Best Infosec-Related Long Reads of the Week, 9/10/22
Criminals use fake GPS coordinates, Why cyber hasn't been decisive in Ukraine war, Russia targets Wikipedia editors, Tech libertarian on how to make money, Treasury Dept. crunches crypto's vision
Metacurity is pleased to offer our free and paid subscribers this weekly digest of long-form infosec pieces and related articles that we couldn’t properly fit into our daily crush of news. Let us know what you think, and feel free to let us know of your favorite long-reads via Twitter @Metacurity. We’ll gladly credit you with a hat tip. Happy reading!
How Fake GPS Coordinates Are Leading to Lawlessness on the High Seas
Anatoly Kurmanaev in the New York Times explores an illegal phenomenon where hundreds of cases where a ship has transmitted fake location coordinates to carry out murky and even criminal business operations and circumvent international laws and sanctions.
over the past year, Windward, a large maritime data company that provides research to the United Nations, has uncovered more than 500 cases of ships manipulating their satellite navigation systems to hide their locations. The vessels carry out the deception by adopting a technology that until recently was confined to the world’s most advanced navies. The technology, in essence, replicates the effect of a VPN cellphone app, making a ship appear to be in one place, while physically being elsewhere.
Russian Cyberwarfare: Unpacking the Kremlin’s Capabilities
Andrei Soldatov and Irina Borogan of the Center for European Policy Analysis (CEPA) explore why cyber has not been the decisive force many had predicted during the run-up to Russia’s invasion of Ukraine and examine how Russian cyber operations are governed.
In the cyber arena, Russia’s biggest asset remains its cadres. The Soviet Union boasted the biggest engineer community in the world to serve its enormous military-industrial complex. Under Stalin, dozens of polytechnic schools were built across the country to train engineers, and networks of research facilities — secret and within the ostensibly civilian institutions — were funded for those engineers to contribute to the Soviet military and security services’ R&D.
When the Soviet Union collapsed, this sprawling system shook but didn’t break down. Some parts remained in the now independent countries, some fell into complete disarray due to lack of funding, but by and large, the parts within Russia survived the shock of the Soviet disintegration. The system did, however, experience a large hemorrhage of talent — many engineers went outside the tightly controlled world of the military-industrial complex to start a new life in private industry. Those engineers who chose the bright side launched Russian tech companies, including cybersecurity companies. The engineers, and their children, who chose the dark side, contributed to the emergence of the phenomenon of Russian hackers.
Doxxed, threatened, and arrested: Russia’s war on Wikipedia editors
Masha Borak in Rest of World examines how Russia has launched a campaign against Wikipedia editors, doxxing them and accusing them of smearing Russia’s war efforts.
That month, at least four other Wikipedia editors were also doxxed, and accused of smearing Russia’s war efforts, by the group, which called itself Mrakoborec — a reference to the Aurors, or wizarding police, in Harry Potter. Among them was Mark Bernstein, an editor based in Belarus, Russia’s ally in the war in Ukraine. After Bernstein’s name appeared in the Mrakoborec group on March 10, he was arrested, and detained in Minsk’s notorious Okrestina detention center. In June, he received a sentence of three years of restricted freedom for “organizing and preparing activities that disrupt social order.”
Would You Ditch All This Chaos for a Country in the Cloud?
Anthony Lidgate in Wired tells the story of Balaji Srinivasan, a techno-libertarian and author of a book called The Network State, who has emerged as something of a mystic among the kings and queens of crypto by promoting something he calls his “helical theory of history.”
To puny mortal brains, the grand helical motion is visible as “unbundling and bundling” or “decentralization and centralization.” Srinivasan likes to quote a dotcom executive who said this is the only way to make money: Either you take something whole, dismantle it, and sell the parts, or you take some parts, put them together, and sell a whole. Srinivasan sometimes cites the example of the CD, which got unbundled into the MP3, which got rebundled into the Spotify playlist. “That’s the cycle that happens in computing,” he says. “That happens in history. It happens in technology. And I think it’s also happening here with nations and with states and so on.”
Crypto’s Core Values Are Running Headfirst Into Reality
Will Gottsegen in The Atlantic looks at how the U.S. Treasury Department has demolished the promise of “no masters, no mediators, and no guardrails” that undergirded the rise of cryptocurrency.
The panic began in early August, when the Treasury Department decided to sanction a program called Tornado Cash, essentially forbidding any person or business in the U.S. from interacting with it in any capacity. Tornado Cash is a tool that makes Ethereum transactions more or less untraceable, scrambling the paper trail on a famously transparent blockchain. It’s great for well-meaning privacy enthusiasts worried about prying eyes, but it’s also great for cleaning up dirty money: State-backed North Korean hackers reportedly used the program to launder more than half a billion dollars’ worth of Ethereum in April.