Friday Squid Blogging: Squid Food Poisoning

University of Connecticut basketball player Jordan Hawkins claims to have suffered food poisoning from calamari the night before his NCAA finals game. The restaurant disagrees:

On Sunday, a Mastro’s employee politely cast doubt on the idea that the restaurant might have caused the illness, citing its intense safety protocols. The staffer, who spoke on condition of anonymity because he was not authorized to officially speak for Mastro’s, said restaurants in general were more likely to arouse suspicion when they had some rooting interest against the customer-athletes.

As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

Read my blog posting guidelines here.

Posted on April 7, 2023 at 5:04 PM79 Comments


&ers April 7, 2023 5:12 PM

@Clive @SpaceLifeForm @ALL




vas pup April 7, 2023 5:56 PM

The phones that detect earthquakes

“Google’s Android operating system have on-board accelerometers – the circuitry which detects when a phone is being moved. These are most commonly used to tell the phone to re-orientate its display from portrait to landscape mode when it is tilted, for example, and also helps provide information about step-count for Google’s onboard fitness tracker.

But the sensors are surprisingly sensitive, and can also act like a mini seismometer.

Google has introduced a function that allows users to allow their phone to automatically send data to the Android Earthquake Alerts System, if their device picks up vibrations that are characteristic of the Primary (P) waves of an earthquake. By combining data from thousands or even millions of other phones, the system can work out whether an earthquake is happening and where. It can then send out alerts to phones in the area where the seismic waves are likely to hit, giving an early warning.”

SpaceLifeForm April 7, 2023 8:27 PM

CAN bus attack

This is why I follow a lot of people.

Not sure how they popped the bonnet/hood to access the headlight.


No, it’s not a relay attack, Bluetooth exploit, key fob replay, or even a USB cable. Instead, these thieves are performing a modern take on hot-wiring without ever ripping apart the steering column.

ResearcherZero April 7, 2023 8:46 PM

Thousands of financial statements and invoices containing names and addresses of school students and their parents had been released after third-party file transfer service GoAnywhere MFT was hacked.

SA Government has announced they will waive the cost of replacing an SA driver’s licence, learner’s permit and/or proof of age card of students impacted by this breach.

ACRO, the UK’s criminal records office, is combing over a “cyber security incident” that forced it to pull its customer portal offline.

ACRO, the national policing body which manages criminal record information and the exchange of records with other countries, was hit with a cyber security “incident” for two months on its website between January 17 and March 21st. The agency’s website is down, meaning the applications for police certificates must be processed manually by email.

ResearcherZero April 7, 2023 8:48 PM

Russian military-linked hackers targeted – and in some cases successfully infiltrated – the networks of European military, energy and transportation organizations in an apparent spying campaign that went undetected for months.

The security vulnerability was exploited in attacks to target and breach the networks of fewer than 15 government, military, energy, and transportation organizations between mid-April and December 2022. Exploitation of CVE-2023-23397 leaves very few forensic artifacts to discover in traditional endpoint forensic analysis.

“..This technique established additional persistent access to contents of user’s mailboxes even if a password was reset or otherwise remediated.”


glass of ice April 7, 2023 8:58 PM

MSI Confirms Breach as Ransomware Gang Claims Responsibility


“The ransomware group is reportedly demanding $4 million or it will leak the stolen data, which includes company source code.”

“A new statement(Opens in a new window) from MSI says users should avoid downloading firmware and BIOS updates from third-party sources, and instead only obtain such software from the company’s official website.

The statement suggests MSI is worried hackers could circulate malicious versions of the company’s BIOS software when the ransomware gang, Money Message, claims it stole the PC maker’s source code.”

ResearcherZero April 7, 2023 9:12 PM

Expect a good deal of Russian dis-info…

from 2021

While the “brute force” technique is not new or particularly sophisticated, the GRU “uniquely leveraged” software containers to scale its effort.

“The GRU appears to pursue a traditional intelligence collection campaign here by targeting organizations of strategic interest to the Russian Federation, such as energy companies, political parties, think tanks and government. The danger, however, is that this campaign can easily turn from traditional espionage into a ‘hack and leak’ or destructive action as we have seen from past GRU attacks.”

This GRU-led (Unit 26165) campaign was separate from the SolarWinds supply chain attack, which was attributed to a separate Russian intelligence service known as the SVR.

and in another separate operation

Sandworm (Unit 74455) has used a vulnerability in the mail transfer agent Exim, revealed in June of last year (2021), that allows an attacker to merely send a malicious email to the server and immediately gain the ability to run code on the server remotely. It used that foothold to add its own privileged users to the server, disable network security settings, update secure shell configurations to give its hackers more remote access, and run a script on the server to enable further steps to exploiting the target network.

An unauthenticated remote attacker can send a specially crafted email to execute commands with root privileges allowing the attacker to install programs, modify data, and create new accounts.

In certain non-default configurations, remote exploitation is possible. For instance, if the requirement for ‘verify = recipient’ ACL was removed from the the default configuration file.

ResearcherZero April 7, 2023 10:40 PM

“Centralising Australia’s highest-level security clearance in ASIO means that a person’s suitability to hold the highest level of security clearance can be assessed against the most current information that ASIO holds about the security threats confronting Australia.”

lurker April 7, 2023 11:20 PM


Lacking Security in Depth. Toffee nosed I say anything starting with T-o-y- isn’t a flash car. But if he thinks it’s a flash car then why is he parking on the street? People who can afford flash cars can afford rent lockup garages with 24/7 security cameras, &c. Yes the operators of such have been known to be in the game, but that’s why you need security in depth.

BTW no need to pop the bonnet/hood. As the photos showed, access to the headlight connector can be got, depending on make or model, from behind the bumper or wheel arch panel. These are mostly now held on with push-in clips. Break a couple getting it out is a trivial cost to replace when prepping the merch for market.

Nick Levinson April 7, 2023 11:44 PM

Swatting has become a way to make money (per NPR):

— through making a swatting call for hire

— through posting about a supposed live-shooter incident underway on a fake news website that has lots of ads.

In one case (maybe in others), in the NPR report, fake videos, made in advance, kept appearing on what I gather was the responding police department’s own Facebook pages, in the comments, with the department taking them down as new ones came up.

And students said (also per NPR) they heard gunshots but didn’t. Meanwhile, I don’t know what a gunshot would sound like. I used to think I knew because, when I was a kid, TV dramas had them. Only decades later did I learn that the sound is normally not long and drawn-out. I heard a real-life sound and someone with long-past military experience said that was a gun shot, and I guess it’s a pop, which wouldn’t make good fictional TV drama.

Clive Robinson April 8, 2023 2:29 AM

@ SpaceLifeForm, lurker, ALL,

Re : CAN bus attack

“[T]hese thieves are performing a modern take on hot-wiring without ever ripping apart the steering column.”

As @lurker has explained above, the headlight wiring is increadibly easy to get at, also unless you are a deeply suspicious person, if you catch an attacker in the act, they might be able to argue away they are trying to retrieve some object they dropped that “rolled under” the car. Also if you get down to look, not only are you extreamly vulnerable, the attacker would get a very large head start just running away.

But the real issue as to why this works is one I’ve explained before.

“Engineers and testing.”

As an engineer you generally design things to be as simple and easy to test as possible. Thus both security and complexity do not get a look in at the initial design stages.

Whilst complexity will increase as the design progresses security won’t.

Worse the attraction of CAN-bus is a much simplified and reduced wiring harness that can alow the easy addition of complex subsystems.

So electronic door locks etc get put on CAN-bus, and as the protocols on CAN-bus are not secure, unlocking the doors etc via CAN-bus is almost “trivial” for someone who has aquired the “manufacturing test specifications” in some way.

But hey they are not “real cars” just Toy— cars 😉

MarkH April 9, 2023 2:02 AM

Billy Waugh, famous U.S. special forces veteran and CIA contractor, died last Tuesday (4 April).

He was a passionate war lover, and a large part of his memoir (Hunting the Jackal) recounts his VietNam experiences.

But those interested in the mechanics of intelligence work in the late 20th century might find parts of his book to be quite interesting.

His assignment in Khartoum to track down “Carlos the Jackal” (Ilich Ramírez Sánchez) involved old-fashioned detective work. Once the target’s home was located, he and his colleagues set up and operated an observation post about 100 m from the target’s home.

Their preparations included an emergency escape route from the OP, in which they were confident because they knew intimately the limitations of the local police.

MarkH April 9, 2023 2:16 AM

&nders started the thread with links to stories about U.S. secrets that were posted on a gaming website, starting 28 February.

Apparently, some of the documents (published as jpegs) were of very high sensitivity, and at least some of them came from the Pentagon (Department of Defense). Hundreds of people may have been authorized to see them — tracking down the leak may be very difficult.

The images appeared to be of pages that were printed and then folded as a group (as if to fit them into an envelope or pouch).

It’s a huge U.S. security failure.

MarkH April 9, 2023 2:18 AM

My speculations about the dump of secret U.S. documents:

• It seems more likely that the docs were exfiltrated or photographed on-site, than that they were “hacked” electronically.

• The motivations of the publisher are unknown. The inclination of a national intelligence agency would be to conceal that they possessed such secrets.

• The disclosures might have concrete consequences, including helping Russia’s war against Ukraine, and aiding exposure of humint sources inside the Russian government.

• They include a reference to intelligence a satellite imaging system about which little (or nothing) has been made public.

&ers April 9, 2023 1:47 PM


Some fun to this our sometimes_too_serious world.

“antistress toy pigeon Grisha”


Jon April 9, 2023 11:27 PM

@ Toy– cars

Note that there’s not much market for stolen ‘flash’ cars*. There just isn’t that much market for, say, a stolen neon-blue Lamborghini, and driving and/or shipping it around is blatantly obvious. They’re far more vulnerable to vandalism (which is what the garage and 24/7 surveillance is really all about).

They’re also not worth anything as parts – anyone who wants a Lamborghini muffler is going to get it from Lamborghini, not from Ed’s Junkyard down by the tracks.

All this, of course, is NOT true for ‘generic’ cars. Ambling about in a beige Toyota (or a white pickup truck) is not going to draw any attention, and there also is a vast grey (black?) market for dubiously sourced parts, because there’s lots of them out there, and often driven by people who are very interested in cheap replacements.

If you’re desperate to keep your Toyota running so you can use it for work, and you don’t have the $500 the dealer wants for the part, $50 for the “same thing” down at Ed’s starts to sound like an excellent idea.

Many (most?) stolen cars are parted out, and they’re stolen because there’s a market for that kind of car’s parts, and buyers who won’t ask too many questions about where the parts came from. The others are used as ‘getaway’ cars in other crimes, again where you don’t want to be too distinctive.


  • There are exceptions.

One of the more interesting ones was Hong Kong, before the Chinese takeover, wherein expensive (typically Mercedes, not so much Lamborghini) cars were swiped whole and express-shipped to China, where they were openly driven around and sold; Cross-border car theft enforcement was non-existent at the time. Occasional highly-targeted theft also occurs – but likewise, it’s very rare** compared to the typical shattered glass, car gone, theft.

** Which is, of course, why they make the news. Regular car theft is much too common – targeted thefts are rare enough that they’re considered “News!”.

ResearcherZero April 10, 2023 2:11 AM

The old media was, and still still is an important model.

“Newsstand sales fell from a high 35% in the late 1970s to less than 10% in the early 2000s to a mere 3% of the total circulation today.”

Researchers in disciplines such as political science, sociology and economics have identified three ways strong local newspapers historically built a sense of community and trust in our democracy. According to several estimates, as much as 85 percent of the news that feeds our democracy originates with newspapers.

It is useful to think of the country’s newspaper ecosystem as a pyramid, with a very large base of small papers serving communities ranging in size from a few hundred to a million or more residents.

The 150 or so surviving regional papers in the country bind a metro area or a state together. They have historically provided the majority of investigative and analytical reporting that prompts both local, state – and even national – government officials to enact major policies that address the problems.

Google and Facebook lobbied hard against the code, with Facebook blocking Australian news for several days in 2021. However, Australians took a practical view and united across the political spectrum to get the bill passed.

Google claimed the Australian proposal would “break” its search service, and Facebook similarly threatened to pull out of Australia and ban links to Australian news sites. Google even claimed that the proposal “could lead to your data being handed over to big news businesses.”

Newsroom employment in the United States has dropped by 26% since 2008.

ResearcherZero April 10, 2023 2:14 AM

“The whole thing seems insane to me”

It is not that insane …a lot of people hire …lawyers. But the new media model is a little odd, and more than a little “cactus”.

Powell represented both firms and executives involved in the Enron scandal, which saw said company concealing billions of dollars of debt on its financial statements. Unsurprisingly, Enron went down for it.

“Sidney has made these claims, but she has not shown, to my knowledge, evidence to support them — not to the campaign and not to the White House. … I don’t know anyone who has seen the evidence”

Trump-allied lawyer Sidney Powell sent Fox an email full of wild claims from a woman claiming to be a decapitated time-traveler, according to a recent court filing.


“orders, which cited debunked claims about voting system irregularities in Michigan and Georgia, were presented to Trump by his former national security adviser Michael Flynn and then-lawyer Sidney Powell”

“I don’t know where they [$] went, but they did not go to Defending the Republic.”

“Respectfully, President Trump: What you’re saying is not true.”

“If anyone is looking for a good lawyer, I would strongly suggest that you don’t retain the services of Michael Cohen!”

“Yeah, I’m crazy. Crazy like a fox.”

Minnesota-based “cactus artist” named Marlene Bourne, who thinks that she could potentially be a ghost after seemingly surviving an “internal decapitation.”

Died in the church and was buried alone with her name,
nobody came.
Wiping the dirt from his hands as he walks from her grave.
No one was saved.
All the lonely people,
where do they all come from?

ResearcherZero April 10, 2023 2:18 AM

“This is information warfare.”

More than 600 fake news websites were linked to Eliminalia

Between 2015 and 2021, Eliminalia sent thousands of bogus copyright-infringement complaints to search engines and web hosting companies, falsely claiming that negative articles about its clients had previously been published elsewhere and stolen, and so should be removed or hidden, the company records show. The firm sent the legal notices under made-up company names, the examination found.

The Committee to Protect Journalists has also documented this trend in Ecuador, Nigeria, and most recently in Nicaragua. Notably, ahead of Tanzania’s upcoming elections, our Helpline has received reports of hundreds of DMCA takedown demands to censor Tanzanian activists on Twitter.

ResearcherZero April 10, 2023 2:33 AM

Standardization Forum in the Netherlands, a research and advising organization that serves the public sector on the use open standards, announced that all communication devices (ICT) managed by the Dutch government must use the RPKI standard by 2024.

“Overall, we estimate that out of the four billion Internet users, only 261 million (6.5%) are protected by BGP Route Origin Validation, but the true state of global ROV deployment is more subtle than this.”

RPKI contributes to a safer and better internet, but a 41% adoption rate shows that there is still a long way to improving traffic security across the globe.

ResearcherZero April 10, 2023 3:07 AM

“Without that privilege shield, former officials must answer questions about their interactions and conversations with the former president, including what he was told about the lack of evidence for election fraud and the legal remedies he could pursue.”

The outcome of these disputes could have far-reaching implications.

NOTE: Any of Sidney Powell’s claims should be treated as dubious.

ResearcherZero April 10, 2023 3:35 AM

HP wrote something…

Want to run something in protected mode at boot?

“…They really did it, the madmen.”

Who Dat? April 10, 2023 11:23 AM

Rogue QuickBooks, PayPal accounts used in novel phishing attacks
Steve Zurier April 6, 2023 Email security

Are hackers finally feeling the FBI enforcement heat when it comes to business email compromise (BEC) attacks?

Emphasis on stopping these largescale BEC attacks by defenders, which have cost companies in excess of $43 billion over several years, have forced hackers to shift gears, say researchers.

Instead of compromising a corporate email account and targeting a top C-suite person, hackers are simply signing up for QuickBooks and PayPal accounts for free and sending thousands of phony invoices with phony phone numbers to mid-level managers and purchasing people as well as attacking small businesses. And it’s working.

Avanan, a Check Point Software Company, on Thursday outlined this new line of attack in a blog post.

Júlia April 10, 2023 11:54 PM

Nokia launches DIY repairable budget Android phone

Nokia G22 has removable back and standard screws allowing battery swap in less than five minutes at home”


ResearcherZero April 11, 2023 5:18 AM

HERMES uses HF frequencies and sky-wave propagation to connect rural and isolated communities to base stations in more populated areas and provides limited internet service.

“The solution, which integrates GSM and HF backhaul technology, can provide connectivity to places struck be natural disasters or populations living in remote areas. As the system does not rely on cables or satellites, it could also be used as a backup system for primary communications systems. … We have essentially married VoIP, GSM and HF so that users can send a text or voice message from their phone across the world without the need for a satellite.”

HERMES is deployed at 12 remote locations across Brazil — some so remote that they can only be accessed by small aircraft.

The High-frequency Emergency and Rural Multimedia Exchange System, better known by its acronym, HERMES, provides affordable digital telecommunications over shortwave/HF radio using a simplified visual interface accessed via smartphone or computer, allowing for the transmission and reception of data (chat, audio, documents, photos, GPS coordinates, etc). For security, this information can be easily encrypted and password-protected by the sender. HERMES, both architecture designs and software, is free and open-source.


Clive Robinson April 11, 2023 7:28 AM

@ ResearcherZero, ALL,

Re : HF data comms.

“HERMES uses HF frequencies and sky-wave propagation to connect rural and isolated communities to base stations in more populated areas and provides limited internet service.”

First of this is more than half a decade old, and things have moved on quite a pace in the HF-Data modulation/protocols since then (see the likes of the newer and importabtly “Open” Data protocols, not closed protocols which are an anathema to development of such systems).

Secondly the low data rate tells you it’s a US based development based around standard “Ham Equipment”. The FCC for what ever reason (bribery/lobbying) has limited the data rates usable by amateur/ham systems to a ridiculously low rate and not very good modulation modes. Why ridiculously low? Because every year in “tornado season” the FCC issue a variation for “Emergancy Communications”(EmCom) usage. But you can not use the Amateur bands in other parts of the world due to restrictions in carrying non licenced Amateur traffic.

Third the system does not use “sky-wave propagation” in the more accepted sense which gives long distance / globe circling “DX Communications” it uses lower frequencies that give what is called “Near Vertical Incidence Skywaves”(NVIS) in the upper MF into low HF frequencies (1-7Mhz down to 2-4MHz depending on Solar Cycle). This gives “regional communications” upto a distance of about 250kM. But is difficult to “Direction Find”(DF) as you can effectively reduce the “Ground Wave” below a usable threshold.

Fourth, however NVIS introduces phase and polarisation changes that appear random due to continuously changing ionospheric conditions as the Earth not only rotates about it’s access but the Sun as well and the Sun throws out CME and other forms of ionosphere changing energy and matter. The result is data-comms needs specialised modes, most often single tone or MFSK non amplitude modulated works best[1].

The use of “Software Defined Radio”(SDR) techniques on what are now cheap PC’s / smart devices has advanced MFSK modulation to the point where “you can not hear the signal” in any normal receiver designed for use with a human ear. Much of this was started by a Nobel Prize Winning astro physicist Joe Taylor with his WS-JT systems,

Which have branched out into JS8Call and similar with VaraHF bringing in new ideas. Also new “Digital Audio Modulation” which works better than DMR and DStar etc.

As for the “nano-cell” system using 2G, it is said by some that “2G is no more”… Whilst, this is not true as I still use 2G as do many others in the UK it’s true that the mobile phone industry want’s rid of it as they want the radio spectrum for more profitable systems (5G and presumably 6G if the US politicos can be kept out of it).

However you can easily find “Open Source” implimentations of 4G using SDR systems to make nano-cells and some Open Source LTE implementations.

Basically the likes of the US FCC and UK OfCom have worked very hard to kiss-ass the Mobile and ISP industries and we know bribery and corruption has been involved. The purpose to destroy the ability of Amateurs/Hams carrying out one of their primary roles which is “technology development” (which is the only reason I did the work for getting my licence back in the 1970’s).

Which in turn damages Amateur/Ham efforts to develop effective EmCom and rural community systems that the supposed “Proffessional” industry repeatedly fails to give, even though they take billions to repeatedly fail at it very profitably.

[1] As I’ve mentioned before the earliest I’ve worked on was a new design for the “Piccolo system”. Originally developed for automated RTTY work in the 1960’s for the UK “Foreign & Commonwealth Office”(FCO) by the “Diplomatic Wireless Service”(DWS) that worked with the BBC “Overseas Service” and MI6. What we did back in the 1980’s was the unheard of, to develop a single 8bit micro (Zilog CMOS Z80) to replace four 6U 19inch racks of equipment to just a box smaller than a childs lunchbox.

vas pup April 11, 2023 5:44 PM

Finland to purchase Israeli David’s Sling anti-missile system

“Finland said Wednesday that it will purchase Israel’s David’s Sling missile defense system in an initial deal worth some 316 million euros ($344 million,) in an announcement made the day after it joined the NATO military alliance.

“The David’s Sling system will extend the operational range of Finland’s ground-based air defense capabilities significantly,” the statement said.

“This acquisition will create a new capability for the Finnish Defence Forces to intercept targets at high altitude. At the same time we are continuing the ambitious and long-term development of Finland’s defense capability in a new security environment,” said Minister of Defence Antti Kaikkonen.

=>David’s Sling, produced by Rafael Advanced Defense Systems, is a capable of intercepting rockets and missiles at a range of 40-300 kilometers (25-185 miles). The statement said that Finland’s minimum flight altitude requirement of the system was set at 15,000 meters. (9.3 miles.)

David’s Sling, also known as the Magic Wand, has been operational in Israel since 2017 and makes up the middle tier of Israel’s multi-layer missile defense capabilities, which also included the short-range Iron Dome and a top level of Arrow 2 and Arrow 3 systems, which are intended to engage long-range ballistic missiles.

This marks the first foreign sale of the system.

Finland noted that as David’s Sling was developed in cooperation with the US, the !!! sale would require a sales release by the US Government.

It also said that the procurement contract will include a separate part between the Israel Ministry of Defense and the Ministry of Defense of Finland to ensure the security of supply of the system.

The agreement also includes an option for a second purchase valued at 216 million euros ($235 million.)

Israel resisted providing weapons to Ukraine in the first year of Russia’s invasion. One major reason for Israel’s hesitance appears to be its strategic need to maintain freedom of operations in Syria, where Russian forces largely control the airspace.

However, it was recently reported that Israel approved the sale of an electronic warfare system with a range of some 40 kilometers (25 miles) that could be used to defend against drone attacks.”

ResearcherZero April 11, 2023 10:11 PM

invisible iCloud calendar invitations

The monitor agent is a native Mach-O file written in Objective-C. It is responsible for reducing the forensic footprint of the malware to prevent detection and hinder investigations. The agent uses the waitpid function to monitor all child processes that are spawned, and the child process IDs are added to a tracking list. The monitor agent attempts to safely shut down tracked child processes by calling sigaction with the SIGTSTP parameter, if sigaction returns successfully this means the child process is reachable and a SIGKILL command is sent to kill it. This avoids sending a kill command to a non-existent PID, which can leave error messages and artifacts behind.

Part of the SwitchControl function is to detect the movement of the user’s head to interact with the device. These features must access the microphone or camera to function. However, these features do not trigger the green/orange visual indicators. This means that mobile malware can do the same.

Andrey Shevlyakov used “false names and a web of front companies” to sidestep the regulations and run an “intricate logistics operation involving frequent smuggling trips across the Russian border.”

The purchased items included low-noise pre-scalers and synthesizers (used to conduct high-frequency communications) and analog-to-digital converters (used in defence systems). Shevlyakov is also accused of attempting to acquire hacking tools like Rapid7 Metasploit Pro.

Someone generic April 12, 2023 10:14 AM

Email from an oversight organization that has a .gov domain is insecure, not encrypted. Who do you report it to?

Jill April 12, 2023 12:14 PM

Does anyone know of a site that can tell you if you are going through a transparent proxy?

I have tried a few but only tells me that I am going through a transparent proxy. The problem is no matter what connection I’m using, vpn, tor, or other it says I’m going through a transparent proxy so I don’t really trust the results.


submarine propeller in reverse April 12, 2023 2:10 PM


About hardware backdoor override of computer and computerist freedoms…


Similarly, I noticed a hardware behavior involving HP/Intel directing all SSD data, control, and power through the WiFi chip.
Removal of the WiFi chip (on some Wal-Mart sold HP Intel laptops) interrupts functionality of the SSD (solid state drive).

But again, the Intel/HP 100% remote control hardware backdoor is much more serious.

Clearly, this problem is NOT going away.

EvilKiru April 12, 2023 5:31 PM

@Jill: Did you check the GRC fingerprint tester?


Leon Theremin April 12, 2023 6:45 PM

@submarine propeller in reverse
All computers have silicon trojans with their own wireless interface running 24/7. All data on every device is available for terrorists who can destroy or copy it.

Security is an illusion unless you live in a shielded room.

This won’t be fixed until humanity learns of the existence of advanced electromagnetic weaponry being used for coercion of those working in the silicon supply chain.

Clive Robinson April 12, 2023 9:33 PM

@ submarine propeller, ALL,

Re : How old to be safe?

“But again, the Intel/HP 100% remote control hardware backdoor is much more serious.”

Many years ago on this blog, this was discussed by @Nick P, myself and others.

My view was any computer hardware after 1995 was “suspect”[1] @Nick P, thought 2005. It’s been shown that attacks were carried out on 2002 hardware, and the follow up to the Ed Snowden Trove release in 2013[2] gives more insight for those “Who want to know” rather than the majority who “cherish their ignorance” so effectively “sleep walk” into “the guilded cage” trap being built around them by one hardware “implant” after another right up the head of the “supply chain”.

It’s why I talk of “Energy gapping” not the very out of date notion of “air gapping”. Air gapping is a very out of date notion as I indicated when I’d worked out how to cross the gap to “Pown Voting Machines” some years prior to Stuxnet which proved the point air gaps had been bypassed. But again the majority even in ICTsec “cherish their ignorance”.

As I’ve said before, one of the defining characteristics of ICTsec is the refusal to “learn from the past” even if it’s less than a decade ago…

So do not be surprised if your warning “falls on deaf ears” because most of the industry has stuck it’s fingers in it’s collective ears and is saying “Nagh, Nagh, Nagh” as loudly as possible.

As for “finding” IME and similar activity… You need to think about the fundemental laws of nature, specifically,

1, Work uses energy.
2, Work is inefficient.
3, The inefficiency via radiation trasport becomes heat.

You need to be able to look carefully at step 3, where “side channels abound”.

The nature of all active electronics is that it has atleast two signitures you can fairly easily detect,

1, An Elecromagnetic”(EM) / RF.
2, A heat / Infrared.

The former can be detected with “E and H field probes” –you can either buy or hand make– a low noise broad band amplifier and Spectrum Analyser, say $5000 of “traditional” equipment[3]. Or not including a laptop/PC for less than $50 an SDR and hand made probes and amps. Or if pushed go and buy a Nano-VNA that has a Spectrum analyser mode and make your own probes and amps, that will all fit in your pocket and cost less than $200.

It’s best to do “Delta mode testing” in essence you build a screened “cage” to put the “Device Under Test”(DUT) in with carefully screened power via a “Line Isloating Network”(LISN). And capture “test waveforms” to disk in as much resolution as you can get. Mechanically attach the probes” and then run one set of tests without power and the other set with power attached but the DUT not “booted”.

Average the test traces to remove or minimise random “noise” then compare the “unpowered” and “powered” traces. The difference or “Delta” enables you to “build the EM signiture” which can then help you trace activite the IME or equivalent is doing around the board. The Signiture if you have the skill base to analyze it –and maybe only one in a million has it currently– you can work out what is going on.

The second way to “find work in progress” is another “Delta” technique using a FLIR thermal imager and controled temprature changing. In essence what you are trying to find on the nain-board is potentially nanowatt hot-spot temprature differences. As you need “commercial / scientific” grade environmental systems or even “cryo-stats” to get down to those power levels I will say it’s beyond most individuals skills and budgets. But I’ve used it in the past to find listening devices in the 10 milliwatt range hidden in walls and the like, as it can be faster than doing a “manual sweep” with crystal detectors and similar, and a lot safer than doing a 1kW microwave source[4] sweep or “open X-Ray scan” sweep… (both of which could “cook your inards” if you stand in the wrong place, even if there is a wall inbetween[4]).

[1] My reasoning was based on the introduction of “Flash ROM” as standard on IO cards and on the main-board. Also my knowledge of a glaring security hole that started on the Apple ][ in the 1970’s that got “ported” into the fundemental design of every IBM PC and Compatible on the planet[2].

[2] If you go back to BadBIOS and Lenovo’s “you can not remove it with a full wipe” malware on it’s consumer laptops you will find a glaring security vulnerability. Put simply it’s to do with ROMs on IO cards. An OS can not support every device that is out there, and it certainly can not support hardware that is developed after the OS is released, without a mechanism to do so. One of the reasons a computer boots up in “three stages” is to provide this mechanism. Put simply the after initial “sanity boot” of the main-board peripherals in POST, the computer drops into the stage 1 process of OS booting via the “Basic Input Output System”(BIOS) loader process. This checks every IO Card for “driver code” which if found gets loaded into “protected core memory space” and provides “hooks” into it. This enables new “semi-maluable memory devices” to function so that the “Boot loader code” on the first track of the memory device can be loaded into core memory and executed to leverload in the OS via “boot-strapping”. One such “trick around” was for “Diskless Thin Clients” that no “hard drive” only a “Network Card” which had the drivers to redirect Hard Drive requests over the network (see “Intel PXE Boot” or earlier NetROM from the 1990’s). Well back when “ROM’s” realy were “Read Only” this was a “supply chain” vulnerability not a “general vulnerability” however the move to “Flash ROM” for BIOS ROM on the main-board flipped it directly into the “general vulnerability” catagory. For most people checking the contents of all the “on-board” or other hidden “Flash ROM” is near impossible, even for security specialists in the employ of the likes of the NSA and GCHQ it’s a very difficult process… Something a “pissing contest” between then Editor of The Guardian news paper and the UK Cabinate Office over the Ed Snowden trove in 2013 brought very clearly into the light but nearly every body just “walked on by” in a haze of “don’t want to know” which was kind of silly, but is why the likes of Intel’s IME and worse audio chips supporting AC97 –now built in the Southbridge– etc.

[3] The earliest such equipment was known as a “Crystal Detector” and was esentialy a “crystal set” receiver of a very low forward turn on voltage semiconductor diode and a “Parallel Tuned Circuit” that was mechanically tuned. Where the mechanical tuning provided a voltage out to drive an Oscilloscope X plates (time base) and the DC out of the diode provided the Y voltage (amplitude). Slightly later versions used the “hetrodyne” principle to get better linearity and low frequency range. I’ve built “crystal set” detectors that work up above the 100GHz range, but the diodes are neither cheap or even easy to see with a microscope, andcthe “wave guides” need to be precision drilled with drills down in the 2mm and a lot less diameter… “it ain’t the sort of work for a shaky hand” which is why building a jig using micrometers to move the drill and spin the work piece in a precision mount rather than the drill is the way to go (think in the same way as you would using a “center lathe” or “preciscion mill” to drill)…

[4] Mad as it might sound you can buy equipment to do this commercially and without many questions. It’s used to “kill bugs” of the biological kind without using realy dangerous and mostly ineffective chemicals like “cyanide”. Both Wood and Ceramics like bricks are fairly transparent to microwaves if they are dry and oil free. Lava / pupa and insects and even smaller “pathogens” like plant spores and some bacteria because they contain both water or lipids rapidly heat up to tempratures beyond the point they remain “biologically viable”[5]. As the “deactivating” by “boiling” / “frying” only happens when the power is on unlike other “pest control” for fleas cockroaches and smaller there is no poisons of any kind introduced into the environment, and it gets to places quickly and easily without having to “drill and inject” and the like, which are destructive to the buildings fabric. It will kill rodents upto and including rats and larger, however trying to do so is illegal in most western nations, not just because it is very inhumane, but because the corpses then attract other pests and pathogens that can be worse (look up black mould and what happens if you get it in your respiritory system, it can “eat you alive” requiring very very invasive and life changing surgery like having half your face removed).

ResearcherZero April 12, 2023 10:55 PM

CNE is chosen only for some high value targets. Not even individuals on a terrorist watch-list might be approved for that kind of tasking. Rather, security systems can be defeated via a discovered vulnerability. Vulnerabilities are cheap.

If there is physical access (padlock meets bolt cutter for example), game over for the security of the device.



ResearcherZero April 12, 2023 11:00 PM

Crucial to hacking email accounts and messaging services like Telegram is Signaling System 7, an international standard “protocol” for cellphone communications, which is supposed to ensure that a call or SMS sent by one user is transferred on to the correct number of the intended recipient.

JonKnowsNothing April 12, 2023 11:40 PM

@Clive, SpaceLifeForm, All

re: The Quarterly COVID that isn’t there but is

The quarterly wave of COVID is ramping up nicely. The post Holy-Holidays leading into more holidays and summer with travel options for happy border crossings.

Since nearly all information is shutdown, it will remain with a few to attempt to keep tabs on SARS-CoV-2 for our own health and for those we care about around us, even if they themselves don’t care about anyone.

Currently much of what’s out there is XBB.1.5, this is our USA EU 2022 Q4 variant. It’s still going well.

A few odd things are happening on the periphery.

India has a new variant XBB.1.16 and it’s going so well with 8,000 cases per day, the Indian Government is restarting their vaccine manufacturing plants for Covidshield aka Oxford-AstraZeneca. It’s not clear how quickly they can grind out vaccines so which Quarter Wave they plan for their vaccine deployment is TBD.

England is flowing 8,000 cases into Hospital; while @1.5 million people in private households had COVID in the week ending 13 March 2023.

There are specific variants for each continent. So what’s going on in Japan is different than what’s going on in New Zealand.

Most of the variants are close cousins, and most of them coming down the XB recombinant pipeline.

Except one very odd entry:

  • C19 2023 04 02 Australia XBC 20B XBC.1.1 not seen since 2021

The submission was from The Peter Doherty Institute. Perhaps the date in an outlier or a typo. This entry has some eye-balling features. This branch as not had any updates since it went extinct in 2021. While the genome stats are not that compelling (1) the question is:

  • Where has it been incubating for 2 years?


1) COVID genomes now have standardized ratios that compare against a base case which is BA2.

  • ACE2 binding vs BA.2 0.793
  • Immune Escape vs BA.2 0.528

MarkH April 13, 2023 12:33 AM

Influenza News, 1

Flu strains fall into 4 main types A thru D. We hear mainly about A type flu (with subtypes classified in the HxNy system by variants of surface proteins hemagglutinin and neuraminidase), because they tend to be more severe, and all known human flu pandemics have been A type.

The less famous B type has only two lineages, Yamagata and Victoria. (B flu seems to evolve much more slowly than A, and no major B epidemics have been found in non-human species).

36 months have elapsed since the last Yamagata infection was verified. Yamagata might have gone globally extinct; if so, Covid public health measures are likely to have contributed.

Clive Robinson April 13, 2023 12:44 AM

@ ResearcherZero,

Re : Root of Trust.

“If there is physical access (padlock meets bolt cutter for example), game over for the security of the device.”

Err not quite true.

In a properly designed device the security should give up nothing without the “Root of Trust”.

So if the bulk of the system is designed correctly –which is a big ask on consumer/commercial kit–, an attacker has to gain access to the root of trust.

If you look at NSA info they talk about “Crypto Ignition Keys”(CIKs) and similar. Effectively these are small very robust “Hardware Security Modules”(HSM), the sole purpose of which is to make the root of trust unavailable even under significant physical attack. Some CIK’s like “fill guns” contain very small self destruct charges. In effect a micro “shaped charge in a chip” which is in the IC packaging just above the surface of the actual silicon. It uses a mixture of shock wave and plasma cone to destroy the chip entirely… But still should be safe for you to hold in your hand whilst it destroys the chip.

You can do similar with a ceramic container and thermite around the chip, where the thermite turns the silicon chip into a bead of rough glass. I won’t go into the details, but suffice it to say you can make such a device at home using a “Smart card chip” in the smallest “SIM card” size. A number of these cards have an FIPS 140-2 Common Criteria CC EAL5 augmented rating or higher.
Whilst such a rating is no guarantee the “Target of Evaluation”(TOE) are vulnarability free and not backdoored it’s about the best you can reasonably get.

So yes you can look at making the “root of trust” secure even to “front panel access” etc.

MarkH April 13, 2023 12:45 AM

Influenza News, 2

The avian flu epidemic spreading since 2021 — an exceptionally strong H5N1 variant — has caused damage beyond anything previously seen by wildlife biologists in North America.

Fortunately, no human cases have yet appeared; the animals most directly affected are fowl (especially waterfowl). Mammals sick with H5N1 likely have ingested sick birds or their scat. Mammal-to-mammal transmission has not been confirmed, but remains a frightening possibility.

Raptors and scavenging birds have been seen simply falling from their perches; 3 young brown (grizzly) bears were euthanized after observation that they were going blind.

Infected species include foxes, whales and seals.

JonKnowsNothing April 13, 2023 1:08 AM

@MarkH, All

re: Influenza News

A recent report from WHO that variant A(H3N8), mainly infecting birds, dogs, horses and seals, has now been confirmed in the death of a person in China. This is the first confirmed death.

The rare other cases of H3N8 in humans, the people recovered.

Clive Robinson April 13, 2023 7:35 AM

@ MarkH, JonKnowsNothing, ALL,

Re : Flu pandemic side effects.

“Fortunately, no human cases have yet appeared; the animals most directly affected are fowl (especially waterfowl).”

Unfortunately that can be seen as a very anthropocentric view, and when it has been by authoritarian leaders it often leads to disasters not just for the ecology but man kind as well.

Consider the “animals most directly affected” are neither the top nor bottom of the food chains they are in.

They are not just a source of needed protien for other creatures including humans, they also predate on other creatures that attack food crop pests. As well as serving a usefull purpuse in plant life cycles.

Back in the bad old days of Chinese central control, in 1958 some idiot (Mao Zedong) decided that “Sparrows” were the cause of crop losses. So a master plan was thought up to kill as many birds as possible. As nobody with any sense dared call the idiocy into question, the plan went ahead.

The result was even bigger crop failures for several years especially in 1960 and reasonable estimates say that 50million or over Chinese starved to death or were killed as a result. It is known that there were cases –as with Russian famines– of murder and cannibalism. There after as it took a long time for the wild bird populations to even start to reestablish, even with importing a quater of a million sparrows from Russia, the Chinese people suffered and suffered badly, as is the history of such “authoritarian central planning”.

You could call it the worlds biggest experiment in “not understanding” how the natural balance works.

But also it’s a warning of what could easily happen as an lethal avian flu pandemic spreads…

Dong Gee April 13, 2023 9:45 AM

Automated swatting — possibly of foreign origin — hit dozens of schools:

Police responded to phony reports of shooters in at least 50 schools across New York on April 4, and at least 36 schools on March 30, state police said. In March, fake reports of school shootings in Iowa were made in a systematic pattern on a single day, hitting at least 30 schools in succession from east to west, according to the Iowa Department of Public Safety …

Swatting attacks on schools have become sophisticated, with callers using scripts, technology to disguise their identities and sound effects, such as fake gunshots, according to the state and federal authorities …

The calls made on Feb. 22 appear to have been made by the same person, who spoke with a foreign accent, he said. Mr. Klein said he suspects the caller included gunshot sounds in his calls to make the threat seem real.

Winter April 13, 2023 3:39 PM

@Dong Gee

How could we defend against these attacks?

Getting rid of all the guns?

Countries with less guns have less school schootings.

(I know, all countries have less school schootings and less guns than the USA)

MarkH April 13, 2023 4:20 PM


What a stupid security failure … the point of egress for critical U.S. documents has been identified as an Air National Guard member, age 21.

He published them to the online group for war simulation gaming, of which he’s the senior member. A bunch of pimple-faced boys playing “mine’s bigger than yours.”

Multiple human intelligence sources in Russia are at risk of capture, torture and execution.

Of course, there’s more to the story … this kid probably should never have had access to these docs, and the whole elephantine classification system is implicated.

&ers April 13, 2023 5:10 PM


More depressing is what kind of mistakes he made.



MarkH April 13, 2023 5:22 PM


Respectfully, I have a different perspective.

He is a desperately immature person who behaved immaturely, and it played out in the usual way.

If he had adult comprehension, he would never have dumped these on a gaming forum. (BTW, at least one member of the forum already fingered him, and he is the only member known to have a military intelligence assignment … the photos weren’t needed).

The mistake was by properly authorized people who let this punk gain access.

Clive Robinson April 13, 2023 5:38 PM

@ Dong Gee, Bob Paddock,

Re : Swatting and lockdown drills.

“How could we defend against these attacks?”

Do you really want to know the answer to that?

And yes that is a serious question.

To answer the question you first have to trace back to the root of the problem.

From the WSJ article,

“Principal Andrew Lavier was in his office at Alamosa High in Colorado… …when a police officer with his gun drawn banged on the door and ran into the school shouting about an emergency call reporting a gunman inside a classroom… …Mr. Lavier rushed to the school’s intercom. ‘School, we are in lockdown mode. This is a lockdown.’… Prompting teachers to lock their doors, cut their lights and huddle with students on the floor, away from windows and doors as they had traibed for in drills.”

So ask your self why US schools feel it,

“Necessary to have ‘mass shooting drills’?”

Also ask your self the “Why, why not?” of,

“How many other Western Democratic Nations have such drills?”

Because that will give you insight as to,

“Why “swattings are not just possible, in the US, but why authorities respond with guns drawn presenting leathal effectively millitary ‘Shoot to Kill’ response”

And why the problem is getting exponentially worse in the US with on average more than one event per day in the 2020-21 school year[1].

It boils down to two simple facts,

1, There is a significant societal problem.
2, There is a ready supply of lethal force multipliers that are easily portable and usable even by children.

In the UK we’ve had terrorist activity by indoctrinated adults attempting to commit “mass murder” but this has largely involved failed bombings with burning gas cylinders in vehicles, wildly swinging of machetes and driving vehicles into crowds. With few if any events related to schools (but have been to some religious instititions).

The numbers hurt or killed in the UK related to schools compared to the US has therefore been comparitively tiny. So no matter what others may argue the easy availability of “force multipliers” is a very significant factor esspecially when the people committing school shootings are often not adults.

At the inquest on all such “mass murder attempts” it becomes clear that be they children or adults, all showed very clear “not normal” behaviours seen by many around them but ignored or going unaddressed.

Thus the question of “inate or taught” arises. Either way it is a societal issue of,

1, A society not looking after those with clear mental health issues.
2, A society bred to prey on those who are not some idealised norm, thus creating many mental health issues.
3, Politicians and other societal leaders delibereately fostering such “prey on the weak”, “Might is right” anti-morals/ethics, that give rise to the “Prey on the weak” behaviours being seen by to many as “good”.

So there is something “fundementally sick about certain types of society” in the UK, and US especially. And it is at the root of it, down to certain types of societal leaders via their rhetoric and other teachings “leading their flocks / followers / devotees into anti society actions”, and providing the easy access to the tools to do so.

As seen in the UK removing the tools will not stop the harms, just limit the scope of injured and killed.

Likewise in the US not addressing the health care issues that by their absence alow a “forest fire” effect to occur, with the horrific consequences.

The problem that actually needs to be fixed is the corrupt leaders and that is a very difficult problem to solve. Esspecially in the US where those who most benifit by the corrupt system control the legislation and regulation making process. A process that might otherwise acceptably reduce it, thus allows the corruption to continue unchecked or abated.

I’ve said all of this before, but in various small bits and pieces so as not to create issues here. But you’ve both effectively asked, so like it or not that is the answer that can be reasoned from various facts available.

If you don’t agree, be polite, and find reasonable facts to back your argument, that way we all get better informed by differing view points and available facts.

[1] Just how bad is the problem well how about getting over 4 per school week without injury or death, so only “locally newsworthy”…



Updated just a few days ago on Mon, April 3, 2023,

“In the 2020-21 school year, there were 57 school shootings with and without injuries or deaths at high schools. Fifty-nine elementary schools had shootings with and without injuries or deaths, as did 21 middle or junior high schools, and eight other types of schools.”

That is in the 36 week school year (57+59+21+8)/36 = 145/36 = 4.03

That involved shots fired but did not involve “injuries or deaths”.

As we know there were other incidents where harms beyond psychological happened,

“When it comes to 2020–21, however, there were 93 school shootings with casualties, including 43 school shootings with deaths and 50 school shootings with injuries only.”

So (145 + 93)/36 = 238/36 = 6.61..

If you look at the first graph given, which shows incidents with “injuries or deaths”, you will see fa low in 2009. From then till now with a little smoothing it is an almost perfect exponential rise. Much as you would expect to see with an infectious pathogen in a naïve host group / population.

So a pertinent question would be,

“What was the societal change(s) in 2008-2009 that gave rise to the change in the trend from downward to exponentially upward?”

&ers April 13, 2023 6:18 PM


Things are too fresh yet.
But seems he was a computer technician, that’s why he
has access.

That makes me more worried.


Dong Gee April 13, 2023 6:30 PM


Two problems with that argument:

(1) Gun control won’t happen anytime soon.

(2) Swatting doesn’t require a gun (e.g., fake hostage scenario.)

Therefore, ongoing automated swatting attacks require a different solution.

&ers April 13, 2023 7:50 PM




“Jack Teixeira’s job was to protect the military computer network:”

“Duty title: Cyber Transport Systems Journeyman”

&ers April 13, 2023 9:07 PM


That wiki with source links is good source.


There are some hints about Canadian gas company hacking.


“One particularly ominous C.I.A. document refers to a pro-Russian hacking group that had successfully broken into Canada’s gas distribution network and was “receiving instructions from a presumed Federal Security Service (F.S.B.) officer to maintain network access to Canadian gas infrastructure and wait for further instruction.””

Clive Robinson April 13, 2023 9:10 PM

@ Dong Gee,

I actually indicated “force multipliers” and mentioned other weapons as well that were less easy to get a potential multiplication effect.

Specifing it to be just one type of weapon is a very perspective limiting effect, that can and will cause “limited scope failure” (which is a valid part of the reason why the WMD scope is so broad).

But as I have indicated removing the weapons is not a solution to the actual problem.

Because all weapons are as a minimum “dual use”. Further it is the observers point of view as to if, those uses are “good or bad”. So the actual reality is like all properly designed technology, it is not the weapons existance or availability that is the actual issue, but the “Directing Mind” that deploys the weapon.

As for swatting not including a weapon you can see your specified weapon is immediately “scope limiting”, as is your view point on the entity. After a moments thought on broadening the weapon scope, and entities involved, most readers here should realise that the harm swatting does whilst on the face of it mostly psychological, can also cause physical harm. That is in the US the guns come as standard with all LEO’s… and they are “humans” and there is that old saying,

“To err is human”

So at some point as has previously happened with law enforcment with guns they will shoot, injure, or kill, and innocents will come to physical harm. And no amount of training on “Gods little green apple” will prevent that happening.

So you can see for the swatter it’s actually “guns by proxie” with the fallible LEO as part of the physical harm weapon.

But also consider swatting more broadly as part of “information warfare”. The use of anonynomous calls over digital communications makes both mobile phones and the Internet actual “weapons” to cause potential physical harm by proxie. But more so, both resource and psychological harms, with the latter effecting not just the directly involved individuals, but a large chunk of the US population who are parents, family, loved ones, friends aquaintances or just aware of such incidents.

But also consider the resource issue, the hostile use of weapons in schools is considered an unquestionable “all available” response. Not only does this cause “lost opportunity cost” of other as important but less visable activities, but considerable stress on those involved causing stress, tiredness and thus lower performance, thus the increased probability of LEO’s making errors and causing physical harm to innocents.

Which is why I’m not surprised some now consider “swatting” every bit as serious as any other terrorist attack regardless of the weapon type used.

But weapons aside as they are not the real problem as I indicated the real problem is the type of society involved, and it’s leaders what they espouse, and what their followers do. At the very least that is going to take one or two human lifetimes duration to resolve (if ever). With every step of the way incurring a hostile if not violent response by those who believe in “Might is right” in some form.

I suspect the situation in the UK and US will not actually be resolved untill sufficient external persuasion is brought to bare by other nations. Which force the current societies power structures to change. The alternative is unfortunately “civil insurrection” of various forms, many of which do not actually involve violence by those seeking change. But as we’ve already witnessed in history insurrection even non violently is more likely than not to be met with violence by those who hold positions of power, who still have control of the “guard labour”.

MarkH April 13, 2023 9:59 PM

&ers, all:

I’ve never worked with secrets, but have had some exposure to engineering of information systems storing classified information.

In principle (practice, of course, being different) the access-to-equipment required to perform maintenance or repair work must not enable access-to-classified-data.

For example, back when ciphers were handled by purpose-built machinery, the junior servicemen repairing those machines were supposed to be absolutely walled off from the content of the encrypted messages.

We’ll have to wait to learn more about how the suspect got the documents. It might have been via his nominal work, but there’s no way yet to exclude that carelessness of other people exposed documents in plaintext form.

Dong Gee April 13, 2023 11:30 PM


“the real problem is the type of society involved”

Except it’s not Schneier on Sociology. I asked a security question on a security website under the assumption that we’d be discussing security, not ideology.

You miss the key point that I mentioned earlier, as did the articles: these attacks are from overseas. This isn’t a problem with American society.

ResearcherZero April 14, 2023 12:20 AM

“In all observed cases, the actor [APT29 (SVR)] utilised spear phishing techniques. Emails impersonating embassies of European countries were sent to selected personnel at diplomatic posts. The correspondence contained an invitation to a meeting or to work together on documents. In the body of the message or in an attached PDF document, a link was included purportedly directing to the ambassador’s calendar, meeting details or a downloadable file.”

“strongly recommend that all entities that may be in the actor’s area of interest implement configuration changes to disrupt the delivery mechanism that was used in the described campaign.”

Clive Robinson April 14, 2023 12:36 AM

@ &ers, MarkH,

Re : Leaked Pentagon Documents.

“Duty title: Cyber Transport Systems Journeyman”

To me a “Journeyman”[1] is synonymous with not being a “master” at a given usually non professional and often manual skill or “trade”. Thus as in the building trades “mate” as in “fitters mate”.

That is someone who whilst having compleated a basic “apprentice” or “training” is regarded as insufficiently experienced that they need to be a junior under instruction or direction of another who is sufficiently experienced. Thus indicating that at best they journyman be given limited responsability or discretion as they build their experience.

In the military there are several conflicting interests with how rank is given which causes no end of problems in some Western militaries[2] whilst others have “grown beyond” it[3]

[1] Journeyman is oft confused with “jobbing”, they are actually quite different in meaning in the UK. Jobbing refers to some one of any skill level that is not “waged or salaried” and is “engaged” but not “employed”, usually on a job by job basis. If what the person does is not a “trade” but a “profession” then they are more often called a “contractor” or “consultant”.

[2] In the military there is unfortunately the assumption of “experience” equating with “rank”. This does not work at all well with “part time volunteers” who have non military professional occupations. When “wearing the green” not as a “regular” but as a “territorial” I frequently butted heads with not just senior “Non Commissioned Officers”(NCOs) but Officers as well. Most quickly learned that they should “tread carefully” around any of my “skills turfs” and a request got things done way better and faster than giving orders especially if any complexity or safety was involved. If they asked how I was going to do something I’d either tell them or show them and give the reasoning so they’d know for next time. They quickly realised if I needed to know things then I’d simply ask. As for the “Other ranks”(ORs) or Junior NCOs or Officers, I only gave “orders” to those that “needed to be ordered”. Otherwise I asked either directly or generally (ie “Can you do…” v “Can someone do…”). That is I encoraged a “professional” as opposed to “military” work environment[3]. Because mostly the other territorials and regulars I had contact with were professionals as well, not the traditional “grunts” or “Tic Tocs”.

[3] It was back at a time when Specialist Technical services were starting to be migrated into the “Regular Army” that traditionally had an entirely different take on “Professional”. Thus “Special Communications” was in effect a spear head and only just becoming accepted as the way the majority of the UK Land Forces technical arms would aim to go. The regiment would later became UKSF, but back then it “worked” for the F&CO rather than the MOD supporting the hot end of amoungst others the “Diplomatic Wireless Service”(DWS). It was joked about that we were there before the SAS so they could “ET call home”, back then “Stay behind” was still part of the task as the military equivalent of GLADIO that arose out of the “Special Duties” “Aux Units” in WWII,

It was for “Intelligence”(ISTAR) rather than “disruption”(Guerilla) and what is now alleged done by the “non existant” E-Squadron 😉

It came as a legacy from “1 Special Communications Regiment” and work with the “Field Auxilary Nursing Yeomanry”(FANY) and “Honorable Artillery Company”(HAC). But had migrated to support of “Diplomatic Mission” and adjunct field agencies (SIS/MI6). HF “long haul data transmission” took a bit of a hit with SKYNET development but is now back in the game for various reasons such as atleast four nations only one of which is an alleged “friendly” having proven Anti-Sat misile first strike capability which is an issue even as the likes of Project MINERVA under “UK Space Command” move forward,

Those wanting to know more on “stay behind” ISTAR might find of interest,

lurker April 14, 2023 12:54 AM

Teixeira might have been wrongly assigned to the 102 “Intelligence” Wing of MA Air National Guard. He didn’t show much intelligence in his publication methods, and finding intelligent method in the smorgasbord of documents is left as an exercise for the gentle reader. It looks more like a case of grab the nearest from each tray as it goes past, rather than a targeted exfiltration.

Who is more dangerous, professional agents of an adversary, or your own hired help? Some comments suggest this is an unintended consequence of the post 9/11 more open sharing of intell.

Winter April 14, 2023 1:27 AM

@Dong Gee

asked a security question on a security website under the assumption that we’d be discussing security, not ideology.

Mentally ill people with a lot of firepower are most definitely a security problem as USA school, and other, shootings show on a weekly basis.

This isn’t a problem with American society.

The USA is the only developed country where the police must be prepared to face a mentally ill person with assault weapons attacking a school, and them, at any moment.

When someone tries that elsewhere, the police can and will be very careful not to be the one hurting people. They can because the probability that there will be a shooter with vast firepower is extremely low.

So, this is a problem with American society.

Clive Robinson April 14, 2023 1:37 AM

@ Dong Gee, Bob Paddock,

“You miss the key point that I mentioned earlier, as did the articles: these attacks are from overseas. This isn’t a problem with American society.”

No, you are suffering from “blinkered vision”.

It matters not where the “information warfare” attack comes from the chances are if the person(s) know what they are doing then where they are actually located will remain an “open question”[1]. Just as with malware it’s success depends on the vunerability of the “target” which is unquestionably “US society”.

“I asked a security question on a security website under the assumption that we’d be discussing security, not ideology.”

I’m actuall quite supprised to see you are still muddling things up.

Security is these days increasingly a “sociological” issue not technical. That is it is “human failings” that get attacks across the defensive perimiter rather more than technical ones. Most often talked about is phishing attacks but there are numerous others where “social engineering” can be brought to bare to establish a “toe-hold”.

You appear to be under the unfortunate thinking there is,

“A technical solution for everything ”

Which is realy unfortunate, as I’ve indicated in the past,

“You can not fix societal issues with technical solutions”.

Because “Good v. Bad” “Good v. Evil” etc are very definately down to the moores of society that colours the observers perspective. Technology is very much agnostic to this.

As I’ve pointed out above any technology, tool, or “weapons are as a minimum ‘dual use’”. That is they can be used offensively or defensively. The observer decides if either of those is “good or bad” depending on their point of view and innate or engendered cognative bias.

You either need to change your original question,

“How could we defend against these attacks?”

Or your expectation of what you are going to get as a valid answer.

For instance an invalid reply would be,

“Block all foreign numbers from calling emergancy services”

Is not going to work, if the calls are actually not “foreign” when they are actually “local” and just displaying a fake number, that can be changed at will by the attacker.

Because you need to understand the POTS is in no way “secure” and never has been. That is even though it is “circuit switched” the two ID’s are just generated and forwarded and can not be reliably verified especially when part of the circuit is VoIP.

A soft meme for this site is,

“Atribution is hard, very hard.”

This is especially true for systems like the POTS that were never designed for any kind of authentication or security. So you can not “defend” against abuse of such a system.

[1] Though the time based estimation techniques Cliffod Stoll outlined in his book might help.

&ers April 14, 2023 6:26 AM


Yes, strangely US Air Force has taken some positions
from European medieval Guild system – Apprentice,
Journeyman and Craftsman.



MarkH April 14, 2023 8:38 AM

@&ers, all:

Now I’m reading that the leak suspect had the highest possible security clearance for top secret information (???)

This is attributed to a DoD internal email.

It’s said that a chain is no stronger than its weakest link.

&ers April 14, 2023 9:57 AM


At least here is so that if IT system processes classified
data and you manage/service it, then you must have a security
clearance equal or exceeding the level of processed classified

So if system processes (collects, transfers, stores etc)
top secret level classified information, IT expert servicing
it must also have a top secret level security clearance.

Here we have 4 level classification – Restricted, Confidential,
Secret, Top Secret.

Usually when you design classified system it is accredited up
to certain level. However, it it very difficult to predict
forehand information classification level – international
situation can change rapidly, change in legislation etc, so
information could and must be be re-classified to another level. So it’s difficult to build and manage 4 different systems.

Here those separated systems usually process data up to to secret,
(included) so sysadmins have also top secret level clearance.

I think we, regulars here should understand how difficult is to
achieve security. On paper everything can look nice – separated
segments, segregation of duties etc… And then “big boss” comes
and tells you that tomorrow there will be an important operation
and field operators need to access some classified information,
make it happen. Of course you do it.

So i don’t blame the little guys, big bosses and the system
are in fault here. There is no use of the information that is
locked down and buried. Field operators need to access it, it’s
nightmare everywhere. In time rules get “flexible”. Until the
next incident 🙂

OLDisNEW April 14, 2023 11:21 AM

Great seeing Firefox is busy

For all ETP Strict users, we extended the list of known tracking parameters that are removed from URLs to further protect our users from cross-site tracking


Appreciate the excellent Message Board and straight comments. Thank you.

We need this common sense feedback from clear thinkers.

&ers April 14, 2023 2:15 PM


Seems he also has a SCI access



SpaceLifeForm April 14, 2023 6:43 PM

@ Clive, MarkH, &ers, lurker, ALL

Re: OG leak

Besides the question of how did he get clearance, there are others.

Why were some of the docs NOT marked NOFORN when they had TK?

Why were some of the docs marked TS but NOT SCI?

Why does a National Guard unit have access to foreign intel in the first place? A unit in the US should not need to be concerned about Ukraine or Iran intel.

This seems like a Compartmentalization Failure.

The problems are high up.

MarkH April 15, 2023 1:51 AM

Re: U.S. secrets leak

Some illumination I read from a military veteran with related service:

The base where the leak suspect served happens to host a NORAD (continental air defense) site.

All NORAD facilities are subscribers to an intelligence feed called Joint Worldwide Intelligence Communication System, intended to summarize info on military status and activities everywhere.

The suspect might plausibly have been exfiltrating JWICS content.

Many many questions open about security (and lack thereof).

Clive Robinson April 15, 2023 5:33 AM

@ SpaceLifeForm, &ers, lurker, MarkH, ALL,

Re : The problems are high up.

Actually the absolutism of the system rules creates a paradox.

You have a low skill effectively manual skill of “fixing problems by cable swapping” that most young people can be taught in very short order (and many children work out for themselves).

However to do it, for security reasons you have to be classified (cleared) because of an absolute security rule that boild down says,

“ALL working with clasified are required to be classified.”

Which actually creates a series of paradoxes [1].

Thus you end up with a number of problems that are “fingers crossed ignored”.

The “finger crossing” failed to work in this case.

[1] The most obvious paradox of which is, to be taught what “classified” means you have to be told “information that is classified by definition”. Which gives rise to the old half joke of “I could tell you but then I’d have to kill you” Which resulted in trying to use a “boot strapping” process to classify people, but is actually just a “turtles all the way down” solution. Another asspect of trying to fix the paradox is why in the US people with classifications can lie to congresional commissions and in courts etc etc without repercutions.

Leave a comment


Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via

Sidebar photo of Bruce Schneier by Joe MacInnis.