Announcing the creation of Sidechannel, a new Discord channel that seven other writers and I will be launching soon for paid subscribers to our publications. You can join the discussion by subscribing to zetter.substack.com or any publication by one of the writers below.
Sidechannel, our new Discord discussion channel, isn't live yet, but it will be soon. I'll be sending out invitations to paid subscribers of Zero Day (zetter.substack.com) once it launches.
• • •
Missing some Tweet in this thread? You can try to
force a refresh
The blackout at Natanz nuclear facility in Iran was caused by explosives, not a cyberattack. "a large explosion that completely destroyed the independent—and heavily protected—internal power system that supplies the underground centrifuges nytimes.com/2021/04/11/wor…
"The officials, who spoke on the condition of anonymity to describe a classified Israeli operation, said that the explosion had dealt a severe blow to Iran’s ability to enrich uranium and that it could take at least nine months to restore Natanz’s production."
Clarification: the story says the blackout was caused by a large explosion. Theoretically such an explosion could be triggered by a cyberattack, depending on how it's done. But this sounds like it was physical sabotage rather than cyber. TBD
CEO of the Associated Press says the international news service experienced unprecedented cyber "attacks" during the 2020 election. This included 10,000 daily phishing attempts and an average of 1.8 million web-based “attacks” per month. zetter.substack.com/p/ap-says-it-e…
They “came in withering numbers,” were sophisticated, and came from Pakistan, Taiwan and “most especially the Russian Federation” among others. In 2016, AP was hit mostly w/ DDoS attacks. In 2020 they were more sophisticated attempts to “find backdoors" in AP platforms/systems.
AP plays critical role in election reporting and is obvious target for anyone wanting to disrupt results/create confusion. AP feeds content to 12,000+ media outlets around world and counted/compiled votes in 7,000+ US elections in 2020; it's often first to call winner in races.
Another water system hacked - this one in Kansas. Former employee charged w/ gaining remote access and performing activities "that shut down processes at the facility which affect the facility’s cleaning and disinfecting procedures," per indictment. justice.gov/usao-ks/pr/ind…
Wyatt Travnichek was employed by Ellsworth County Rural Water District (aka Post Rock Rural Water District) for 1 yr before resigning in Jan 2019. On March 27, 2019, Post Rock experienced an unauthorized remote intrusion resulting in the shut-down of the facility’s processes.
Post Rock Water District serves more than 1,500 retail customers and 10 wholesale customers over eight Kansas counties. Post Rock’s processes include cleaning and disinfecting customers’ drinking water. In shutting down the cleaning processes, it could have affected public health
We've been hearing a lot about a surveillance gap since SolarWinds hack was exposed. Officials call it a “blind spot,” a "visibility" issue and an authorities “gap." But they've been vague about what they mean by it. Turns out it's not quite what you think zetter.substack.com/p/mind-the-gap…
I spoke w/ former NSA General Counsel Glenn Gerstell about the surveillance gap, and it turns out it's not about not being able to see into US private-sector systems at all, but about FBI not being able to get a warrant quickly enough or get one when there isn't probable cause.
Gerstell described hypothetical: NSA sees data leave US computer and go to one in Europe; then data leaves Europe computer and goes to one in Russia. Suspects it's intel stolen by foreign power but doesn't have evidence for probable cause emergency access to US computer to verify
Portrait of a Digital Weapon
Ok this is pretty cool. Artist made homage to Stuxnet using de-compiled code that displays character by character, like a digital countdown, over satellite image of Iranian facility it attacked. Note USB cc: @liam_omurchu macpierce.com/portrait-of-a-…
Here's the 15-page report just released by the ODNI about foreign threats to the 2020 election - this is the unclassified version of the larger classified report dni.gov/files/ODNI/doc…
"This [assessment] does not include an assessment of the impact foreign malign influence and interference activities may have had on the outcome of the 2020 election."
"We assess that it would be difficult for a foreign actor to manipulate election processes at scale without detection by intelligence collection, ... through physical and cyber security monitoring around voting systems ..., or in post-election audits."