Tag Archives: cybersecurity

GPS vulnerable

In the category of things I didn’t know I was supposed to be worried about, the New York Times says GPS satellites are vulnerable, and they are being messed with by state and non-state actors.

More than 10,000 incidents of GPS interference have been linked to China and Russia in the past five years. Ship captains have reported GPS errors showing them 20-120 miles inland when they were actually sailing off the coast of Russia in the Black Sea. Also well documented are ships suddenly disappearing from navigation screens while maneuvering in the Port of Shanghai. After GPS disruptions at Tel Aviv’s Ben Gurion Airport in 2019, Israeli officials pointed to Syria, where Russia has been involved in the nation’s long-running civil war. And last summer, the United States Space Command accused Russia of testing antisatellite weaponry.

New York Times

GPS is an example of a military technology that has spilled over to enormous worldwide civilian benefit. But it is fragile apparently. The U.S. is actively working (but behind schedule) on a backup system, and this article says many other countries have already implemented backup systems working on towers located on the ground rather than satellites.

January 2020 in Review

Most frightening and/or depressing story:
  • Open cyberwarfare became a thing in the 2010s. We read the individual headlines but didn’t connect the dots. When you do connect the dots, it’s a little shocking what’s going on.
Most hopeful story:
  • Democratic socialism actually does produce a high quality of life for citizens in many parts of the world. Meanwhile, the hard evidence shows that the United States is slipping behind its peer group in many measures of economic vibrancy and quality of life. The response of our leaders is to tell us we are great again because that is what we want to hear, but not do anything that would help us to actually be great again or even keep up with the middle of the pack. This is in the hopeful category because solutions exist and we can choose to pursue them.
Most interesting story, that was not particularly frightening or hopeful, or perhaps was a mixture of both:

the decade in cybersecurity and cyberwarfare

Wired goes over the major data breaches and cyber attacks of the decade. Huge amounts of data were stolen from both corporations and government agencies, but what really surprised me was the amount of actual cyber warfare between nation states.

  • Stuxnet – attack by U.S. and Israeli governments against Iran in 2010. One thing I didn’t know is this targeted industrial control software made by Siemens. So major industries are controlled by computers, and hacking can increasingly have real-world consequences.
  • Shamoon (2012) – attack by Iran against Saudi Aramco, “inspired” and possibly retaliation for the Stuxnet attack.
  • Sony (2014) – attack by North Korea against Sony in response to a movie depicting the assassination of a North Korean leader
  • Office of Personnel Management (2013-2014) – attack by Chinese government on the U.S. government. This was a massive information theft but was not intended to shut anything down.
  • Russia vs. Ukraine (2015-2016) – several attacks leading to blackouts and confusion coordinated with an actual military attack.
  • Shadow Brokers (2016-2017) – NSA malware stolen and released into the wild, probably by North Korean hackers. The most well-known one was ransomware “Wannacry” which disrupted major corporations including hospitals.
  • And of course, Russian propaganda and disinformation during the 2016 U.S. election.
  • NotPetya (2017) – this was Russian malware targeted at Ukraine, but so bad it affected computers around the world and blew back to affect Russia itself

February 2019 in Review

Most frightening and/or depressing story:

Most hopeful story:

  • Here is the boringly simple western European formula for social and economic success: “public health care, nearly free university education, stronger progressive taxation, higher minimum wages, and inclusion of trade unions in corporate decision-making.” There’s even a glimmer of hope that U.S. politicians could manage to put some of these ideas into action. Seriously, I’m trying hard not to be cynical.

Most interesting story, that was not particularly frightening or hopeful, or perhaps was a mixture of both:

  • We could theoretically create a race of humans with Einstein-level intelligence using in-vitro fertilization techniques available today. They might use their intelligence to create even smarter artificial intelligence which would quickly render them (not to mention, any ordinary average intelligence humans) obsolete.



DEFCON vs. voting machines

A hacker convention sets up voting machines each year and gives people a chance to try to hack them. The results are disturbing, although the article points out that the hackers are given full access to the machines for as long as they want which would never happen in the real world.

This weekend saw the 26th annual DEFCON gathering. It was the second time the convention had featured a Voting Village, where organizers set up decommissioned election equipment and watch hackers find creative and alarming ways to break in. Last year, conference attendees found new vulnerabilities for all five voting machines and a single e-poll book of registered voters over the course of the weekend, catching the attention of both senators introducing legislation and the general public. This year’s Voting Village was bigger in every way, with equipment ranging from voting machines to tabulators to smart card readers, all currently in use in the US.

In a room set aside for kid hackers, an 11-year-old girl hacked a replica of the Florida secretary of state’s website within 10 minutes — and changed the results.

Wikileaks and the NSA

Wikileaks has released a set of documents about NSA activities, which is covered by the Intercept. Here’s one tidbit:

The NSA, it turns out, likes to stay on top of the latest scientific developments. Writing at the end of 2004, an NSA cryptanalyst described her experience working as an intern, and using her cryptography skills, on looking for information about genetic sequencing in the signals intelligence collected by the NSA. “The ultimate goals of this project are to gain general knowledge about genetic engineering research activity by foreign entities,” she wrote, “and to identify laboratories and/or individuals who may be involved in nefarious use of genetic research.”

election hacking

Looking for the declassified report on Russian election hacking. Look no further. Here are a couple juicy phrases from the whopping 25 page report:

We assess Russian President Vladimir Putin ordered an influence campaign in 2016 aimed at the US presidential election. Russia’s goals were to undermine public faith in the US democratic process, denigrate Secretary Clinton, and harm her electability and potential presidency. We further assess Putin and the Russian Government developed a clear preference for President-elect Trump. We have high confidence in these judgments.

We also assess Putin and the Russian Government aspired to help President-elect Trump’s election chances when possible by discrediting Secretary Clinton and publicly contrasting her unfavorably to him. All three agencies agree with this judgment. CIA and FBI have high confidence in this judgment; NSA has moderate confidence…

Russian intelligence obtained and maintained access to elements of multiple US state or local electoral boards. DHS assesses that the types of systems Russian actors targeted or compromised were not involved in vote tallying.

I agree with Trump on virtually nothing, but I agree with him on one thing. These are the same people who brought us weapons of mass destruction. Which will always undermine their credibility in my eyes, along with the President, the State Department, Congress and the New York Times. I was a naive, trusting, patriotic young adult when I figured out that I had been lied to by basically all the branches of government and the media I trusted to keep an eye on them. And that was long before I read Legacy of Ashes and realized just how pathetic the CIA is and just how good the KGB is and always has been. And of course, that is who we are dealing with here.

Meddling in another sovereign country’s elections is one the worst things a country could do, right? Certainly the greatest democracy in the world, let alone the greatest democracy in the history of the world, would never do that, right? Well, the CIA isn’t good at spying, which is why the U.S. lost the Korean War, the Vietnam War, the Afghanistan War, and the Iraq War. They never really understood the motivations of the Soviet Union because they had no real intelligence on it whatsoever, whereas the KGB infiltrated the U.S. government at the highest levels all along. But the CIA was always actually pretty good at influencing elections and they have done it often, sometimes with and sometimes without the knowledge of the President and Congress.

Here’s an article about the U.S. and Russia meddling in elections around the world. So I don’t like the fact that the Russians meddled in our election, and I hate the outcome of the election, but there is some element of hypocrisy in our government expressing such moral outrage about it.

Partisan electoral interventions by the great powers: Introducing the PEIG Dataset

Six decades of rigorous scholarship have greatly increased our knowledge about the causes and effects of various military and non-military forms of foreign interventions.

One blind spot in the international relations (IR) literature on interventions has been interventions designed to affect election results in foreign countries; i.e. as most famously occurred in Italy’s 1948 parliamentary election and more recently in the 2009 Afghan presidential elections. Despite a few, very recent exceptions (Corstange and Marinov, 2012; Levin, 2016; Shulman and Bloom, 2012), such interventions have not been studied by quantitative IR scholars who have preferred to focus on more violent or usually more overt types of interventions.2

However by not studying partisan electoral interventions, quantitative IR scholars miss an important, common form of intervention. Between 1946 and 2000, the US and the Soviet Union/Russia have intervened in about one of every nine competitive national-level executive elections. Partisan electoral interventions have been found to have had significant effects on election results, frequently determining the identity of the winner (Levin, 2016). Overt interventions of this kind have also been found to have significant effects on the views of the target public toward the intervener (Corstange and Marinov, 2012). Some qualitative scholars who have studied particular cases of electoral interventions at times credit, or blame, them with playing an important role in the subsequent nature of the regime in the target country and influencing the direction of its domestic and foreign policies (Rabe, 2006: chap. 5; Trachtenberg, 1999: 128–132). With the growing realization among IR scholars of the importance of regime type (Huth and Allee, 2002; Park, 2013 Ray, 1995; Reiter and Stam, 1998; Russett, 1993) and, more recently, the nature of the leader in power (Chiozza and Choi, 2003; Colgan, 2013; Horowitz, 2014; Keller and Foster, 2010; Potter, 2007) for their countries’ foreign and domestic policies, electoral interventions are a factor that cannot be ignored.

cyber warfare

Critical parts of the internet in the U.S. are being systematically probed by foreign government hackers, according to one security expert.

Recently, some of the major companies that provide the basic infrastructure that makes the Internet work have seen an increase in DDoS attacks against them. Moreover, they have seen a certain profile of attacks. These attacks are significantly larger than the ones they’re used to seeing. They last longer. They’re more sophisticated. And they look like probing. One week, the attack would start at a particular level of attack and slowly ramp up before stopping. The next week, it would start at that higher point and continue. And so on, along those lines, as if the attacker were looking for the exact point of failure.

The attacks are also configured in such a way as to see what the company’s total defenses are. There are many different ways to launch a DDoS attack. The more attack vectors you employ simultaneously, the more different defenses the defender has to counter with. These companies are seeing more attacks using three or four different vectors. This means that the companies have to use everything they’ve got to defend themselves. They can’t hold anything back. They’re forced to demonstrate their defense capabilities for the attacker…

Who would do this? It doesn’t seem like something an activist, criminal, or researcher would do. Profiling core infrastructure is common practice in espionage and intelligence gathering. It’s not normal for companies to do that. Furthermore, the size and scale of these probes — and especially their persistence — points to state actors. It feels like a nation’s military cybercommand trying to calibrate its weaponry in the case of cyberwar. It reminds me of the US’s Cold War program of flying high-altitude planes over the Soviet Union to force their air-defense systems to turn on, to map their capabilities.