View profile

Behind the News: Sources and Analysis from the Week Ending in July 23

The Soren Review
Behind the News: Sources and Analysis from the Week Ending in July 23
By The Soren Review • Issue #3 • View online
This is a retrospective look at the major headlines in cybersecurity and tech policy, pointing out to the source documents, expert analysis, and code repositories that lie behind the headlines.

China, China, China
One of the biggest stories of the week was the joint finger pointing by the US and other governments at China for their actions in cyberspace. Our first set of sources include CISA releases of Indicators of Compromise (IoCs), Tactics, Techniques, and Procedures (TTPs), and other artifacts of the US Governments investigations into these Chinese activies:
CISA, the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) have observed increasingly sophisticated Chinese state-sponsored activity targeting U.S. political, economic, military, educational, and critical infrastructure personnel and organizations. In response:
us-cert.cisa.gov  •  Share
Chinese State-Sponsored Cyber Operations: Observed TTPs | CISA
Chinese State-Sponsored Cyber Operations: Observed TTPs | CISA
This advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework, Version 9, and MITRE D3FEND™ framework, version 0.9.2-BETA-3.
us-cert.cisa.gov  •  Share
This Joint Cybersecurity Advisory was written by the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) to provide information on a Chinese Advanced Persistent Threat (APT) group known in open-source reporting as APT40. This advisory provides APT40’s tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help cybersecurity practitioners identify and remediate APT40 intrusions and established footholds.
us-cert.cisa.gov  •  Share
This Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework, Version 9. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques.
Note: CISA released technical information, including indicators of compromise (IOCs), provided in this advisory in 2012 to affected organizations and stakeholders.
us-cert.cisa.gov  •  Share
In addition, here is some the expert analysis of China’s actions and the US response that is informing the media coverage:
FAST THINKING: A turning point on Chinese hacking - Atlantic Council
FAST THINKING: A turning point on Chinese hacking - Atlantic Council
What does NATO’s buy-in mean for the world’s response to Chinese hacking? What tools do these allies have to fight back? Our experts messaged us (securely) with the answers.
www.atlanticcouncil.org  •  Share
The White House Responded to the Chinese Hacks of the Microsoft Exchange Servers This Week. Is It Enough? - Lawfare
The White House Responded to the Chinese Hacks of the Microsoft Exchange Servers This Week. Is It Enough? - Lawfare
The Biden administration should be applauded for building a broad coalition of allies to condemn China’s dangerous cyber activity. Now, the White House should do what it has done to other U.S. adversaries and impose real costs on Beijing.
www.lawfareblog.com  •  Share
A related issue in our relationship with China is increasing awareness of Chinese “influence” campaigns in cyberspace. Some analysis on that from the experts:
Chinese Disinformation Efforts on Social Media | RAND
Chinese Disinformation Efforts on Social Media | RAND
The authors identify key Chinese practices and the supporting infrastructure and conditions that successful social media disinformation campaigns require, concluding that China is using Taiwan as a test bed for developing attack vectors.
www.rand.org  •  Share
Holding the LINE: Chinese Cyber Influence Campaigns After the Pandemic
Holding the LINE: Chinese Cyber Influence Campaigns After the Pandemic
An analysis of China’s cyber influence tactics in Taiwan’s 2020 elections can help us understand the extent of China’s capabilities and how to prepare for future operations.
www.justsecurity.org  •  Share
And finally: a broader discussion of the technology landscape in China and how it relates to the US Tech industry:
Hong Shen on How Tech Really Works behind the Great Firewall - Centre for International Governance Innovation
Hong Shen on How Tech Really Works behind the Great Firewall - Centre for International Governance Innovation
Western nations often paint the Chinese tech sector as a threat to freedom, an attack on surveillance and an extension of the state. Big Tech’s guest in this episode, Hong Shen, argues this simplistic framing isn’t quite accurate.
www.cigionline.org  •  Share
FAST THINKING: Will quantum computing be the next frontier of competition with China? - Atlantic Council
FAST THINKING: Will quantum computing be the next frontier of competition with China? - Atlantic Council
On June 29, 2021, the University of Science and Technology of China in Hefei unveiled “Zuchongzhi,” the fastest quantum computer in the world, which at fifty-six qubits is just a nose ahead of Google’s Sycamore quantum computer. But are we calling the race too soon? Will the United States and its allies catch up?
www.atlanticcouncil.org  •  Share
Cyber Capabilities and National Power: A Net Assessment
Cyber Capabilities and National Power: A Net Assessment
The result of two years of study by IISS researchers, this report provides a major new qualitative assessment of 15 countries’ cyber power, as well as a new qualitative framework for understanding how to rank global state cyber capacity.
www.iiss.org  •  Share
Military Grade Spyware
The other major story this week stemmed from some investigations into the NSO Group’s Pegasus spyware. Amnesty International led a group of investigators and journalists in looking into the software, including a mysterious list of 50,000 phone numbers supposedly targeted by regimes around the world. NSO Group has denied many of the accusations, in particular the targeting list, but the reporting has nonetheless stirred up a massive debate about online privacy and security from government surveillance.
Here is some of the original investigative work, published by Amnesty:
GitHub - AmnestyTech/investigations: Indicators from Amnesty International's investigations
GitHub - AmnestyTech/investigations: Indicators from Amnesty International's investigations
Indicators from Amnesty International’s investigations - GitHub - AmnestyTech/investigations: Indicators from Amnesty International’s investigations
github.com  •  Share
And here is a tool meant to analyze a phone for indicators of compromise from Pegasus, also released by the team working on this investigation:
GitHub - mvt-project/mvt: MVT is a forensic tool to look for signs of infection in smartphone devices
GitHub - mvt-project/mvt: MVT is a forensic tool to look for signs of infection in smartphone devices
MVT is a forensic tool to look for signs of infection in smartphone devices - GitHub - mvt-project/mvt: MVT is a forensic tool to look for signs of infection in smartphone devices
github.com  •  Share
Some expert analysis of the issues of spyware and surveillance:
Authoritarianism Has Been Reinvented for the Digital Age - Centre for International Governance Innovation
Authoritarianism Has Been Reinvented for the Digital Age - Centre for International Governance Innovation
The stresses on global democracy over the past 15 years have coincided with the rise of new technologies for information-gathering, communication and surveillance. Autocratic leaders have learned that regime survival can depend on such techniques.
www.cigionline.org  •  Share
Tips to Uncover the Spy Tech Your Government Buys - Global Investigative Journalism Network
Tips to Uncover the Spy Tech Your Government Buys - Global Investigative Journalism Network
In June, a French court indicted executives from two surveillance companies on charges of complicity in torture in Libya and Egypt, following revelations by journalists about their alleged technology sales to repressive regimes. In a series of interviews, investigative reporters shared tips and tools that newsrooms around the world can use to uncover the spyware and monitoring systems their governments are buying.
gijn.org  •  Share
Spyware for sale: the booming trade in surveillance tech
Spyware for sale: the booming trade in surveillance tech
Israeli’s NSO Group is in the eye of a storm over its Pegasus spyware – but it is far from the only company helping governments with their covert surveillance operations.
news.yahoo.com  •  Share
Governments Are Using Spyware on Citizens. Can They Be Stopped? - Carnegie Endowment for International Peace
Governments Are Using Spyware on Citizens. Can They Be Stopped? - Carnegie Endowment for International Peace
An Israeli company has sold military-grade surveillance spyware to governments that are using it to spy on private citizens. What can the United States do about the explosion of such snooping?
carnegieendowment.org  •  Share
Fighting cyberweapons built by private businesses - Microsoft On the Issues
Fighting cyberweapons built by private businesses - Microsoft On the Issues
Microsoft, in conjunction with CitzenLab, has disrupted the use of cyberweapons manufactured and sold by a group we call Sourgum. The weapons disabled were being used in precision attacks targeting more than 100 victims around the world including politicians, human rights activists, journalists, academics, embassy workers and political dissidents
blogs.microsoft.com  •  Share
And for a different perspective:
How the Intelligence Community Can Get Better at Open Source Intel - Defense One
How the Intelligence Community Can Get Better at Open Source Intel - Defense One
Several factors make it harder to use publicly available information in all-source assessment than classified information.
www.defenseone.com  •  Share
Did you enjoy this issue?
The Soren Review

News, analysis, and opinion on tech policy, governance, security, and economics.

In order to unsubscribe, click here.
If you were forwarded this newsletter and you like it, you can subscribe here.
Powered by Revue