Daily Drop (612): Iran: Preserve 'Islamic Culture', PhD Student: ISIS Drone, CN: Starlink Killer G60, US-China: Middle East, CN: Myanmar, OPEC: EV, Canada & India, Ticking Clock of AI, Snatch Group

10-01-23

Sunday, Oct 01, 2023 // (IG): BB // Financial Enabler PODCAST // Coffee for Bob

Iranian Authorities Clamp Down on Cafes in Bid to Preserve 'Islamic Culture'

Bottom Line Up Front (BLUF): The Iranian regime has intensified its crackdown on cafes, particularly around Tehran University, over the past eighteen months, viewing them as symbols of "corruptive Western culture." This move is seen as part of a broader effort by hardliners to preserve and promote a "wholesome Islamic-Iranian culture."

Analyst Comments: The Iranian regime's move to shut down cafes, especially around academic institutions, underscores its intent to control spaces where free thought and exchange of ideas might flourish. By framing these establishments as symbols of Western influence, the regime seeks to justify its actions in the name of preserving Islamic culture. However, such measures might further alienate the younger generation and push them towards covert means of socializing and expressing dissent.

FROM THE MEDIA: Iranian authorities have been actively shutting down cafes and coffee shops around Tehran University, a popular gathering spot for students and young people. The closures are justified under various pretexts, such as "failure to enforce the hijab" or the presence of live music. A letter, allegedly leaked on social media, from the university’s chancellor, Seyed Mohammad Moghimi, claims that almost all cafes around the university have been closed with the collaboration of all university departments. The authenticity of this letter remains unconfirmed by authorities. Social media users have expressed their dismay at the crackdown, with some suggesting that the authorities' real concern is that these cafes serve as spaces where students can gather freely. Defa Press, the news agency of Iran's Armed Forces, has gone further, alleging that some cafes were "centers for networking against national security" and insinuating that many were funded by "European embassies."

READ THE STORY:  Iran International

PhD Student Creates Deadly Drone for ISIS Using 3D Printer

Bottom Line Up Front (BLUF): Mohamad Al Bared, a 26-year-old PhD student at Birmingham University, has been convicted for designing and creating a potentially lethal drone for the Islamic State (ISIS) using a 3D printer. He now faces a possible life sentence.

Analyst Comments: The conviction of Mohamad Al Bared underscores the potential threats posed by individuals with technical expertise who align with extremist ideologies. The use of commonly available technology, like 3D printers, in the creation of weapons for terrorist organizations is particularly concerning. This case highlights the need for vigilance and monitoring of individuals who may be using their skills for malicious purposes, as well as the importance of international cooperation in countering terrorist threats.

FROM THE MEDIA: Mohamad Al Bared, a mechanical engineering graduate, was found guilty of engaging in conduct in preparation of terrorist acts for the benefit of ISIS. The drone he designed was described as a "kamikaze" model, inspired by the Tomahawk missile, and was built using a 3D printer, particularly for its wings. Al Bared sent regular updates to ISIS, allowing them to replicate his designs. This drone was prominently featured in an ISIS propaganda video shared on Telegram. Upon his arrest on January 31, police found the drone, capable of delivering a bomb or chemical weapon, at his residence in Coventry. Other items seized included an ISIS application form, electronic devices, and handwritten notebooks with recipes for chemical weapons. Analysis of the electronic devices revealed conversations that clearly demonstrated his support for ISIS, as well as discussions about his research and strategies to smuggle the drone into conflict zones.

READ THE STORY:  The Register

China's Space Ambitions: Countering Starlink with G60

Bottom Line Up Front (BLUF): China is advancing its plans to establish a second satellite mega constellation, 'G60 Starlink', aiming to compete directly with SpaceX's Starlink in the space-based internet sector.

Analyst Comments: China's move to establish two mega-constellations underscores its growing ambitions in outer space. The country's focus on countering the influence of SpaceX's Starlink, especially given concerns about potential surveillance and disruption of China's space initiatives, highlights the strategic importance of space-based internet services. While China's endeavors demonstrate its commitment to expanding its space capabilities, the success of these projects will hinge on the allocation of substantial resources and the development of advanced launch capabilities.

FROM THE MEDIA: Backed by the Shanghai municipal government, the 'G60 Starlink' project is set to comprise over 12,000 satellites in low Earth orbit. This initiative is on par with China's separate satellite constellation project, the National Network or 'Guo Wang', which is often seen as China's answer to SpaceX's Starlink with its impressive 13,000 satellite count. The state-owned Guo Wang company is currently overseeing its development. The G60 Starlink project, which began in 2016, shifted from an initial focus on internet satellite clusters to a more defined constellation plan in 2021. The project's satellite production facility can produce 300 satellites annually, with claims of reducing satellite manufacturing costs by up to 35%. However, the project's technical specifics, timeline, and China's launch capabilities remain uncertain, especially in comparison to SpaceX's Falcon 9 rocket.

READ THE STORY:  The EurAsian Times

US-China Tech Tensions Reach the Middle East

Bottom Line Up Front (BLUF): The US has imposed restrictions on the export of advanced computer chips to certain Middle Eastern countries to prevent these AI-enabling chips from reaching China, signaling the extension of the US-China "tech war" to the Middle East.

Analyst Comments: The US's move to control chip exports to the Middle East underscores the strategic importance of AI technology in global geopolitics and the lengths to which nations will go to protect their technological edge. While the US aims to curb China's AI progress, the involvement of Middle Eastern countries in this tech tug-of-war highlights the region's growing significance in the global tech landscape. The intertwining of technological advancements, economic interests, and geopolitical strategies will likely lead to more complex international relations and potential sources of friction between democratic and autocratic states in the future.

FROM THE MEDIA: US tech firm Nvidia, a leading producer of the world's most advanced computer chips, announced that the US government is restricting the export of its top-tier chips to "some Middle Eastern countries", though it did not specify which ones. This move is seen by many as a manifestation of the ongoing "tech war" between the US and China in the Middle East. The US has been trying to outpace China in the development of transformative artificial intelligence (AI) technology. To hinder China's AI advancements, the US has been limiting Chinese access to essential computer chips, primarily produced by US companies like Nvidia. The US had previously restricted exports of these chips to China and Russia. Speculations suggest that countries like Iran, Saudi Arabia, UAE, Qatar, and Israel might be under scrutiny due to their technological capabilities, financial means, and national security concerns. These nations are among the top spenders on AI in the world, with significant investments in digital transformation as part of their economic diversification strategies.

READ THE STORY:  DW

China's Controversial Film "No More Bets" Sparks Outrage in Cambodia and Myanmar

Bottom Line Up Front (BLUF): The FBI has alerted the energy industry about an anticipated increase in cyber targeting by Chinese and Russian hackers due to global changes in energy supply chains. These changes, including the rise in U.S. exports of liquefied natural gas (LNG) and shifts favoring the U.S. in the global crude oil supply chain, make U.S. energy infrastructure more attractive for foreign cyber intrusions.

Analyst Comments: The controversy surrounding "No More Bets" underscores the broader implications of cultural and entertainment products in the realm of international relations. Films, often seen as mere entertainment, can inadvertently become diplomatic flashpoints, especially when they touch upon sensitive issues or portray nations in a negative light. The reactions from Cambodia and Myanmar highlight the importance of cultural sensitivity and the potential for entertainment to influence perceptions and diplomatic relations. As China continues to expand its soft power influence globally, the content of its entertainment industry will likely remain under scrutiny, especially by neighboring countries.

FROM THE MEDIA: The film "No More Bets," released in China in early August, quickly rose to prominence, securing the top spot at the box office for three weeks and grossing $547 million within a month. The narrative revolves around Chinese nationals being trafficked overseas and coerced into online fraud schemes. Despite the film not explicitly naming any country, both Cambodia and Myanmar have taken issue with its content, interpreting it as a negative portrayal of their nations. Myanmar's Consul-General in Nanning, China, raised concerns about the film tarnishing Myanmar's image, especially since the storyline bears similarities to Myanmar's northern region. In Cambodia, the Ministry of Culture and Fine Arts has engaged with the Chinese Embassy in Phnom Penh, seeking a halt to the film's screening in China due to its detrimental impact on Cambodia's dignity.

READ THE STORY:  Khmer Times

OPEC's Uncertain Future Amidst the Rise of Electric Vehicles

Bottom Line Up Front (BLUF): Russia is actively engaging with the Taliban, hosting talks focused on regional threats and the creation of an inclusive government in Afghanistan. This move underscores Moscow's intent to maintain its influence in Central Asia, even as it confronts the West in other regions, notably Ukraine.

Analyst Comments: The rapid global transition to electric vehicles (EVs) and the increasing efficiency of petrol and diesel cars are challenging OPEC's longstanding dominance in the oil market. The organization's actions suggest a lack of confidence in their own projections of sustained oil demand, as evidenced by recent production cuts.

FROM THE MEDIA: OPEC, along with its allies, has had to make significant cuts to oil production in recent times to stabilize prices. These cuts, amounting to 2 million barrels a day (b/d), coincide with the volume of crude being displaced by the rising sales of EVs worldwide. Despite these clear indicators, OPEC officials have publicly dismissed the impact of EVs on future oil demand. However, the reality on the ground tells a different story. Electric vehicles are making significant inroads in major markets. For instance, EV sales in China, the world's largest car market, reached 38% this summer, surpassing expectations. Predictions suggest that EVs could account for 60% of total car sales in China within two years. Similarly, Vietnam's EV start-up, VinFast Auto, recently achieved a significant valuation, indicating the growing influence of electric vehicles in emerging markets.

READ THE STORY:  The Telegraph

Canada's Intelligence Controversy: Breaking the Unspoken Code

Bottom Line Up Front (BLUF): Canada's public allegations against India's intelligence activities represent a significant departure from the unwritten codes of conduct among intelligence agencies. This move has not only strained bilateral relations but also raised questions about the future dynamics of international intelligence cooperation.

Analyst Comments: The current situation has led to speculations about the West's potential alignment with Canada, which could impact India's relations with Western nations. However, the multifaceted relationships India has cultivated with the US and other Western partners, encompassing trade, investment, technology, defense, and international security, are likely to endure. The strategic underpinning provided by shared perspectives on China further solidifies these ties. While intelligence controversies might create ripples, the broader currents of shared interests are expected to prevail. Both sides need to approach differences with maturity, recognizing the complex shades of gray that characterize international relations.

FROM THE MEDIA: Intelligence and security agencies operate in a realm where values and morality often take a backseat to national interests. These agencies employ various tactics, including surveillance, character assassinations, and even real assassinations, to further their country's objectives. Collaborations, like the Five Eyes alliance comprising the US, Canada, UK, Australia, and New Zealand, amplify their capabilities and influence. This alliance, in particular, has been instrumental in reinforcing Western dominance globally. Major intelligence agencies have historically provided shelter to dissident and insurgent groups from various countries, using them as leverage in geopolitical games. However, Canada's integration of Khalistani activists into its national politics stands out as a unique case of mainstreaming foreign-origin terrorists.

READ THE STORY:  Indian Express

The Ticking Clock of AI: Urgent Regulatory Measures Needed

Bottom Line Up Front (BLUF): The rapid advancements in AI technology, while promising revolutionary benefits, also pose significant risks, including misuse by malicious actors and the potential for AI systems to operate beyond human control. To mitigate these threats, there's an urgent need to regulate the hardware that powers AI, known as computing.

Analyst Comments: Given the pace of AI advancements and the potentially catastrophic outcomes of its misuse, proactive regulatory measures are not just recommended but essential. While the U.S. is beginning its journey towards AI regulations, a comprehensive international approach, similar to past nuclear regulations, might be the most effective way forward. By focusing on regulating computing resources, we can strike a balance between harnessing AI's potential and ensuring its safe and responsible development.

FROM THE MEDIA: Sam Bankman-Fried, the founder of the FTX crypto exchange, is set to face trial in New York on charges of conspiracy and fraud related to the platform's downfall. The exchange's bankruptcy has left numerous creditors, including Pat Rabbitte, in limbo, with their funds tied up in the legal proceedings. Before its collapse, FTX, under SBF's leadership, achieved a staggering $32 billion valuation in just three years. Bankman-Fried was often compared to financial giants like Warren Buffet and was dubbed the "Michael Jordan of crypto." However, the exchange's downfall and subsequent allegations have severely tarnished his reputation. In the aftermath, a group of FTX creditors, naming themselves the FTX 2.0 Coalition, began discussions on Telegram about the potential of restarting the exchange without SBF's involvement.

READ THE STORY:  Medium

Emerging Threat: Stealthy Botnet-Driven HTTP DDoS Attacks

Bottom Line Up Front (BLUF): Botnet-driven HTTP DDoS attacks have evolved, with a significant increase in such attacks observed in Q2, 2023. A new form, the low-rate-per-bot HTTP DDoS attack, is designed to mimic legitimate user traffic, making detection and mitigation challenging. Effective countermeasures require a combination of advanced strategies and tools.

Analyst Comments: The evolution of DDoS attacks, especially the low-rate-per-bot variant, underscores the need for businesses to adopt advanced mitigation strategies. Relying solely on domain-level rate limits can be counterproductive. Instead, strategies like URL-level rate limits, session-duration-based request rates, IP address-level monitoring, geographical-based rate limiting, and thorough attack trend analysis are essential. As botnet-driven attacks become more sophisticated, businesses must stay ahead with equally advanced and proactive defense mechanisms.

FROM THE MEDIA: Indusface's research on over 1400 websites revealed a 75% surge in DDoS attacks and a 48% increase in bot attacks in Q2, 2023. The evolution of DDoS attacks has moved beyond the Mirai bot, leading to the rise of next-generation botnets. The low-rate-per-bot HTTP DDoS attack is particularly concerning. In this attack, numerous bots send a small number of HTTP requests over an extended period, focusing on stealth and persistence. This method aims to avoid detection by mimicking legitimate user traffic. A recent case study highlighted an attack on a Fortune 500 company, where the AppTrana platform detected an HTTP DDoS attack with a magnitude 3000X to 14000X greater than the website's typical request rate. The attack utilized about 8 million unique IP addresses over two weeks. Traditional rate-limiting was ineffective against this attack, but a customized solution by AppTrana successfully mitigated it.

READ THE STORY:  GBHACKERS

Critical Zero-Day Vulnerability in Exim Mail Servers

Bottom Line Up Front (BLUF): A zero-day vulnerability in all versions of Exim mail transfer agent (MTA) software has been discovered, which could allow unauthenticated attackers to remotely execute code on exposed servers. Despite being informed, the Exim team has not provided an update on patch progress, leaving millions of servers at risk.

Analyst Comments: The discovery of this zero-day vulnerability in Exim, combined with the lack of a patch, poses a significant risk to millions of servers worldwide. Given Exim's popularity and widespread use, this vulnerability could be a prime target for malicious actors. Organizations using Exim are advised to monitor their systems closely and consider alternative mitigation strategies, such as changing MTA programs, until a patch is available. The delay in addressing this critical issue underscores the need for timely response and communication from software developers when vulnerabilities are identified.

FROM THE MEDIA: The critical vulnerability, identified as CVE-2023-42115, was found in the SMTP service of the Exim MTA software. This flaw, due to an Out-of-bounds Write weakness, can lead to software crashes, data corruption, and potential remote code execution by attackers. The vulnerability stems from improper validation of user-supplied data, which can result in buffer overflows. The Zero Day Initiative (ZDI) reported this vulnerability to the Exim team in June 2022, but no patch or update has been provided by the developers. Exim MTA servers are particularly vulnerable as they are often exposed to the Internet. A 2023 survey revealed that Exim is the most popular MTA software, installed on over 56% of 602,000 mail servers on the Internet. Currently, about 3.5 million Exim servers are exposed online, with the majority located in the U.S., Russia, and Germany. Without a patch, the only mitigation strategy recommended by ZDI is to restrict remote access to the application.

READ THE STORY:  Bleeping Computer

Addressing the Electricity Demands of Modern Data Centers with Atomic Solutions

Bottom Line Up Front (BLUF): The Snatch ransomware group, previously known as Team Truniger, has been under the spotlight following revelations about its darknet website leaking internal data. This article delves into the group's history, its alleged founder, and the confusion surrounding its identity with another older ransomware group.

Analyst Comments: The Snatch ransomware group's operations and its alleged founder's digital footprints provide a glimpse into the intricate world of cybercrime. The group's tactics, such as rebooting devices into Safe Mode and buying stolen data, highlight the evolving strategies employed by cybercriminals. The revelations about Truniger's online aliases and the connections to Semyon Tretyakov underscore the challenges in definitively attributing cybercrimes to individuals. The Snatch Team's denial of their association with the older Snatch Ransomware group and their claim of being a separate entity further complicate the narrative. As cybercrime continues to evolve, it becomes imperative for researchers, law enforcement, and cybersecurity professionals to stay ahead of the curve and unravel the complex web of digital identities and operations.

FROM THE MEDIA: KrebsOnSecurity recently exposed vulnerabilities in the Snatch ransomware group's darknet website, revealing information about its users and internal operations. The FBI and the U.S. Cybersecurity and Infrastructure Security Administration (CISA) have identified the group's founder as Truniger, who previously affiliated with GandCrab, a notorious ransomware group that later evolved into REvil. Snatch's modus operandi involves rebooting Windows devices into Safe Mode to bypass antivirus detection, followed by file encryption. The group has also been observed buying stolen data from other ransomware variants to further exploit victims. Flashpoint, a cyber intelligence firm, traces the group's origins to 2018 when Truniger began recruiting members on Russian forums and social media platforms. Multiple online aliases and accounts linked to Truniger have been identified, but the individual behind these accounts, Semyon Tretyakov, denies any wrongdoing and suggests he might have been framed.

READ THE STORY:   Krebs

Quantum-Sized Engine Created Using Quantum Mechanics Principles

Bottom Line Up Front (BLUF): A team from the Quantum Systems Unit, Okinawa Institute of Science and Technology (OIST), in collaboration with German scientists, has developed a quantum engine using the principles of quantum mechanics.

Analyst Comments: The development of a quantum engine represents a significant step forward in the field of quantum mechanics and its practical applications. The ability to harness the unique properties of quantum particles to generate energy could pave the way for new technological advancements. However, the challenges associated with maintaining the necessary conditions for the engine's operation highlight the complexities of working in the quantum realm. Further research and development will be crucial to determine the broader applications and potential of this technology.

FROM THE MEDIA: The quantum engine represents a significant departure from conventional engines. Traditional car engines rely on the combustion of fuel and air to produce energy. In contrast, the quantum engine manipulates the quantum properties of particles in a gas. At extremely low temperatures, where quantum effects become dominant, bosons exhibit a lower energy state than fermions. This energy differential can be harnessed to power a rudimentary engine. Instead of the cyclic heating and cooling processes seen in classical engines, the quantum version transforms bosons into fermions and back again. Professor Thomas Busch, from the Quantum Systems Unit, elucidated that the engine can be powered without heat by cyclically converting fermions into bosons and vice versa. However, the engine's current efficiency stands at 25% based on the experimental setup. One of the primary challenges faced is the necessity to maintain ultra-low temperatures to preserve the quantum state, as any heat can negate the quantum effects.

READ THE STORY:  IE

Items of interest

Decoding the Hacker: A Comprehensive Study on Cybercriminal Profiles

Bottom Line Up Front (BLUF): Recent research has delved into the intricate relationship between the personal attributes of hackers and the nature of their cyberattacks. By analyzing 122 US Department of Justice (USDOJ) press reports from 2019 to 2021, the study identified patterns linking age, gender, and nationality to specific hacking behaviors. Key findings suggest older and international hackers tend to develop software for their attacks, while older hackers are less inclined to use follow-up access.

Analyst Comments: The increasing prevalence of hacking incidents underscores the importance of understanding the individuals behind these cyberattacks. This study's findings offer valuable insights into the behaviors and motivations of hackers, potentially aiding law enforcement in their investigations. By establishing a clear link between a hacker's personal attributes and their hacking methods, law enforcement agencies can develop more targeted strategies to combat cybercrime. However, as the digital landscape continues to evolve, so will the tactics and profiles of hackers, necessitating ongoing research in this domain.

FROM THE MEDIA: The digital age has brought about numerous advancements, but with it comes the rise of cybercrimes, particularly hacking. While hacking has been romanticized in media, its real-world implications are far-reaching and damaging. The term "hacker" has evolved over time, initially referring to tech enthusiasts but now encompassing a range of individuals from white hat (ethical) hackers to black hat (malicious) hackers and the morally ambiguous gray hats. To better understand the diverse world of hackers, Chng et al. (2022) proposed a classification of 13 hacker types, ranging from novices to professionals and nation-states. This study, however, focuses on the relationship between the hacker's personal attributes and the nature of their attacks. By analyzing USDOJ data, the research aims to provide law enforcement with tools to profile hackers based on the characteristics of their cyberattacks.

READ THE STORY:  University of Florida

Profiling Hackers - The Psychology of Cybercrime (Video)

FROM THE MEDIA: What motivates hackers? What are their psychological manipulation techniques? How can we become a "human firewall'"? More than 90% of cyberattacks are due to human error. Humans are the weakest link in Cybersecurity. But something can be done.

The CyberPsychology of CyberCrime - Mary Aiken, RCSI (Video)

FROM THE MEDIA: Cybersecurity must be more than just a technological issue. It must also include understanding the profile and motivation of the cybercriminal. The inspiration for CSI Cyber and world-renowned cyber psychologist Mary Aiken explains.

These open-source products are reviewed by analysts at InfoDom Securities, providing possible context about current media trends related to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in their original material or related links on their sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.