One of the most fascinating revelations from the Snowden documents was the story of "fourth party collection," which is when the NSA hacks the spy agency of a friendly nation to suck up all the spy data it has amassed on its own people.

spiegel.de/international/…

1/
It's a devilishly effective spying technique and it surfaces a major risk of mass domestic surveillance - if your internal police get hacked by another nation, then that country can get all of your data. The secret police say they're spying to protect you - some protection!

2/
Even more mind-blowing is the existence of "fifth-party collection" (spying on a spy agency that's spying on another spy agency) and "SIXTH-party collection" (spying on a spy agency that's spying on another spy agency that's spying on another spy agency) .

3/
It's also fascinating because it's so obvious in retrospect. Willie Sutton robbed banks "because that's where the money is." Spooks spy on other spooks because that's where the kompromat is: gathered, sorted, filed and analyzed.

4/
This week, Google's Threat Analysis team published a warning to security researchers to be vigilant about a sophisticated threat-actor that is targeting the infosec community.

blog.google/threat-analysi…

5/
Google says the attacker is working from North Korea (which strongly implies that they are working on behalf of the DPRK itself).

6/
An analysis of the attack recounts how the hackers would ingratiate themselves to infosec professionals, ask them to collaborate on interesting problems, and then slip them a poisoned software library that would take over their systems.

norfolkinfosec.com/dprk-malware-t…

7/
Like fourth-party collection, this is a highly leveraged attack. Security researchers tend to have a lot of proof-of-concept malware, notes on vulnerabilities, and other juicy tools and intel that could be weaponized to attack high-level systems.

8/

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Cory Doctorow #BLM

Cory Doctorow #BLM Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @doctorow

28 Jan
There is no shortage of takes about what's going on with Gamestop (and other surging stocks), Robinhood and Reddit's r/wallstreetbets, many of them contradictory - at least on the face of them. But I think it's possible for most of these takes to be right. Here's how.

1/ Image
First you need to understand the underlying mechanics of the story. Stock markets are fundamentally a way of making bets, including bets on the outcome of other peoples' bets, and bets on the outcomes of THOSE bets.

2/
All this complexity creates lots of exploitable opportunities. Some of these opportunities are considered legitimate and are given respectable names like "arbitrage." Others are considered illegitimate, and are called disreputable things like "stock manipulation."

3/
Read 41 tweets
28 Jan
A new research report from @seanodiggity and @expressvpn in honor #DataPrivacyDay reveals the incredible extent of commercial location tracking hidden in everyday apps.

expressvpn.com/digital-securi…

1/ Image
App vendors use free software development kits (SDKs) to build their products, not realizing (or not caring) that the SDKs come from commercial surveillance companies that harvest all their users' data and sell it in hidden, sprawling commercial markets.

2/
That's how the US military was able to buy location data on users of a Muslim prayer app: the app was built with one of these surveillance SDKs, so the data was extracted, packaged and sold on the cheap to the Pentagon.

vice.com/en/article/jgq…

3/
Read 6 tweets
27 Jan
In the early 2000s, dramatic shifts in radio spectrum allocation for mobile data applications, combined with advances in radio transmission and receiving prompted some networking engineers to propose a radical rethink of radio.

1/ Image
Our current spectrum management assumes that senders and receivers have characteristics that are fixed at the point of manufacture, determined by things like the shape of an antenna and the type of quartz crystal used as an oscillator.

2/
But software-defined radios (SDRs) and software-tunable phased-array antennas make those assumptions obsolete. Today, a radio can be a commodity computer that can sense other devices' RF use and transmit and receive on multiple frequencies to share the airwaves.

3/
Read 19 tweets
27 Jan
Today's Twitter threads (a Twitter thread).

Inside: Casino mogul steals First Nation's vaccine; Facebook champions (its own) privacy; Goldman CEO gets $17.5m reward for $4.5b fraud; and more!

Archived at: pluralistic.net/2021/01/27/vir…

#Pluralistic

1/ Image
Join me tomorrow for the launch of the print edition of my 2020 book HOW TO DESTROY SURVEILLANCE CAPITALISM!

medium.zoom.us/webinar/regist…

2/ Image
Casino mogul steals First Nation's vaccine: Rodney and Ekaterina Baker, showing us settler colonialism is alive and well.



3/ Image
Read 22 tweets
27 Jan
In 1997, Fair Wayne Bryan was convicted of stealing a pair of hedge-clippers. He was given a life-sentence because of other minor thefts. He was paroled from Angola prison in late 2020.

nbcnews.com/news/us-news/b…

1/ Image
In 2015, a conspiracy involving the Malaysian "tabloid party boy" Jho Low and a clutch of Goldman Sachs bankers stole and laundered $4.5b from the country's 1Malaysia Development Berhad fund (#1MDB).

nbcnews.com/business/busin…

2/
The multibillion dollar crime toppled the Malaysian government, but Goldman Sachs maintained that this was the result of a couple of rogue elements, despite evidence that the rot went all the way to the top.

thestar.com.my/business/busin…

3/
Read 9 tweets
27 Jan
According to their Twitter bio, the UK's @ICOnews's mission is to "uphold[] information rights in the public interest, promotes openness by public bodies & data privacy for individuals."

1/ Image
Great values, but actions speak louder than words. ICO chief @ElizabethDenham has told Parliament that she can't divulge the status of her office's audit of Facebook's app, which was triggered by the Cambridge Analytica scandal.

techcrunch.com/2021/01/26/fac…

2/
She told @KevinBrennanMP that she couldn't discuss the audit in public because her office had entered into a confidentiality agreement with Facebook whose terms couldn't be known by the public.

3/
Read 9 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!