The second order effects of banning TikTok will be very interesting.

Personally, I think people are missing the real threat it poses, which is that the CCP has influence over the discourse of any topic they choose. They can promote one side and downplay others. Access to data does not require having an app. Data brokers will sell anything, or can be hacked, and they have far more aggregate data than a single app can collect. There are no laws about data brokers, so obviously data isn’t the real concern.

1/What I learned about B2B sales strategies from Robert Hanssen’s 20 year career of espionage, some lessons on closing deals and keeping clients happy. #SalesTips #Espionage

🧵⤵️ 2/ First lesson: Trust your gut and set your own terms. Hanssen didn’t rely on Soviet tradecraft; he made them use his own. Moral? Don’t always follow the client’s lead. Sometimes, you need to dictate the process to ensure success. #SalesStrategy

Telegram is a social media platform, not a secure messenger. The primary use of the system is for groups, with one to one messaging occupying the same space as Twitter DMs.

Signal and Telegram address very different markets. There is no Signal Telegram dichotomy. Signal is a secure messenger, Telegram is a social media app.

The xz backdoor was the final part of a campaign that spanned two years of operations. These operations were predominantly HUMINT style agent operations. There was an approach that lasted months before the Jia Tan persona was well positioned to be given a trusted role. The trigger for this “Quest for Maintainer” operation was a very long patch which was exactly the sort of thing that the maintainer was not able to process particularly well. New personas appeared to push on this issue. Jigar Kumar was the spearhead for this op.

On the .xz backdoor.

It is hard to see how the developer Jia Tan is innocent. The backdoor was added in 5.6.0 by his account. He contacted Fedora to push them to move to 5.6.0. There was a problem with valgrind, they worked with hi to resolve it. He commits the fix in 5.6.1. If Jia Tan did not commit the backdoor in 5.6.0, and his account was hijacked, it strains credulity that he worked on fixing an issue introduced from a fraudulent commit in his name without noticing. Instead, he worked with Fedora to resolve the issue and committed a fix.

@ravirockks @onixIT “The cyber will get through”

Seriously though, these sorts of attacks have been categorised as counter value operations (the Douhet strategy). And I’m willing to believe that is the Kremlin strategy here.

I just wonder if the mid level commanders believe it will work? @ravirockks @onixIT Or, are they just doing what they get told to do / what they know their bosses expect them to do?

If you spent a couple months gaining access to Kyivstar and then destroy everything just because “it’s Monday” wouldn’t you feel like you’ve wasted your time?

Cambridge Analytica is Goebbles 2.0

See if you can match the Goebbles rules for propaganda to the CA talking points! Its fun :)



psywarrior.com/Goebbels.html 1. Propagandist must have access to intelligence concerning events and public opinion.

.. yup, looks like CA does that. ✅

A critical security feature is self cleansing (this is one of the reasons you cannot have secure email). The next critical component is strong encryption with PFS. The third leg of the “actually secure” tripod is anonymous + disposable accounts. Nothing ticks all the boxes.

External Tweet loading...
If nothing shows, it may have been deleted
by @flyryan view original on Twitter

Signal: self cleansing, strong encryption, accounts are linked to a smartcard

Wickr: self cleansing, unknown encryption, moderate unlinking¹

Threema: 👎, no PFS, moderate unlinking¹

Telegram: self cleansing, 😂, smartcard

Confide: self cleansing, 😂, smartcard
__
¹ GCM/APN

Ha, that thing you tweeted about, is like OverSec for browsers. OverSec works on Android, has some awesome features In particular you can send the encrypted text encoded into non visible glyphs, and then write a cover message that is displayed instead