Coffee Break // Cyber News 005

Ah, surveillance, surveillance, surveillance. That double-edged sword… we love it when it’s used on the bad guys, we hate it when it’s used against us. I strike a contemplative pose as I put my cup of half-caf in the microwave to reheat, for no other reason than to pretentiously retell the moment here.
Surveillance, surveillance, surveillance… hm.

One of my biggest concern in this field is the massively growing capabilities of governmental agencies. People of all creeds have joked anecdotally about the NSA’s omniscience for years, but increasingly we see ICE and local LE openly gearing up with capabilities that rival the conspiratorial.

Reason.com details ICE’s 2 million dollar contract with Paragon, a remote phone hacking service, and their $11 million contract for Cellebrite devices to crack phones in their possession.

Further, reason reports that ICE has been accessing Flock security camera’s around the company without giving specific reasons, and Palantir was scheduled to deliver a prototype tracking system called ImmigrationOS.

It’s easy to distance ourselves from these issues by saying “that’s for illegal immigrants,” or “that’s just for criminals.” Remember, surveillance is a sword; it’s a weapon. If it’s used for good, it has it’s uses, but who oversees the ethics of its execution? Who ensures it won’t be used to silence political critics and viewpoints that whichever administration is in power want silenced? Make no mistake—left, right, foreign, or domestic, any party with power will abuse it. Don’t make the mistake of thinking the “good guys” have the power.

When evaluating any powerful weapon you must ask. How would I feel if this were in the hands of my enemy? Of people who hate me and mine?

I’d better finish this coffee before it’s cold again.

\\

Also in the news.

The internet runs on encryption. In the big bowl of wifi and cell signals, the only thing keeping your information from being exploited by threat actors is its secrecy. But all that could change if the quantum computing arms race comes to fruition. A story from CIO details how current encryption standards are maybe not prepared for the paradigm shift that quantum computing could potentially bring. Although, cracking AES-256 is estimated to take trillions of years with current computational hardware… would quantum really reduce that amount by a significant enough margin?
I’m not so sure—but in this world it’s hard to tell VC hype from actual tech predictions.

So, you want an Apple AirTag, but you want to save a few bucks? Well maybe don’t trust Life360’s Tile to do the job. According to the Verge, Tile tags not only fail to implement common sense encryption, but they come with a so-called “anti-theft” mode that turns off the tag’s detectability… defeating the whole point of the tag in the first place.

Remember the 2008 bail-outs? Yesterday we looked at the story of Jaguar Land Rover starting to recover from their massive Cyber Attack. Via SecurityWeek this morning, we see that the UK government is giving a $2 billion loan guarantee to JLR’s creditor.
Will the bailout solve the problem, or just offer more incentive for bad actors to target UK institutions?