US VC Joe Biden just announced that the US will “send a message” to Russia. Apparently, it will be a message in the shape of a cyberattack. Cyber-offensive forces in the US have reported to having been activated to that end. The nature of the response is uncertain as escalatory dynamics in cyber signaling have not been defined. It could be a silent demonstration of serious hacking power, or a counter-leaking of embarrassing facts about the Kremlin or secrets of the FSB. But something will happen. The announcement is considered an in-kind answer to a set of recent allegedly Russian cyberattacks on the US electoral process, the latest and largest of which was the attack on the DNC, followed by the publication of Clinton’s emails. Russia denies all allegations, and whether the attacker really is Russia or not actually must be doubted. All indicators point to Russia, but only publicly known indicators have been used in the design of the attack. In other words: everything could be spoofed and may in fact be spoofed. The indicators are almost too obviously Russian. If fake, a third party successfully stages false flag operations to raise tensions between Russia and the US. Either way, with the coming outcome, the incident and its result must be considered very serious. The back and forth may look like mudslinging, but mudslinging with a Clausewitzian notion to it between nuclear superpowers is far from funny.
A new deal emerged between the US and China regarding economic espionage. Both countries agreed that neither government “will conduct or knowingly support cyber-enabled theft of intellectual property, including trade secrets or other confidential business information, with the intent of providing competitive advantages to companies or commercial sectors.” An important and to many analysts even surprising turn of events. China was always notoriously known not to reply, let alone comply to similar requests in the past. But things have changed. The agreement came to reality due to two important factors. First, the US continued to confront China publicly with evidence regarding their hostile activities against US companies, not withstanding Chinese denial of – legally – deniable material. Second, Obama seemed to be willing to take the confrontation to a new level. No one of course would ever want to exchange hostilities on this. But the White House did announce a series of severe economic sanctions against the Chinese, as punishment for past cyber spying. Sanctions may be difficult for China in a number of ways and send controversial signals around the world, so Beijing agreed to sign the informal agreement to curb economic spying. Continue reading
Car manufacturers are excited about the new options for autonomous driving. Rightly so – it would be the greatest revolution in this field in decades. Autonomously driving cars are not just good to take a nap on a boring ride. They enable entirely new business models, new forms of mobility, they combine the relaxed luxury of a train ride with the individual flexibility of the car, and the ongoing parallel evolution of the information layer on top of everything, the cars may even be turned into robots, doing the groceries all by themselves or picking up the kids without any parents involved. Continue reading
The software industry is notoriously known to ship their products as early as possible – which is quite frequently way before maturity. That’s why their products have been equated with bananas: they ripen with the customer. But this annoying practice of debugging a product right in the market has now been confronted. In the UK, an amendment to the UK Consumer Rights Act has been made regarding digital-only purchases of videogames. Games are quite known for being shipped with buggy code or sold as offering features demonstrated in trailers, but not present in the final product. The game “The Witcher 3″ provides a recent example, where graphics in trailers were superb, but obviously not available to common gaming PCs, where the game looked much less elegant and rather crude. So consumer protection stepped in. Gamers can now seek refunds or repairs from gaming companies if products are not working properly. The amendment is still criticized to be too vague in wording. This may be a reaction to the many difficulties in determining “proper functionality” of software, but is in turn also owed to the fact that it does not want to curb the videogames industry too much. A moderate first step seems more sensible, testing the waters for this kind of regulation. The regulation also made a smart little addendum, avoiding an obvious tactic for the gaming industry to ditch the new rules. It provided “consumers [the right] to challenge terms and conditions which are not fair or are hidden in the small print”. Continue reading
The recent EuGH judgment, rendering the 15 year old “Safe Harbor” regulation between the EU and the USA ineffective, has significant implications for data protection and security, digital businesses and societies.
The “Safe Harbor” regulation enabled the free exchange of data between the EU and the US, as long as IT- and Internet companies promised to comply to a minimal set of data protection standards, awarding data of EU citizens an (almost) equal protection level. This regulation, however, was now judged to have been wrong in three ways. First, it went far beyond the authority of the EU, interfering much too strongly with national and regional data protection regulation. Second, it forgot that national security regulations in the US rank higher than self-administered data protection standards of the IT- and Internet industries, rendering it effectively impossible for these companies to make any promises regarding the protection of European data. And third, “Safe Harbor” also forgot that the United States are not a constitutional state for Europeans, rendering any chance for intervention into national security processes in the US impossible, thus depriving European citizens of their basic rights on data protection and legal intervention. Continue reading
Researchers from Tel Aviv have just discovered a new and easy attack on encryption: they listen to it. A computer’s processor emits a high-frequency sound while calculating an encryption. This sound varies characteristically due to the changing electrical current during the calculation. This way, the researchers were able to decrypt a 4,096-bit encryption key. Critics may now point out the fact that you would first have to be able to come close enough to listen to the computer. But this problem was solved eloquently. The researchers simply hacked the computer and took over the microphones. Modern-day PC microphones are good enough to pick up the electrical current modulating for a distance of about ten meters.
The UAE is known at least since 2012 to have joined the many more oppressive nations doing surveillance on their own citizens, more narrowly, on political activists and journalist. In that year, the UAE appeared in the list of customers of the global oppressive surveillance company Hacking Team, who were licensing the country to monitor more than 1100 devices.
Now, a new Citizenlab report has appeared, in which Munk School researchers Bill Marczak and John Scott-Railton analyze the new case of Rori Donaghy. Donaghy, a UK-based journalist and founder of the Emirates Center for Human Rights, has been attacked by spyware, delivered in a spear phishing attack associated with the UAE surveillance effort. The attack pattern, dubbed “Stealth Falcon” by the Munk School researchers, involved indicators which were used in previous Twitter-based attacks by the UAE on other political opponents. Continue reading