Best Infosec-Related Long Reads of the Week, 10/15/22 and 10/22/22

Chinese tycoon linked to Beijing intel became a favorite of MAGA-land, Former U.S. generals work for oppressive regimes, IDF's first-ever cyberattack, FBI struggled with cybercrime, more

Metacurity is pleased to offer our free and paid subscribers this weekly digest of long-form infosec pieces and related articles that we couldn’t properly fit into our daily crush of news. Let us know what you think, and feel free to let us know of your favorite long-reads via Twitter @Metacurity. We’ll gladly credit you with a hat tip. Happy reading!

How a Tycoon Linked to Chinese Intelligence Became a Darling of Trump Republicans

Evan Osnos had this fascinating piece in the New Yorker about Chinese businessman Guo Wengui, a flashy but peculiar billionaire who Steve Bannon called “the Donald Trump of Beijing.” Guo maintained a secret partnership with one of China’s most potent spymasters, an intelligence officer named Ma Jian, who his own government had arrested. Together the two used surveillance, blackmail, and political influence to amass fortunes and evade scrutiny, and Guo ultimately said he was an “affiliate” of China’s all-pervasive Ministry of State Security.

Even more startling, he subsequently declared himself an enemy of the Chinese Communist Party—a position almost unheard-of among China’s élite. He applied for political asylum in the United States, and founded a media network, which broadcast incendiary criticisms of the C.C.P. and enthusiastic support for Trump. His businesses reportedly paid hundreds of thousands of dollars to Trump advisers, including Bannon, Rudy Giuliani, and the attorney L. Lin Wood, who joined efforts to overturn the 2020 election. As Guo’s neighbors at the Sherry-Netherland watched in confusion, he established himself as an election denier, a vaccine skeptic, and a right-wing provocateur, with a degree of influence that is virtually unique among foreign citizens on American soil.

RETIRED U.S. GENERALS, ADMIRALS TAKE TOP JOBS WITH SAUDI CROWN PRINCE

Craig Whitlock and Nate Jones wrote this startling Washington Post investigation into “how more than 500 retired U.S. military personnel, including scores of generals and admirals, have taken lucrative jobs since 2015 working for foreign governments, mostly in countries known for human rights abuses and political repression.” Included is retired Army Gen. Keith Alexander, who led the National Security Agency under Obama and President George W. Bush.

In July 2018, Alexander’s consulting firm, IronNet Cybersecurity, signed a partnership agreement with the Saudis to develop a new institution: the Prince Mohammed bin Salman College of Cyber Security. The college billed itself as the kingdom’s first training program for cyberwarfare and was established under the direction of Saud al-Qahtani, an influential aide to the crown prince

Qahtani also oversaw a network of computer hacking and surveillance operations that targeted the crown prince’s critics and enemies around the world, including Khashoggi. U.S. officials have accused him of managing the plot against the Post contributor. In November 2018, the Treasury Department imposed sanctions on Qahtani, declaring that he “was part of the planning and execution of the operation that led to the killing.”

Yet two months later, during the Trump administration, the State Department approved Alexander’s request to help develop the cyberwarfare college and serve on its board of advisers, documents show. U.S. officials redacted details on how much money Alexander stood to earn.

Israeli officer reveals intricate details of IDF's first ever cyberattack

Ynet News’ Yoav Zitun offered this in-depth look at Second Lieutenant B., a young officer in the Israeli Defense Force’s Military Intelligence Directorate during the 1990s, who planned and executed the army’s first-ever cyberattack.

Already as a young trainee, B. was plotting a largescale intel mission that none of the high officers were exposed to. "Nothing good ever comes out of closing a bunch of colonels and lieutenant colonels in a room and telling them to solve a problem," he said. "All the good ideas, even in years past, came from lower ranks."

The new system the enemy was developing made B. understand that innovative tactics had to be brought up in order to collect data - and immediately started brainstorming technological models.

For two whole years, B. and a few of his comrades recreated the system the enemy had at hand at the time, running endless tests to make sure what they had developed was accurate. The biggest concern was that they would get caught by the enemy, and someone on the other side of the screen would "turn off the lights forever," and seal the data with a break-proof security system.

How the FBI Stumbled in the War on Cybercrime

In another excerpt from their book, “The Ransomware Hunting Team: A Band of Misfits’ Improbable Crusade to Save the World From Cybercrime,” Renee Dudley and Daniel Golden examined how unprepared the FBI was to combat online crime even as late as 2015.

Retention in the division had been a chronic problem, but in the spring of that year, it became acute. About a dozen young and midcareer cyber agents had given notice or were considering leaving, attracted by more lucrative jobs outside government. As the resignations piled up, Comey received an unsolicited email from Andre McGregor, one of the cyber agents who had quit. In his email, the young agent suggested ways to improve the Cyber Division. Comey routinely broadcast his open-door policy, but senior staff members were nevertheless aghast when they heard an agent with just six years’ experience in the bureau had actually taken him up on it. To their consternation, Comey took McGregor’s email and the other cyber agents’ departures seriously. “I want to meet these guys,” he said. He invited the agents to Washington from field offices nationwide for a private lunch. As news of the meeting circulated throughout headquarters, across divisions and into the field, senior staff openly scorned the cyber agents, dubbing them “the 12 Angry Men,” “the Dirty Dozen” or just “these assholes.” To the old-schoolers — including some who had risked their lives in service to the bureau — the cyber agents were spoiled prima donnas, not real FBI.

A Crypto Alchemist Made Me an Accidental Billionaire

Former Wired senior writer Gian M. Volpicelli tells the tale of Valentin Broeksmit, a musician and founder of a band called Bikini Robot Army and a financial whistleblower who became a cryptocurrency “alchemist” who turned Volpicelli briefly into a theoretical billionaire by exploiting a vulnerability in a cryptocurrency wallet app.

Broeksmit tells me he and Peter-Toltz had started looking into crypto in the winter of 2021 because they were “broke as shit.” During his research, Broeksmit chanced upon Incognito Wallet, which developed a blockchain where people can exchange and trade cryptocurrencies via peer-to-peer payments or through a decentralized exchange (DEX), which allows cryptocurrencies to be swapped directly without going through intermediaries. Run by an anonymous team mostly based in Vietnam, Incognito styles itself as privacy-conscious, open source, and decentralized.

Incognito also lets users mint their own cryptocurrencies, Broeksmit says. One just has to pick a name and ticker symbol and provide information about the purpose of the coin in order to launch it as an asset tradable within Incognito’s ecosystem. Incognito suggests that businesses can create these coins to drum up publicity or dole out promotional rewards to customers. Normally, these coins appear to have a value of zero dollars, as no one is seeking to trade them for pricey mainstream cryptocurrency on Incognito’s exchange.

COVID misinfo is the biggest challenge for Twitter’s Birdwatch program, data shows

Corin Faife had an analysis in The Verge of Twitter’s Birdwatch community moderation program, which recently expanded to all U.S. users, that suggests “the most common topics being fact-checked are already covered by Twitter’s misinformation policies, raising new questions as to the overall impact of the program.”

So far, data from the Birdwatch program shows a strong community of volunteer fact-checkers who are attempting to take on difficult problems. But the evidence also suggests a large degree of overlap in the type of tweets these volunteers are addressing and content that is already covered under Twitter’s existing misinformation policies, raising questions as to whether fact-checking notes will have a significant impact. (Twitter maintains that Birdwatch should be additive on top of existing fact-checking initiatives rather than any kind of replacement for misinformation controls.)

Twitter says that preliminary results of the program look good: the company claims that people who see fact-check notes attached to tweets are 20–40 percent less likely to agree with the substance of a potentially misleading tweet than someone who sees only the tweet. It’s a promising finding, but by implication, many viewers of the tweet are still being taken in by falsehoods.