Thoughts, Musings, and Other Items from the Worlds of Infosec, ICS, and Beyond

Cyber Threat Intelligence and the Concept of the Political

A common social media refrain in technology circles is the complaint of becoming “too political” – that content producers should focus on technical or professional subjects while avoiding charged, politically-tinged areas. This sentiment has always rung somewhat hollow to me as the concept of the political can be viewed as any public conflict which creates a distinction of “friend” and “enemy”. This concept can be as implicitly violent as a Hegelian dialectic or classically liberal Read more

By Joe, ago

Responsibly Reporting Wretched Ransomware

Note: This post was edited in response to feedback concerning Tyler Technologies and the fundamental claims of the original article. With respect to Tyler, while the company certainly provides extensive support and software products to local governments, a review of the company’s offerings shows nothing specific to election reporting or other functions, at least to the extent indicated by other reporting. Thank you to Kim Zetter, one of the best in the business of information Read more

By Joe, ago

Understanding Uncertainty while Undermining Democracy

Several US government agencies shared a warning on 22 September 2020 with respect to foreign entities using disinformation to sow confusion and discord around the US 2020 election. While evaluating this alert, Thomas Rid highlighted two key passages: and: The central thesis of the document and the two highlighted passages above is that underlying election integrity may be unaltered and safe, but communications about such activity may be modified, obscured, or perverted for malicious purposes. Read more

By Joe, ago

Causality, Culpability, and Critical Infrastructure Resiliency

Media, social feeds, and other sources of news are awash with stories of the “first death linked to ransomware” following an incident in Düsseldorf on 09 September 2020. Since the event, authorities in Nordrhein Westphalen have launched an investigation treating the death as “negligent homicide”. At the time of this writing, I was unable to identify precisely what crimes are under investigation, but the term “negligent homicide” indicates a lower-tier offense (including lack of intentionality) Read more

By Joe, ago

That Crazy Cozy Bear

On 16 July 2020, the United Kingdom’s National Cyber Security Centre (NCSC), with support and contributions from the Canadian Communications Security Establishment (CSE) and the United State’s National Security Agency (NSA), released a report tying recent intrusions in vaccine research organizations (as well as other industries) to Russian-linked adversary APT29. Also known as Cozy Bear, the group is associated with activities ranging from political to economic espionage over the past several years.  Notably, while other Read more

By Joe, ago

CVE-2020-5902 In Perspective

F5 released a patch on 30 June 2020 tied to a doozy of a vulnerability discovered by Positive Technologies. The vulnerability didn’t get much attention until Positive Technology’s blog on the matter was released on 02 July 2020, right before a holiday weekend in the United States. The criticality of the remote code execution (RCE) combined with the significance of the F5 BIG-IP product in many major networks set off a race for an exploit. Read more

By Joe, ago

The Unbearable Frequency of PewPew Maps

I recently made a joke online relative to a major – and very respected, if geopolitically controversial – security company advertising its revised “Cyberthreat Real-Time Map”. As many members of the security community are aware, “threat maps” – referred to derisively as “pewpew” maps – are heavy on eye-candy but very light on use or value. Yet pewpew maps – such as that featured by now-defunct security company Norse (pictured below) – remain prominent in Read more

By Joe, ago

The Call is Coming from Inside the House

2020 has already been a WILD year to say the least – opening with the assassination of Qasem Soleimani, proceeding through multiple ecological crisis, and continuing with a historical pandemic (and all its implications for information security), we live in very interesting times indeed.  And yet, we’ve only just begun! An even greater event lies in our future with all sorts of possibilities for disinformation, disruption, and unrest: the 2020 US Presidential Election. After the Read more

By Joe, ago

Driving Discord through Disinformation and Disruption

My country, the United States, has experienced days of disruption and discord not witnessed since the late 1960s across multiple municipalities and regions. Adequately parsing and analyzing these events, their motivations, and what lasting impacts they may have will be the work for others. Instead, these chaotic events identify a concrete opportunity and example of a phenomena previously discussed, cheekily referred to as being “kicked while down” – where an adversary takes advantage of conditions Read more

By Joe, ago

Transforming the Threat Landscape and Avoiding Blind Spots

Two recent articles appeared concerning possible implications of or prompts for the 01 May 2020 Executive Order on the US electric system. Notably, the Executive Order was quickly followed by a US Department of Commerce investigation into the supply of electrical transformers. While the latter would appear related to typical trade concerns under the cloak of national security (an observation supported by initial media and industry reactions), subsequent media reporting would indicate security concerns might Read more

By Joe, ago