AT&T paid hackers $370,000 to delete call records stolen from its Snowflake account. They provided video to AT&T showing deletion. It's believed to be the only complete set of the data stolen, though the hackers shared small snippets with a few people wired.com/story/atandt-p… AT&T learned about breach mid-April and paid the hackers on May 17, but didn't report the breach publicly until this last Friday when the published a blog post and a filed a regulatory disclosure with the SEC. AT&T had received a reporting exemption to withhold public reporting.

Car bomb that killed daughter of Putin ally Alexander Dugin was smuggled into Russia in hidden compartment of a cat crate. The op was part of a raging shadow war being conducted by Ukraine's SBU spy agency, which has forged deep bonds with CIA since 2014
washingtonpost.com/world/2023/10/… "The cluttered car carrying a mother and her 12-year-old daughter seemed barely worth the attention of Russian security officials as it approached a border checkpoint. But the least conspicuous piece of luggage — a crate for a cat — was part of an elaborate, lethal plot."

Thousands of IT workers contracting with US companies have for years secretly sent millions of dollars of their wages to North Korea to fund its weapons programs. They worked remotely with companies around US and used false identities to get jobs, per FBI apnews.com/article/north-… According to DoJ, North Korea dispatched thousands of skilled IT workers to live in China and Russia with the goal of getting hired by companies in the US and elsewhere as freelance remote employees. In some cases the workers infiltrated company networks and stole info from them

Millions of emails intended for US military - including highly sensitive info - have been misdirected to Mali instead, due to people typing .ml in address instead of .mil. This, despite repeated warnings for a decade to double-check address before sending ft.com/content/ab62af… One misdirected email contained the travel itinerary for General James McConville, army's chief of staff, upcoming trip to Indonesia. It included a full list of hotel room #s for the general and 20 others, as well as details on how to collect his key at Grand Hyatt in Jakarta

"To people unfamiliar with the American criminal justice system, Baldwin’s decision sounds reasonable: Something terrible happened, and he wanted to help. But...if you are involved in a serious incident, it’s best not to talk to the police unless you have an attorney present."

https://twitter.com/marincogan/status/1618623237067509764

"despite the ritualistic incantation of the Miranda warning on every TV police procedural, silence is a right that people can find hard to accept....Refusing to talk to the police seems like something people do only when they’ve got something to hide."

During press call discussing Zelensky visit tomorrow, WH said US consulted closely with him “on the security parameters of him being able to depart” Ukraine. “He concluded that those security parameters were met. What he needed, we agreed with...and..we are executing accordingly" Biden/Zelensky discussed visit to US in phone call Dec. 11 then WH extended formal invite to come Dec 21st. Visit was only confirmed Sunday. Zelensky “indicated he was very keen” that his first visit outside of Ukraine be to the US to thank the US public for support given Ukraine

Director James Cameron commissioned a scientific study to see if Jack in Titanic would have survived if Rose had just shoved over and made room for him on the raft. Conclusion: "There was no way they both could have survived." torontosun.com/entertainment/… “We took two stunt people..the same body mass of Kate and Leo and we put sensors all over them and inside them and we put them in ice water and..tested to see whether they could have survived..the answer was, there was no way they both could have survived. Only one could survive”

Twitter has stopped paying rent on offices and is considering not paying severance packages to former employees, among other measures aimed at cutting costs. Also refused to pay $197,725 bill for private charter flights made the week of Musk’s takeover nytimes.com/2022/12/13/tec… Musk's personal attorney who he appointed head of legal is also no longer at Twitter. Musk was "unhappy with...decisions made by Mr. Spiro, a noted criminal defense lawyer who successfully defended the billionaire in a high-profile defamation case in late 2019"

Hm. Ghost says Substack has switched to using its code. Substack has lost a lot of writers to Ghost because Substack's code/design is rigid/lacks features. "So we clicked 'view source' to look at what was going on and that’s when we discovered Ghost code is now powering Substack"

https://twitter.com/JohnONolan/status/1602330377812643850

Substack didn't credit Ghost for the code it's using. Substack knows its code is inferior to Ghost's (which is why so many writers have left Substack to go to Ghost) but instead of working on its own code, it took Ghost's open-source code without crediting Ghost.

Semafor has obtained internal Slack messages among AP reporters/editors discussing how to treat claim by anonymous intel official that Russian missiles attacked Poland. It's messy, and it also raises questions about why reporter was fired for the error semafor.com/article/11/22/… "the slack messages on which the incident played out tell a different story, of honest mistakes, internal confusion, and a lack of a clear process that led to a disaster for one of the few news organizations whose Twitter presence is an authoritative account of world affairs"

DHS has stalled research grants to study domestic terrorism/violence. Sources say privacy concerns around the data collection are the reason, but others say it’s politics and that DHS is concerned about criticism over the studies and what they might show
washingtonpost.com/national-secur… “Right now, if the secretary of Homeland Security turns to us and says, ‘Last year, how many serious attacks based on ideology or grievance happened?’ we can’t answer those fundamental questions,” the DHS official said. “We don’t know.”

“hacked messages are also believed to have included highly sensitive discussions with senior international foreign ministers about the war in Ukraine.” Obvious question is why was she using personal phone for top-secret conversations? dailymail.co.uk/news/article-1… “phone was reportedly compromised when Truss was Foreign Secretary, but the details were suppressed by Johnson and the Cabinet Secretary Simon Case, who ordered a news blackout…the phone was so heavily compromised it has now been placed in a safe in a secure government location”

Associated Press is seeking candidates to help scrape election results on Nov. 8. Experience with web scraping required; Python skills preferred. Work to be done remotely on Nov 8 from 5pm ET to 3 am. Candidates will attend 2-hr training. Pay starts at $20/hr, students welcome DM me for the email address if you want to apply

Russian police/military “snatched men off the streets and outside Metro stations…lurked in apartment building lobbies…raided office blocks and hostels…invaded cafes and restaurants…rounded up dozens at a Moscow shelter for the homeless” washingtonpost.com/world/2022/10/… “I don’t want to kill people, and I don’t want to be killed, so I really have to lie low now….We live at a time when your neighbors could report on you. They might call police and say that there is a young guy staying in this house when he should be fighting fascists in Ukraine”

This isn’t true. The timing doesn’t match. Musk’s team asked the Pentagon to pay for Starkink in a letter sent on Sept 8. The Twitter tiff only occurred last week. Doesn’t change that his response below is provocative; but the service cutoff wasn’t prompted by the tiff.

https://twitter.com/prchovanec/status/1580876024736514056

Also, Starkink is a much better name than Starlink, tyvm.

Like call for encryption backdoors the call for forcing proof of identity online re-emerges every couple of years. He lays out all pros/cons, but bottom line is do we keep blaming platforms for failing to police harmful actors without giving them power to easily identify them?

https://twitter.com/profgalloway/status/1576186415473303554

If platforms can’t be trusted to hold identity info, 3rd-party companies can handle identity issue for them. “Once an identity is affixed to an account, a platform could decide whether to permit pseudonyms.” This way people get anonymity but can be held accountable when needed

State Department reached settlement with three former NSA analysts who worked for the UAE providing exploits used for cyber surveillance. The three are "prohibited from participating directly or indirectly in any activities subject to the ITAR for 3 years"
state.gov/u-s-department… Here's a story about the settlement from @SuzanneMSmalley cyberscoop.com/former-us-inte…

It was clear when Mudge left Twitter something was wrong. Now he’s blowing whistle. Says company doesn’t properly delete data, too many staff access central controls/sensitive info; senior execs cover up vulns; some staff may be working for foreign intel cnn.com/2022/08/23/tec… “About half of the company's 500,000 servers run on outdated software that does not support basic security features such as encryption for stored data or regular security updates by vendors”

Great story detailing US intel on Putin's plans before war, the need to persuade partners, and the challenge of helping a "less-than-perfect democracy" defy Russia, without NATO firing a shot @shaneharris @karendeyoung1 @ikhurshudyan @AshleyRParker @LizSly
washingtonpost.com/national-secur… Highlights from Post story about war intel: US discovered Putin was sharply increasing $ for military ops while leaving pandemic response underfunded. Every decision to arm Ukraine had to avoid giving Russia reason to escalate, which frustrated Ukraine.

washingtonpost.com/national-secur…

Assassination of al-Qaida leader Ayman al-Zawahri occurred at 6 am Kabul time (9:49 pm EST) on Sat July 30, says senior admin official. He was killed with two Hellfire missiles on balcony of safe house where he and family had been living since last year. No others were killed. al-Zawahri has been in hiding for yrs. Last year intel was watching for al Quaeda presence in Afghanistan. This year intel identified that al-Zawahri's wife, daughter and her children moved into safe house in downtown Kabul and al-Zawahri later joined them. He never left house.

Request to companies when you publish blog posts/reports - when you update info in post, please *do not* change date of the post to the date you made changes or make changes in the text. Instead, pls add changes at bottom of post, with a date indicating when changes were made. Readers should be able to easily track what changed since the first info was published. And for easy tracking, you should *never* change the publication date itself. Just add a note at top saying the post was updated and the date of the update.