shift change 2024-02-06

Welcome to your shift change report: news from the off-going watch to the oncoming on anything interesting in privacy, security, or intelligence. 

1. Russia’s cyber tactics not accomplishing Russia’s goals in Ukraine, making Ukraine more resilient, not less.

• Russia’s cyber attacks have targeted civilian infrastructure:

Studies from the CyberPeace Institute, the Amsterdam Law School, and the Center for Strategic and International Studies likewise indicate that the overwhelming majority of Russian cyber attacks during the war have been directed against civilian targets and government services, with few discernible links to the Ukrainian armed forces. John Hultquist, vice president of threat intelligence at cybersecurity firm Mandiant, noted that these attacks appeared designed to “strike fear into every Ukrainian and really just up the psychological toll.”

• But it doesn’t work (my emphasis at the end):

Instead, the net effect of so much Russian aggression in the digital domain—consistent with the previous findings of air warfare theorists—was to steel Ukrainian resolve and further galvanize a historic outpouring of Western technological and cyber assistance to Kyiv. Remarkably, despite the onslaught, Ukraine over the past decade has become a burgeoning tech hub and a model of digital connectivity, e-governance, and cyber resilience—successes arguably necessitated and thus accelerated by Russia’s unrelenting cyber aggression. In this regard, Ukraine’s experience echoes that of Estonia, which, since being bombarded with cyber attacks in 2007, has become a model of digitization and a hub for international cybersecurity collaboration.  However costly and disruptive it has been to the victims, Moscow’s countervalue cyber strategy, as part of a broader geopolitical project to re-subordinate its neighbors, has failed miserably.

When I am copying and pasting large blocks of text, it’s because I cannot do the writer’s work justice in the short snapshots I try to use in this format. Read this freaking article.

2. Ukraine’s drones continue to fly, blow up Russian equipment, and disrupt Russian goals—despite Russian jamming.

How does Ukraine overcome Russian jamming?

• Attack the jammer, because it is a giant and easy-to-find radio signature pumping out huge amounts of power to accomplish its goal.
• Frequency hopping outside the frequency range of the jammer, or at a pace the jammer cannot accommodate.
• Maybe Russia’s gear stinks:

Russia widened their war on Ukraine in February 2022 with what, on paper, was the world’s most fearsome electronic-warfare force: overlapping radio-and radar-detectors, automated jamming-control systems and hundreds of jammers, big and small.

It should be evident, by now, that Russia E.W. doesn’t always work very well in the stress of actual combat. “As it turns out, such equipment is effective only at Russian training grounds,” the Ukrainian military stated after the army’s 128th Mountain Assault Brigade captured a Silok set in September 2022.

Another way of saying it doesn’t work in combat, is saying “it doesn’t work.”

3. The Biden Administration plans to try to deny foreign threat actors access to data hoards collected by US companies (and bought by US intelligence and law enforcement); and, definitely does not understand the scope of the problem, or the number of Americans who would unwittingly (or wittingly) serve as intermediaries for such transactions.

• This will not stop motivated threat actors from accessing the information collected and held by data hoarders:

The apparent home addresses and health conditions of thousands of active-duty US military personnel can be bought cheaply online from data brokers, researchers at Duke University found in a study published in November.

“To the Chinese and Russian governments, it would be child’s play to set up a front website or company, deceive some US data brokers, and purchase sensitive data about clearance-holders or other Americans of interest,” Justin Sherman, who led the Duke study, told CNN on Tuesday.

• But, while this action does not solve a problem—it may work, in combination with other policies (like the FTC’s recently invigorated enforcement efforts here, here, and here) to raise the cost of entry and longevity into these markets, limiting the field and narrowing the scope of harm.
• I’ll cross my fingers, but I’d rather support an effort to stop the supply of this data being collected, maintained, and packaged as a commodity before thinking I can regulate the distribution a high demand product. It never worked with drugs, and hasn’t stopped the vulnerability market from exploding under and in the US’ face.
• Oh, don’t forget—the NSA buys the same data; maybe that’s why our elected officials won’t stop it. Money is the easiest path around the 4th Amendment, either have it, or don’t and the 4th won’t apply (dripping, acidic sarcasm intended.)

4. OpenCTI supports RSS feeds; here is a list of feeds to add to your TIP.

• Yeah, this is not breaking news, but it is a tool to stay on top of breaking news, and enrich your overall context intake—right in your threat intelligence platform. The one standout I do not see on the RSS feed list is anything from Recorded Future.

5. The US has a new head hacker (and defender!)—meet Air Force General Timothy Haugh.

## The shift change is a collection of timely stories of interest in the security, privacy, and intelligence worlds. Thanks for reading, and feel free to reach out to will@signaltonoise.fyi for any questions, comments, or thoughts on items you’d like to see highlighted (especially if its free, virtual training or networking events that could help the community as a whole).