The xz backdoor was the final part of a campaign that spanned two years of operations. These operations were predominantly HUMINT style agent operations. There was an approach that lasted months before the Jia Tan persona was well positioned to be given a trusted role. The trigger for this “Quest for Maintainer” operation was a very long patch which was exactly the sort of thing that the maintainer was not able to process particularly well. New personas appeared to push on this issue. Jigar Kumar was the spearhead for this op.

On the .xz backdoor.

It is hard to see how the developer Jia Tan is innocent. The backdoor was added in 5.6.0 by his account. He contacted Fedora to push them to move to 5.6.0. There was a problem with valgrind, they worked with hi to resolve it. He commits the fix in 5.6.1. If Jia Tan did not commit the backdoor in 5.6.0, and his account was hijacked, it strains credulity that he worked on fixing an issue introduced from a fraudulent commit in his name without noticing. Instead, he worked with Fedora to resolve the issue and committed a fix.

@ravirockks @onixIT “The cyber will get through”

Seriously though, these sorts of attacks have been categorised as counter value operations (the Douhet strategy). And I’m willing to believe that is the Kremlin strategy here.

I just wonder if the mid level commanders believe it will work? @ravirockks @onixIT Or, are they just doing what they get told to do / what they know their bosses expect them to do?

If you spent a couple months gaining access to Kyivstar and then destroy everything just because “it’s Monday” wouldn’t you feel like you’ve wasted your time?

Cambridge Analytica is Goebbles 2.0

See if you can match the Goebbles rules for propaganda to the CA talking points! Its fun :)



psywarrior.com/Goebbels.html 1. Propagandist must have access to intelligence concerning events and public opinion.

.. yup, looks like CA does that. ✅

A critical security feature is self cleansing (this is one of the reasons you cannot have secure email). The next critical component is strong encryption with PFS. The third leg of the “actually secure” tripod is anonymous + disposable accounts. Nothing ticks all the boxes.

External Tweet loading...
If nothing shows, it may have been deleted
by @flyryan view original on Twitter

Signal: self cleansing, strong encryption, accounts are linked to a smartcard

Wickr: self cleansing, unknown encryption, moderate unlinking¹

Threema: 👎, no PFS, moderate unlinking¹

Telegram: self cleansing, 😂, smartcard

Confide: self cleansing, 😂, smartcard
__
¹ GCM/APN

Ha, that thing you tweeted about, is like OverSec for browsers. OverSec works on Android, has some awesome features In particular you can send the encrypted text encoded into non visible glyphs, and then write a cover message that is displayed instead