Encryption

Chinese Scientists Report Using Quantum Computer To Hack Military-grade Encryption (thequantuminsider.com) 52

UPDATE: Forbes writes that China hasn't broken military encryption. While factoring a 50-bit integer is an impressive technical achievement, it's important to note that RSA encryption commonly uses key sizes of 2048 bits or higher. The difficulty of factoring increases exponentially with the size of the number, meaning that the gap between 50-bit and 2048-bit integers is astronomically large...

The advances do not equate to a scalable method for breaking RSA encryption as it is used in practical applications today."

Long-time Slashdot schwit1 originally wrote: Chinese scientists have mounted what they say is the world's first effective attack on a widely used encryption method using a quantum computer. The breakthrough poses a "real and substantial threat" to the long-standing password-protection mechanism employed across critical sectors, including banking and the military, according to the researchers.

Despite the slow progress in general-purpose quantum computing, which currently poses no threat to modern cryptography, scientists have been exploring various attack approaches on specialised quantum computers. In the latest work led by Wang Chao, of Shanghai University, the team said it used a quantum computer produced by Canada's D-Wave Systems to successfully breach cryptographic algorithms.

Using the D-Wave Advantage, they successfully attacked the Present, Gift-64 and Rectangle algorithms -- all representative of the SPN (Substitution-Permutation Network) structure, which forms part of the foundation for advanced encryption standard (AES) widely used in the military and finance. AES-256, for instance, is considered the best encryption available and often referred to as military-grade encryption. While the exact passcode is not immediately available yet, it is closer than ever before, according to the study. "This is the first time that a real quantum computer has posed a real and substantial threat to multiple full-scale SPN structured algorithms in use today," they said in the peer-reviewed paper.

The Military

Mystery Drones Swarmed a US Military Base for 17 Days. Investigators are Stumped (msn.com) 133

The Wall Street Journal reports on a "suspicious fleet of unidentified aircraft... as many as a dozen or more" that appeared in Virginia 10 months ago "over an area that includes the home base for the Navy's SEAL Team Six and Naval Station Norfolk, the world's largest naval port." The article notes this was just 10 months after the U.S. shot down a Chinese spy balloon...

After watching the drones — some "roughly 20 feet long and flying at more than 100 miles an hour" — there were weeks of meetings where "Officials from agencies including the Defense Department, Federal Bureau of Investigation and the Pentagon's UFO office joined outside experts to throw out possible explanations as well as ideas about how to respond..." Federal law prohibits the military from shooting down drones near military bases in the U.S. unless they pose an imminent threat. Aerial snooping doesn't qualify, though some lawmakers hope to give the military greater leeway...

Drone incursions into restricted airspace was already worrying national-security officials. Two months earlier, in October 2023, five drones flew over a government site used for nuclear-weapons experiments. The Energy Department's Nevada Nuclear Security Site outside Las Vegas detected four of the drones over three days. Employees spotted a fifth. U.S. officials said they didn't know who operated the drones in Nevada, a previously unreported incursion, or for what reason. A spokeswoman said the facility has since upgraded a system to detect and counter drones...

Over 17 days, the [Virginia] drones arrived at dusk, flew off and circled back... They also were nearly impossible to track, vanishing each night despite a wealth of resources deployed to catch them. Gen. Glen VanHerck, at the time commander of the U.S. Northern Command and the North American Aerospace Defense Command, said drones had for years been spotted flying around defense installations. But the nightly drone swarms over Langley [Air Force base], he said, were unlike any past incursion...

Analysts learned that the smaller quadcopters didn't use the usual frequency band available for off-the-shelf commercial drones — more evidence that the drone operators weren't hobbyists.

"Langley officials canceled nighttime training missions, worried about potential collisions with the drone swarm, and moved the F-22 jet fighters to another base... On December 23, the drones made their last visit."

But toward the end of the article, it notes that "In January, authorities found a clue they hoped would crack the case." It was a student at the University of Minnesota named Fengyun Shi — who was reported flying a drone on a rainy morning near a Virginia shipyard that builds nuclear submarines and aircraft carriers. Their drone got stuck in a tree, and ended up with federal investigators who found "Shi had photographed Navy vessels in dry dock, including shots taken around midnight. Some were under construction at the nearby shipyard." On Jan. 18, federal agents arrested Shi as he was about to board a flight to China on a one-way ticket. Shi told FBI agents he was a ship enthusiast and hadn't realized his drone crossed into restricted airspace. Investigators weren't convinced. but found no evidence linking him to the Chinese government. They learned he had bought the drone on sale at a Costco in San Francisco the day before he traveled to Norfolk. U.S. prosecutors charged Shi with unlawfully taking photos of classified naval installations, the first case involving a drone under a provision of U.S. espionage law. The 26-year-old Chinese national pleaded guilty and appeared in federal court in Norfolk on Oct. 2 for sentencing. Magistrate Judge Lawrence Leonard said he didn't believe Shi's story — that he had been on vacation and was flying drones in the middle of the night for fun. "There's significant holes," the judge said in court.

"If he was a foreign agent, he would be the worst spy ever known," said Shi's attorney, Shaoming Cheng. "I'm sorry about what happened in Norfolk," Shi said before he was sentenced to six months in federal prison.

But "U.S. officials have yet to determine who flew the Langley drones or why..."

"U.S. officials confirmed this month that more unidentified drone swarms were spotted in recent months near Edwards Air Force Base, north of Los Angeles."
Microsoft

Microsoft's Take On Kernel Access and Safe Deployment After CrowdStrike Incident (securityweek.com) 45

wiredmikey writes: As the dust settles following the massive Windows BSOD tech outages caused by CrowdStrike in July 2024, the question is now, how do we prevent this happening again? While there was no current way Microsoft could have prevented this incident, the OS firm is obviously keen to prevent anything similar happening in the future. SecurityWeek talked to David Weston, VP enterprise and OS security at Microsoft, to discuss Windows kernel access and safe deployment practices (or SDP).
Former Ukranian officer Serhii "Flash" Beskrestnov created a Signal channel where military communications specialists could talk with civilian radio experts, reports MIT's Technology Review. But radio communications are crucial for drones, so... About once a month, he drives hundreds of kilometers east in a homemade mobile intelligence center: a black VW van in which stacks of radio hardware connect to an array of antennas on the roof that stand like porcupine quills when in use. Two small devices on the dash monitor for nearby drones. Over several days at a time, Flash studies the skies for Russian radio transmissions and tries to learn about the problems facing troops in the fields and in the trenches.

He is, at least in an unofficial capacity, a spy. But unlike other spies, Flash does not keep his work secret. In fact, he shares the results of these missions with more than 127,000 followers — including many soldiers and government officials — on several public social media channels. Earlier this year, for instance, he described how he had recorded five different Russian reconnaissance drones in a single night — one of which was flying directly above his van... Drones have come to define the brutal conflict that has now dragged on for more than two and a half years. And most rely on radio communications — a technology that Flash has obsessed over since childhood. So while Flash is now a civilian, the former officer has still taken it upon himself to inform his country's defense in all matters related to radio...

Flash has also become a source of some controversy among the upper echelons of Ukraine's military, he tells me. The Armed Forces of Ukraine declined multiple requests for comment, but Flash and his colleagues claim that some high-ranking officials perceive him as a security threat, worrying that he shares too much information and doesn't do enough to secure sensitive intel... [But] His work has become greatly important to those fighting on the ground, and he recently received formal recognition from the military for his contributions to the fight, with two medals of commendation — one from the commander of Ukraine's ground forces, the other from the Ministry of Defense...

And given the mounting evidence that both militaries and militant groups in other parts of the world are now adopting drone tactics developed in Ukraine, it's not only his country's fate that Flash may help to determine — but also the ways that armies wage war for years to come.

He's also written guides on building cheap anti-drone equipment...
China

Who's Winning America's 'Tech War' With China? (wired.com) 78

In mid-2021 Ameria's National Security Advisor set up a new directorate focused on "advanced chips, quantum computing, and other cutting-edge tech," reports Wired. And the next year as Congress was working on boosting America's semiconductor sector, he was "closing in on a plan to cripple China's... In October 2022, the Commerce Department forged ahead with its new export controls."

So what happened next? In a phone call with President Biden this past spring, Xi Jinping warned that if the US continued trying to stall China's technological development, he would not "sit back and watch." And he hasn't. Already, China has answered the US export controls — and its corresponding deals with other countries — by imposing its own restrictions on critical minerals used to make semiconductors and by hoovering up older chips and manufacturing equipment it is still allowed to buy. For the past several quarters, in fact, China was the top customer for ASML and a number of Japanese chip companies. A robust black market for banned chips has also emerged in China. According to a recent New York Times investigation, some of the Chinese companies that have been barred from accessing American chips through US export controls have set up new corporations to evade those bans. (These companies have claimed no connection to the ones who've been banned.) This has reportedly enabled Chinese entities with ties to the military to obtain small amounts of Nvidia's high-powered chips.

Nvidia, meanwhile, has responded to the US actions by developing new China-specific chips that don't run afoul of the US controls but don't exactly thrill the Biden administration either. For the White House and Commerce Department, keeping pace with all of these workarounds has been a constant game of cat and mouse. In 2023, the US introduced the first round of updates to its export controls. This September, it released another — an announcement that was quickly followed by a similar expansion of controls by the Dutch. Some observers have speculated that the Biden administration's actions have only made China more determined to invest in its advanced tech sector.

And there's clearly some truth to that. But it's also true that China has been trying to become self-sufficient since long before Biden entered office. Since 2014, it has plowed nearly $100 billion into its domestic chip sector. "That was the world we walked into," [NSA Advisor Jake] Sullivan said. "Not the world we created through our export controls." The United States' actions, he argues, have only made accomplishing that mission that much tougher and costlier for Beijing. Intel CEO Pat Gelsinger estimated earlier this year that there's a "10-year gap" between the most powerful chips being made by Chinese chipmakers like SMIC and the ones Intel and Nvidia are working on, thanks in part to the export controls.

If the measure of Sullivan's success is how effectively the United States has constrained China's advancement, it's hard to argue with the evidence. "It's probably one of the biggest achievements of the entire Biden administration," said Martijn Rasser, managing director of Datenna, a leading intelligence firm focused on China. Rasser said the impact of the US export controls alone "will endure for decades." But if you're judging Sullivan's success by his more idealistic promises regarding the future of technology — the idea that the US can usher in an era of progress dominated by democratic values — well, that's a far tougher test. In many ways, the world, and the way advanced technologies are poised to shape it, feels more unsettled than ever.

Four years was always going to be too short for Sullivan to deliver on that promise. The question is whether whoever's sitting in Sullivan's seat next will pick up where he left off.

The Military

The Radio-Obsessed Civilian Shaping Ukraine's Drone Defense (technologyreview.com) 42

Former Ukranian officer Serhii "Flash" Beskrestnov created a Signal channel where military communications specialists could talk with civilian radio experts, reports MIT's Technology Review. But radio communications are crucial for drones, so... About once a month, he drives hundreds of kilometers east in a homemade mobile intelligence center: a black VW van in which stacks of radio hardware connect to an array of antennas on the roof that stand like porcupine quills when in use. Two small devices on the dash monitor for nearby drones. Over several days at a time, Flash studies the skies for Russian radio transmissions and tries to learn about the problems facing troops in the fields and in the trenches.

He is, at least in an unofficial capacity, a spy. But unlike other spies, Flash does not keep his work secret. In fact, he shares the results of these missions with more than 127,000 followers — including many soldiers and government officials — on several public social media channels. Earlier this year, for instance, he described how he had recorded five different Russian reconnaissance drones in a single night — one of which was flying directly above his van... Drones have come to define the brutal conflict that has now dragged on for more than two and a half years. And most rely on radio communications — a technology that Flash has obsessed over since childhood. So while Flash is now a civilian, the former officer has still taken it upon himself to inform his country's defense in all matters related to radio...

Flash has also become a source of some controversy among the upper echelons of Ukraine's military, he tells me. The Armed Forces of Ukraine declined multiple requests for comment, but Flash and his colleagues claim that some high-ranking officials perceive him as a security threat, worrying that he shares too much information and doesn't do enough to secure sensitive intel... [But] His work has become greatly important to those fighting on the ground, and he recently received formal recognition from the military for his contributions to the fight, with two medals of commendation — one from the commander of Ukraine's ground forces, the other from the Ministry of Defense...

And given the mounting evidence that both militaries and militant groups in other parts of the world are now adopting drone tactics developed in Ukraine, it's not only his country's fate that Flash may help to determine — but also the ways that armies wage war for years to come.

He's also written guides on building cheap anti-drone equipment...
AI

Silicon Valley Is Debating If AI Weapons Should Be Allowed To Decide To Kill (techcrunch.com) 99

An anonymous reader quotes a report from TechCrunch: In late September, Shield AI cofounder Brandon Tseng swore that weapons in the U.S. would never be fully autonomous -- meaning an AI algorithm would make the final decision to kill someone. "Congress doesn't want that," the defense tech founder told TechCrunch. "No one wants that." But Tseng spoke too soon. Five days later, Anduril cofounder Palmer Luckey expressed an openness to autonomous weapons -- or at least a heavy skepticism of arguments against them. The U.S.'s adversaries "use phrases that sound really good in a sound bite: Well, can't you agree that a robot should never be able to decide who lives and dies?" Luckey said during a talk earlier this month at Pepperdine University. "And my point to them is, where's the moral high ground in a landmine that can't tell the difference between a school bus full of kids and a Russian tank?"

When asked for further comment, Shannon Prior, a spokesperson for Anduril said that Luckey didn't mean that robots should be programmed to kill people on their own, just that he was concerned about "bad people using bad AI." In the past, Silicon Valley has erred on the side of caution. Take it from Luckey's cofounder, Trae Stephens. "I think the technologies that we're building are making it possible for humans to make the right decisions about these things," he told Kara Swisher last year. "So that there is an accountable, responsible party in the loop for all decisions that could involve lethality, obviously." The Anduril spokesperson denied any dissonance between Luckey (pictured above) and Stephens' perspectives, and said that Stephens didn't mean that a human should always make the call, but just that someone is accountable.

Last month, Palantir co-founder and Anduril investor Joe Lonsdale also showed a willingness to consider fully autonomous weapons. At an event hosted by the think tank Hudson Institute, Lonsdale expressed frustration that this question is being framed as a yes-or-no at all. He instead presented a hypothetical where China has embraced AI weapons, but the U.S. has to "press the button every time it fires." He encouraged policymakers to embrace a more flexible approach to how much AI is in weapons. "You very quickly realize, well, my assumptions were wrong if I just put a stupid top-down rule, because I'm a staffer who's never played this game before," he said. "I could destroy us in the battle."

When TC asked Lonsdale for further comment, he emphasized that defense tech companies shouldn't be the ones setting the agenda on lethal AI. "The key context to what I was saying is that our companies don't make the policy, and don't want to make the policy: it's the job of elected officials to make the policy," he said. "But they do need to educate themselves on the nuance to do a good job." He also reiterated a willingness to consider more autonomy in weapons. "It's not a binary as you suggest -- 'fully autonomous or not' isn't the correct policy question. There's a sophisticated dial along a few different dimensions for what you might have a soldier do and what you have the weapons system do," he said. "Before policymakers put these rules in place and decide where the dials need to be set in what circumstance, they need to learn the game and learn what the bad guys might be doing, and what's necessary to win with American lives on the line." [...]
"For many in Silicon Valley and D.C., the biggest fear is that China or Russia rolls out fully autonomous weapons first, forcing the U.S.'s hand," reports TechCrunch. "At the Hudson Institute event, Lonsdale said that the tech sector needs to take it upon itself to 'teach the Navy, teach the DoD, teach Congress' about the potential of AI to 'hopefully get us ahead of China.' Lonsdale's and Luckey's affiliated companies are working on getting Congress to listen to them. Anduril and Palantir have cumulatively spent over $4 million in lobbying this year, according to OpenSecrets."
The Military

US Military Spaceplane To Perform Orbital Maneuvers (spacenews.com) 18

In a rare disclosure, the U.S. Space Force announced that its secretive X-37B spaceplane will execute a series of maneuvers before returning back to Earth. SpaceNews reports: The reusable spacecraft, which has been in orbit since December 28, 2023, will perform aerobraking maneuvers to alter its trajectory around Earth, the Space Force said Oct. 10. This technique involves making multiple passes through the planet's upper atmosphere, using atmospheric drag to modify the vehicle's orbit while conserving fuel. These maneuvers also are intended to showcase responsible space operations, the Space Force said. The aerobraking enables the spaceplane to change orbits and comply with space debris mitigation rules by safely discarding the service module.

The X-37B, manufactured by Boeing, is jointly operated by the U.S. Space Force and the Air Force Rapid Capabilities Office. Since its launch aboard a SpaceX Falcon Heavy rocket from NASA's Kennedy Space Center in Florida, the spaceplane has been conducting radiation effect experiments and testing space domain awareness technologies in a highly elliptical orbit. [...] After completing its aerobraking maneuvers, the X-37B will resume its testing and experimentation objectives. Once these are accomplished, the vehicle will de-orbit and return to Earth, utilizing its autonomous landing system to touch down horizontally like a conventional aircraft. The Space Force has not disclosed the expected duration of the current mission.

Piracy

Kim Dotcom Fends Off Arrest Before Conspiracy Theories and Reality Collide (torrentfreak.com) 119

TorrentFreak's Andy Maxwell reports: In August, New Zealand's Justice Minister authorized Kim Dotcom's immediate arrest and extradition. Dotcom's response to his followers on X was simple: "I'm not leaving." Another post mid-September -- "we are very close to disaster" -- led to Dotcom disappearing for three weeks. On his return, Dotcom said X had suspended his account, based on an extremely serious allegation. After accusing Elon Musk of failing to help, yesterday Dotcom warned that a Trump loss would see Musk indicted and "fighting for his life." Dotcom has a plan to avoid extradition; chaos like this provides the fuel.

The details of Dotcom's "plan" to stay in New Zealand are yet to be revealed. Given Dotcom's history, exhausting the judiciary with every possible avenue of appeal is pretty much guaranteed, no matter how unlikely the prospects of success. At the same time, it's likely that Dotcom will use social media to preach to the existing choir. He will also try to appeal to those who loathe him, and those who merely hate him, by focusing on a common grievance. "People keep suggesting that I should leave this corrupt US colony like a fugitive on the run. Hell no," he told 1.7 million X followers recently. "Corrupt US colony" and the interchangeable "obedient" variant are clearly derogatory, catering to theories of joint complicity and sniveling weakness. This rhetoric has been visible on Dotcom's social media accounts for some time, but the main theme is Dotcom's belligerent, out-of-the-blue support for Russia's invasion of Ukraine. [...]

Some people believe that Dotcom genuinely supports Russia and, with his quotes regularly appearing on state-run news channels, arguing otherwise is a pretty tough ask. A different assessment starts with the things Dotcom values most -- his family, his wealth, and his freedom -- and applies that to a reputation of doing whatever it takes to protect and maintain those three, non-negotiable aspects of his life. Right now, his best chance is to tilt the chess board via a change at the White House, and then carefully exploit a change in policy. Dotcom's colleagues took a plea deal from the U.S. and New Zealand that Dotcom insists he would never accept; certainly not if Biden was in power. A Donald Trump win, on the other hand, would introduce an administration Dotcom could be seen to negotiate with, on previously unthinkable terms, without losing face. Previous reluctance to admit any wrongdoing could suddenly seem trivial after the prevention of World War 3.

[Since 2022, Dotcom supported narratives more closely aligned with those of the Kremlin, in particular the claim that United States policy is the root cause of the current conflict. The amplification of anti-Ukraine rumors in the United States, strategically links alleged U.S. policy failures to billions of dollars in military aid, all at taxpayers' expense. This toxic mix, Dotcom insists, heralds the collapse of the dollar, the dismantling of the "US Empire," and ultimately a global human catastrophe; World War 3, no holds barred.]

The Military

How Mossad Planned Its Exploding Pager Operation: Inside Israel's Penetration of Hezbollah (msn.com) 402

The Washington Post interviewed Lebanese officials, people close to Hezbollah, and Israeli, Arab and U.S. security officials and politicians about a years-long plan (originated at Mossad headquarters) that ultimately killed or maimed "as many as 3,000 Hezbollah officers and members — most of them rear-echelon figures... along with an unknown number of civilians... when Israel's Mossad intelligence service triggered the devices remotely on September 17." In the initial sales pitch to Hezbollah two years ago, the new line of Apollo pagers seemed precisely suited to the needs of a militia group with a sprawling network of fighters and a hard-earned reputation for paranoia... Best of all, there was no risk that the pagers could ever be tracked by Israel's intelligence services. Hezbollah's leaders were so impressed they bought 5,000 of them and began handing them out to mid-level fighters and support personnel in February. None of the users suspected they were wearing an ingeniously crafted Israeli bomb...

Israeli officials had watched with increasing anxiety as the Lebanese group added new weapons to an arsenal already capable of striking Israeli cities with tens of thousands of precision-guided missiles. Mossad, the Israeli intelligence service responsible for combating foreign threats to the Jewish state, had worked for years to penetrate the group with electronic monitoring and human informants. Over time, Hezbollah leaders learned to worry about the group's vulnerability to Israeli surveillance and hacking, fearing that even ordinary cellphones could be turned into Israeli-controlled eavesdropping and tracking devices. Thus was born the idea of creating a kind of communications Trojan horse, the officials said. Hezbollah was looking for hack-proof electronic networks for relaying messages, and Mossad came up with a pair of ruses that would lead the militia group to purchase devices that seemed perfect for the job — equipment that Mossad designed and had assembled in Israel.

The first part of the plan, booby-trapped walkie-talkies, began being inserted into Lebanon by Mossad nearly a decade ago, in 2015. The mobile two-way radios contained oversized battery packs, a hidden explosive and a transmission system that gave Israel complete access to Hezbollah communications. For nine years, the Israelis contented themselves with eavesdropping on Hezbollah, the officials said, while reserving the option to turn the walkie-talkies into bombs in a future crisis. But then came a new opportunity and a glitzy new product: a small pager equipped with a powerful explosive. In an irony that would not become clear for many months, Hezbollah would end up indirectly paying the Israelis for the tiny bombs that would kill or wound many of its operatives.

Because Hezbollah leaders were alert to possible sabotage, the pagers could not originate in Israel, the United States or any other Israeli ally. So, in 2023, the group began receiving solicitations for the bulk purchase of Taiwanese-branded Apollo pagers, a well-recognized trademark and product line with a worldwide distribution and no discernible links to Israeli or Jewish interests. The Taiwanese company had no knowledge of the plan, officials said... The marketing official had no knowledge of the operation and was unaware that the pagers were physically assembled in Israel under Mossad oversight, officials said... In a feat of engineering, the bomb component was so carefully hidden as to be virtually undetectable, even if the device was taken apart, the officials said. Israeli officials believe that Hezbollah did disassemble some of the pagers and may have even X-rayed them.

"Thousands of Apollo-branded pagers rang or vibrated at once, all across Lebanon and Syria," according to the article, with a short sentence in Arabic that said "You received an encrypted message." The two-button de-encryption procedure "ensured most users would be holding the pager with both hands when it detonated," according to the article, although "Less than a minute later, thousands of other pagers exploded by remote command, regardless of whether the user ever touched his device. The following day, on September 18, hundreds of walkie-talkies blew up in the same way, killing and maiming users and bystanders..."

"As Hezbollah reeled, Israel struck again, pounding the group's headquarters, arsenals and logistic centers with 2,000-pound bombs," the article concludes. And the strike "convinced the country's political leaders that Hezbollah could be put on the ropes, susceptible to a systematic dismantling using airstrikes and, eventually a ground invasion..."
United States

Anduril Founder Luckey: Every Country Needs a 'Warrior Class' Excited To Enact 'Violence on Others in Pursuit of Good Aims' 268

Anduril founder Palmer Luckey advocated for a "warrior class" and autonomous weapons during a talk at Pepperdine University. The defense tech entrepreneur, known for his Hawaiian shirts and mullet, argued that societies need people "excited about enacting violence on others in pursuit of good aims."

Luckey revealed that Anduril supplied weapons to Ukraine two weeks into the Russian invasion, lamenting that earlier involvement could have made "a really big difference." He criticized Western hesitancy on AI development, claiming adversaries are waging a "shadow campaign" against it in the United Nations. Contradicting his co-founder's stance, Luckey endorsed fully autonomous weapons, comparing them favorably to indiscriminate landmines.
China

China-Linked Hackers Breach US Internet Providers in New 'Salt Typhoon' Cyberattack (msn.com) 16

Hackers linked to the Chinese government have broken into a handful of U.S. internet-service providers in recent months in pursuit of sensitive information, WSJ reported Wednesday, citing people familiar with the matter. From the report: The hacking campaign, called Salt Typhoon by investigators, hasn't previously been publicly disclosed and is the latest in a series of incursions that U.S. investigators have linked to China in recent years. The intrusion is a sign of the stealthy success Beijing's massive digital army of cyberspies has had breaking into valuable computer networks in the U.S. and around the globe.

In Salt Typhoon, the actors linked to China burrowed into America's broadband networks. In this type of intrusion, bad actors aim to establish a foothold within the infrastructure of cable and broadband providers that would allow them to access data stored by telecommunications companies or launch a damaging cyberattack. Last week, U.S. officials said they had disrupted a network of more than 200,000 routers, cameras and other internet-connected consumer devices that served as an entry point into U.S. networks for a China-based hacking group called Flax Typhoon. And in January, federal officials disrupted Volt Typhoon, yet another China-linked campaign that has sought to quietly infiltrate a swath of U.S. critical infrastructure.

"The cyber threat posed by the Chinese government is massive," said Christopher Wray, the Federal Bureau of Investigation's director, speaking earlier this year at a security conference in Germany. "China's hacking program is larger than that of every other major nation, combined." U.S. security officials allege that Beijing has tried and at times succeeded in burrowing deep into U.S. critical infrastructure networks ranging from water-treatment systems to airports and oil and gas pipelines. Top Biden administration officials have issued public warnings over the past year that China's actions could threaten American lives and are intended to cause societal panic. The hackers could also disrupt the U.S.'s ability to mobilize support for Taiwan in the event that Chinese leader Xi Jinping orders his military to invade the island.

Facebook

Meta and YouTube Ban Russian State Media for 'Foreign Interference' (cnn.com) 58

Meta (the parent company of Facebook, Instagram, and Threads) announced Monday that Russian state media outlets like RT are now "banned from our apps globally for foreign interference activity," reports CNN.

CNN adds that Meta is alleging that the "Kremlin-controlled networks" have "engaged in deceptive influence operations and attempted to evade detection... Prior to Monday's ban, RT had 7.2 million followers on Facebook and 1 million followers on Instagram." The move comes days after the US Justice Department announced charges against two RT employees for funneling nearly $10 million into a US company, identified by CNN as Tenet Media, to create and amplify content that aligned with Russian interests. The covert influence campaign was aimed at the American public ahead of the 2024 US presidential election, US officials said.
Last week the U.S. State department "revealed declassified U.S. intelligence findings that suggest RT is fully integrated into Russia's intelligence operations around the world," CNN reported earlier" In addition to its covert influence operations, the leaders of RT also administered an online crowdfunding effort to supply military equipment to Russian soldiers in Ukraine, Blinken alleged. The crowdfunding effort supplied "sniper rifles, suppressors, body armor, night vision equipment, drones, radio equipment, personal weapon sights, diesel generators" to Russian soldiers fighting in Ukraine, according to Blinken.

The goal of the U.S. announcement — and private discussions with allied diplomats — is to make sure that countries know that RT and Russian intelligence agencies are working together to sow division and harm democratic processes, while simultaneously making it much more difficult for RT to operate globally, a senior administration official said...

Asked for comment by CNN, RT responded with a mocking email that read in part: "We've been broadcasting straight out of the KGB headquarters all this time."

More from Reuters: U.S. Secretary of State Antony Blinken said on Friday that countries should treat RT's activities as they do covert intelligence operations... In briefing materials shared with Reuters, Meta said it had seen Russian state-controlled media try to evade detection in their online activities in the past and expected them to continue trying to engage in deceptive practices going forward.
A YouTube spokesperson told Reuters they've also terminated over 230 channels affiliated with Kremlin-controlled outlets — channels which were previously only blocked from viewers.

YouTube "began blocking Russian state-sponsored news channels globally in 2022," reports NBC News, "including those tied to RT and Sputnik. Over the years, according to YouTube, the platform has blocked thousands of channels and millions of videos." James Rubin, coordinator for the State Department's Global Engagement Center, said RT is "where propaganda, disinformation and lies are spread to millions, if not billions, of people around the world."
Privacy

Ukraine Bans Official Use of Telegram App Over Fears of Russian Spying (reuters.com) 49

Ukraine has banned use of Telegram on official devices used by state officials, military personnel and critical workers because it believes its enemy Russia can spy on both messages and users, a top security body said on Friday. Reuters: The National Security and Defence Council announced the restrictions after Kyrylo Budanov, head of Ukraine's GUR military intelligence agency, presented the Council with evidence of Russian special services' ability to snoop on the platform, it said in a statement. But Andriy Kovalenko, head of the security council's centre on countering disinformation, posted on Telegram that the restrictions apply only to official devices, not personal phones.

Telegram is heavily used in both Ukraine and Russia and has become a critical source of information since the Russian invasion of Ukraine in February 2022. But Ukrainian security officials had repeatedly voiced concerns about its use during the war. Based in Dubai, Telegram was founded by Russian-born Pavel Durov, who left Russia in 2014 after refusing to comply with demands to shut down opposition communities on his social media platform VKontakte, which he has sold.

Microsoft

Palmer Luckey Is Bringing Anduril Smarts To Microsoft's Military Headset (wired.com) 15

Anduril Industries, a defense startup founded by Palmer Luckey, will integrate its Lattice suite of software into Microsoft's Integrated Visual Augmentation System headset for the U.S. Army. The deal aims to enhance soldiers' battlefield awareness by displaying real-time data from drones, vehicles, and defense systems.

Luckey, who sold virtual reality company Oculus to Facebook for $2 billion, launched Anduril in 2017 to challenge traditional defense contractors. The firm recently secured a contract to develop an experimental robotic fighter jet, beating out industry giants. While Microsoft's IVAS faced initial user complaints of nausea and headaches, the Army plans to invest $21.9 billion in the project.
News

Exploding Pagers Injure Thousands Across Lebanon 751

Wireless communication pagers, carried by thousands, exploded around the same time across Lebanon on Tuesday, injuring over 2,700 people and killing eight, in what security experts suspect was a sophisticated Israeli intelligence operation. New York Times: Hundreds of pagers blew up at the same time across Lebanon on Tuesday in an apparently coordinated attack that killed eight people and injured more than 2,700, health officials said on Tuesday. [...] Hezbollah said that pagers belonging to its members had exploded and accused Israel of being behind the attack. The Israeli military declined to comment.

[...] Three officials briefed on the attack said that it had targeted hundreds of pagers belonging to Hezbollah operatives who have used such devices for years to make it harder for their messages to be intercepted. The devices were programmed to beep for several seconds before exploding, according to the officials, who spoke on the condition of anonymity because of the sensitivity of the matter.
Further reading: Reuters; CNN; NPR; Fox News; and WSJ.

Edward Snowden said, "If it were iPhones that were leaving the factory with explosives inside, the media would be a hell of a lot faster to cotton on to what a horrific precedent has been set today. Nothing can justify this. It's a crime. A crime. And everyone in the world is less safe for it."
United States

RTX's Long-Delayed $7 Billion GPS-Tracking Network Is Still Troubled, GAO Says (msn.com) 19

A month before its planned delivery after years of delay and cost growth, RTX's $7.6 billion ground network to control GPS satellites is still marred by problems that may further stall its acceptance by the US Space Force, congressional auditors said Monday. From a report: RTX's system of 17 ground stations for current and improved GPS satellites was supposed to be ready by October, when it would undergo a series of intense Space Force tests to assess whether it can be declared operational by December 2025. The system continues to draw the ire of lawmakers because it's running more than seven years late in a development phase that's about 73% costlier than initial projections.

Two rounds of testing by the company have been "marked by significant challenges that drove delays to the program's schedule," the Government Accountability Office said Monday in a broad review of the US military's GPS program, including improvements intended to block jamming by adversaries.

The Next Generation Operational Control System, known as OCX, is intended to provide improvements, including access to more secure, jam-resistant software for the military's use of the GPS navigation system, which is also depended on by civilians worldwide. "The program faces challenges from product deficiencies" that "create a risk of further delay," the Pentagon's Defense Contract Management Agency told the GAO, adding that it expects RTX at the earliest to deliver OCX by December.

Government

Is the Tech World Now 'Central' to Foreign Policy? (wired.com) 41

Wired interviews America's foreign policy chief, Secretary of State Antony Blinken, about U.S. digital polices, starting with a new "cybersecurity bureau" created in 2022 (which Wired previously reported includes "a crash course in cybersecurity, telecommunications, privacy, surveillance, and other digital issues.") Look, what I've seen since coming back to the State Department three and a half years ago is that everything happening in the technological world and in cyberspace is increasingly central to our foreign policy. There's almost a perfect storm that's come together over the last few years, several major developments that have really brought this to the forefront of what we're doing and what we need to do. First, we have a new generation of foundational technologies that are literally changing the world all at the same time — whether it's AI, quantum, microelectronics, biotech, telecommunications. They're having a profound impact, and increasingly they're converging and feeding off of each other.

Second, we're seeing that the line between the digital and physical worlds is evaporating, erasing. We have cars, ports, hospitals that are, in effect, huge data centers. They're big vulnerabilities. At the same time, we have increasingly rare materials that are critical to technology and fragile supply chains. In each of these areas, the State Department is taking action. We have to look at everything in terms of "stacks" — the hardware, the software, the talent, and the norms, the rules, the standards by which this technology is used.

Besides setting up an entire new Bureau of Cyberspace and Digital Policy — and the bureaus are really the building blocks in our department — we've now trained more than 200 cybersecurity and digital officers, people who are genuinely expert. Every one of our embassies around the world will have at least one person who is truly fluent in tech and digital policy. My goal is to make sure that across the entire department we have basic literacy — ideally fluency — and even, eventually, mastery. All of this to make sure that, as I said, this department is fit for purpose across the entire information and digital space.

Wired notes it was Blinken's Department that discovered China's 2023 breach of Microsoft systems. And on the emerging issue of AI, Blinken cites "incredible work done by the White House to develop basic principles with the foundational companies." The voluntary commitments that they made, the State Department has worked to internationalize those commitments. We have a G7 code of conduct — the leading democratic economies in the world — all agreeing to basic principles with a focus on safety. We managed to get the very first resolution ever on artificial intelligence through the United Nations General Assembly — 192 countries also signing up to basic principles on safety and a focus on using AI to advance sustainable development goals on things like health, education, climate. We also have more than 50 countries that have signed on to basic principles on the responsible military use of AI. The goal here is not to have a world that is bifurcated in any way. It's to try to bring everyone together.
Privacy

Signal is More Than Encrypted Messaging. It Wants to Prove Surveillance Capitalism Is Wrong (wired.com) 70

Slashdot reader echo123 shared a new article from Wired titled "Signal Is More Than Encrypted Messaging. Under Meredith Whittaker, It's Out to Prove Surveillance Capitalism Wrong." ("On its 10th anniversary, Signal's president wants to remind you that the world's most secure communications platform is a nonprofit. It's free. It doesn't track you or serve you ads. It pays its engineers very well. And it's a go-to app for hundreds of millions of people.") Ten years ago, WIRED published a news story about how two little-known, slightly ramshackle encryption apps called RedPhone and TextSecure were merging to form something called Signal. Since that July in 2014, Signal has transformed from a cypherpunk curiosity — created by an anarchist coder, run by a scrappy team working in a single room in San Francisco, spread word-of-mouth by hackers competing for paranoia points — into a full-blown, mainstream, encrypted communications phenomenon... Billions more use Signal's encryption protocols integrated into platforms like WhatsApp...

But Signal is, in many ways, the exact opposite of the Silicon Valley model. It's a nonprofit funded by donations. It has never taken investment, makes its product available for free, has no advertisements, and collects virtually no information on its users — while competing with tech giants and winning... Signal stands as a counterfactual: evidence that venture capitalism and surveillance capitalism — hell, capitalism, period — are not the only paths forward for the future of technology.

Over its past decade, no leader of Signal has embodied that iconoclasm as visibly as Meredith Whittaker. Signal's president since 2022 is one of the world's most prominent tech critics: When she worked at Google, she led walkouts to protest its discriminatory practices and spoke out against its military contracts. She cofounded the AI Now Institute to address ethical implications of artificial intelligence and has become a leading voice for the notion that AI and surveillance are inherently intertwined. Since she took on the presidency at the Signal Foundation, she has come to see her central task as working to find a long-term taproot of funding to keep Signal alive for decades to come — with zero compromises or corporate entanglements — so it can serve as a model for an entirely new kind of tech ecosystem...

Meredith Whittaker: "The Signal model is going to keep growing, and thriving and providing, if we're successful. We're already seeing Proton [a startup that offers end-to-end encrypted email, calendars, note-taking apps, and the like] becoming a nonprofit. It's the paradigm shift that's going to involve a lot of different forces pointing in a similar direction."

Key quotes from the interview:
  • "Given that governments in the U.S. and elsewhere have not always been uncritical of encryption, a future where we have jurisdictional flexibility is something we're looking at."
  • "It's not by accident that WhatsApp and Apple are spending billions of dollars defining themselves as private. Because privacy is incredibly valuable. And who's the gold standard for privacy? It's Signal."
  • "AI is a product of the mass surveillance business model in its current form. It is not a separate technological phenomenon."
  • "...alternative models have not received the capital they need, the support they need. And they've been swimming upstream against a business model that opposes their success. It's not for lack of ideas or possibilities. It's that we actually have to start taking seriously the shifts that are going to be required to do this thing — to build tech that rejects surveillance and centralized control — whose necessity is now obvious to everyone."

The Military

Navy Chiefs Conspired To Get Themselves Illegal Warship Wi-Fi (navytimes.com) 194

During a 2023 deployment, senior enlisted leaders aboard the Navy ship USS Manchester secretly installed a Starlink Wi-Fi network, allowing them exclusive internet access in violation of Navy regulations. "Unauthorized Wi-Fi systems like the one [then-Command Senior Chief Grisel Marrero] set up are a massive no-no for a deployed Navy ship, and Marrero's crime occurred as the ship was deploying to the West Pacific, where such security concerns become even more paramount among heightened tensions with the Chinese," reports Navy Times. From the report: As the ship prepared for a West Pacific deployment in April 2023, the enlisted leader onboard conspired with the ship's chiefs to install the secret, unauthorized network aboard the ship, for use exclusively by them. So while rank-and-file sailors lived without the level of internet connectivity they enjoyed ashore, the chiefs installed a Starlink satellite internet dish on the top of the ship and used a Wi-Fi network they dubbed "STINKY" to check sports scores, text home and stream movies. The enjoyment of those wireless creature comforts by enlisted leaders aboard the ship carried serious repercussions for the security of the ship and its crew. "The danger such systems pose to the crew, the ship and the Navy cannot be understated," the investigation notes.

Led by the senior enlisted leader of the ship's gold crew, then-Command Senior Chief Grisel Marrero, the effort roped in the entire chiefs mess by the time it was uncovered a few months later. Marrero was relieved in late 2023 after repeatedly misleading and lying to her ship's command about the Wi-Fi network, and she was convicted at court-martial this spring in connection to the scheme. She was sentenced to a reduction in rank to E-7 after the trial and did not respond to requests for comment for this report. The Navy has yet to release the entirety of the Manchester investigation file to Navy Times, including supplemental enclosures. Such records generally include statements or interview transcripts with the accused.

But records released so far show the probe, which wrapped in November, found that the entire chiefs mess knew about the secret system, and those who didn't buy into it were nonetheless culpable for not reporting the misconduct. Those chiefs and senior chiefs who used, paid for, helped hide or knew about the system were given administrative nonjudicial punishment at commodore's mast, according to the investigation. All told, more than 15 Manchester chiefs were in cahoots with Marrero to purchase, install and use the Starlink system aboard the ship. "This agreement was a criminal conspiracy, supported by the overt act of bringing the purchased Starlink onboard USS MANCHESTER," the investigation said. "Any new member of the CPO Mess which then paid into the services joined that conspiracy following the system's operational status."

Records obtained by Navy Times via a Freedom of Information Act request reveal a months-long effort by Marrero to obtain, install and then conceal the chiefs Wi-Fi network from superiors, including the covert installation of a Starlink satellite dish on the outside of the Manchester. When superiors became suspicious about the existence of the network and confronted her about it, Marrero failed to come clean on multiple occasions and provided falsified documents to further mislead Manchester's commanding officer, the investigation states. "The installation and usage of Starlink, without the approval of higher headquarters, poses a serious risk to mission, operational security, and information security," the investigation states.

China

Space Command Chief Says Dialogue With China Too Often a One-Way Street (arstechnica.com) 57

U.S. Space Command chief Gen. Stephen Whiting called for greater transparency from China regarding space debris this week, citing concerns over the recent breakup of a Long March 6A rocket's upper stage. The incident, which occurred after an August 6 satellite launch, scattered over 300 pieces of debris in low-Earth orbit.

While acknowledging some improvement in U.S.-China military dialogue, Whiting stressed on the need for proactive communication about space junk, ArsTechnica reports. "I hope the next time there's a rocket like that, that leaves a lot of debris, that it's not our sensors that are the first to detect that, but we're getting communications to help us understand that," he said.

Slashdot Top Deals