the ongoing conflict with Russia. Notable initiatives include the creation of an air raid alert app featuring Star Wars actor Mark Hamill's voice, which was swiftly developed and implemented by a home security company, Ajax Systems. The Ukrainian government's entrepreneurial approach, led by Fedorov, has fostered agility in times of crisis, allowing the government to operate "like a startup". This has culminated in the development of the United24 platform, which raised a reported $350 million for the war effort through public donations. Prior to the war, Fedorov's Ministry of Digital Transformation launched a successful "state in a smartphone" app, Diia, which offers access to various government services.
READ THE STORY: Wired
GlobalFoundries criticizes German subsidies for TSMC
Analyst Comments: The situation reflects the intensifying global competition in the semiconductor industry, with various nations employing strategic moves to ensure a reliable supply chain. While the concerns raised by GF point to potential risks of market distortion and overreliance on single suppliers, it is crucial to note that GF itself has been a recipient of substantial government aid. The broader economic impact will depend on how well subsidies are managed and whether they lead to a balanced and resilient industry. Germany's approach, along with the rest of the EU, appears focused on promoting significant investment in the sector, with the ambition of increasing their global market share. While economists' concerns about subsidy scales are valid, these investments could prove critical for technological autonomy and economic resilience in the long term.
FROM THE MEDIA: GlobalFoundries (GF), a US-based chipmaker, has criticized Berlin's planned subsidies for Taiwan Semiconductor Manufacturing Company's (TSMC) proposed plant in Dresden, Germany. GF's CEO, Thomas Caulfield, warned that such aid could distort competition and create dependency on a single supplier. TSMC, the world's largest contract chipmaker, has not commented on these remarks. This comes amidst a wave of substantial investment in Germany's semiconductor industry, including Intel's €30 billion plants in Magdeburg and GF's partnership with STMicroelectronics for a chip factory in France. These moves are crucial to the EU's goal of doubling its global semiconductor market share from less than 10% to 20% by 2030. Meanwhile, concerns about the scale of subsidies offered by the German government to attract tech companies have been raised, with some calling them a waste of taxpayer money.
READ THE STORY: FT
Washington Tries to Add Some Teeth to Its Cyber-defenses
Analyst Comments: The cybersecurity plan outlined by the Biden administration recognizes the escalating digital threats posed by nation-states like China, North Korea, and Russia, indicating an increased focus on defending the nation's key infrastructure and governmental institutions. However, the concerns raised by experts about the plan's specifics are valid, given that the implementation details can significantly affect the effectiveness of any strategy. It is also crucial to note that the timeline for the proposed measures stretches beyond the current administration's term, creating uncertainty about their continuity.
FROM THE MEDIA: In response to the recent cyber threats from China, North Korea, and Russia, the Biden administration released its long-awaited cybersecurity plan. The plan intends to protect key U.S. infrastructure, such as pipelines, electrical grids, and the water supply, from devastating cyberattacks and prevent hackers from infiltrating government officials' emails. It involves greater reliance on private sector companies like Amazon and Microsoft, and more proactive international collaborations. However, some experts argue the plan is high on aspirations but lacking in implementation details, with some major goals being downscaled or excluded.
READ THE STORY: FP
Code Kept Secret for Years Reveals Its Flaw—a Backdoor
Analyst Comments: The findings reveal a serious concern for global security and trust in long-standing technologies used for critical communications. This discovery not only highlights the importance of open-source scrutiny for security but also raises questions about the responsibility of vendors towards their customers. The secrecy surrounding the encryption algorithms of the TETRA technology likely contributed to these vulnerabilities remaining undetected for an extended period. It serves as a cautionary tale for the broader tech industry about the potential dangers of undisclosed backdoors and a lack of transparency in technology design. Given the potential impacts on critical infrastructure, urgent action is required by manufacturers to address these vulnerabilities.
FROM THE MEDIA: A group of Dutch researchers has discovered serious security flaws in a 25-year-old technology, TETRA (Terrestrial Trunked Radio), used globally for critical data and voice radio communications. These flaws include a deliberate backdoor which was reportedly known to vendors but potentially undisclosed to customers. The backdoor allows someone to snoop on and manipulate encrypted data and commands used in critical infrastructure like pipelines, railways, the electric grid, mass transit, and freight trains. This could lead to severe consequences such as triggering blackouts or rerouting trains.
It’s Getting Harder for the Government to Secretly Flag Your Social Posts
Analyst Comments: The rise of IRUs highlights the growing complexity and stakes in the battle over online content moderation. On one hand, these units serve a purpose in quickly identifying and combating harmful content such as extremist propaganda or health disinformation. On the other hand, their broad reach and lack of transparency raise legitimate concerns about potential abuses of power and the suppression of freedom of expression. The implementation of checks and balances, such as the recent U.S. injunction and upcoming EU regulations, are positive steps towards creating a more accountable system. However, it's crucial that these measures address the issues of procedural transparency, fair application of rules, and potential political bias. To fully address these challenges, a cooperative international approach, involving not just governments and tech companies but also civil society groups, might be necessary. Moreover, efforts from platforms like Meta to centralize and publicize IRU requests can contribute to this endeavor by increasing accountability and public scrutiny of these processes.
FROM THE MEDIA: Internet Referral Units (IRUs) are government agencies that urge online platforms to take action against content deemed objectionable. Originating in the UK around 2010, these units have expanded globally and influence a wide range of content from extremist views to political misinformation and health disinformation. Critics express concerns about the lack of transparency in these processes, the potential for abuse of power, and the circumvention of legal channels. Recently, a U.S. federal judge issued a preliminary injunction preventing Biden administration officials from alerting social media companies about content violating their terms of service, and the EU is set to introduce transparency requirements for IRUs. However, compliance with IRU requests remains largely voluntary for platforms, which often feel pressured to comply due to potential regulatory repercussions. Existing power dynamics can also influence the effectiveness of IRUs, as exemplified in the Israeli-Palestinian conflict where the Palestinian Authority's lesser leverage with tech companies compared to Israel's limits its influence.
READ THE STORY: Wired
Zenbleed: New Flaw in AMD Zen 2 Processors Puts Encryption Keys and Passwords at Risk
Analyst Comments: The discovery of the Zenbleed vulnerability presents a significant security risk, especially given its potential for remote exploitation through JavaScript on a website. The fact that it can be used to extract sensitive data underscores the severity of the threat. As this type of flaw is embedded within the processor architecture, it is harder to mitigate compared to software-based vulnerabilities. The recommended mitigation step, applying microcode updates from original equipment manufacturers (OEMs) as they become available, is crucial to protect systems from potential attacks.
FROM THE MEDIA: A new security vulnerability, codenamed Zenbleed and tracked as CVE-2023-20593, has been discovered in AMD's Zen 2 architecture-based processors. The flaw, discovered by Google Project Zero researcher Tavis Ormandy, allows data exfiltration at a rate of 30kb per core per second and could be exploited to extract sensitive data, including encryption keys and passwords. The flaw is part of a category of weaknesses known as speculative execution attacks. AMD, in an advisory, explained that under certain microarchitectural circumstances, a register in Zen 2 CPUs may not be correctly written to 0. This could result in data from another process and/or thread being stored in the YMM register, providing potential access to sensitive information for an attacker.
READ THE STORY: THN
It’s Getting Harder for the Government to Secretly Flag Your Social Posts
Analyst Comments: The rise of IRUs highlights the growing complexity and stakes in the battle over online content moderation. On one hand, these units serve a purpose in quickly identifying and combating harmful content such as extremist propaganda or health disinformation. On the other hand, their broad reach and lack of transparency raise legitimate concerns about potential abuses of power and the suppression of freedom of expression. The implementation of checks and balances, such as the recent U.S. injunction and upcoming EU regulations, are positive steps towards creating a more accountable system. However, it's crucial that these measures address the issues of procedural transparency, fair application of rules, and potential political bias. To fully address these challenges, a cooperative international approach, involving not just governments and tech companies but also civil society groups, might be necessary. Moreover, efforts from platforms like Meta to centralize and publicize IRU requests can contribute to this endeavor by increasing accountability and public scrutiny of these processes.
FROM THE MEDIA: Internet Referral Units (IRUs) are government agencies that urge online platforms to take action against content deemed objectionable. Originating in the UK around 2010, these units have expanded globally and influence a wide range of content from extremist views to political misinformation and health disinformation. Critics express concerns about the lack of transparency in these processes, the potential for abuse of power, and the circumvention of legal channels. Recently, a U.S. federal judge issued a preliminary injunction preventing Biden administration officials from alerting social media companies about content violating their terms of service, and the EU is set to introduce transparency requirements for IRUs. However, compliance with IRU requests remains largely voluntary for platforms, which often feel pressured to comply due to potential regulatory repercussions. Existing power dynamics can also influence the effectiveness of IRUs, as exemplified in the Israeli-Palestinian conflict where the Palestinian Authority's lesser leverage with tech companies compared to Israel's limits its influence.
READ THE STORY: Wired
Items of interest
Apple Rolls Out Urgent Patches for Zero-Day Flaws Impacting iPhones, iPads and Macs
Analyst Comments: The discovery of the zero-day flaw, particularly given that it is already being actively exploited, poses a significant security risk for Apple users. Given its potential to allow a malicious app to modify sensitive kernel state, it could lead to substantial compromise of user data and system integrity. Importantly, the fact that it's linked to Operation Triangulation, a sophisticated mobile cyber espionage campaign, further underlines the seriousness of this vulnerability. The swift release of security updates by Apple is a critical step in mitigating this risk.
FROM THE MEDIA: Apple has released security updates for its iOS, iPadOS, macOS, tvOS, watchOS, and Safari products to address several security vulnerabilities, including an actively exploited zero-day bug, CVE-2023-38606, in the kernel. This vulnerability potentially allows a malicious app to modify sensitive kernel state. The flaw is the third discovered in connection to Operation Triangulation, a sophisticated mobile cyber espionage campaign that has been targeting iOS devices using a zero-click exploit chain since 2019. Kaspersky researchers discovered and reported the flaw. The security updates cover a wide range of Apple devices and operating systems.
READ THE STORY: THN
Zero Click Exploits Explained: Technical (Video)
FROM THE MEDIA: A zero-click exploit refers to a type of vulnerability that allows a threat actor to compromise a system without any interaction from the end user. In other words, the victim doesn't need to click a link, download a file, or perform any action for the attack to be successful. These exploits are particularly dangerous because they can be very difficult to detect and prevent.
How Zero Click Exploit Spyware Accessed Mic & Camera Without Permission/Notifications (Video)
FROM THE MEDIA: QuaDream Spyware is another commercial surveillance for hire that Citizen Lab and Microsoft Exposed. Like NSO group's Pegasus Spyware they are using Zero Click Exploits on iPhones, exploiting Zero Days in iOS.
These open-source products are reviewed by analysts at InfoDom Securities, providing possible context about current media trends related to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in their original material or related links on their sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.