What you should know from the week of 03/04/22:

• Ukraine: Russia invades Ukraine, and the world responds;
• Conti and Nvidia: The Conti ransomware gang suffers leaks, and Nvidia gets hacked by Lapsus;
• Personalized Pricing: Tinder's personalized pricing algorithms explained;
• Amazon's Ads: The myth of Amazon's business hides its monopoly power.

Ukraine:

As you are likely aware, Russia violated Ukrainian sovereignty and international law in an unprovoked invasion of Ukraine. Russia is absolutely wrong and needs to be opposed as strongly as possible.

There is so much to address, so I'll hit briefly on five main issues (the other three WYSK elements this week will be shorter as a result).

1. Nuclear reactor:

Russia attacked the Zaporizhzhia nuclear plant in Ukraine earlier this week. The event drew lots of attention, as anything in this conflict with the word "nuclear" in it will do.

Jeremy Gordon, who has worked on Nuclear Energy issues for almost two decades albeit in communications roles rather than technical or engineering roles, wrote a length thread on twitter addressing some of the concerns and noting that the risk of some Chernobyl-esque radiation disaster was small:

Zaporizhzhia provides about a quarter of Ukraine's energy, helping demonstrate some of the value such a target might have to Russia. A peaceful nuclear power plant is not an appropriate target for an armed attack and does introduce risk of a nuclear disaster. The inappropriateness may be the point of Putin's actions, as it demonstrates his continued willingness to violate norms.

Additionally, the attack triggers a resolution adopted by the UN in 1990 that says the UN must act immediately in the event of an attack on a nuclear power plant. The resolution was introduced by Iran and therefore some countries (like the US or Israel) may have additional desires to avoid the strong condemnation Putin's action deserves, as doing so might weaken their abilities to use force against Iranian nuclear facilities in the future.

2. Western involvement:

‘Yes, He Would’: Fiona Hill on Putin and Nukes

Putin is trying to take down the entire world order, the veteran Russia watcher said in an interview. But there are ways even ordinary Americans can fight back.

POLITICOMaura Reynolds

As Putin raises the specter of nuclear war, the West is struggling to determine a course of action that is both effective at deterring further Russian actions while also avoiding any escalation.

Such a path is desirable, but may not exist.

In an interview this week, Fiona Hill clearly laid out Putin's history of violation of international law and norms, and that there will be no cost-free solution to stop Putin (a sentiment echoed by Gary Kasparov, who noted this week that "The price to stop him has gone up every time he has advanced unchallenged").

And as Hill notes, Putin has already used weapons of mass destruction in Europe, just in small quantities. Bellingcat's Eliot Higgins eloquently stated similar views in 2021.

It is rational and moral to take extreme pains that will avoid war with Russia. But if Putin is dead-set on escalation, those pains are merely procrastination, and not a noble-minded pursuit of ideals in statecraft. So far, Putin's behaviors of continued and expanding violation of norms and law suggests that he will not moderate his aggressive actions.

3. UK Response:

The UK has issued strong verbal responses, but weak practical responses.

As Oliver Bullough London is saturated with dirty Russian money, which puts political limits on how effective it the UK government will want sanctions to be in practice. I've written on this concept in October.

4. International tech reaction:

Tech companies have reacted sharply to Russia's actions. Twitter, Google, and Facebook have limited Russian ads and reach, Google stopped sharing Maps traffic data, Microsoft and Cisco have ended sales in Russia, and countless other companies have taken a variety of public actions. There are even rumors that aircraft manufacturers have cut off Russian access to online repair manuals.

The sweeping nature of this behavior has been so broad that The Information wrote in their weekly newsletter about how this may be a turning point for Big Tech, as they show the world their power for good.

This is all good.

However, there is a key takeaway that I don't see reporting on: China (and other repressive/authoritarian regimes) is going to learn a key lesson from this and double-down on not merely extracting its 'infosphere' from dependence on Western companies, but will also seek to push its own technologies on partners.

I predict that Beijing will view getting firm adoption of their technologies in the US as nice, but their priority will be getting firm adoption of their technologies in Europe in order to be able to apply similar pressure.

Beijing, with its control over all large Chinese corporations, would benefit from European dependence on Chinese technologies that could be withheld in the event of conflict or disagreement. Such a capability would allow Beijing significant non-military hard power that could be leveraged to achieve pro-Beijing behaviors in the future.

This will continue to be a risk.

5. Hacking Open Season

Fascinatingly, Ukraine has declared open season for hackers looking to target Russian government servers.

Ukraine's Minister for Digital Transformation has shared a Telegram channel for an "IT Army," and has announced a 'hit list' of Russian government websites.

Conti and Nvidia:

Two articles jammed into this one this week due to the similarity of the stories.

Conti Leak:

The Conti ransomware leaks

Perhaps one of the most interesting leaks for the threat intelligence community, the Conti data dumps will provide invaluable data for a long time to come.

MalwarebytesThreat Intelligence Team

First, the Conti Ransomware gang had significant data leaked, allowing researchers access into their chat logs, technical manuals, and records of organizations they had victimized.

Additional reporting from Ars, and you can read some of the records on Github.

NVIDIA Breach:

NVIDIA Fires Back at Hackers By Encrypting 1 TB Stolen Data & Successfully Ransomed Their Systems

Hackers who infiltrated NVIDIA’s servers & stole over 1 TB of data were hacked themselves as alleged in a new report by underground group.

WccftechHassan Mujtaba

Second, NVIDIA was hacked by the LAPSUS$ ransomware group. They were breached pretty thoroughly, but the interesting bit is that NVIDIA allegedly 'hacked back' and compromised LAPSUS$ systems to attempt to secure NVIDIA's stolen data.

I do want to emphasize again that NVIDIA's hack back is purely allegations from the LAPSUS$ group, but NVIDIA has not yet made a public statement that they did not do so.

An unnamed source told Venturebeat that "Nvidia did not hack the threat actor or deploy malware in retaliation to the attack," but a narrow interpretation of that statement could be supported by Techspot's reporting that LAPSUS$ "supposedly left one of its virtual machines enrolled in Nvidia's mobile device management program, which gave Nvidia a backdoor into its systems...."

In such an event, there would be no need for NVIDIA to deploy malware, and it is easy to envision a technical (but not legal) expert arguing that using MDM to administer enrolled devices would not be hacking.

Personalized Pricing:

Fascinating reporting from the Mozilla foundation:

"...within a single country, consumers can be quoted up to 31 unique price points for a Tinder Plus subscription. Further, some people are charged up to five times more for the exact same service: In the Netherlands, prices ranged from $4.45 to $25.95. In the U.S., they ranged from $4.99 to $26.99."

You can read their overview here, and access the full report here.

One interesting tidbit was that older users tended to be charged more.

Amazon's Ads:

Pluralistic: 27 Feb 2022 – Pluralistic: Daily links from Cory Doctorow

Pluralistic: Daily links from Cory Doctorow No trackers, no ads. Black type, white background. Privacy policy: we don't collect or retain any data at all ever period.Cory Doctorow

Cory Doctorow wrote about Amazon this week. While it was notionally about Amazon's ads (and did address advertising fairly centrally), it was much more of a critique of the myth of Amazon's "customer centric" focus.

...Amazon's "customer-centrism" was and is a tactic, not a goal. The goal is maximizing profits. If "customer-centrism" – in the form of abuse of workers and suppliers to secure lower prices – brings in our business, Amazon will do that. But once Amazon locks us in – say, by convincing us to buy a subscription to its products in the form of a Prime "membership" – that "customer-centrism" takes a back seat to revenue extraction.

He notes how Amazon's advertisements have shifted from advertisements for other products, and have moved into advertisements for Amazon itself.

Remember when Amazon's screen real estate was given over to "Customers who bought this also bought this" and "Customers who viewed also viewed"? Today those slots are filled with "Sponsored products related to" and "Brands related to this category."

In other words, Amazon has converted its "customer-centric" personalization system, which emphasized the products it predicted you would like best, into an auction house, where the products that have paid the most come first.

And addresses how Amazon's narrative of customer-centrism supports monopoly power:

As Lina Khan wrote in her seminal "Amazon's Antitrust Paradox," the "consumer welfare" theory of antitrust that Reagan ushered in required regulators to tolerate any monopolistic behavior, no matter how egregious, so long as it resulted in "consumer benefits" (lower prices and/or better products):

Under this theory, Amazon was able to use predatory pricing, abusive labor practices, and anticompetitive acquisitions to corner markets, so long as it could claim to be "Earth's most customer-centric company."

Interest piqued? Disagree? Reach out to me at TwelveTablesBlog [at] protonmail.com with your thoughts.

Photo by Tamara Gak on Unsplash