One of the most fascinating revelations from the Snowden documents was the story of "fourth party collection," which is when the NSA hacks the spy agency of a friendly nation to suck up all the spy data it has amassed on its own people.
It's a devilishly effective spying technique and it surfaces a major risk of mass domestic surveillance - if your internal police get hacked by another nation, then that country can get all of your data. The secret police say they're spying to protect you - some protection!
2/
Even more mind-blowing is the existence of "fifth-party collection" (spying on a spy agency that's spying on another spy agency) and "SIXTH-party collection" (spying on a spy agency that's spying on another spy agency that's spying on another spy agency) .
3/
It's also fascinating because it's so obvious in retrospect. Willie Sutton robbed banks "because that's where the money is." Spooks spy on other spooks because that's where the kompromat is: gathered, sorted, filed and analyzed.
4/
This week, Google's Threat Analysis team published a warning to security researchers to be vigilant about a sophisticated threat-actor that is targeting the infosec community.
Google says the attacker is working from North Korea (which strongly implies that they are working on behalf of the DPRK itself).
6/
An analysis of the attack recounts how the hackers would ingratiate themselves to infosec professionals, ask them to collaborate on interesting problems, and then slip them a poisoned software library that would take over their systems.
Like fourth-party collection, this is a highly leveraged attack. Security researchers tend to have a lot of proof-of-concept malware, notes on vulnerabilities, and other juicy tools and intel that could be weaponized to attack high-level systems.
8/
There is no shortage of takes about what's going on with Gamestop (and other surging stocks), Robinhood and Reddit's r/wallstreetbets, many of them contradictory - at least on the face of them. But I think it's possible for most of these takes to be right. Here's how.
1/
First you need to understand the underlying mechanics of the story. Stock markets are fundamentally a way of making bets, including bets on the outcome of other peoples' bets, and bets on the outcomes of THOSE bets.
2/
All this complexity creates lots of exploitable opportunities. Some of these opportunities are considered legitimate and are given respectable names like "arbitrage." Others are considered illegitimate, and are called disreputable things like "stock manipulation."
3/
A new research report from @seanodiggity and @expressvpn in honor #DataPrivacyDay reveals the incredible extent of commercial location tracking hidden in everyday apps.
App vendors use free software development kits (SDKs) to build their products, not realizing (or not caring) that the SDKs come from commercial surveillance companies that harvest all their users' data and sell it in hidden, sprawling commercial markets.
2/
That's how the US military was able to buy location data on users of a Muslim prayer app: the app was built with one of these surveillance SDKs, so the data was extracted, packaged and sold on the cheap to the Pentagon.
In the early 2000s, dramatic shifts in radio spectrum allocation for mobile data applications, combined with advances in radio transmission and receiving prompted some networking engineers to propose a radical rethink of radio.
1/
Our current spectrum management assumes that senders and receivers have characteristics that are fixed at the point of manufacture, determined by things like the shape of an antenna and the type of quartz crystal used as an oscillator.
2/
But software-defined radios (SDRs) and software-tunable phased-array antennas make those assumptions obsolete. Today, a radio can be a commodity computer that can sense other devices' RF use and transmit and receive on multiple frequencies to share the airwaves.
3/
In 1997, Fair Wayne Bryan was convicted of stealing a pair of hedge-clippers. He was given a life-sentence because of other minor thefts. He was paroled from Angola prison in late 2020.
In 2015, a conspiracy involving the Malaysian "tabloid party boy" Jho Low and a clutch of Goldman Sachs bankers stole and laundered $4.5b from the country's 1Malaysia Development Berhad fund (#1MDB).
The multibillion dollar crime toppled the Malaysian government, but Goldman Sachs maintained that this was the result of a couple of rogue elements, despite evidence that the rot went all the way to the top.
According to their Twitter bio, the UK's @ICOnews's mission is to "uphold[] information rights in the public interest, promotes openness by public bodies & data privacy for individuals."
1/
Great values, but actions speak louder than words. ICO chief @ElizabethDenham has told Parliament that she can't divulge the status of her office's audit of Facebook's app, which was triggered by the Cambridge Analytica scandal.
She told @KevinBrennanMP that she couldn't discuss the audit in public because her office had entered into a confidentiality agreement with Facebook whose terms couldn't be known by the public.
3/