Daily Drop (562): Russian Hackers, China: Raw Materials, South Korea: US China Chip Plan, SpaceX’s Dominance, BRICS: Outer Space, Discarded Medical Devices, US BGP: ‘lagging behind
08-06-23
Sunday, Aug 06, 2023 // (IG): BB // Financial Enabler PODCAST // Coffee for Bob
The untold history of today’s Russian-speaking hackers
Analyst Comments: The operations of Clop demonstrate how ransomware attacks have become a serious concern for businesses globally. Not only do they pose significant financial threats, but they also risk exposing confidential data, damaging reputations, and disrupting operations. The historical context provided in the article underscores that this issue is not new, but has evolved over time. From the early days of card fraud to the modern era of complex ransomware attacks, cybercrime has continued to advance in both sophistication and scale. The geographical source of these cyber attacks is also of importance. The seeming impunity with which groups like Clop operate from within Russia, coupled with the shift in focus away from Ukraine since Russia's invasion, suggests a concerning relationship between state interests and cybercrime. This raises difficult questions about state responsibility, international law, and the potential for cyber operations to become a new frontier in geopolitical conflicts.
FROM THE MEDIA: Clop, a Russian-speaking hacking group known for ransomware attacks, operates an open website where it encourages victims to negotiate ransoms for the return of their data. The website is hosted on the dark web and offers a three-day window for negotiation, failing which, the stolen data is published online. The group has been particularly active in recent months, exploiting a vulnerability in MOVEit software to gain access to hundreds of companies via the digital payroll provider, Zellis. Victims who couldn't access their own data have had to follow instructions on Clop's site to pay the ransom in Bitcoin, or risk having their confidential data released. According to Mikko Hypponen, Chief Research Officer at WithSecure, Clop is a Russian-speaking criminal group operating out of Russia and Ukraine. He notes that the number of ransomware attacks from Ukraine has dropped since Russia's invasion of Ukraine, while those launched from within Russia have increased.
READ THE STORY: FT
Discarded medical devices found to have troves of information on healthcare facilities
Analyst Comments: The findings present significant privacy and security concerns. Infusion pumps, which are essential in healthcare settings for administering fluids or medication, can become a source of unauthorized access to sensitive data if not properly decommissioned. The fact that these devices contain WiFi passwords presents a potential security threat, as this could allow unauthorized individuals to access a hospital's network. It underscores a persistent issue in cybersecurity and data management within the healthcare sector, where devices are often overlooked as a potential security risk. The research highlights the need for better processes in both the decommissioning and resale of medical devices, involving vendors, healthcare organizations, and possibly regulatory bodies. Given the critical role of these devices and the sensitive nature of the data they can hold, it is essential to implement robust data management and security procedures to mitigate potential cyber threats.
FROM THE MEDIA: Research by Rapid7 found that infusion pumps sold on secondary markets, such as eBay, often still contain sensitive information about the hospitals they originated from. The team examined 13 different infusion pump brands and discovered that eight contained information such as WiFi passwords, highlighting a systemic issue in the medical device field where data is not properly purged before devices are resold. The researchers stress that the responsibility of data purging lies with both medical technology vendors and medical organizations.
READ THE STORY: The Record
China and critical raw materials: a strategy of domination
Analyst Comments: China's dominance in the CRM sector is undeniable, considering its control over the entire value chain. The country has masterfully exploited a combination of overseas acquisitions, investment in infrastructure, and relaxed environmental regulations. Its control over the refining processes of these materials creates a situation of dependency for many countries, positioning China as a dominant player in the global market. Such a monopolistic approach to CRMs, particularly when these resources have both economic and strategic applications, poses significant risks. Western countries, especially the US, which heavily relies on these resources for various technological and defense applications, could face severe disruptions in their supply chains in the event of geopolitical tensions with China.
FROM THE MEDIA: In retaliation to Washington's sanctions, China, in July 2023, announced plans to limit exports of gallium and germanium - critical raw materials (CRMs) essential for energy transition and used in solar panels. Over the years, China has strategically built a robust ecosystem around CRMs, including rare earths. The country has not only managed to control the extraction and production of these materials but also the refining process, effectively monopolizing the value chain of CRMs. Its dominance extends to the manufacturing sectors of electric vehicle batteries, wind turbines, and solar panels. To enhance its foothold in the CRM industry, China has followed a strategic long-term plan focused on acquisitions, stakes in mines, and providing infrastructure for raw material exploitation. This strategy is built around the Belt Road Initiative. China has managed to control a significant portion of global lithium and cobalt mines, which are essential for the energy transition industries. The country is also a significant player in refining these materials.
READ THE STORY: ModernDiplomacy
South Korean lawmaker urges US to abandon China chip strategy
Analyst Comments: Yang's criticisms highlight the complexities and potential negative impacts of the ongoing tech cold war between the US and China on allies such as South Korea. In the context of geopolitics and global supply chains, South Korea is in a precarious situation, having to maintain a balance between its two biggest trading partners. While US measures may provide temporary relief to South Korea by slowing down Chinese competitors, the long-term viability of this approach is uncertain, given the rapid technological advancements in China and the potential for disrupted supply chains.
FROM THE MEDIA: South Korean lawmaker Yang Hyang-ja has criticized Washington’s actions in the global semiconductor industry, arguing that its efforts to limit China's access to advanced chips might harm relations with Asian allies. Yang, a former Samsung executive, warned that the US's 'America First policy and measures to curtail China could lead to an alliance against the US. She expressed concerns about potential backlash from Beijing that could disrupt supply chains and impact profits due to US measures. Despite some observers stating that US actions could benefit South Korean chipmakers by hindering Chinese competitors, Yang argued that the rise of state-backed Chinese firms such as YMTC posed a long-term threat to South Korea's semiconductor industry.
READ THE STORY: FT
US ‘lagging behind’ on Border Gateway Protocol security practices, CISA and FCC Chiefs say
Analyst Comments: The lag in BGP security measures is a major concern for the U.S., as it could potentially allow adversaries to intercept, alter, or disrupt U.S. internet traffic. BGP vulnerabilities have previously been exploited for cyberattacks and information theft, making the strengthening of BGP security a crucial aspect of national cybersecurity. While the meeting conducted by the FCC and CISA marks an important step towards rectifying this issue, it also highlights the need for global cooperation in securing internet traffic due to the international nature of the issue. Telecom companies' resistance to FCC's demands for enhanced BGP-related cybersecurity efforts poses an additional challenge. The balance between maintaining flexibility for service providers and implementing stricter cybersecurity measures to secure operations is a delicate one.
FROM THE MEDIA: The U.S. government is working to address its lag in implementing robust cybersecurity measures for Border Gateway Protocol (BGP), a key routing protocol for the internet. BGP vulnerabilities pose security risks for numerous online activities, from banking to telemedicine. The Federal Communications Commission (FCC) and the Cybersecurity and Infrastructure Security Agency (CISA) recently convened a meeting with senior government officials, internet service providers (ISPs), and cloud content providers to discuss plans for BGP security enhancements. Countries like Russia and China have reportedly exploited BGP vulnerabilities and the U.S. aims to prevent similar incidents. In response to these challenges, the Netherlands mandated all government servers to use Resource Key Public Infrastructure, a new standard designed to cryptographically sign BGP routes, in an effort to prevent leaks.
READ THE STORY: The Record
SpaceX’s Dominance of Satellite Internet Raises Concerns Among Military Leaders: A Comprehensive Analysis
Analyst Comments: While the technological advancements represented by SpaceX's Starlink project are impressive, the concerns about the project's governance and potential implications for national security are valid and significant. The situation raises critical questions about the need for robust regulatory oversight of commercial satellite systems. Furthermore, it highlights the risks and complexities of relying heavily on a single, privately owned system for essential communication infrastructure, especially in conflict situations. Establishing clear, effective governance frameworks for commercial satellite internet services is crucial to ensure security, equity, and reliability in this emerging field.
FROM THE MEDIA: SpaceX's Starlink project, under Elon Musk's leadership, has ignited global apprehension due to its dominance in satellite internet. Over 4,500 Starlink satellites currently orbit Earth, and expansion plans could see this number increase to 42,000. Concerns stem from the lack of regulation governing Starlink, potentially granting Musk immense authority over the system, including the capacity to cut off satellite communications. The issue was underscored during the Russian invasion of Ukraine, where Starlink played a critical role in communications but also faced several instances of restricted access facilitated by geofencing. These concerns are echoed by at least nine countries, including Taiwan and China.
READ THE STORY: Medium
BRICS: Can it form multilateralism in Outer Space?
Analyst Comments: The new development in international space cooperation, marked by Russia's planned exit from the ISS and its call for a BRICS partnership in building a new orbital space station, signifies a potential shift in space exploration dynamics. This could disrupt the historical dominance of the US in space and spark a more inclusive and collaborative approach to outer space exploration. However, this shift also presents potential challenges such as the threat to national security, as argued by critics who are skeptical about the growing Russia-China space cooperation. On balance, the situation calls for a re-evaluation of space policies to accommodate these changing dynamics, ensuring that the global exploration of outer space remains cooperative and peaceful.
FROM THE MEDIA: In January 2023, Russia declared intentions to withdraw from the International Space Station (ISS) by 2024, disrupting a 25-year forum of space cooperation with the United States. Russia has extended an invitation to BRICS nations (Brazil, Russia, India, China, and South Africa) to help construct a joint module for its planned orbital space station. Critics are concerned about an intensified partnership between Russia and China, but this shift could potentially democratize the space exploration landscape, promoting inclusivity and peace over power struggles. Russia's decision to withdraw from the ISS is influenced by the Russia-Ukraine conflict, but the BRICS partnership presents an opportunity for greater collaboration in space, which could help manage complex issues such as space militarization.
READ THE STORY: ModernDiplomacy
US Wants Russia Iced Out Everywhere, Except the Arctic
Analyst Comments: While the ongoing conflict with Ukraine complicates diplomatic relations with Russia, the necessity of cooperation in the Arctic due to its unique environmental and geopolitical conditions is understandable. Russia's geographical position and control over the Northern Sea Route underscore its essential role in the region. This move by the Biden administration highlights the need for international collaboration on global challenges like climate change, irrespective of geopolitical tensions.
FROM THE MEDIA: Despite diplomatic tensions following Russia's invasion of Ukraine, the Biden administration is endorsing efforts to re-establish technical cooperation with Russia in the Arctic. The U.S. has pushed for Russia's exclusion from various international forums, but the Arctic Council, a body for the eight Arctic states to address common issues like climate change, is an exception. The administration is now working with other council members to re-establish some ties with Moscow. Russia, holding a significant portion of the geographical Arctic, has expressed its interest in remaining in the council and aims for comprehensive security in the region. Amid rising challenges, including melting ice caps, biodiversity loss, and disaster response needs, there's a push for collaboration.
READ THE STORY: VOA
US discussed 'creative ways' to help landlocked Mongolia export rare earths, officials say
Analyst Comments: This development indicates a significant shift in US strategy towards securing critical mineral supplies, particularly rare earths. Given China's dominant position in global rare earth production, Mongolia provides a potential alternative source. The "creative ways" mentioned may involve new logistical and diplomatic measures to bypass potential blockades by Russia or China.
FROM THE MEDIA: US and Mongolian officials are exploring "creative ways" for Mongolia to export critical minerals to the global market, despite being landlocked and dependent on its neighbors China and Russia. The move follows discussions between Mongolian Prime Minister L. Oyun-Erdene and US Vice President Kamala Harris regarding deepening cooperation on mining rare earths and other minerals crucial for high-tech applications. Furthermore, an "Open Skies" civil aviation agreement was signed, and plans were made for the national carrier MIAT Mongolian Airlines to fly direct to a yet-to-be-decided US airport by next year.
READ THE STORY: Reuters
Google’s Search Box Changed the Meaning of Information
Analyst Comments: The implications of this shift, as detailed in the text, are wide-ranging and invite us to critically assess the quality, accuracy, and diversity of the information we receive from search engines like Google. While the convenience of having immediate answers is undeniably useful in certain contexts, there is a risk of oversimplification and loss of nuanced understanding, especially with complex subjects. This could potentially skew the representation of knowledge and information on the internet. It is vital, therefore, for users to adopt a critical approach to information retrieved from search engines, and ensure they seek out diverse sources to achieve a more comprehensive and nuanced understanding.
FROM THE MEDIA: There has been a Google shift from a "librarian" model to a "physician" model. Drawing from the author's proposed theory of technology, the "librarian" approach refers to a focus on providing context and encouraging exploration, as seen in the early years of Google. In contrast, the "physician" approach, which Google has increasingly embraced, is centered on delivering direct, immediate answers to users, as exemplified by the Answer Box feature. This transformation in Google's functionality demonstrates a societal preference for convenience and immediacy. However, the shift also highlights potential concerns around the accuracy of quick answers and the risk of homogenizing knowledge, thereby marginalizing unique or less common perspectives.
READ THE STORY: Wired
The Philippines and US accuse China of illegally targeting supply ships
Analyst Comments: This event marks another escalation in the territorial disputes in the South China Sea. Despite a 2016 ruling from an arbitration tribunal declaring China's South China Sea claims illegal under the UN Convention on the Law of the Sea, Beijing has continuously ignored this ruling. China's actions could be seen as a testing ground to gauge the responses of both the Philippines and the international community. The U.S.'s declaration to uphold its mutual defense commitments indicates that it stands by its regional allies.
FROM THE MEDIA: The Philippines and the U.S. have accused China of illegally targeting two Philippine supply ships with a water cannon in the disputed South China Sea. The incident occurred at the Second Thomas Shoal sandbank, which the Philippines refer to as Ayungin, a location that has seen multiple stand-offs. The Chinese coast guard's actions reportedly prevented the delivery of food, water, and fuel supplies to the Philippine military. China, however, claimed that the Philippine ships were illegally trespassing and carrying illegal building materials. The U.S. State Department stated that China has no legal claim over the area, which falls within the Philippines' exclusive economic zone, and warned that an armed attack on Philippine vessels or armed forces would invoke U.S. mutual defense commitments. This incident comes ahead of another round of negotiations on a code of conduct in the disputed waters between China and rival claimants, a process that has remained fruitless since 2002.
READ THE STORY: FT
The Cloud Is a Prison. Can the Local-First Software Movement Set Us Free
Analyst Comments: Local-first software introduces a radical shift in current computational models and, in theory, addresses some of the primary issues with cloud-based services: privacy, data ownership, and reliance on corporations. However, its practicality depends on several factors. For instance, individual devices' capabilities may limit the complexity and size of tasks that can be performed. Additionally, this model might face challenges related to data security, as user devices generally lack the sophisticated security measures that cloud service providers employ.
FROM THE MEDIA: This write-up discusses a concept called "local-first software," a shift from the conventional cloud-based computing model where data is stored and processed on remote servers. The idea surfaced prominently on the discussion forum Hacker News and was backed by a white paper written by Martin Kleppmann and a group of open-source developers at Ink & Switch. Local-first software emphasizes prioritizing personal computers over servers, implying data would be stored and processed primarily on users' devices and not on the cloud. Under this model, if two people wanted to work on a document, they wouldn't need to rely on a cloud server to maintain a master copy. Instead, each would have copies stored on their personal devices, and changes would be reconciled whenever the devices connect. This system aims to reduce reliance on servers, cloud computing fees, and venture capital funding.
READ THE STORY: Wired
Items of interest
'King of Fraud' sentenced for Methbot botnet operation
Analyst Comments: This sentencing underscores the serious nature of cybercrime, particularly in the arena of digital advertising fraud, which can lead to significant financial losses. It also highlights the global nature of these crimes and the need for international cooperation in law enforcement. This case also underscores the importance of ongoing vigilance and the development of advanced countermeasures to keep pace with increasingly sophisticated techniques used by fraudsters. The active participation of private companies such as HUMAN (formerly White Ops) in the investigation showcases the vital role of public-private partnerships in combating cybercrime. The sentence serves as a stark deterrent to potential cybercriminals, emphasizing the severe consequences of participating in digital ad fraud schemes. Nevertheless, the persistent problem of ad fraud in the digital advertising industry indicates a continued need for preventive measures and sophisticated detection methods.
FROM THE MEDIA: Russian national Aleksandr Zhukov, who dubbed himself the "King of Fraud," has been sentenced to a 10-year prison term for stealing millions of dollars through the infamous "Methbot" botnet operation. His firm, Media Methane, tricked clients into believing their ads were placed on real websites, when in reality, they were being loaded onto blank web pages, leading to a defrauding of $7 million. The operation was executed by using over 2,000 servers and 765,000 IP addresses to simulate human activity and make the bots appear like real users. Zhukov transferred his illegal earnings to various bank accounts throughout Europe, retaining 75% of the scheme's proceeds for himself and netting over $4.8 million from the fraud. He has been ordered to pay $3,827,493 in forfeitures.
READ THE STORY: TechTarget
The Botnet That Frauded Digital Advertisers $180 Million- The Short Story of Methbot (Video)
FROM THE MEDIA: Methbot specifically targeted video ads, a lucrative sector of the digital advertising industry. The fraudsters created over 250,000 counterfeit websites and 6,000 counterfeit domains that appeared to be from premium publishers. They then ran automated scripts or "bots" which would simulate human behavior, tricking the algorithms that serve ads into believing that real users were visiting these pages and viewing the ads.
How Shit Works: Ad Fraud (Video)
FROM THE MEDIA: Perhaps the biggest marketing issue facing brands in the digital age is ad fraud. Brands putting money into a system want to know, quite reasonably, where that money goes—to which site and to which audience.
These open-source products are reviewed by analysts at InfoDom Securities, providing possible context about current media trends related to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in their original material or related links on their sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.