The inspiration of early hacker culture; not your father’s DDoS; Prigozhin mutiny in cyberspace; China inching toward Ukraine? MOVEIt hack raises risk of deepfake scams
What We Are Reading, Hearing, and Watching -- June 29 2023
Netflix Miniseries “The Billion Dollar Code” Captures the Excitement of Early Hacker Culture
The Billion Dollar Code is a 2021 German television miniseries on Netflix. The series were based on a true event, a patent infringement lawsuit that two Germans brought against Google in 2014. In the early 1990s, these two Germans, one an art student and the other a programmer, along with a group of hackers, incorporated computer programming and digital art and developed a planet browser called TerraVision. In 2005, when Google Earth was released, the Germans believed Google Earth had plagiarized TerraVision’s code. If you have not watched the series, no spoilers here. However, if you are interested in the history of hacker culture, the series displayed some vivid scenes about Germany’s Chaos Computer Club (CCC), Europe’s largest hacker association with more than 40 years of history. The CCC claims they provide “information about technical and societal issues.”
Natto Team finds that the CCC’s hacker ethics, originally written in the 1980s, remain relevant and thought-provoking from various perspectives, such as the motivation and limits of hacking. CCC notes that aspects of this hacker ethic first appeared in Steven Levy’s 1984 classic Hackers: Heroes of the Computer Revolution. Here is a list of the club’s hacker ethics:
Access to computers - and anything which might teach you something about the way the world really works - should be unlimited and total. Always yield to the Hands-On Imperative!
All information should be free.
Mistrust authority - promote decentralization.
Hackers should be judged by their acting, not bogus criteria such as degrees, age, race, or position.
You can create art and beauty on a computer.
Computers can change your life for the better.
Don't litter other people's data.
Make public data available, protect private data.
The CCC published its “hacker bible” in two parts, one in 1985 and the second in 1988. Currently, the club remains active by organizing “campaigns, events, lobbying and publications as well as anonymous services and communication infrastructure,” according to its website.
A broader review of hacking, not in the narrow field of computing but in the sense of “subverting a system’s rules in unintended ways,” appears in Bruce Schneier’s new book A Hacker’s Mind. Schneier examines “an array of powerful actors whose hacks bend our economic, political, and legal systems to their advantage, at the expense of everyone else” and calls on readers to “understand the hacking mindset and rebuild our economic, political, and legal systems to counter those who would exploit our society.”
Not Your Father’s DDoS
The June 27 Washington Post column “Cybersecurity 202” reported on an upswing in distributed denial-of-service (DDoS) attacks. They wrote, “DDoS is surging, showing signs of increasing sophistication and being aimed against new kinds of targets.” Back in May, in the report “It’s Raining on Putin’s Victory Day Parade,” Natto Team wrote, “DDoS Operations Not Always a Mere Annoyance. DDoS attacks, usually seen as minor annoyances that unsophisticated actors can unleash using DDoS-for-hire services, also form part of the arsenal of Russian intelligence services…. In addition [to disrupting the functioning of targeted systems], sophisticated hackers can use DDoS attacks to assess targets’ defensive capabilities or distract attention from other malicious activities.”
Other Items of Interest
Prigozhin Mutiny in Cyberspace
“What happened in cyberspace during Prigozhin's rebellion/mutiny? Just like in any conflict ер [sic], 'cyber' played a part, but it wasn't that consequential”; this thread by international relations analyst Oleg Shakirov cites several reported incidents of pro- and anti-Prigozhin defacements, DDoS attacks, and sporadic Russian blockage of some Prigozhin-related social media. Of particular interest: “Now, the most curious factoid: one of pro-Russian hacktivist groups, NoName057(16), reportedly included Wagner websites into the target list for their volunteers, apparently causing some confusion... Friendly cyber?” and Wagner’s dubious claim to have taken down Russian military satellite Dozor. For more insights on the mutiny, see this Natto Thoughts’ post:
China Inching Toward Ukraine?
Al Jazeera reported on June 27 that “Beijing could back Ukraine’s aims of reclaiming its 1991 territorial integrity,” including Crimea and other regions Russia has claimed since 2014. Asked about supporting Ukraine’s aspiration, Fu Cong, China’s ambassador to the European Union, said “I don’t see why not. We respect the territorial integrity of all countries. So when China established relations with the former Soviet Union, that’s what we agreed. But as I said, these are historical issues that need to be negotiated and resolved by Russia and Ukraine and that is what we stand for.”
Many analysts track and assess Chinese attitudes toward Russia and Ukraine, especially looking for any changes after the Prigozhin mutiny. (Here’s one example from the Brookings Institution, a Washington, DC think tank, apparently written before the June 27 report on the Chinese ambassador’s statement). Repeated Chinese efforts in recent months to bring Ukraine and Russia to the negotiating table have been met dismissively by both sides. After the June 23-24 Prigozhin mutiny shook many countries’ faith in the stability of the Putin administration in Russia, China issued a statement of support for stability in that country, but analysts suggested that China may also be hedging its bets in case Putin loses power. Fu Cong’s statement reported on June 27 may represent an effort to keep China’s options open.
Cyber Risks of “Smart Cities”
An apparent cyber attack on the “Intelligent Transportation System” in the Polish city of Olsztyn reportedly caused traffic jams and problems with purchasing on public transportation. This incident highlights the risks of “smart city” technologies. Cybersecurity officials have urged cities to mitigate such risks, such as in this April 2023 bulletin by cybersecurity authorities in the US and other so-called Five Eyes countries. A variety of actors, both criminal and state-sponsored, pose cyber threats to public transportation systems, as Accenture Cyber Threat Intelligence reported in 2021. Numerous cyber incidents affecting European transportation systems have occurred during the Russian war on Ukraine. A former contractor for the Metro system in Washington, DC was able to log into the system remotely from Russia and access sensitive data, the Washington Post reported in May 2023.
Affected by the MOVEIt Hack? Beware of Deepfake Scams
As Natto Thoughts discussed last week, the Russian-speaking Clop (or Cl0p) group operation exploited the MOVEIt file transfer tool to breach over a hundred companies and public agencies. This put at risk the sensitive data they held on millions of ordinary citizens.
Cybersecurity experts are now warning that criminals could exploit the stolen data for ID scams with help from deepfake technology. They could “create fake video selfies that many US state agencies use to verify identities. That could allow criminals to successfully claim unemployment benefits, and apply for federal college loans, food stamps and other programs.”