Best Infosec-Related Long Reads of the Week, 2/11/23

Moscow's "Safe City" is a surveillance tool of oppression, Weak security leads to Malawi mobile thefts, India's easy ban of TikTok, How L0pht came to be, Ukraine war ushers in new intel gathering era

Metacurity is pleased to offer our free and paid subscribers this weekly digest of the best long-form infosec pieces and related articles that we couldn’t properly fit into our daily crush of news. So tell us what you think, and feel free to share your favorite long reads via email at info@metacurity.com. We’ll gladly credit you with a hat tip. Happy reading!

Inside Safe City, Moscow’s AI Surveillance Dystopia

Masha Borak has this piece in Wired about how, under the guise of smart city technology, Moscow has built a vast surveillance system it calls “Safe City,” that has relied on massive networks of security cameras and artificial intelligence to become a top Kremlin tool of oppression.

At its inception, Moscow’s face recognition system was fed official watchlists, like the database of wanted people. The system uses these lists to notify the police once a person on the list is detected, but law enforcement can also upload an image and search for where a person has appeared. Over the years, security and law enforcement agencies have compiled a database of the leaders of the political opposition and prominent activists, according to Sarkis Darbinyan, cofounder of digital rights group Roskomsvoboda, which has been campaigning for a suspension of the technology. It remains unclear who is in charge of adding activists and protesters to watchlists.

In March 2019, following the success of the World Cup trial—some of Russia’s “most wanted” people were arrested while trying to attend matches—the Moscow Department of Transportation, which operates the city’s metro, launched its own surveillance system, Sfera. By October 2019, 3,000 of the city’s 160,000 cameras were enabled with face recognition tech, according to interior minister Vladimir Kolokoltsev.

Scammers steal $117,000 using mobile money transfers every month in Malawi

Kelvin Tembo explains in Rest of World how fraudsters exploit weak digital security systems in Malawi, which has more mobile money wallet owners than bank accounts, to steal nearly $117,000 through fraudulent money transfers each month.

While many frauds occur remotely, some fraudsters target victims in person. Tapiwa Mussa joined Malawi’s fast-growing mobile money business as a merchant in 2021, where she helped customers send and receive money through platforms run by telecommunications service providers like Airtel and TNM. Four months ago, a customer came by her shop to withdraw about 270,000 kwacha (around $265), most of the cash she had that day. Mussa told Rest of World that after the transaction, the customer showed her a confirmation message and left with the money. “Although I did not receive the message on my phone, I gave him the money with the belief that the message to my phone hanged [sic] because of network problems,” she said. “Later, I realized that no amount was credited to my account, and that’s how I lost my capital.”

What the US can learn from India’s TikTok ban

Russell Brandom and Nilesh Christopher in Rest of World offer India as a positive parable for how the US and other Western nations can ban China’s hugely popular video app TikTok with as little political or social backlash as possible.

India’s experience with TikTok is particularly important as U.S. policymakers grapple with potential economic and political fallout from a ban. India’s ban really did result in a long-term split from Chinese technology, as some in the U.S. have worried. But otherwise, Indians have largely taken the restrictions in stride — and there’s been no meaningful political effort to overturn them. Some influencers still miss the joys of the TikTok era, but investors and consumers have largely moved on and adapted to alternatives.

“We haven’t faced any downside,” said Anand Lunia, founder of Indian venture capital firm India Quotient and a prominent tech critic. “I don’t think that anybody has really complained about missing TikTok.”

The biggest winners from India’s ban have been Instagram and YouTube, which both operate short form video competitors (Instagram Reels and YouTube Shorts, respectively) and saw significant user growth in the wake of the ban. Two years after its launch, YouTube Shorts has 1.5 billion monthly logged-in users, and Reels makes up over 20% of the time users spend on Instagram. Meta earmarked more than $1 billion to invest in creators, a significant portion of which is devoted to creators in India.

Phreaks and l33ts: Inside the early ‘90s tech scene that created L0pht, the legendary hackerspace

Cris Thomas, more popularly known as Space Rogue, has an excerpt in Cyberscoop of his new book, Space Rogue: How the Hackers Known As L0pht Changed the World, that tells the story of how the famed Boston-based L0pht hacking collective, one of the first hackerspaces in the US, came into existence.

At an early 2600 meeting during one of the warm months in 1991, LOpht cofounder Brian Oblivion was sitting next to me wearing his standard brimless hat over shoulder-length balding hair, his black bike messenger bag draped over the back of his chair. He leaned in close and whispered, “Hey, you wanna go to the loft after?” I said sure, trying to sound nonchalant and cool like it was no big deal, but getting an invitation to the artists-workshop-turned-hackerspace in South Boston was a major deal, at least for me. I had been there a few times before, but each time was unique.

A hackerspace was a physical location where hackers could work on projects in a communal setting. Today, many hackerspaces are set up as nonprofit organizations with official memberships, elected boards and other structure. The LOpht predated most of these spaces and was formed from a group of like-minded people who originally just needed a place to store equipment.

At this point, the loft had not yet become the “LOpht,” the famous (some would say infamous) hackerspace it would soon become. Of course, this was in the early ’90s, long before anyone knew what a hackerspace was. I knew it as a cool place where the elite hackers of the 617 area code could hang out. There was a ton of old computer equipment there, mostly in boxes, but some of it was up and running. The place had a certain vibe, a secrecy about it that made you feel in awe. I considered an invite to hang out there a pretty high honor.

Open Secrets: Ukraine and the Next Intelligence Revolution

The Hoover Institution’s Amy Zegart in Foreign Affairs walks through how the war in Ukraine has ushered in a new era of intelligence sharing and underscores how intelligence gathering is no longer restricted to government agencies.

Over the past year, private citizens and groups have been tracking what Russia is planning and doing in ways that were unimaginable in earlier conflicts. Journalists have reported battlefield developments using imagery from commercial space satellites. Former government and military officials have been monitoring on-the-ground daily events and offering over-the-horizon analyses about where the war is headed on Twitter. A volunteer team of students at Stanford University, led by former U.S. Army and open-source imagery analyst Allison Puccioni, has been providing reports to the United Nations about Russian human rights atrocities in Ukraine—uncovering and verifying events using commercial-satellite thermal and electro-optical imaging, TikTok videos, geolocation tools, and more. At the Institute for the Study of War, a go-to source for military experts and analysts, researchers have even created an interactive map of the conflict based entirely on unclassified, or open-source, intelligence.

Technological advances have been central to this evolution. It is, after all, the Internet, social media, satellites, automated analytics, and other breakthroughs that have enabled civilians to collect, analyze, and disseminate intelligence. But although new technologies have helped shine a light on Russian military activity, their effects are far from uniformly positive. For the 18 agencies that make up the U.S. intelligence community, new technologies are creating more threats at a far faster rate. They are dramatically increasing the amount of data that analysts must process. They are giving companies and individual citizens a newfound need for intelligence, so that these private entities can help safeguard the country’s interests. And they are giving new intelligence capabilities to organizations and individuals outside the U.S. government, as well as to more countries.