Best Infosec Long-Reads of the Week, 7/30/22

POGO dropped a bombshell about missing DHS texts, An ecosystem of data brokers are sucking up smart cars' data, China's ambassador to the U.S. broke the Aspen Summit's decorum, more

Metacurity is pleased to offer our free and paid subscribers this weekly digest of long-form infosec pieces and related articles that we couldn’t properly fit into our daily crush of news. Let us know what you think, and feel free to let us know if we missed something important by sending us a note to info@metacurity.com. Happy reading!

• Nick Schwellenbach and Adam Zagorin at the Project on Government Oversight broke the news that Department of Homeland Security officials' text messages surrounding January 6 had seemingly been permanently deleted, along with crucial Secret Service texts, with their highly in-depth investigation. They detail how the Department’s Inspector General’s office said in February 2022 that text messages sent or received by then-Acting Secretary Chad Wolf, then-Acting Deputy Secretary Ken Cuccinelli, and Acting Under Secretary for Management Randolph D. “Tex” Alles cannot be found.
• Jon Keegan and Alfred Ng in The Markup delved into how today’s connected cars produce a firehose of sensitive data using an ecosystem of dozens of businesses that seek to monetize the data in an environment with few regulations governing its sale or use. Dozens of sensors emitting data points for any given driver or car are collected by the car’s computer, compiling valuable information about the vehicle speed and location, which songs are played, whether the car is low on oil and whether the headlights are on.
• Julia Ioffe in Puck had this dishy insider look at the staid and close-knit world of the high-flying Aspen Security Forum, which draws diplomatic grandees and top-tier national security journalists from around the globe. She detailed how the event's traditional politesse was upended this year by the sparky Qin Gang, China’s ambassador to the U.S., who scandalized the proceedings by eviscerating American policy toward China. “In essence, he showed up at the high school dance and pulled a Carrie,” Ioffe wrote.
• Chris Stokel-Walker in Gizmodo delved into the details from leaked TikTok documents that reveal how the company games out responses to tricky questions and what the Chinese company thinks its biggest PR problem is, namely China. One PR talking point: “Downplay the parent company ByteDance, downplay the China association, downplay AI.”
• Reuters’ Mari Saito and Maria Tsvetkova offered this visually innovative piece about how Russia spread a secret web of agents across Ukraine to smooth its path in an infiltration deeper than previously realized. Putin’s war planners believed the spread of these spies would create a quick, bloodless victory for Russia in Ukraine, starting with the seizure of the Chornobyl nuclear plant.
• Jeremiah Fowler and the Website Planet research team published this in-depth look at how the loosely organized hacking collective Anonymous used unorthodox methods in attacking Russian targets following the invasion of Ukraine. On top of hacking and releasing Russian data, the group has offered cyber security assistance penetration testing to Ukraine and has found vulnerabilities before Russia could exploit them. The collective has also provided free training to recruits on denial of service attacks and other hacktivist methods.
• The New York Times’ Kellen Browning and Kashmir Hill investigated the disturbing extent to which stalkers of Twitch stars go in their parasocial relationships with their obsessions. The targets, who make millions of dollars per year, spend thousands of dollars on therapy, gun lessons, and private investigators to deal with the stalkers and throw them off track.