Best Infosec-Related Long Reads of the Week, 3/4/23

Wirecard's profound ties to Russian intelligence, Viasat hack took months to reveal, The fall of UK digital policymaking, 28,000 apps receive TikTok data, OSINT firm tracks Russian soldiers

Metacurity is pleased to offer our free and paid subscribers this weekly digest of the best long-form infosec pieces and related articles that we couldn’t properly fit into our daily crush of news. So tell us what you think, and feel free to share your favorite long reads via email at info@metacurity.com. We’ll gladly credit you with a hat tip. Happy reading!

How the Biggest Fraud in German History Unravelled

The New Yorker’s Ben Taub has this in-depth investigation into how Germany’s once once-feted financial services company Wirecard, which was embraced by the country’s elite and government as Europe’s answer to PayPal and collapsed in 2020 after nearly $2 billion was discovered missing from the company’s accounts, had profound ties to Russian intelligence.

It is unclear what [Wirecards’ COO Jan Marsalek] was up to. He seemed to take every opportunity to play a part in political matters, no matter how strange or futile. At one point, he involved himself in an effort to relocate Austria’s Israeli Embassy to Jerusalem, to align with the policy of President Donald Trump. Marsalek’s name was found on a list of possible seed investors in a company that would buy the remains of Cambridge Analytica, the data-collection firm that was mired in scandal for its role in influencing elections. When it came to Libyan matters, Marsalek seemed to get a thrill out of telling people that he had body-cam videos of horrific battlefield violence, saying that they showed “the boys” killing prisoners. He boasted that [Russian security company executive] Stanislav Petlinsky, had taken him to Syria to embed with Russian soldiers, on a joyride to the ancient city of Palmyra. According to Weiss, Marsalek “wanted to be a secret agent.” But there’s no concrete evidence that he was.

Nevertheless, Marsalek’s position at Wirecard gave him access to materials that might be of interest to a foreign intelligence service. In 2013, the company began issuing credit cards with false names to the German Federal Criminal Police Office, for use during undercover investigations—meaning that Marsalek might have had insights into the agency’s operational spending. It later emerged that the B.N.D., Germany’s foreign-intelligence service, used Wirecard credit cards, too. After Marsalek’s escape, the B.N.D. claimed that it was unaware of his connections to Russian intelligence.

The Satellite Hack Everyone Is Finally Talking About

Bloomberg’s Katrina Manson walks through Russia’s GRU hack of US satellite provider Viasat at the outset of the Ukraine invasion that knocked out tens of thousands of internet connections in 13 countries, which took Viasat months to acknowledge and even longer for the US and the EU to attribute to the Kremlin.

For Anne Neuberger, US deputy national security adviser for cybersecurity and emerging technologies, drawing private conclusions wasn’t enough. She wanted consequences. The US quietly spent six weeks talking allies in the affected area into publicly blaming Russia. That was more complicated than it might sound: As a matter of policy, many countries simply don’t attribute responsibility for cyberattacks to other nations for fear of hurting diplomatic relations or inciting further attacks. (And Washington’s intelligence claims haven’t always proven reliable.) “Attribution is still very uncomfortable to many countries because, at the end of the day, it’s political,” Neuberger says, “but this is also why it is so important.” To make the case, the US Department of State and intelligence agencies shared broad technical information with the European Union and classified intel with France and Germany to overcome the influential members’ initial reluctance, says a European official who’s not authorized to speak publicly.

Eventually, in May, the EU released a strongly worded statement censuring Russia for targeting the KA-SAT network. “This unacceptable cyberattack is yet another example of Russia’s continued pattern of irresponsible behaviour in cyberspace, which also formed an integral part of its illegal and unjustified invasion of Ukraine,” the statement read. The US was careful to point the finger second, and the UK, Canada and Australia joined, too. The American government also sent satellite terminals to Ukraine.

How UK’s Online Safety Bill fell victim to never-ending political crisis

Politico EU’s Mark Scott and Annabelle Dickson offer this look into how the UK’s Online Safety Bill, designed to force social media giants like Facebook and YouTube to remove illegal content like revenge porn or hate speech quickly, has fallen into political chaos in a “fight for the soul for Britain’s approach to digital rulemaking.”

"It is one of those pieces of legislation that is created with good intentions in response to a demand that something is done,” said Hugh Bennett, a former No. 10 Downing Street adviser who worked on the bill under former Prime Minister Liz Truss. “But rapidly (it) becomes a highly overwrought bill that will not necessarily even achieve its aims.”

“You're looking at 200 clauses, and it's obviously going to be a hugely consequential piece of legislation that's going to impact tens of thousands of businesses around the country, not just Big Tech firms,” he added.

Jeremy Wright, a former British digital minister who published the initial proposals, said the repeated delays in getting the rules over the line — because of domestic political turmoil — had led to the U.K. missing an opportunity to show “true global leadership” on digital rulemaking.

“You can't be one of the second or third to do it,” he said. “That's not leadership.”

We Found 28,000 Apps Sending TikTok Data. Banning the App Won't Help.

Gizmodo’s Thomas Germain has this scoop on how tens of thousands of apps use TikTok’s software development kits (SDKs) to send data to TikTok, undercutting the purpose of US bans on the Chinese-owned, hugely popular video-sharing app.

Some 28,251 apps use TikTok’s software development kits, (SDKs), tools which integrates apps with TikTok’s systems—and send TikTok user data—for functions like ads within TikTok, logging in, and sharing videos from the app. That’s according to a search conducted by Gizmodo and corroborated by AppFigures, an analytics company. But apps aren’t TikTok’s only source of data. There are TikTok trackers spread across even more websites. The type of data sharing TikTok is doing is just as common on other parts of the internet.

The apps using the TikTok SDK include popular games like Mobile Legends: Bang Bang, Trivia Crack, and Fruit Ninja, photo editors like VSCO and Canva, lesser-known dating apps, weather apps, WiFi utilities, and a wide variety of other apps in nearly every category. The developers for the apps listed above did not immediately respond to a request for comment.

“A simple ban on the TikTok app itself is not going to stop data flowing to TikTok,” said Daniel Kahn Gillmor, a senior staff technologist at the American Civil Liberties Union. “TikTok has software in other places, not to mention TikTok trackers spread across other parts of the web. I don’t have a TikTok account, but there are still plenty of ways the company can get data about me.”

A Private Company Is Using Social Media to Track Down Russian Soldiers

PBS correspondent Jack Hewson has this piece in Foreign Policy about a Ukrainian military investigations company called Molfar that uses open source intelligence (OSINT) “to proactively kill enemy forces and destroy enemy hardware on the battlefield itself,” prompting a significant shift in the way militaries handle operational security (OPSEC).

Since the beginning of the war, Molfar has received funding from the Civilian Research and Development Foundation—a nongovernmental organization that includes the U.S. State Department, U.S. Defense Department, and the U.K. government among its backers—to give additional OSINT trainings to officials from the SBU, as well as to the Defense Intelligence of Ukraine and other government bodies.

Molfar’s pivot to military investigatory services is indicative of a broader growth in demand for OSINT services over the past decade, said Di Cooke, a technology fellow at the Center for Strategic and International Studies. That growth has been accelerated by Russia’s war in Ukraine.

“While OSINT has been used to uncover human rights crimes and disinformation in conflicts before, like the Syrian civil war, this is the first major active conflict that has very visibly and viscerally shown the advantages leveraging OSINT can have both on and off the battlefield,” Cooke said.