Creative Writing is beneficial for Information Security

René Pfeiffer/ June 19, 2024/ Security, Stories

Do you like a good movie? Do you enjoy a good book? Your favourites most probably began as a piece of writing. There is a surprising overlap between creative writing, writing code, doing mathematics, and enjoying a well-defined information security configuration. Everything meets at the written word. IT documentation has a terrible reputation. Since it is always one or more steps behind the actual configuration, people prefer reading configurations instead. The magic is to keep changes in sync with your documentation. Another ingredient is to write concisely and to create the right structure. While documenting IT infrastructure is not like writing a script for a movie, it requires describing everything in the right order. You need to make sure people can look things up and find systems and controls required for security. An IT

Read More

DeepSec Scuttlebutt: Tech Monsters from Novels and the Call for Papers Reminder

René Pfeiffer/ July 3, 2023/ Call for Papers, Conference, Stories

[This message was published via our DeepSec Scuttlebutt mailing list. The text was written by a human. This is a repost via our blog and Mastodon. Our Call for Papers for DeepSec 2023 is still running. If you have interesting content, please submit your idea.] Dear readers, the wonderful world of computer science and teaching courses has kept me busy. The scuttlebutt mailing list has the aim of having at least one letter per month. It is now the end of June, and the Summer has begun here in Vienna. The university courses have finished. The grades are ready. More projects are waiting. In information society, it is never a good idea to wait until something happens. A lot of blue teams are busy improving defences, testing configurations, and rehearsing their processes. However, there

Read More

Translated Article: EU-wide Surveillance Network Already in Set-up Phase

Sanna/ March 3, 2023/ Stories

EU-weites Überwachungsnetz schon in der Aufbauphase by Erich Moechel for fm4.ORF.at A Commission fund for this is ready and the first two pilot projects will be allocated to two interior ministries before the summer. The software tools for data mining were developed in funded Commission AI research projects. Series part three. The forthcoming regulation against child abuse on the net has a far greater scope than has been assumed so far. Foreseen is a new EU authority in The Hague with about 100 employees called “EU Centre”. It is to set up and operate a new data network with nodes in all member states. This process has already begun, because the Commission has set up a fund for network construction in the member states, although there is currently no legal basis for it. In

Read More

Translated Article: Russia’s Satellite Spy Station in Vienna with Technology from NATO Suppliers.

Sanna/ December 21, 2022/ Communication, Stories

Russlands Sat-Spionagestation in Wien mit Technik von NATO-Lieferanten by Erich Moechel for fm4.ORF.at [Nobody can hide from geopolitics, neither hacker, nor governments, or even satellite antennas. Erich is a passionate ham radio operator and investigative journalist. He inspected OSINT sources and wrote a summary about an installation in Vienna run by the Russian Federation. If you are interested in wireless technology, then this article is for you.] All components of the four large dishes come either from the Canadian company Norsat or from Swedish Microwave (SMW). Norsat is a contracting company of NATO and the Pentagon, SMW likewise primarily supplies military. An analysis of high-resolution photos of the antennas on the roof of Russia’s UN embassy in Vienna’s 22nd district has revealed something astonishing. Most of the receiver modules of the most powerful antennas come

Read More

Translated Article: US ‘Chat Control’ Now with Exception for E2E Encryption

Sanna/ December 20, 2022/ Stories

US-„Chatkontrolle“ nun mit Ausnahme für E2E-Verschlüsselung by Erich Moechel for fm4.ORF.at [This is the second summary article describing the concerted attack on IT security around the globe. Erich has researched the current state of affairs. It is of interest that the US lawmakers have understood the importance of ent-to-end-encryption, while their UK and EU counterparts have not.] The US regulation on child protection provides for a right of refusal in search warrants for E2E providers, as they do not have access to the requested data. The regulations planned in the EU and UK, on the other hand, require WhatsApp and others to install backdoors. In the British House of Commons, the surveillance bill “Online Safety Bill” is getting out of hand. After incorporating the amendments from the beginning of the week, the British “chat control” with

Read More

Translated Article: Regulation on “Chat Control” Launched in EU Parliament

Sanna/ December 19, 2022/ Security, Stories

Verordnung zur „Chat-Kontrolle“ im EU-Parlament gestartet by Erich Moechel for fm4.ORF.at [We have translated the article from Erich’s column, because end-to-end encryption is a fundamental part of IT security. Erich has researched a lot regarding the concerted attack on secure communication. He provides important background information to understand why the attack on encryption is presented in different countries at the same time.] At the same time as the EU regulation, the British “Online Safety Bill” and a US law on the safety of children online are on their way through the parliaments. A comparison shows astonishing parallels in terms of content and method. On Wednesday, work on the regulation on warrantless searches of social network users’ smartphones and PCs started in the EU Parliament’s Civil Liberties Committee (LIBE). In this first meeting, the timetable for this

Read More

Translated Article: German Cyber Security Strategy without Security

Sanna/ July 27, 2022/ Stories

Deutsche Cybersicherheitsstrategie ohne Sicherheit by Erich Moechel for fm4.ORF.at The new German Interior Minister Nancy Faeser (SPD) is continuing the cyber course of her predecessor Horst Seehofer (CDU), which according to independent experts has been completely misguided. The professional world “is not amused”. Parallel to the finalization of the new EU directive on cyber security (NIS2), Germany’s new cyber security strategy was presented in Berlin. The European directive, which was negotiated unusually quickly, was welcomed almost unanimously by experts. The new German cyber security strategy, on the other hand, has been consistently criticized by experts since its publication. As a closer look shows, it is neither new nor a security strategy. First and foremost, new powers are being distributed to police authorities and secret services. Trojans instead of cyber security As the table of contents already

Read More

Translated Article: New EU Regulation makes securely encrypted Chats illegal

Sanna/ July 13, 2022/ Stories

Neue EU-Regulierung macht sicher verschlüsselte Chats illegal by Erich Moechel for fm4.orf.at [This article has been sitting in our translation queue for a while. We have translated the content, because Erich monitors the development of the war against encryption for many decades and has always deep insights into the processes behind the scenes.] The word “encryption” is hardly mentioned directly in the Commission’s draft, which aims to make end-to-end encryption illegal in general. Series, Part 1. The EU Commissioner Ylva Johansson’s Regulation on Combating Child Abuse on the Internet, which was presented on Wednesday, caused incredulous amazement in the professional world. “This will be the most sophisticated system of mass surveillance ever set up outside of Russia or China,” prominent cryptographer Matthew Green wrote in a first reaction on Twitter. Securely encrypted chats are de

Read More

Translated Article: EU Control Committee Blocks Regulation on Chat Surveillance

Sanna/ April 4, 2022/ Stories

EU-Kontrollausschuss blockt Verordnung zur Chat-Überwachung by Erich Moechel for fm4.orf.at [We have translated this article, because we have criticised client side scanning and introducing backdoors to circumvent encryption in past articles. Erich Möchel has an update on the current EU initiative to make encryption useless.]. A leaked report from the Commission’s control committee shows that officials from the Commission’s interior department have not presented a legally compliant draft in two years. The publication of the ordinance on the automated monitoring of chats, which was announced at the end of March, has already been postponed again. This ordinance, ostensibly aimed at combating child abuse, is now 18 months behind schedule. A recent leak now shows the reason for this series of postponements. The officials responsible for the Commission’s draft could not come up with a text

Read More

Translated Article: Internet Traffic in Russia will be Rerouted

Sanna/ March 17, 2022/ Stories

Der Internetverkehr Russlands wird umgeroutet by Erich Moechel for fm4.orf.at With Lumen and Cogent, the leading transit carrier and the number three are just exiting the Russian market. Apparently, this doesn’t happen voluntarily and, above all, not as quickly as announced. After the media sector and the stock exchange, the western sanctions are now hitting the Russian IT industry with full force. With Cogent and Lumen, two of the top five international Internet carriers are in the process of cutting off their major customers in Russia one after the other. Market leader Rostelecom, all mobile phone companies and the Internet group Yandex are losing their strongest connections to the world. On Friday, the London Internet Exchange announced that Rostelecom traffic would no longer be routed. All of this is a first in the history of

Read More

Translated Article: CIA Data Mining in SWIFT Financial Data from Europe

Sanna/ March 2, 2022/ Stories

[Editor’s note: This article was translated before the invasion of Russian troops into Ukraine. It features SWIFT, and the discussed data mining methods still apply regardless of the sanctions.] Data-Mining der CIA in SWIFT-Finanzdaten aus Europa by Erich Moechel for fm4.orf.at Massive financial datasets are constantly being delivered from the EU to the US as part of the TFTP treaty against terrorist financing. The CIA receives this data. The fog is slowly clearing around the huge datasets in which the CIA claims to be data mining. The “foreign financial data platforms” from which the CIA “collects large amounts of structured financial data” to stop ISIS terrorist funding are the databases of payment processor SWIFT. Around 11,000 banks from 200 countries process their payment transactions via the SWIFT system, which currently processes around 40 million

Read More

Translated Article: New ETSI Standard for Reporting Security Vulnerabilities

Sanna/ September 9, 2021/ Stories

Neuer ETSI-Standard zur Meldung von Sicherheitslücken by Erich Moechel for fm4.ORF.at The European Standards Institute for Telecommunications ETSI, previously known more for the standardization of back doors for surveillance authorities than for IT security, is now concerned with finding non-standardized security vulnerabilities. Late but still, the discovery of ever new, critical security gaps in IT equipment in industry has finally woken up the European Standards Institute for Telecommunications (ETSI). The public review period for an ETSI specification, which is intended to standardize the reporting process of security vulnerabilities by third parties, runs until September 15. Since the introduction of LTE (4G), the standards of the IT world have increasingly applied to the formerly proprietary networks of the telecoms. This specification takes this into account by standardizing important IT security processes for the world of telecommunications. However,

Read More

Translated Article: Germany becomes the Federal Trojan Republic

Sanna/ July 12, 2021/ Security, Stories

Deutschland wird zur Bundestrojanerrepublik by Erich Moechel for fm4.ORF.at All 19 secret services now have a license to use malware. IT security vulnerabilities can therefore be kept open, preventive cyber attacks are the best defense – security expert Manuel Atug on the new German “cybersecurity strategy.” Since Friday, the “Law to Adapt the Constitutional Protection Law” has been in force in Germany. All 19 federal and state secret services are now allowed to use Trojan malware. Another law is already in the Federal Council, which authorizes the police authorities to use Trojans even before a criminal offense has occurred. German police and customs authorities have had a legal license to distribute such malware since 2017. At the same time, a new cybersecurity strategy is being worked out which, among other things, stipulates that newly discovered security

Read More

Translated Article: EU-US Negotiations on Cloud Monitoring started

Sanna/ June 7, 2021/ Stories

Verhandlungen EU-USA zur Cloud-Überwachung gestartet by Erich Moechel for fm4.ORF.at The EU has quietly started negotiations on direct data access for European law enforcement officers to data from Whatsapp, YouTube, Zoom and Co with the USA. The next round of negotiations is scheduled for June. The EU Council of Ministers has started negotiations behind the scenes with the USA on “cross-border access to electronic evidence”, according to a Council document classified as “sensitive” that ORF.at has. The first round at diplomatic and official level was held on March 26th. The declared aim of the council is direct access to data in the clouds from WhatsApp, YouTube, or Zoom. The EU directive of the same name on transnational data access within the EU is currently stuck in the trialogue negotiations between the Commission, Council and Parliament. There

Read More

Murder Board Blog Series: Chapter 4 – Trojan Horses or: State Hacking

Sanna/ May 17, 2021/ Internet, Security, Stories

Feeding Pigeons in the Park—Espionage Knowledge is power. Knowing nothing makes one envious when looking at the model of modern information societies. The natural application of networks that transport information is espionage. So the Internet early made acquaintance with it. The aspect of smuggling messages in and out of an area is obvious. It also involves breaking through security measures to gain access to protected information. Whereby large parts of our own information are much less protected than we would like or even be aware of. The e-mails mentioned above are always in plain text and therefore are visible to everyone. An unknown number of third parties read them on the way from sender to recipient and assess this information. And all the information we have in accounts on US platforms (photos, more or

Read More