Best Infosec-Related Long Reads of the Week, 10/8/22

Self-taught geniuses help fight ransomware attackers, Ukrainian tech workers dodge bombs and dislocation to perform their jobs, Life in the Metaverse is not as bad as it seems

Metacurity is pleased to offer our free and paid subscribers this weekly digest of long-form infosec pieces and related articles that we couldn’t properly fit into our daily crush of news. Let us know what you think, and feel free to let us know of your favorite long-reads via Twitter @Metacurity. We’ll gladly credit you with a hat tip. Happy reading!

Ransomware hunters: the self-taught tech geniuses fighting cybercrime

ProPublica reporters Renee Dudley and Daniel Golden published in The Guardian another excerpt of their new book, The Ransomware Hunting Team: A Band of Misfits’ Improbable Crusade to Save the World from Cybercrime. This excerpt focuses on how an IT contractor named Matthew, who worked for a small, publicly funded school for immigrants in London, turned to the Ransomware Hunting Team to fight back against a ransomware attacker who demanded funds the school could not afford.

“I think we’re all kind of misfits,” said team member Fabian Wosar, a high school dropout who grew up in Germany but now lives and works outside London. Wosar is Gillespie’s mentor and, along with him, the team’s foremost codebreaker. “We all have weird quirks that isolate us from the normal world but come in handy when it comes to tracking ransomware and helping people. That’s why and how we work so well together. You don’t need credentials, as long as you have the passion and the drive to teach yourself the skills required.”

The team filled a gaping void. The US government was slow to respond to the growing ransomware threat. The FBI couldn’t get a handle on it, advising victims against paying ransoms but offering no practical alternative. The hackers often operated out of countries such as Russia and Iran, which don’t have extradition agreements with the US and tacitly condone cyber-attacks on the western world, possibly using them to gather intelligence or share in the profit. From insurers to cybersecurity firms, the private sector had little incentive to thwart ransomware; as it surged, they benefited.

The team can’t crack every strain. When ransomware is done right, it’s unbreakable. But some attackers make blunders, cut corners or underestimate their adversaries. That’s when the team pounces.

Coding in a war zone: Ukraine’s tech industry adapts to a new normal

John Beck in Rest of World examines how scrappy Ukrainian tech workers continue to ply their trade in a warzone despite massive trauma and disruption.

Rest of World spoke to Ukrainian tech workers, inside and outside the country, to learn how they are attempting to establish a new, fragile normality. Despite continued heavy fighting in the south and east, and the constant risk of Russian strikes on civilian areas, they described getting back to the rhythms and habits of life before the war as much as possible, working from hastily found apartments by the Polish border, or timing their movements and social engagements around regular air raid alerts.

They include people like Alex, a 26-year-old software developer from Kharkiv, 20 miles from the Russian border. When the invasion came, he initially stayed put. He soon got used to the explosions, he told Rest of World, but never to the warplanes screaming overhead. “You hear some sound of the aircraft somewhere far away and in two seconds, it’s above you,” he recalled. “And you can’t even imagine where it will [drop] the bomb. Maybe on you, maybe somewhere [else].”

This Is Life in the Metaverse

The New York Times privacy reporter Kashmir Hill spent months giving up television, books, and sleep to spend time in Facebook’s three-dimensional virtual world known as Metaverse, giving us this report on the immersive experience and the people who spend time there.

When I told my friends and family about my experiment, they all asked the same questions: What is the metaverse like? Is it fun?

Putting on the headset was annoying, but once I started chatting in Horizon, I had a good time and was reluctant to leave. I liked meeting people spontaneously without the increasingly heavy-handed algorithmic intervention of traditional social media platforms.

But explaining the metaverse through the lens of Horizon feels akin to unpacking the potential of “the web” by surfing AOL chat rooms in the 1990s, during the days of dial-up modems. Meta’s V.R. social network is an early and singular part of what could become a large technological shift.

Already, the headset offers experiences beyond chatting with strangers that will keep me coming back to it — though no longer as if it’s my job, because it won’t be. I became obsessed, for example, with Beat Saber, a game in which players swing a lightsaber at blocks to the beat of electronic music. It requires enough exertion to be called exercise.

Image by Mircea - See my collections from Pixabay