What you should know from the week of 02/24/22:

• Non-state Hackers: 'P4x' and 'Cyber Partisans' cross frontiers in North Korea and Belarus;
• Wordle Sale: What really drove Wordle's multi-million dollar sale to the New York Times;
• NFTs. Really?: NFTs can be laughable, but some elements are here to stay;
• DHS Robots: Bradbury's Hound lurches forward under DHS CBP.

Non-state Hackers:

North Korea Hacked Him. So He Took Down Its Internet

Disappointed with the lack of US response to the Hermit Kingdom’s attacks against US security researchers, one hacker took matters into his own hands.

WIREDCondé Nast

Why the Belarus Railways Hack Marks a First for Ransomware

The politically motivated attack represents a new frontier for hacktivists—and won’t be the last of its kind.

WIREDCondé Nast

A twofer from the evergreen Andy Greenberg.

North Korea:

After North Korea tried to hack several American cybersecurity researchers, some were irritated and hurt, and mad at the US for failing to respond. One of them, going by "P4x" chose to respond by targeting North Korean websites.

FOR THE PAST two weeks, observers of North Korea's strange and tightly restricted corner of the internet began to notice that the country seemed to be dealing with some serious connectivity problems...
[North Korea's ongoing internet outages] was the work of one American man in a T-shirt, pajama pants, and slippers, sitting in his living room night after night, watching Alien movies and eating spicy corn snacks—and periodically walking over to his home office to check on the progress of the programs he was running to disrupt the internet of an entire country.

Belarus:

On Monday, a group of Belarusian politically motivated hackers known as the Belarusian Cyber Partisans announced on Twitter and Telegram that they had breached the computer systems of Belarusian Railways, the country's national train system, as part of a hacktivist effort the attackers call Scorching Heat. The hackers have...claimed to have encrypted its network with malware, for which they would only provide decryption keys if the Belarus government met a list of demands [including] a commitment from Belarusian Railways to not transport Russian troops as the Kremlin prepares for a possible invasion of Ukraine on multiple fronts.

Cyber Partisans have operated against Belarus before as I've written in August. But as Greenberg notes, this is significant shift in non-state hacking:

..the incident still seems to represent a new phenomenon. The group appears to be actual, bona fide hacktivists rather than state-sponsored hackers posing as such.

Takeaways:

Traditional barriers to entry have been reduced in cyberspace, allowing lower-tier actors like small groups or even individuals to have an international impact.

States have cherished 'cyber' as their own little playground of experimentation, where they have been able to test out new strategies while benefitting from poor attribution secrecy. But that model may not be sustainable as the barriers to entry are no longer keeping small groups or even individuals out. States are likely going to have to choose between:

A). Becoming more public with their ops (not very likely), or
B). Tolerating internal non-state actors as long as their behaviors align with state interests (this is the China and Russia model, and probably the easiest solution though not the best).

That second option will come with a challenging slew of unintended consequences.

As TheGrugq has said, this will introduce complications for US and other countries in regulating conflict in cyberspace.

Wordle Sale:

Wordle inventor ‘overwhelmed’ as New York Times buys game

Briton Josh Wardle sells his online game sensation to the New York Times for a seven-figure sum.

BBC NewsBBC News

"Software engineer Josh Wardle released the free simple online game [Wordle] in October, and has now sold it for an undisclosed seven-figure sum."

What drove this multi-million dollar valuation? The game is not too complex to recreate from a technical or legal standpoint. Rather, the game was purchased for its users.

This isn't perhaps that significant of an observation, and is not a knock on Wordle. But this is a useful example of the value that companies place on access to users.

Companies like Facebook, Amazon, Google, etc often tout their technical brilliance. And they have produced brilliant products. But in many cases their products have been successful because they already had access to a large user-base. And far more than their technical abilities, the large datasets that they amassed from those user-bases allowed them to build their products

NFTs. Really?:

People are spending millions on NFTs. What? Why?

NFT WTF FAQ.

The VergeMitchell Clark

Mitchell Clark has a great writeup of NFTs (Non-Fungible Tokens).

NFTs are interesting, and of course laughable and depressing like with Jimmy Fallon and Paris Hilton's joyless and bizarre NFT discussion (jump to 3:42 for a weird time).

An NFT is a digital asset, the ownership of which is tracked on the Ethereum blockchain. Critically, owning an NFT does not mean you possess that digital asset. For example, you can browse Opensea to see a bunch of NFTs, and seeBear #1337 from the FancyBear collection is recorded here. If what you want is to see this piece of...art... on your wall, you can save it and print it. Or, download it to your computer and post it to your blog...

However, this is part of the functioning of NFTs. As Clark notes:

But NFTs are designed to give you something that can’t be copied: ownership of the work (though the artist can still retain the copyright and reproduction rights, just like with physical artwork). To put it in terms of physical art collecting: anyone can buy a Monet print. But only one person can own the original.

The musician RAC talked about this concept on twitter this week. In particular, he states that he has made more money from a single NFT sale than he made in hi 15 year music career and notes that:

"a lot of people seem to miss that the entire point of NFTs is to make content FREE while making ownership scarce."

As Clark and RAC both note, NFTs aren't about assets, they are about ownership.

The staying power of NFTs is in social adoption of the concept of ownership as an intangible thing.

Money used to be items of intrinsic value (precious metals, determined by society to be valuable), then was abstracted to commodity money (intrinsically valueless materials, but backed by precious metals), then abstracted again to fiat money (backed by no valuable item).

Is the concept of ownership about to follow a similar course? As companies eagerly attempt to produce the "metaverse" (a digital world experienced through augmented and virtual reality), both the technology (NFTs) and the environment (the metaverse) for abstracted ownership are ripening.

DHS Robots:

Feature Article: Robot Dogs Take Another Step Towards Deployment | Homeland Security

S&T is offering CBP a helping hand (or “paw”) with robot dog technology that can assist with enhancing the capabilities of CBP personnel, while simultaneously increasing their safety downrange.

U.S. Department of Homeland Security logo

https://www.dhs.gov/science-and-technology/news/02/01/feature-article-robot-dogs-take-another-step-towards-deployment

A press release from DHS, complete with cutesy language, announces testing and intentions to deploy "robotic dogs" to the southern border.

Based on the article, Customers and Border Patrol (CBP) has not yet completed testing and the "Automated Ground Surveillance Vehicles" or "AGSVs" are not currently deployed operationally. However the goal of the testing is to determine if they can be.

Justification:

The AGSV's are intended to help prevent a range of criminal activity. Of course, those threats are overblown:

“Just like anywhere else, you have your standard criminal behavior, but along the border you can also have human smuggling, drug smuggling, as well as smuggling of other contraband—including firearms or even potentially, WMD,” explained Agent Brett Becker of the CBP Innovation Team (INVNT)

"Potentially" is putting in some serious work here; that comment on WMD is hysterical and unfounded. There are only the barest slivers of reporting suggesting that WMD is a concern at the southern border. And much of that reporting appears to be requesting an assessment of the threat, rather than proposing an actual threat exists.

As an example of how non-existent this concern is, articles referencing this exact DHS press release consistently turn up as top results when searching for "WMD southern border" across various search engines.

Additionally, as of 2019 DHS was looking into the feasibility of adding the drug Fentanyl as a WMD.

Overall, this has the familiar smell of government seeing new toys it wants, and hunting for a justification (rather than identifying a problem and searching for solutions).

Scope Creep:

The stated purpose of the tests is surely accurate, but not complete.

These systems are capable for a broad array of tasks: Ghost Robotics has already demoed armed versions of its robot dog, equipped with a rifle.

Also, CBP noted that:

“Operating out in the desert or mountains, agents and officers have to contend with the rugged terrain, high heat and humidity, and then, of course, they can come across those who wish to do harm.But there are plenty of risks closer to home, too. For instance, when missions take Border Patrol Tactical Operators into towns, cities, or ports, they can encounter hazardous environmental conditions, volatile individuals, or hostile threats. These situations can all be inherently dangerous.”

And also:

"Then, the testing transitioned to an indoor training facility that was built to replicate a residential building. There, the robot dogs would encounter a scenario that simulated being met by potentially hostile individuals. Set to the operator driven mode and using the wireless connection, the operator would maneuver the AGSVs to enter the structure, move through hallways, and peer around corners, as well as navigate stairs."

Both of these statements demonstrate that CBP has interests exceeding pure border patrol and surveillance, and bleed into more traditional law enforcement where the AGSVs would interact with individuals in residential buildings.

I don't believe—and don't mean to suggest—that ethical and moral issues on law enforcement evaporate or are materially reduced when dealing with non-citizens as opposed to citizens. But I do want to note that this technology is going to be subject to "scope creep" and be applied to citizens if it is deemed acceptable (as it should not be) to be used against non-citizens.

Later in the article, CBP tries to minimize concerns over the program:

Long demystified the AGSV program by saying “Technology such as semi-autonomous drones (air, ground, and even water) are used effectively as force multipliers elsewhere—and robot dogs are no different.”

This is just not true. It is true that the AGSVs are semi-autonomous, but these vehicles have an expressed and tested purpose in not just conducting surveillance, but "being met by potentially hostile individuals." This technology adds a new element of interaction with individuals that is fundamentally different from how semi-autonomous drones have been used previously.

The point is, technologies tested in war tend to find their way back home. And weapons tested at home against migrants tend to find their way being used against citizens.

There is a necessary conversation about whether it is good to use those systems/tools/techniques against anyone, but it is easier to defend against using against citizens.

Interest piqued? Disagree? Reach out to me at TwelveTablesBlog [at] protonmail.com with your thoughts.

Photo by Tamara Gak on Unsplash