Government

Open-Source Intelligence: How Bellingcat Uses Data Gathered by Authoritarian Governments (cnn.com) 52

CNN profiles Bellingcat, a Netherlands-based investigative group specializing in "open-source intelligence". And investigator Christo Grozev tells CNN that authoritarian governments make their work easier, because "they love to gather data, comprehensive data, on ... what they consider to be their subjects, and therefore there's a lot of centralized data."

"And second, there's a lot of petty corruption ... within the law enforcement system, and this data market thrives on that." Billions have been spent on creating sophisticated encrypted communications for the military in Russia. But most of that money has been stolen in corrupt kickbacks, and the result is they didn't have that functioning system... It is shocking how incompetent they are. But it was to be expected, because it's a reflection of 23 years of corrupt government.
Interestingly there's apparently less corruption in China — though more whistleblowers. But Bellingcat's first investigation involved the 2014 downing of a Boeing 777 over eastern Ukraine that killed 283 passengers. (The Dutch Safety Board later concluded it was downed by a surface-to-air missile launched from pro-Russian separatist-controlled territory in Ukraine.) "At that time, a lot of public data was available on Russian soldiers, Russian spies, and so on and so forth — because they still hadn't caught up with the times, so they kept a lot of digital traces, social media, posting selfies in front of weapons that shoot down airliners. That's where we kind of perfected the art of reconstructing a crime based on digital breadcrumbs..."

"By 2016, it was no longer possible to find soldiers leaving status selfies on the internet because a new law had been passed in Russia, for example, banning the use of mobile phones by secret services and by soldiers. So we had to develop a new way to get data on government crime. We found our way into this gray market of data in Russia, which is comprised of many, many gigabytes of leaked databases, car registration databases, passport databases. Most of these are available for free, completely freely downloadable from torrent sites or from forums and the internet." And for some of them, they're more current. You actually can buy the data through a broker, so we decided that in cases when we have a strong enough hypothesis that a government has committed the crime, we should probably drop our ethical boundaries from using such data — as long as it is verifiable, as long as it is not coming from one source only but corroborated by at least two or three other sources of data. That's how we develop it. And the first big use case for this approach was the ... poisoning of Sergei and Yulia Skripal in 2018 (in the United Kingdom), when we used this combination of open source and data bought from the gray market in Russia to piece together who exactly the two poisoners were. And that worked tremendously....

It has been what I best describe as a multilevel computer game.... [W]hen we first learned that we can get private data, passport files and residence files on Russian spies who go around killing people, they closed the files on those people. So every spy suddenly had a missing passport file in the central password database. But that opened up a completely new way for us to identify spies, because we were just able to compare older versions of the database to newer versions. So that allowed us to find a bad group of spies that we didn't even know existed before.

The Russian government did realize that that's maybe a bad idea to hide them from us, so they reopened those files but just started poisoning data. They started changing the photographs of some of these people to similar looking, like lookalikes of the people, so that they confused us or embarrass us if we publish a finding but it's for the wrong guy. And then we'll learn how to beat that.

When asked about having dropped some ethical boundaries about data use, Grozev replies "everything changes. Therefore, the rules of journalism should change with the changing times." "And it's not common that journalism was investigating governments conducting government-sanctioned crimes, but now it's happening." With a country's ruler proclaiming perpetual supreme power, "This is not a model that traditional journalism can investigate properly. It's not even a model that traditional law enforcement can investigate properly." I'll give an example. When the British police asked, by international agreement, for cooperation from the Russian government to provide evidence on who exactly these guys were who were hanging around the Skripals' house in 2018, they got completely fraudulent, fake data from the Russian government....

So the only way to counter that as a journalist is to get the data that the Russian government is refusing to hand over. And if this is the only way to get it, and if you can be sure that you can prove that this is valid data and authentic data — I think it is incumbent on journalists to find the truth. And especially when law enforcement refuses to find the truth because of honoring the sovereign system of respecting other governments.

It was Bellingcat that identified the spies who's poisoned Russian opposition leader Alexey Navalny. CNN suggests that for more details on their investigation, and "to understand Vladimir Putin's stranglehold on power in Russia, watch the new film Navalny which premieres Sunday at 9 p.m. ET on CNN."

The movie's tagline? "Poison always leaves a trail."
The Military

What Happened After Russia Seized Chernobyl Nuclear Disaster Site? (apnews.com) 144

The Associated Press files this report from Chernobyl, where invading tanks in February "churned up highly contaminated soil from the site of the 1986 accident that was the world's worst nuclear disaster..."

"Here in the dirt of one of the world's most radioactive places, Russian soldiers dug trenches. Ukrainian officials worry they were, in effect, digging their own graves." For more than a month, some Russian soldiers bunked in the earth within sight of the massive structure built to contain radiation from the damaged Chernobyl nuclear reactor. A close inspection of their trenches was impossible because even walking on the dirt is discouraged.... Maksym Shevchuck, the deputy head of the state agency managing the exclusion zone, believes hundreds or thousands of soldiers damaged their health, likely with little idea of the consequences, despite plant workers' warnings to their commanders. "Most of the soldiers were around 20 years old," he said....

The full extent of Russia's activities in the Chernobyl exclusion zone is still unknown, especially because the troops scattered mines that the Ukrainian military is still searching for. Some have detonated, further disturbing the radioactive ground. The Russians also set several forest fires, which have been put out.

Ukrainian authorities can't monitor radiation levels across the zone because Russian soldiers stole the main server for the system, severing the connection on March 2. The International Atomic Energy Agency said Saturday it still wasn't receiving remote data from its monitoring systems. The Russians even took Chernobyl staffers' personal radiation monitors....

When the Russians hurriedly departed March 31 as part of a withdrawal from the region that left behind scorched tanks and traumatized communities, they took more than 150 Ukrainian national guard members into Belarus. Shevchuck fears they're now in Russia. In their rush, the Russians gave nuclear plant managers a choice: Sign a document saying the soldiers had protected the site and there were no complaints, or be taken into Belarus. The managers signed.

The article includes more stories from Chernobyl's staff: Even now, weeks after the Russians left, "I need to calm down," the plant's main security engineer, Valerii Semenov, told The Associated Press. He worked 35 days straight, sleeping only three hours a night, rationing cigarettes and staying on even after the Russians allowed a shift change. "I was afraid they would install something and damage the system," he said in an interview....

Another Ukrainian nuclear plant, at Zaporizhzhia in southeastern Ukraine, remains under Russian control. It is the largest in Europe.

Long-time Slashdot reader MattSparkes also notes reports that researchers at Chernobyl "had been looking for bacteria to eat radioactive waste — but they now fear that their work was irreparably lost during the Russian invasion of the facility."

New Scientist reports (in a pay-walled article) that scientist Olena Pareniuk "was attempting to identify bacteria that could consume radioactive waste within Chernobyl's destroyed reactor before the Russian invasion. If her samples are lost it will likely be impossible to replace them."
Social Networks

Ukraine's War Effort Gains an Unlikely Source of Funding: Memes (indianexpress.com) 24

The New York Times reports: Images such as Ukrainian tractors towing away a disabled Russian tank and helicopter, although unverified, have not only helped fight Russian disinformation, but also helped support Ukrainian charities and even the Ukrainian military. The merchandise sales they have generated in the United States and elsewhere are surprising given that many people buying the T-shirts, stickers, coffee mugs and chocolate bars would never have thought about the Eastern European country before the conflict.
One example? Toronto-based Christian Borys, who decided to launch a site selling stickers of the Virgin Mary hoisting an antitank missile (adapted from a painting by the American artist Chris Shaw.) In eight weeks Borys' "Saint Javelin" site "has raised so far almost $1.5 million to assist the Ukrainian charity Help Us Help, which has branched into multiple services, and to provide protective equipment for journalists covering the war, he said." Mr. Borys, who had worked for the e-commerce platform Shopify before turning to journalism, said he created a website in half an hour, hoping to raise money to send to a charity for Ukrainian orphans. That night, he made 88 Canadian dollars in sales. By the time he added T-shirts at the end of February, the threat of war had turned into a full-scale invasion, and he said sales grew to 170,000 Canadian dollars a day — most coming from the United States. "The internet speaks in memes and it just became this crazy, viral sensation," he said. "I think it's because people were looking for a symbol of support, a way to support Ukraine, because they saw the whole injustice of everything...."

Three weeks ago, Mr. Borys, a Canadian of Ukrainian Polish origin, turned Saint Javelin from an all-volunteer effort to a full-time staff of four to keep up with demand. His website has branched out from the Virgin Mary to other saints: Saint Carl Gustaf wears a gas mask, while "Saint Olha, the Warrior Queen of Kyiv" wears a crown and hoists a bazooka over her camouflaged shoulders. "People on Instagram demand we make things basically," Mr. Borys said. "We get messages from people in Spain who say, 'Hey, we just shipped the C-90,' a shoulder-fired rocket propelled grenade launcher," he said. "And they'll say, 'Hey we want a saint for Spain' or a saint specific to that type of system."

Privacy

Spyware and Pegasus: How Democracies Spy on Their Citizens (newyorker.com) 55

Writing for the New Yorker, Ronan Farrow reports on Pegasus, "a spyware technology designed by NSO Group, an Israeli firm, which can extract the contents of a phone, giving access to its texts and photographs, or activate its camera and microphone to provide real-time surveillance — exposing, say, confidential meetings." Pegasus is useful for law enforcement seeking criminals, or for authoritarians looking to quash dissent.... In Catalonia, more than sixty phones — owned by Catalan politicians, lawyers, and activists in Spain and across Europe — have been targeted using Pegasus. This is the largest forensically documented cluster of such attacks and infections on record. Among the victims are three members of the European Parliament... Catalan politicians believe that the likely perpetrators of the hacking campaign are Spanish officials, and the Citizen Lab's analysis suggests that the Spanish government has used Pegasus....

In recent years, investigations by the Citizen Lab and Amnesty International have revealed the presence of Pegasus on the phones of politicians, activists, and dissidents under repressive regimes. An analysis by Forensic Architecture, a research group at the University of London, has linked Pegasus to three hundred acts of physical violence. It has been used to target members of Rwanda's opposition party and journalists exposing corruption in El Salvador. In Mexico, it appeared on the phones of several people close to the reporter Javier Valdez Cárdenas, who was murdered after investigating drug cartels. Around the time that Prince Mohammed bin Salman of Saudi Arabia approved the murder of the journalist Jamal Khashoggi, a longtime critic, Pegasus was allegedly used to monitor phones belonging to Khashoggi's associates, possibly facilitating the killing, in 2018. (Bin Salman has denied involvement, and NSO said, in a statement, "Our technology was not associated in any way with the heinous murder.") Further reporting through a collaboration of news outlets known as the Pegasus Project has reinforced the links between NSO Group and anti-democratic states.

But there is evidence that Pegasus is being used in at least forty-five countries, and it and similar tools have been purchased by law-enforcement agencies in the United States and across Europe. Cristin Flynn Goodwin, a Microsoft executive who has led the company's efforts to fight spyware, told me, "The big, dirty secret is that governments are buying this stuff — not just authoritarian governments but all types of governments...." "Almost all governments in Europe are using our tools," Shalev Hulio, NSO Group's C.E.O., told me. A former senior Israeli intelligence official added, "NSO has a monopoly in Europe." German, Polish, and Hungarian authorities have admitted to using Pegasus. Belgian law enforcement uses it, too, though it won't admit it.

Calling the spyware industry "largely unregulated and increasingly controversial," the article notes how it's now impacting major western democracies. "The Citizen Lab's researchers concluded that, on July 26 and 27, 2020, Pegasus was used to infect a device connected to the network at 10 Downing Street, the office of Boris Johnson, the Prime Minister of the United Kingdom.... The United States has been both a consumer and a victim of this techÂnology. Although the National Security Agency and the C.I.A. have their own surveillance technology, other government offices, including in the military and in the Department of Justice, have bought spyware from private companies, according to people involved in those transactions."

But are the company's fortunes faltering? The company has been valued at more than a billion dollars. But now it is contending with debt, battling an array of corporate backers, and, according to industry observers, faltering in its long-standing efforts to sell its products to U.S. law enforcement, in part through an American branch, Westbridge Technologies. It also faces numerous lawsuits in many countries, brought by Meta (formerly Facebook), by Apple, and by individuals who have been hacked by NSO....

In November, the [U.S.] Commerce Department added NSO Group, along with several other spyware makers, to a list of entities blocked from purchasing technology from American companies without a license. I was with Hulio in New York the next day. NSO could no longer legally buy Windows operating systems, iPhones, Amazon cloud servers — the kinds of products it uses to run its business and build its spyware.

Privacy

American Phone-Tracking Firm Demo'd Surveillance Powers By Spying On CIA and NSA (arstechnica.com) 50

Anomaly Six, a secretive government contractor, claims to monitor the movements of billions of phones around the world and unmask spies with the press of a button. Reader BeerFartMoron shares a report: In the months leading up to Russia's invasion of Ukraine, two obscure American startups met to discuss a potential surveillance partnership that would merge the ability to track the movements of billions of people via their phones with a constant stream of data purchased directly from Twitter. According to Brendon Clark of Anomaly Six -- or "A6" -- the combination of its cellphone location-tracking technology with the social media surveillance provided by Zignal Labs would permit the U.S. government to effortlessly spy on Russian forces as they amassed along the Ukrainian border, or similarly track Chinese nuclear submarines. To prove that the technology worked, Clark pointed A6's powers inward, spying on the National Security Agency and CIA, using their own cellphones against them.

Virginia-based Anomaly Six was founded in 2018 by two ex-military intelligence officers and maintains a public presence that is scant to the point of mysterious, its website disclosing nothing about what the firm actually does. But there's a good chance that A6 knows an immense amount about you. The company is one of many that purchases vast reams of location data, tracking hundreds of millions of people around the world by exploiting a poorly understood fact: Countless common smartphone apps are constantly harvesting your location and relaying it to advertisers, typically without your knowledge or informed consent, relying on disclosures buried in the legalese of the sprawling terms of service that the companies involved count on you never reading.

The Internet

Ukraine War Stokes Concerns in Taiwan Over Its Fragile Internet Links (wsj.com) 48

The war in Ukraine is reviving concerns in Taiwan and some Asia-Pacific nations about the fragility of their internet connections because they rely on undersea cables that could be severed in a Chinese attack. From a report: Ukrainians have used the internet to rally resistance to Russia's invasion, counter Moscow's propaganda and win international support, including through President Volodymyr Zelensky's appeals for weapons. Ukraine has extensive internet connections across its land borders and most of the country has remained online despite Russian attacks on internet infrastructure.

In contrast, Taiwan, a self-ruled island that Beijing claims, receives and sends about 95% of its data-and-voice traffic via cables that lie on the seabed. Currently officials say about 14 cables -- bundles of fiber-optic lines about the thickness of a garden hose -- are in operation, and they reach land at four locations on Taiwan's coast. If the cables were to be cut at sea by submarines or divers, or if military strikes were to destroy the lightly protected landing stations, most of the island would be thrown offline. "We're very vulnerable," said Kenny Huang, chief executive of Taiwan Network Information Center, a government-affiliated cybersecurity and internet-domain-registration organization.

United States

US Commits To Ending Anti-Satellite Missile Testing, Calls For Global Agreement (cnbc.com) 71

The United States government has committed to ending the practice of anti-satellite missile tests, Vice President Kamala Harris announced on Monday, urging other nations to follow its lead. From a report: An anti-satellite weapons, or ASAT, test is a military demonstration in which a spacecraft in orbit is destroyed using a missile system. Countries performing ASAT tests historically have done so by targeting their own assets in space. Plans for the move were set late last year, after the Russian military destroyed a defunct satellite with an ASAT on Nov. 15. The Russian test created thousands of pieces of debris in low Earth orbit, and sent astronauts on the International Space Station into shelter as it passed through the shrapnel field.

During Harris' first meeting in December as chair of the National Space Council, the vice president directed the group to work with other agencies and create proposals that would establish new national security norms in space. The U.S. ASAT commitment, which coincides with Harris' tour of Vandenberg Space Force Base in California on Tuesday, marks the first step of that effort. The White House stressed that "the United States is the first nation to make such a declaration" to end such testing.

The Military

Russia's Military Is Now On Full Display In Google Maps Satellite View (arstechnica.com) 67

An anonymous reader quotes a report from Ars Technica: On Monday, the Internet got a much better look at military facilities across Russia. Google Maps stopped obscuring the sensitive locations due to Russia's ongoing invasion of its neighbor Ukraine. The Ukrainian Armed Forces announced the end of Google's censorship of Russia's bases on Twitter. Thanks to former US President Donald Trump, we know that the 0.5 m per pixel resolution available on Google Maps' satellite view is a far cry from the images available to the US government. But it will be invaluable to the growing mass of open source intelligence analysts. Since Russia's invasion of Ukraine began in late February, the OSINT community on Twitter has been cataloging Russian losses by geolocating images of destroyed tanks, fighting vehicles, aircraft, and cruise missile attacks.

Twitter users have already identified some interesting sights. Images taken of a Russian airbase at Lipetsk show partially disassembled MiG-31s (or perhaps MiG-25s). Another shows several Sukhoi fighter jets painted in patriotic colors, at least one of which is also missing its wings. Zhukovsky Airport near Moscow shows some oddities parked outside thanks to its role as a test flight center, including a Buran shuttle and a Sukhoi Su-47 technology demonstrator.
UPDATE: A Google spokesperson told Ars that the company hasn't changed anything with regard to blurring out sensitive sites in Russia, so perhaps none of us were looking closely until now.
Social Networks

After Russia's Invasion of Ukraine, US Army Training Includes Countering Social Media Disinformation (apnews.com) 46

"In the dusty California desert, U.S. Army trainers are already using lessons learned from Russia's war against Ukraine as they prepare soldiers for future fights against a major adversary such as Russia or China," reports the Associated Press.

And their training scenarios include more than just a enemy willing to destroy a city with missiles and rockets. "The enemy force that controls the fictional town of Ujen is using a steady stream of social media posts to make false accusations against the American brigade preparing to attack." "I think right now the whole Army is really looking at what's happening in Ukraine and trying to learn lessons," said Army Secretary Christine Wormuth. Those lessons, she said, range from Russia's equipment and logistics troubles to communications and use of the internet. "The Russia-Ukraine experience is a very powerful illustration for our Army of how important the information domain is going to be," said Wormuth, who spent two days at the training center in the Mojave Desert watching an Army brigade wage war against the fictional "Denovian" forces. "We've been talking about that for about five years. But really seeing it and seeing the way Zelenskyy has been incredibly powerful.... This is a world war that the actual world can see and watch in real time.... "

Army Col. Ian Palmer said the exercise is using more drones by the friendly and enemy forces, both for surveillance and attacks. So his forces are trying to use camouflage and tuck into the terrain to stay out of sight. "You know if you can be seen, you can be shot, where ever you are," he said. Down in the makeshift town, the opposition forces are confident they can hold off Palmer's brigade despite the size difference. The Denovians only have about 1,350 forces, but they are throwing everything they have at the brigade, from jamming and other electronic warfare to insurgency attacks and propaganda.

The role-players have their phones ready to film and post quickly to social media.

The Denovian forces want to portray the unit in the worst possible light, said Taylor, and constantly twist the narrative on social media so Palmer's troops realize they are in a battle for the truth. That's a challenge, he said, because "when I've got a bunch of casualties and I'm getting overrun on my left flank and my supply trains aren't where they need to be and I can't find the bulldozers, it's hard to think about something that someone said about me on Twitter."

The Military

Ukraine Opens Russian Drone, Finds Duct Tape and Canon DSLR Inside (petapixel.com) 265

Long-time Slashdot reader wired_parrot writes: After the Ukrainian army captured one of Russia's Orlan-10 unmanned aerial vehicles, they decided to do a teardown of it. Their findings show a remarkable amount of jerry-rigged installations using off the shelf components, including the use of a Canon DSLR camera as the main image capturing sensor.
Petapixel notes it's a camera first launched in 2015 "with a retail price of $750 but which is currently worth about $300 to $400 on the used market... The camera is mounted to a board with a hook-and-loop fastener strip (commonly referred to as Velcro)."

The Ukranian Ministry of Defense posted a video showing one of one of its soldiers exploring the alleged Russian drone, and Petapixel shares more details and some screen grabs: The soldier notes how surprisingly low-tech the military drone is — observers quickly pointed out that certain aspects of it are more reminiscent of a hobbyist RC airplane project than a high-tech piece of military spying technology....

On the top of the drone, the fuel tank's cap suggests that it may have been made from some kind of plastic water bottle. Various parts of the drone are also fixed together with some kind of duct tape.

Space

US Space Command Releases Decades of Secret Military Data, Confirms Interstellar Meteor in 2014 (cbsnews.com) 13

"The U.S. Space Command announced this week that it determined a 2014 meteor hit that hit Earth was from outside the solar system," reports CBS News. "The meteor streaked across the sky off the coast of Manus Island, Papua New Guinea three years earlier than what was believed to be the first confirmed interstellar object detected entering our solar system."

After Oumuamua was spotted in 2017, the interstellar comet Borisov appeared in 2019 — discovered in Crimea, Ukraine at a "personal observatory" built by amateur astronomer Gennadiy Borisov"

But CBS notes that despite their theory about a first interstellar meteor in 2014, the two Harvard astronomers — Dr. Amir Siraj and Dr. Abraham Loeb — "had trouble getting their paper published, because they used classified information from the government." Specifically, data from a classified U.S. government satellite designed to detect foreign missiles... The meteor was unusual because of its very high speed and unusual direction — which suggested it came from interstellar space.... Any space object traveling more than about 42 kilometers per second may come from interstellar space. The data showed the 2014 Manus Island fireball hit the Earth's atmosphere at about 45 kilometers per second, which was "very promising" in identifying it as interstellar, Siraj said....

After more research and help from other scientists, including classified information from the government about the accuracy or level of precision of the data, Siraj and Loeb determined with 99.999% certainty the object was interstellar. But their paper on the finding was being turned down, because the pair only had a private conversation with an anonymous U.S. government employee to confirm the accuracy of the data.

"We had thought this was a lost cause," Dr. Siraj told the New York Times — which couldn't resist adding that "it turned out, the truth was out there." Last month, the U.S. Space Command released a memo to NASA scientists that stated the data from the missile warning satellites' sensors "was sufficiently accurate to indicate an interstellar trajectory" for the meteor. The publication of the memo was the culmination of a three-year effort by Siraj and a well-known Harvard astronomer, Avi Loeb.

Many scientists, including those at NASA, say that the military still has not released enough data to confirm the interstellar origins of the space rock, and a spokesperson said Space Command would defer to other authorities on the question.

But it wasn't the only information about meteors to be released. The military also handed NASA decades of secret military data on the brightness of hundreds of other fireballs, or bolides. "It's an unusual degree of visibility of a set of data coming from that world," said Matt Daniels, assistant director for space security at the White House's Office of Science and Technology Policy, who worked on the data release. "We're in this renewed period of excitement and activity in space programs generally, and in the midst of that, I think thoughtful leaders in multiple places said, 'you know, now is a good time to do this.'"

The Times notes that data from classified military satellites "could also aid NASA in its federally assigned role as defender of planet Earth from killer asteroids. And that is the goal of a new agreement with the U.S. Space Force that aims to help NASA's Planetary Defense Coordination Office better understand what happens when space rocks reach the atmosphere." Sharing sensitive military satellite data with astronomers has led to significant scientific discoveries in the past.

A group of satellites deployed in the 1960s by the United States to detect covert detonations of nuclear weapons on Earth accidentally became the key instruments used to make the first detection of extraterrestrial gamma ray bursts. The bursts showed up on the satellites, code-named Vela, as single bursts of energy, confusing analysts at Los Alamos who later declassified the data in a 1973 paper that spurred academic debate about the bursts' origins....

A core reason for Space Force's increasing ties with NASA has centered on the agency's congressional mandate to detect nearly all asteroids that could threaten the Earth. When NASA signed an agreement in 2020 to strengthen ties with Space Force, the agency acknowledged it had fallen behind in its asteroid-tracking efforts and would need Pentagon resources to carry out its planetary defense mission.

Power

Radioactive 'Souvenirs' from Chernobyl May Have Been Taken by Looting Russian Soldiers (voanews.com) 133

Earlier this week the Voice of America news service shared a story that begins with exclusive photos from a nuclear lab "from which a Ukrainian official says Russian troops stole radioactive material that could be harmful if mishandled...." It is housed in a building run by a state agency managing the exclusion zone around Chernobyl's nearby decommissioned nuclear power plant, where a 1986 explosion caused the world's worst nuclear accident. The director of the agency, Evgen Kramarenko, provided the laboratory photos to VOA, saying he took them on an April 5 visit, five days after Russian troops withdrew from Chernobyl....

"We have a laboratory that had a big quantity of radioactive instruments that are used to calibrate our radiation dosimeters," Kramarenko told VOA. A dosimeter is a safety device, typically worn by individuals as a badge, that measures exposure to ionizing radiation, including nuclear radiation. The agency's dosimeters are calibrated using small metallic containers of radioactive material made by Ukrainian state enterprise USIE Izotop, which displays a photo of them on its website.

"Most of those calibration instruments were stolen. They look like coins. If the Russian soldiers carry them around, it's very dangerous for them," Kramarenko said....

In a Saturday Facebook post, Kramarenko's agency said occupying Russian troops stole samples of fuel-containing materials from the lab in addition to the radioactive calibration instruments. The agency said it was possible that the Russians threw away the items elsewhere in Chernobyl's exclusion zone, but that a likelier scenario is that they kept items as "souvenirs."

AI

How Ukraine's IT Army is Using Clearview AI's Face-Scanning Software (msn.com) 88

Ukrainian officials "have run more than 8,600 facial recognition searches on dead or captured Russian soldiers in the 50 days since Moscow's invasion began, using the scans to identify bodies and contact hundreds of their families," reports the Washington Post.

Ukraine's IT Army (taking direction from Ukraine's government) "says it has used those identifications to inform the families of the deaths of 582 Russians, including by sending them photos of the abandoned corpses." The Ukrainians champion the use of face-scanning software from the U.S. tech firm Clearview AI as a brutal but effective way to stir up dissent inside Russia, discourage other fighters and hasten an end to a devastating war. But some military and technology analysts worry that the strategy could backfire, inflaming anger over a shock campaign directed at mothers who may be thousands of miles from the drivers of the Kremlin's war machine.

The West's solidarity with Ukraine makes it tempting to support such a radical act designed to capitalize on family grief, said Stephanie Hare, a surveillance researcher in London. But contacting soldiers' parents, she said, is "classic psychological warfare" and could set a dangerous new standard for future conflicts. "If it were Russian soldiers doing this with Ukrainian mothers, we might say, 'Oh, my God, that's barbaric,' " she said. "And is it actually working? Or is it making them say: 'Look at these lawless, cruel Ukrainians, doing this to our boys?' "

Clearview AI's chief executive, Hoan Ton-That, told The Washington Post that more than 340 officials across five Ukrainian government agencies now can use its tool to run facial recognition searches whenever they want, free of charge. Clearview employees now hold weekly, sometimes daily, training calls over Zoom with new police and military officials looking to gain access. Ton-That recounted several "'oh, wow' moments" as the Ukrainians witnessed how much data — including family photos, social media posts and relationship details — they could gather from a single cadaver scan.

Some of them are using Clearview's mobile app to scan faces while on the battlefield, he said. Others have logged in for training while stationed at a checkpoint or out on patrol, the night sky visible behind their faces. "They're so enthusiastic," Ton-That said. "Their energy is really high. They say they're going to win, every call...."

About 10% of Clearview's database came from Russia's biggest social network, the Post learns from Clearview's chief executive, ""making it a potentially useful tool for battlefield scans." Ukrainian agencies, Ton-That said, have used the app to confirm the identities of people at military checkpoints and to check whether a Ukrainian is a possible Russian infiltrator or saboteur. He argued that the system could deter Russian soldiers from committing war crimes, for fear of being identified, and said the Ukrainians are considering using the tool to verify the identities of Ukrainian refugees and their hosts as they flee for safety.... Beyond scanning corpses, Ukraine also is using facial recognition to identify Russian soldiers caught on camera looting Ukrainian homes and storefronts, an official with Ukraine's Digital Transformation Ministry told The Post. Mykhailo Fedorov, the head of that ministry, this month shared on Twitter and Instagram the name, hometown and personal photo of a man he said was recorded shipping hundreds of pounds of looted clothes from a Belarus post office to his home in eastern Russia. "Our technology will find all of them," he wrote.
The article asks what happens if software makes a mistake in its identification — but Clearview's chief executive argues their tool is accurate Ton-That said the company's sole ambition is to help defend a besieged country. But he also acknowledged the war has helped provide a "good example for other parts of the U.S. government to see how these use cases work."

"This is a new war," he said. And the Ukrainians are "very creative with what they've been able to do."

Thanks to Slashdot readers fbobraga and schwit1 for submitting the article.
Security

Russia's Sandworm Hackers Attempted a Third Blackout In Ukraine (wired.com) 40

An anonymous reader quotes a report from Wired: More than half a decade has passed since the notorious Russian hackers known as Sandworm targeted an electrical transmission station north of Kyiv a week before Christmas in 2016, using a unique, automated piece of code to interact directly with the station's circuit breakers and turn off the lights to a fraction of Ukraine's capital. That unprecedented specimen of industrial control system malware has never been seen again -- until now: In the midst of Russia's brutal invasion of Ukraine, Sandworm appears to be pulling out its old tricks.

On Tuesday, the Ukrainian Computer Emergency Response Team (CERT-UA) and the Slovakian cybersecurity firm ESET issued advisories that the Sandworm hacker group, confirmed to be Unit 74455 of Russia's GRU military intelligence agency, had targeted high-voltage electrical substations in Ukraine using a variation on a piece of malware known as Industroyer or Crash Override. The new malware, dubbed Industroyer2, can interact directly with equipment in electrical utilities to send commands to substation devices that control the flow of power, just like that earlier sample. It signals that Russia's most aggressive cyberattack team attempted a third blackout in Ukraine, years after its historic cyberattacks on the Ukrainian power grid in 2015 and 2016, still the only confirmed blackouts known to have been caused by hackers.

ESET and CERT-UA say the malware was planted on target systems within a regional Ukrainian energy firm on Friday. CERT-UA says that the attack was successfully detected in progress and stopped before any actual blackout could be triggered. But an earlier, private advisory from CERT-UA last week, first reported by MIT Technology Review today, stated that power had been temporarily switched off to nine electrical substations. Both CERT-UA and ESET declined to name the affected utility. But more than 2 million people live in the area it serves, according to Farid Safarov, Ukraine's deputy minister of energy. [...] The revelation of Sandworm's attempted blackout attack provides more evidence that Russia's invasion of Ukraine has been accompanied by a new wave of cyberattacks on the country's networks and critical infrastructure, though with only mixed success.

Security

Ukraine Says Russian Cyberattack Sought To Shut Down Energy Grid (cnbc.com) 19

Russian military hackers tried and failed to attack Ukraine's energy infrastructure last week, the country's government and a major cybersecurity company said Tuesday. From a report: The attack was designed to infiltrate computers connected to multiple substations, then delete all files, which would shut that infrastructure down, according to Ukraine's summary of the incident. ESET, a Slovakia-based cybersecurity company working to help secure Ukrainian infrastructure, said in a summary of the attack that it was conducted by the same arm of Russia's military intelligence agency, GRU, that had previously successfully executed similar attacks in 2014 and 2015. In both of those incidents, some residents of Kyiv temporarily lost power. This attack had been planned for at least two weeks, ESET said. Since Russia began its invasion in February, Ukraine hasn't been hit by any attacks as visibly destructive as those previous hacks of Kyiv energy companies. But Ukraine has faced multiple so-called "wiper" attacks, including ones that have targeted computers in Ukraine's government, financial institutions and internet service providers. Those attacks also look to mass-delete files from hacked computers.
Encryption

US Military Makes 'Significant Effort' in Quantum-Resistant Cryptography (stripes.com) 48

David Spirk, the chief data officer for America's Department of Defense, "called for the Pentagon to make urgent investments to defend against potential espionage from quantum computers" that could crack the encryption on sensitive data, Bloomberg reports: "I don't think that there's enough senior leaders getting their heads around the implications of quantum," Spirk said. "Like AI, I think that's a new wave of compute that when it arrives is going to be a pretty shocking moment to industry and government alike."

"We have to pick up pace because we have competitors who are also attempting to accelerate," he added.

Spirk's comments come amid warnings that U.S. adversaries, particularly China, are aggressively pursuing advanced technologies that could radically accelerate the pace of modern warfare. China is investing in AI and quantum sciences as part of its plan to become an innovation superpower, according to the Pentagon's latest annual report to Congress on China's military power. China is "at or near the lead on numerous science fields," including AI and quantum, it said. The National Security Agency, meanwhile, said last year that the adversarial use of a quantum computer "could be devastating" to the U.S. and its national security systems. The NSA said it could take 20 years or more to roll out new post-quantum cryptography that would resist such code-cracking.

Tim Gorman, a spokesperson at the Pentagon, said the Department of Defense was taking post-quantum cryptography seriously and coordinating with Congress and across government agencies. He added there was "a significant effort" underway.

A January presidential memo further charged agencies with establishing a timeline for transitioning to quantum resistant cryptography.

Power

Ukraine Says 'Lax' and 'Careless' Russian Soldiers Entered the Most Nuclear Contaminated Area on the Planet (cnn.com) 220

"The sudden ear-piercing beep of a radiation meter fills the room," reports CNN, "as a Ukrainian soldier walks in.

"This is where Russian soldiers were living at the Chernobyl nuclear power plant, and radiation levels are now higher than normal." There's no visible presence of the source of the radioactive material in the room, but Ukrainian officials say it's coming from small particles and dust that the soldiers brought into the building. "They went to the Red Forest and brought radioactive material back with them on their shoes," soldier Ihor Ugolkov explains. "Other places are fine, but radiation increased here, because they were living here."

CNN was given exclusive access to the power plant for the first time since it came back into Ukrainian control. Officials at the plant explain the levels inside the room used by Russian soldiers are only slightly above what the World Nuclear Association describes as naturally occurring radiation. One-time contact would not be dangerous but continuous exposure would pose a health hazard.

"They went everywhere, and they also took some radioactive dust on them [when they left]," Ugolkov adds. It's an example of what Ukrainian officials say was the lax and careless behavior of Russian soldiers while they were in control of the site of the 1986 nuclear disaster. The area around Chernobyl, namely the Red Forest, is still the most nuclear contaminated area on the planet, with most of the radioactive particles present on the soil....

Russian soldiers held Chernobyl for a month and are thought to have been operating in contaminated areas most of the time.

Russian soldiers entered the Red Forest and dug trenches, Ukranian officials believe — and on the edge of the area CNN spotted a Russian military ration box "that exhibited radiation levels 50 times above naturally occurring values."

The 169 Ukraine National Guard soldiers, who guarded the facility, were locked in the plant's Cold War era underground nuclear bunker, crammed up in tight quarters without access to natural light, fresh air or communication with the outside world, according to the Ukrainian Interior Minister.

"They were kept here for 30 days without sufficient lighting and food. They were not allowed outside. On the last day they were taken away from here to an unknown direction," Denys Monastyrskyy says while standing inside the bunker.

The minister says he believes the men have been taken to Russia, via Belarus, as prisoners of war, but doesn't know for certain.

Facebook

Facebook Says Ukraine Military Accounts Were Hacked To Post Calls For Surrender (arstechnica.com) 25

An anonymous reader quotes a report from Ars Technica: Facebook today reported an increase in attacks on accounts run by Ukraine military personnel. In some cases, attackers took over accounts and posted "videos calling on the Army to surrender," but Facebook said it blocked sharing of the videos. Specifically, Facebook owner Meta's Q1 2022 Adversarial Threat Report said it has "seen a further spike in compromise attempts aimed at members of the Ukrainian military by Ghostwriter," a hacking campaign that "typically targets people through email compromise and then uses that to gain access to their social media accounts across the Internet." Ghostwriter has been linked to the Belarusian government.

"Since our last public update [on February 27], this group has attempted to hack into the Facebook accounts of dozens of Ukrainian military personnel," Meta wrote today. Ghostwriter successfully hacked into the accounts in "a handful of cases" in which "they posted videos calling on the Army to surrender as if these posts were coming from the legitimate account owners. We blocked these videos from being shared." In its February 27 update, Meta said it detected Ghostwriter's "attempts to target people on Facebook to post YouTube videos portraying Ukrainian troops as weak and surrendering to Russia, including one video claiming to show Ukrainian soldiers coming out of a forest while flying a white flag of surrender." Meta said it had "taken steps to secure accounts that we believe were targeted by this threat actor" and "blocked phishing domains these hackers used to try to trick people in Ukraine into compromising their online accounts." But Ghostwriter continued its operations and hacked into accounts of Ukrainian military personnel, as previously mentioned.

Separately, Facebook recently removed a network of Russian accounts that were trying to silence Ukrainians by reporting "fictitious policy violations." "Under our Inauthentic Behavior policy against mass reporting, we removed a network in Russia for abusing our reporting tools to repeatedly report people in Ukraine and in Russia for fictitious policy violations of Facebook policies in an attempt to silence them," Meta said today. Providing more detail in its quarterly report, Meta said the removed network included 200 accounts operated from Russia. "The individuals behind it coordinated to falsely report people for various violations, including hate speech, bullying, and inauthenticity, in an attempt to have them and their posts removed from Facebook. The majority of these fictitious reports focused on people in Ukraine and Russia, but the network also reported users in Israel, the United States, and Poland," the report said.

Botnet

FBI Operation Aims To Take Down Massive Russian GRU Botnet (techcrunch.com) 12

The Federal Bureau of Investigation has disclosed it carried out an operation in March to mass-remove malware from thousands of compromised routers that formed a massive botnet controlled by Russian intelligence. From a report: The operation was authorized by courts in California and Pennsylvania, allowing the FBI to copy and remove the so-called Cyclops Blink malware from infected Asus and WatchGuard routers across the U.S., severing the devices from the servers that remotely control and send instructions to the wider botnet. The Justice Department announced the March operation on Wednesday, describing it as "successful," but warned that device owners should still take immediate action to prevent reinfection.

The Justice Department said that since the news first emerged about the rising threat of Cyclops Blink in February, thousands of compromised devices have been secured, but justified the court-ordered operation because the "majority" of infected devices were still compromised just weeks later in mid-March. Cyclops Blink is believed to be the successor to VPNFilter, a botnet largely neglected after it was exposed by security researchers in 2018 and later targeted by a U.S. government operation to disrupt its command and control servers. Both Cyclops Blink and VPNFilter are attributed to Sandworm, a group of hackers working for Russia's GRU, the country's military intelligence unit.

AI

Face Scanner Clearview AI Aims To Branch Out Beyond Police (apnews.com) 11

A controversial facial recognition company that's built a massive photographic dossier of the world's people for use by police, national governments and -- most recently -- the Ukrainian military is now planning to offer its technology to banks and other private businesses. The Washington Post reports: Clearview AI co-founder and CEO Hoan Ton-That disclosed the plans Friday to The Associated Press in order to clarify a recent federal court filing that suggested the company was up for sale. "We don't have any plans to sell the company," he said. Instead, he said the New York startup is looking to launch a new business venture to compete with the likes of Amazon and Microsoft in verifying people's identity using facial recognition.

The new "consent-based" product would use Clearview's algorithms to verify a person's face, but would not involve its ever-growing trove of some 20 billion images, which Ton-That said is reserved for law enforcement use. Such ID checks that can be used to validate bank transactions or for other commercial purposes are the "least controversial use case" of facial recognition, he said. That's in contrast to the business practice for which Clearview is best known: collecting a huge trove of images posted on Facebook, YouTube and just about anywhere else on the publicly-accessible internet.

Slashdot Top Deals