Cybersecurity Advisors Network

Join Hugo Tarrida and John Salomon for the latest part of our Middle East cyberwarfare mini-series.

We decided to split a more in-depth discussion about the two most capable actors in the region, Israel and Iran, into two half-episodes. Join us as we look at the organizations that make up Israeli cyberwarfare and -defense capabilities, the history of Israeli state-sponsored and state-aligned cyber campaigns,

We also take a brief tour of Israeli media and social media operations, including information, propaganda, disinformation, and manipulation.

If you haven't watched it yet, please consider checking out our first overview of the overall Middle East situation: https://youtu.be/X3wkTszRlck

Because of the highly emotionally and politically charged nature of current events, we can't tell how impartial many of the websites describing Israeli capabilities are or aren't. We will thus stick to Wikipedia unless there's either an original Israeli government webpage available, or a source we feel is somewhat authoritative, even if it's biased - in any case, do your own homework and draw your own conclusions, we're not here to push a narrative.

We have our own views and opinions of current events. This discussion is not intended to endorse or condemn any particular viewpoint.

Neither of us speaks even a bit of Hebrew. We are thus at the mercy of translation engines and webpages in languages we understand. Your mileage may vary.

02:03 CFR overview of cyberwarfare capabilities: https://www.cfr.org/cyber-operations/ 02:50 Unit 8200: https://en.wikipedia.org/wiki/Unit_8200 03:05 Military Intelligence Directorate, aka Aman: https://www.idf.il/en/mini-sites/directorates/military-intelligence-directorate/military-intelligence-directorate/ 03:57 Unit 81: https://en.wikipedia.org/wiki/Unit_81 05:01 Havatzalot: https://en.wikipedia.org/wiki/Havatzalot_Program - Google's horrible translation of the Hebrew wikipedia page indicates it's some kind of lily. Flowers are nice. 05:16 Talpiot: https://en.wikipedia.org/wiki/Talpiot_program - the name's apparently some biblical reference from Song of Songs 4:4 according to their LinkedIn page, that we can't figure out 06:55 Technion / Israel Institute of technology: https://www.technion.ac.il/ 06:56 Hebrew University of Jerusalem: https://en.huji.ac.il/ 07:30 IDF Information Security Department: https://en.wikipedia.org/wiki/Information_Security_Department - it's unclear whether it's the same as these guys: https://www.mitgaisim.idf.il/%D7%AA%D7%A4%D7%A7%D7%99%D7%93%D7%99%D7%9D/cyber-protection-unit/ 07:40 Mamram: https://en.wikipedia.org/wiki/Mamram - apparently an abbreviation of the Hebrew for "Center of Computing and Information Systems" 09:15 This may be the Israel Innovation Authority - https://innovationisrael.org.il/en/ - we're not 100% sure though 11:14 Stuxnet: https://www.wired.com/2014/11/countdown-to-zero-day-stuxnet/ 11:22 Specifically, Siemens PCS7, WinCC, and STEP7 control software, and various Siemens S7 programmable logic controllers (PLCs). 22:59 TAO: https://en.wikipedia.org/wiki/Tailored_Access_Operations 12:16 We're going to assume you're capable of looking up Snowden a...

Join James Briscoe and John Salomon in the latest episode of the State of (Cyber)War podcast as they discuss the People's Republic of China and some of its disinformation capabilities.

This informal conversation includes discussion about Chinese foreign election interference, domestic social media manipulation, Taiwan, China's foreign political and economic interests and more.

John Salomon - https://www.linkedin.com/in/johnsalomon/ James Briscoe - https://www.linkedin.com/in/jimbriscoe/

02:10 Xi Jinping's new year's address, via CCTV: https://youtu.be/TEd3CtcL1pU?si=MAiKGP-SPjm8cjCe 02:50 Xi Zhongxun, Chinese revolutionary leader: https://en.wikipedia.org/wiki/Xi_Zhongxun 04:00 Taiwanese elections 2024: https://en.wikipedia.org/wiki/2024_Taiwanese_general_election 04:08 Kuomintang: https://en.wikipedia.org/wiki/Kuomintang 04:27 Democratic Progressive Party: https://en.wikipedia.org/wiki/Democratic_Progressive_Party 05:45 1992 Consensus: https://thediplomat.com/2022/07/the-1992-consensus-why-it-worked-and-why-it-fell-apart/ 07:15 These are the Valemax ore carriers: https://vale.com/w/fleet-of-ships-serving-vale-receives-first-ore-carrier-in-the-world-equipped-with-rotor-sails 09:12 50 Cent Party: https://en.wikipedia.org/wiki/50_Cent_Party 09:52 Nine-dotted line: https://en.wikipedia.org/wiki/Nine-dash_line 10:04 Belt and Road Initiative: https://www.cfr.org/backgrounder/chinas-massive-belt-and-road-initiative 13:00 https://www.reuters.com/article/idUSSIN277923/ 13:43 NY Times article on the topic: https://www.nytimes.com/2023/09/11/us/politics/china-disinformation-ai.html 14:15 https://en.wikipedia.org/wiki/2023_Chinese_balloon_incident 14:42 A lot of this is obviously speculation. https://www.wired.com/story/east-palestine-ohio-train-derailment-tiktok/ 16:42 Asia Infrastructure Investment Bank: https://www.aiib.org/en/index.html 19:35 An article about PRC influence on the Taiwanese elections: https://www.theguardian.com/world/2024/jan/09/taiwan-presidential-election-china-influence 20:32 https://www.npr.org/2023/11/30/1215898523/meta-warns-china-online-social-media-influence-operations-facebook-elections 21:05 A US State Department briefing on this topic: https://www.state.gov/briefings-foreign-press-centers/how-the-prc-amplifies-russian-disinformation 24:15 United Front Work Department: https://en.wikipedia.org/wiki/United_Front_Work_Department 26:25 Some points about interference in US elections: https://gdil.org/russian-and-chinese-influence-actors-and-operations-against-the-american-electorate/ 29:34 Hundred Years of Humiliation: https://en.wikipedia.org/wiki/Century_of_humiliation 30:30 The Avoidable War, by Kevin Rudd: https://www.avoidablewar.com/ 32:23 Natto Thoughts: https://nattothoughts.substack.com/ 32:26 The disinformation handbook (part I): https://nattothoughts.substack.com/p/disinformation-handbook-a-concise

A few links on the topic worth reading:

Chinese information operations against Taiwan:

https://therecord.media/taiwan-elections-china-interference https://www.theguardian.com/world/2024/jan/09/taiwan-presidential-election-china-influence https://thediplomat.com/2024/01/beijing-tries-to-capitalize-on-taiwans-controversial-rocket-alert/ https://thediplomat.com/2024/01/rip-off-the-blindfold-let-taiwanese-civil-society-learn-from-ukraine/ https://fpri.org/article/2023/12/whats-at-stake-in-upcoming-taiwan-election/

General Chinese disinfo operations:

https://www.rand.org/pubs/commentary/2023/10/dismantling-the-disinformation-business-of-chinese.html https://www.defenceconnect.com.au/joint-capabilities/13356-report-massive-chinese-disinformation-campaign-uncovered-on-youtube

https://medium.com/doublethinklab/propaganda-analysis-how-different-actors-in-chinas-information-ecosystem-portray-the-ukraine-war-ac82713c2f68 https://www.npr.org/2023/11/30/1215898523/meta-warns-china-online-social-media-influence-operations-facebook-elections

The State of (Cyber)War is a project by members of the Cybersecurity Advisors Network (CyAN), with an interest in information security topics relevant to geopolitics, military cyberdefence, diplomacy, and other international topics. We discuss various aspects of both current and past issues from the point of view of interested amateurs with varying degrees of experience in the field, in a not-always-entirely-serious format.

Visit the Cybersecurity Advisors Network at https://cybersecurityadvisors.network

Intro music courtesy of AlexiAction via Pixabay: https://pixabay.com/users/alexiaction-26977400/ Outro music courtesy of Studio Kolomna via Pixabay: https://pixabay.com/users/studiokolomna-2073170/

Original YouTube video at https://youtu.be/xBAJ2rBKrMc

In today's conversation, Craig Rowland joins us to talk about the often overlooked significance of Linux as a key part of global communications and computing infrastructure, and discuss various types threats targeting Linux systems.

Malware, attackers, and techniques are often very distinct from those seen on Windows; Craig shares insights all of these from his extensive experience both writing and reverse-engineering Linux malware.

Craig is CEO of Sandfly Security, a New Zealand-based provider of Linux threat behavior scanning tools. Full disclosure: John Salomon is a paid consultant to Sandfly Security.

Notes from the video:

03:48 I can't find a source for the 95% figure, but a 2023 ZDNet article says 90%, which seems to be the most common figure: https://www.zdnet.com/article/linux-has-over-3-of-the-desktop-market-its-more-complicated-than-that/ 03:55 Percentage of top million websites running Linux is another interesting statistic, which seems to be well above 90%. For example: https://gitnux.org/linux-statistics/ 04:08 https://www.linuxinsider.com/story/the-flying-penguin-linux-in-flight-entertainment-systems-65541.html etc. etc. 05:54 France's Gendarmerie Nationale: https://en.wikipedia.org/wiki/GendBuntu 06:40 https://www.zdnet.com/article/linux-not-windows-why-munich-is-shifting-back-from-microsoft-to-open-source-again/ 14:10 A propos, F5 has some interesting ways of using web shells as an attack vector: https://www.f5.com/labs/learning-center/web-shells-understanding-attackers-tools-and-techniques 14:40 "attacks on kubernetes" is a fun web search string. Same for "attacks on S3 buckets". Enjoy. 14:56 https://redis.io/solutions/messaging/ 15:42 https://en.wikipedia.org/wiki/Patch_Tuesday 17:40 To be fair, Bob in Accounting is a pretty powerful entry point to the organization for various types of cyberattackers. 19:35 Mirai botnet: https://www.cloudflare.com/learning/ddos/glossary/mirai-botnet/ 19:37 NoaBot: https://www.akamai.com/blog/security-research/mirai-based-noabot-crypto-mining 20:35 Chroot (change root directory): https://wiki.archlinux.org/title/chroot 27:42 PuTTY: https://www.putty.org/ 29:45 There are several cryptojackers that try to neutralize competing malware, e.g. ChaosRAT https://www.trendmicro.com/en_th/research/22/l/linux-cryptomining-enhanced-via-chaos-rat-.html or Jenkins https://www.f5.com/labs/articles/threat-intelligence/new-jenkins-campaign-hides-malware--kills-competing-crypto-miner 35:30 For example LockBit: https://www.akamai.com/blog/security/learning-from-the-lockbit-takedown 35:37 My mistake - AvosLocker is also a Linux port of Windows malware: https://www.trendmicro.com/vinfo/us/security/news/ransomware-spotlight/ransomware-spotlight-avoslocker - HiddenWasp may be a better example: https://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/hiddenwasp-malware-targets-linux-systems-borrows-code-from-mirai-winnti 35:42 Diamorphine LKM rootkit: https://github.com/m0nad/Diamorphine 36:44 https://core.vmware.com/esxi - an example is ESXiArgs ransomware: https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-039a 38:42 Abuse.ch MalwareBazaar: https://bazaar.abuse.ch/ 38:49 Fraunhofer FKIE Malpedia: https://malpedia.caad.fkie.fraunhofer.de 39:35 You could just run a Linux version of the virus aquarium: https://xkcd.com/350/ 39:52 A few examples of VM detection: https://www.cynet.com/attack-techniques-hands-on/malware-anti-vm-techniques/ 41:15 Joe Sandbox: https://www.joesandbox.com/ 42:10 No I won't, because I can't find it. Bit of Baader-Meinhof going on there... 42:59 https://www.youtube.com/@SandflySecurity

Craig on LinkedIn: https://www.linkedin.com/in/craighrowland/ Sandfly Security: https://sandflysecurity.com

Check out the rest of CyAN's media channels on https://cybersecurityadvisors.network/media - and visit us at https://cybersecurityadvisors.network

Intro/outro music courtesy of Studio Kolomna via Pixabay: https://pixabay.com/users/studiokolomna-2073170/

Original video available at https://youtu.be/W-7edx7Le6Y?si=NOoOy1kF3KiVOPUe

In today's episode of State of (Cyber)War, Hugo Tarrida and John Salomon talk about China's approach to cyberwar. What is the history behind Chinese cyber capabilities? What are Chinese geopolitical, economic, and social objectives that drive their international cyber activities? What are some of the biases that we should be aware of when evaluating the trajectory of China and its cyberwar abilities?

Also don't forget to check out our previous video about Chinese disinformation activities here: https://youtu.be/xBAJ2rBKrMc

Notes and links:

Hugo Tarrida on LinkedIn: https://www.linkedin.com/in/hugo-tarrida-32915a204/ John Salomon on LinkedIn: https://www.linkedin.com/in/johnsalomon/

Wikipedia article worth reading about Chinese cyber warfare: https://en.wikipedia.org/wiki/Cyberwarfare_by_China

05:42 Granted, Stuxnet was a joint US-Israeli venture - https://en.wikipedia.org/wiki/Stuxnet 07:06 https://www.reuters.com/world/russia-says-its-working-major-new-agreement-with-iran-2023-12-12/ 14:05 Titan Rain - https://en.wikipedia.org/wiki/Titan_Rain Related: Operation Aurora (2009) - https://en.wikipedia.org/wiki/Operation_Aurora 15:20 https://www.npr.org/2022/05/11/1098368201/a-spying-scandal-and-the-fate-of-western-sahara 17:07 The case of Wen Ho Lee, one of several perpetrators of military espionage: https://sgp.fas.org/crs/nuke/RL30143.pdf 20:30 https://nattothoughts.substack.com - Nellie Ohr and her team do excellent analysis work 20:50 "An Analysis of China's Great Cannon" - https://www.usenix.org/system/files/conference/foci15/foci15-paper-marczak.pdf Shoutout to fellow UC Berkeley CSUA member Nick Weaver for co-authoring this paper) 27:48 E.g. "The 'Century of Humiliation' and China's National Narratives" - https://www.uscc.gov/sites/default/files/3.10.11Kaufman.pdf 29:42 Belt and Road Initiative - https://www.cfr.org/backgrounder/chinas-massive-belt-and-road-initiative 32:38 Referenced here: https://en.wikipedia.org/wiki/Chinese_information_operations_and_information_warfare ("Definitions" section) 32:45 The Three Warfares: https://apps.dtic.mil/sti/tr/pdf/ADB372300.pdf 34:04 The Nine-Dash Line: https://chinaus-icas.org/research/map-spotlight-nine-dash-line/ 34:52 In fact, ruled to be explicitly illegal by the Permanent Court of Arbitration in 2016: https://pca-cpa.org/en/news/pca-press-release-the-south-china-sea-arbitration-the-republic-of-the-philippines-v-the-peoples-republic-of-china/ 36:19 US FBI director Christopher Wray recently warned about this: https://www.npr.org/2024/01/31/1228153857/wray-chinese-hackers-national-security

The State of (Cyber)War is a project by members of the Cybersecurity Advisors Network (CyAN), with an interest in information security topics relevant to geopolitics, military cyberdefence, diplomacy, and other international topics. We discuss various aspects of both current and past issues from the point of view of interested amateurs with varying degrees of experience in the field, in a not-always-entirely-serious format.

Visit the Cybersecurity Advisors Network at https://cybersecurityadvisors.network

Intro music courtesy of AlexiAction via Pixabay: https://pixabay.com/users/alexiaction-26977400/

Outro music courtesy of Studio Kolomna via Pixabay: https://pixabay.com/users/studiokolomna-2073170/

Original YouTube video at https://youtu.be/HLVPDojARh0

Welcome to episode 2 of CyAN's State of (Cyber) War series.

Today, James Briscoe and John Salomon talk about Japan - its national cyberdefence capabilities, the regional and global threat landscape, regulations and laws, and how all of these are evolving in the face of changing geopolitical realities and technologies.

A few notes from our chat:

02:25 US-Japan 1960 joint security treaty: https://www.mofa.go.jp/region/n-america/us/q&a/ref/1.html 02:37 Article 9 Japanese constitution: https://en.wikipedia.org/wiki/Article_9_of_the_Japanese_Constitution 02:45 SCAP: Supreme commander allied powers 02:58 Japan Self Defense Forces: https://en.wikipedia.org/wiki/Japan_Self-Defense_Forces 05:01 2019 US-Japan security treaty update: https://www.mofa.go.jp/files/000470738.pdf 06:54 national security strategy end of 2022: https://www.cas.go.jp/jp/siryou/221216anzenhoshou/nss-e.pdf 08:14 Lazarus Group: https://www.aljazeera.com/news/2023/12/9/us-japan-south-korea-launch-new-efforts-to-counter-n-korea-cyber-threats 10:35 Lazarus Group's cryptocurrency thefts: https://www.coindesk.com/markets/2023/12/01/north-korean-hackers-lazarus-group-stolen-3b-in-cryptocurrency/ 11:29 https://www.dragonflyintelligence.com/news/japan-shift-to-a-more-offensive-cyber-posture-in-2023/ 11:35 https://asia.nikkei.com/Politics/Japan-to-quadruple-cyber-defense-forces-meeting-threats-head-on 12:47 The 2016 revision in question: https://www.mofa.go.jp/files/000143304.pdf 13:37 The spending increase to 2% request: https://www.reuters.com/business/aerospace-defense/japan-makes-record-defence-spending-request-amid-tension-with-china-2023-08-31/ 13:59 It's actually 2% as well: https://www.nato.int/docu/review/articles/2023/07/03/defence-spending-sustaining-the-effort-in-the-long-term/index.html 14:39 CCDCOE: https://ccdcoe.org/ 14:46 Locked Shields exercise: https://ccdcoe.org/exercises/locked-shields/ 15:33 The official in question was former US Director of National Intelligence Dennis Blair: https://japannews.yomiuri.co.jp/politics/political-series/20221122-72394/ 16:05 The Japanese National Security Strategy allows for development of a posture for information warfare and introduction of active cyber defence in cybersecurity. It will create a government information warfare department, allowing government to aggregate and analyze the situation on disinformation originated abroad. The National Center for Incident Readiness and Strategy for Cybersecurity is to be restructured to establish an new organisation to coordinate policies between the police and JSDF. This will allow for active cyber defence against attackers. Training for 4000 cyber ‘warriors’ and 16k cyber-capable JSDF members over 5 years is also foreseen. The Ministry of Foreign Affairs plans AI to enhance monitoring of information and intelligence analysis. Furthermore, defence industry profit margin will be permitted to increase to a max of 15%. 16:45 The Nagoya port ransomware attack of July 2023: https://www.bloomberg.com/news/articles/2023-07-06/nagoya-port-delays-restart-following-alleged-ransomware-attack 17:10 The Chinese cyberattack on the Japanese defence network: https://www.japantimes.co.jp/news/2023/08/08/japan/japan-china-hack-defense-network/ - WaPo article: https://www.washingtonpost.com/national-security/2023/08/07/china-japan-hack-pentagon/ 17:23 KillNet ceases attacks on Japan: https://english.kyodonews.net/news/2022/09/9846d4bf7aee-pro-russia-hacker-group-stops-cyberattacks-on-japan-due-to-money-woes.html 20:17 2023 Amendments to Telecommunications Business Act: https://www.dataguidance.com/news/japan-amendments-telecommunications-business-act-enter 20:20 Unauthorized Computer Access Law (UCAL): https://iclg.com/practice-areas/cybersecurity-laws-and-regulations/japan

James Briscoe on LinkedIn: https://www.linkedin.com/in/jimbriscoe/ John Salomon on LinkedIn: https://www.linkedin.com/in/johnsalomon/

Check out the rest of CyAN's media channels on https://cybersecurityadvisors.network/media - and visit us at https://cybersecurityadvisors.network

Original YouTube video version: https://youtu.be/Fmuno8ohJPs

Intro/outro music courtesy of AlexiAction via Pixabay: https://pixabay.com/users/alexiaction-26977400/