Best Infosec Long-Reads of the Week, 7/23/22

Apps scam working-class Mexicans into a cycle of debt, Client-side scanning floated again as a solution to CSAM, Experts may have underestimated the cyber challenges Russia faced in Ukraine, more

Metacurity is pleased to offer our free and paid subscribers this weekly digest of long-form infosec pieces and related articles that we couldn’t properly fit into our daily crush of news. Let us know what you think, and feel free to let us know if we missed something important by sending us a note to info@metacurity.com. Happy reading!

• Erika Lilian Contreras reports how working-class Mexicans are getting scammed by usurious loan apps SolPeso, Rápikrédito, Super Peso, LoanLaLa, Money Flash, and iFectivo that trap lenders into vicious cycles of debt repayment. Failure to pay the scammers results in repeated threats to distribute photoshopped photos of the victims as thieves to threatening to rape and kill their families if they don’t pay. Nearly one hundred loan apps are listed as possibly related to doxxing activities across various Mexican cyberpolice departments; thirty-five of these are available on Google’s Play store.
• Ian Levy of the UK’s NCSC and Crispin Robinson of the GCHQ issued this paper that focuses on the problem of online child sexual abuse and offers a new set of “harm archetypes” to better group harms into categories that have similar technical characteristics. As part of a menu of suggested mitigations, they suggest that one solution to the problem is “client-side scanning,” which would scan images or videos against a database of “hashes,” or unique digital fingerprints of child exploitation imagery. However, most privacy and cybersecurity experts view client-side scanning as destructive to end-to-end encryption, which, they argue, provides greater societal protection from harm. Levy and Robinson published a piece on their paper in Lawfare.
• Gavin Wilde has this piece in War on the Rocks arguing that Russia’s “failure” to launch extensive cyber operations in Ukraine is not a result of experts overestimating Russia’s capabilities as much as their underestimating the complexities of pulling off these operations. When trying to gauge Russia’s success in the cyber domain, “U.S. strategists must recognize Moscow’s vast ambitions and deep suspicions in the information environment without automatically assuming success nor adopting this conspiratorial mindset as their own,” Wilde writes.
• Tatiana Siegel has this great scoop in Rolling Stone about how a report commissioned by Warner Media showed that at least thirteen percent of the accounts that took part in a social media pressure campaign about the director’s cut of the movie Justice League were deemed fake, well above the three to five percent that experts say they typically see on any trending topic. Some observers believe the so-called “SnyderVerse” social media campaign that advocated for the demands of the film’s director Zack Snyder was instigated by the director himself.

Image by Karolina Grabowska from Pixabay