Best Infosec-Related Long Reads of the Week, 2/25/23

Belarusian Cyberpartisans versus Putin, Need to create cyber intelligence hubs within DHS, How scalpers' tools are helping Mexican immigrants beat the bureaucracy

Metacurity is pleased to offer our free and paid subscribers this weekly digest of the best long-form infosec pieces and related articles that we couldn’t properly fit into our daily crush of news. So tell us what you think, and feel free to share your favorite long reads via email at info@metacurity.com. We’ll gladly credit you with a hat tip. Happy reading!

Year of war in Ukraine. Belarusian Cyberpartisans against Putin

Defence24 editor Szymon Palczewski interviewed Yuliana Shemetovets, spokeswoman for the Belarusian Cyberpartisans, a group that uses cyberspace to fight Belarus President Alexander Lukashenko, about the first anniversary of Russia’s invasion of Ukraine and how they are fighting against Putin’s regime.

[On the group’s main operations against Russia] The first one was what we believe is the most important operation so far. It's the attack on the Belarusian Railways. CPs attacked the Belarusian Railways three times since the Russian military troops came to Belarus . As a result of it, the movement of Russian military troops stopped completely during the crucial time when Russians were attacking Kyev and Kyev area.

The second attack was on the General Radio Frequency Centre (GRFC)  in Roskomnadzor, the main censor in Russia. GRFC is a crucial element in the Russian repressive machine. They monitor everything and everyone on the Internet, and once they see some disturbance, they send this information directly to FSB, National Guard, the Federal Guard Service, etc, so these agents can be promptly sent to the region where a potential threat to the stability of the regime is growing. The regime is very successful in suppressing any alternative movements or even thoughts of disobedience (for example, they monitored how regions reacted to the news of mobilization). We wanted to create problems and instability for the regime and successfully disturbed the work of the GRFC. We want the Russian regime to pay more attention to their internal problems rather than external affairs.

Public-Public Partnerships: Cyber Intelligence Coordination Within the Department of Homeland Security

Matthew Wein, a former Professional Staff Member at the House Committee on Homeland Security's Subcommittee on Intelligence and Counterterrorism, outlines in Lawfare Blog why the Department of Homeland Security should harness its collective power through the Cybersecurity and Infrastructure Agency, Immigration and Customs Enforcement/Homeland Security Investigations, and the US Secret Service to “create strategic intelligence hubs” (SIHs) to cope with the blurred lines between attacks in cyber and physical domains.

Some observers might view this idea as simply another attempt to keep a sprawling Department of Homeland Security bureaucracy intact. Despite these concerns, the implementation of SIHs could be a real game-changer for the department’s efficiency and success. For example, say a single foreign criminal gang uses ransomware to attack American victims in three geographically distinct places (such as Maine, Texas, and Oregon). Department field offices in those three places would likely begin investigating those crimes separately, even though the crimes themselves are linked. They might spend days or months piecing things together, not knowing that their colleagues in other states are working on the exact same puzzle. An SIH would provide a core repository of the latest intelligence that multiple components could access simultaneously, thus allowing investigators and cyber first responders to quickly piece together a complex criminal puzzle involving multiple victims in dispersed locations. Additionally, this crucial ability to quickly assess the scope of potential victims from a criminal pathway and understand the evolution of a criminal actor based on information from multiple agencies may be enough to coax famously hesitant federal investigators into sharing a bit more information with their partners in a manner that won’t be detrimental to their ongoing case files and could increase their likelihood of solving cases with evidence useful at trial.

Once a ticket scalpers’ tool, auto clickers now help migrants enter the US.

Mexican journalist Stephania Corpi Arnaud reveals in Rest of World how auto-clickers, a tool usually used by ticket scalpers, are helping Mexican migrants “skip the line” to get interviews with US border officials on the organization’s app CBP One, which typically “sell out” within minutes of the interviews being posted online each morning.

Migrants and human rights experts who spoke to Rest of World said CBP One can be frustrating to use. Migrants must create a profile with their name, date of birth, disabilities, and explain if and how they are in danger. They also need to give the exact address of where they will be living in the U.S., along with an emergency contact. All of this happens while the clock ticks and valuable appointment slots are rapidly being filled. Migrants told Rest of World that the CBP One app often glitches, sometimes restarting for seemingly no reason, making applying for entry into the U.S. a particularly nightmarish endeavor.

For many migrants, the use of an auto clicker does not necessarily ensure success. They may be using an outdated version of CBP One or they might find that the auto clicker only works when uploading the photos of two family members, but not the rest. One asylum seeker, who spoke to Rest of World on condition of anonymity for fear that recognition would affect his claim to entry, said the app didn’t allow him to add family members while using an auto clicker. “We only got two of the four slots we need to enter as a family,” he said. “We’re traveling with young children and we can’t just leave them behind.”