RSnake Report 20240809

Return from Blackhat, Kursk offensive, and more.

Author

Robert RSnake Hansen
August 09, 2024

Table of Contents

Hello readers! The reviews are in for the RSnake Report, and they sorta cracked me up so I decided to share them with you:

  • “Dude that report is awesome! All the geopolitical content I could ask for.”

  • “The news inside is terrifying. But the report is great!”

  • “You always blow what little hair I still have left back.” “My head hurts after reading your newsletter.”

Daniel Miessler gave me great advice that this shouldn’t be labor it should be exhaust from what I am already doing. So what you are seeing is the news I naturally read on a regular basis anyway. Welcome to my brain - apparently it’s terrifying.

Anyway, Blackhat is over and as I suspected, the talk of the event was a mix of Crowdstrike, Cyberstarts companies and LLMs.

George Kurtz spoke at the inaugural Innovation and Investor’s Summit as a surprise panelist. Chenxi Wang had been trying to get that to happen and it was an interview that was on and off and on and off and finally on again. We honestly weren’t sure if his lawyers would let him show up or not until the last minute. He was well received by the audience writ large. He did apologize and confirmed it was a failed rollout of a signature, not an update, which apparently follows a different process.

Cyberstarts was buzzing as well, with people actively trying to avoid the topic of the “Gili Ra’anan model” but failing in the end. There was very little faith in the Wiz deal being theirs to walk away from, and it seems the people I talk to, including journalists, think Google was likely the one who walked.

Lastly LLMs - tons of talk about that. I am not surprised because of how much hype they’ve received. But that’s just it… most of the talk was muted and more about how LLMs represent huge problems more than solutions. For instance, if the police use an LLM to aid in prosecution and the LLM is later found out to be biased, it would mean that all previous crimes would need to be re-tried. I signed 100 copies of “AI’s Best Friend” and had a lot of impromptu conversations about LLMs, and it was surprising how few people seemed to be aware of the issues with hallucinations and abuse during contract negotiations on websites, etc.

In world news, more NOTAM notices are being issued around Iran and Israel, including one coming from Russia that includes from now until August 16th. We’re not out of the woods yet. Israel continues to strike critical Hezbollah targets in Jordan and Syria and our strike aircraft have hit several Houthi targets in Yemen. It’s a powderkeg.

But the big story is further north - in the Kursk region of Russia. Ukraine has largely avoided attacking Russian targets within Russia until quite recently where they used long range drones to attack oil and gas targets. But no more. The gloves have come off and over the last two days the Ukraine ground forces punched through and marched 40km deep into Russia. This not only destabilizes the Russian front as they scramble to recover some sort of defensive line, but it also allows Ukraine to hook right and start enveloping ground forces in the western front attacking from the front, and rear.

Keep in mind this is a pro-Russia map and even it looks extremely bad for the Kursk region and the skies are free of any meaningful air defense. The Russians are upset out for obvious reasons. This makes Putin look extremely weak and it’s a huge shock to the Russian public who have not believed such a thing was possible. There is a big difference between not being allowed to move onto Russian ground because NATO was afraid of escalation and not being able to. Russians will no doubt scramble to reinforce the front.

Meanwhile the scenes of the destruction are incredible like this one where Ukraine destroys the Morozovsk airfield:

Ukraine now has the unique distinction of being the only country in the world who invaded a nuclear armed country. Quite the distinction. Putin does not appear to be happy with this outcome or Gerasimov’s rhetoric:

If Gerasimov is alive and not imprisoned in a year I’d be surprised. This is what happens when you value obedience over competence - you end up with guys like Gerasimov in charge.

Okay, on with the news…

Russia’s offensive in Ukraine is expected to wind down within two months, while Moscow has been making a push in Donetsk region. The Ukrainian intelligence chief also warned that most of the main thrust of Russia’s offensive will cease by then.

• Russia’s offensive in Ukraine is expected to wind down within two months.

• Moscow has been making a push in Donetsk region recently.

This is laughable now that we see what is happening in Kursk, but it is true that they have largely displaced Ukraine in that region. How they are able to hold these regions now that they have to redeploy to stabilize Kursk will be very interesting to watch. What other tricks does Ukraine have?

The US Army is planning to hold a competition to replace its counter-drone battle command system. The new system will be focused on countering drones within the maneuver force and is expected to begin with something easily digestible and achievable, allowing many industry participants to compete.

• The US Army is seeking to replace its current counter-drone battle command system.

• The new system will focus on countering drones within the maneuver force.

• The competition is expected to begin with a capability that is easily digestible and achievable, allowing many industry participants to compete.

There was also a little news about the deputy director of defense, Kathleen Hicks, struggling to defend the now infamous “Replicator” program. If you aren’t aware, this is the low-cost attritable drone program that is supposed to be used wave after wave in the South-Pacific if China ever invades Taiwan. It could also be used in similar conflicts where large quantities of low-cost drones are used, like we see in Ukraine. The program is ultimately wise, cheap, and may be needed sooner, but we shall see how the politics play out.

Global market volatility has led to a significant decline in stock prices, with nearly 7% plunge in Nikkei 225 index in Tokyo and year-to-date returns wiped out. The carry trade strategy has been unwound, with 75% of trades removed, according to JPMorgan.

• Carry trade strategy has been pummeled over the past week due to global market volatility.

• Year-to-date returns have been wiped out in Group-of-10, emerging market and global carry trade baskets tracked by JPMorgan.

• The clock is ticking for the G10 carry, with 75% of trades removed.

The US Army is planning to release a refreshed strategy focused on needs in the 2040 timeframe to counter complex threats. The new strategy will be released by October 2025 and will take into account lessons learned from previous years and current conflicts. The strategy aims to lay a foundation for future threat mitigation.

• The US Army is developing a new strategy focused on needs in the 2040 timeframe.

• The new strategy will be released by October 2025.

• The strategy will take into account lessons learned from previous years and current conflicts.

Governments around the world are spending more on defense due to global tensions and conflicts, leading to increased revenue for defense companies. The Top 100 list shows that most companies saw their defense revenues rise, with a few notable exceptions. Russia-Ukraine war, tension in Asia-Pacific region, and other global events have contributed to this trend.

• Governments are spending more on defense due to global tensions.

• Most defense companies saw increased revenue, with a few exceptions.

NATO is replenishing Patriot GEM-T missiles sent to war-torn Ukraine from Germany, with the contract awarded by the NATO Support and Procurement Agency. Raytheon’s production of GEM-T missiles remains ongoing, with a contracted backlog of approximately 1,500 missiles and an estimated near-term demand of an additional 1,000 missiles.

• NATO is replenishing Patriot GEM-T missiles sent to Ukraine from Germany.

• Raytheon’s production of GEM-T missiles remains ongoing with a large backlog and near-term demand.

These more recent patriot systems are much more capable than the ones we saw taking out Scud missiles. PAC-2 systems are far more advanced and can be operated more safely by ground crew and tend to be better with low flying cruise missiles.

Hamas has selected Yahya Sinwar as its new leader, replacing Ismail Haniyeh. Israel views Sinwar as a terrorist responsible for a brutal attack. His exact location is unknown, but he may be hiding in Gaza’s tunnels.

• Yahya Sinwar was chosen by Hamas to lead the organization.

• Israel considers Sinwar a terrorist who should be held accountable.

• Sinwar’s whereabouts are currently unknown, but he may be hiding in Gaza’s tunnel network.

And of course, Hezbollah congratulated Hamas for this promotion. To say they aren’t closely aligned is a mistake.

Iran is seeking Russian support ahead of a possible strike on Israel. Russian Security Council Secretary Sergei Shoigu visited Iran and met with top officials. This comes as The New York Times reports on potential military action.

• Iran is reportedly asking Russia for help before a potential attack on Israel.

• Russian Security Council Secretary Sergei Shoigu met with Iranian leaders during an official visit.

From Russia’s point of view this will surely lead to less availability of the low-cost and relatively effective Shahed drones. I can’t imagine they want to have their main supplier of reliable drones fighting their own war where they would need such drones. I do believe Iran has asked for S300 missiles, which aren’t as capable as the S400. I doubt the Russian/Iranian alliance really wants to be fighting on two fronts especially in light of Kursk.

Bangladesh’s parliament has been dissolved and its Prime Minister, Sheikh Hasina, has fled the country by helicopter following deadly protests.

• Protests in Bangladesh have turned violent, with at least 300 people reported dead since they began.

• Muhammad Yunus, a Nobel laureate and microcredit pioneer, is expected to lead the country’s caretaker government.

Several US troops injured in a rocket attack at Al-Asad air base in Iraq, with officials reporting up to seven military personnel and civilians hurt. The incident is part of a recent uptick in strikes on American forces by Iranian-backed militias.

• The US Defense Department will move a fighter jet squadron to the Middle East and maintain an aircraft carrier in the region.

• Recent weeks have seen Iranian-backed Iraqi militias resume launching attacks on bases housing US forces in Iraq and Syria.

We heard about this last episode of the RSnake Report, but worth digging in a bit. This is going to mean we are going to need to further staff up the region with better counter-drone and counter-missile batteries, especially in conflict regions.

Iranian authorities have arrested over 20 senior intelligence officers and military officials following the assassination of former Hamas Political Chief Ismail Haniyeh in Tehran. The Islamic Revolutionary Guard Corps (IRGC) has taken over the investigation, with some reports suggesting a rift between IRGC and Ministry of Intelligence (MOIS). Various narratives are emerging regarding the assassination’s circumstances, with different factions blaming each other.

• Iranian authorities have arrested several high-ranking officials in connection with Haniyeh’s assassination.

• The Islamic Revolutionary Guard Corps (IRGC) is leading the investigation into Haniyeh’s death, with some reports suggesting a rift between IRGC and Ministry of Intelligence (MOIS).

• Different factions are presenting conflicting narratives about the circumstances surrounding Haniyeh’s assassination.

Cleaning house. Iran is easy to infiltrate and they know it. They are very compromised.

Three key figures at OpenAI have announced major changes in recent days. Greg Brockman is taking an extended sabbatical until the end of the year, while John Schulman has permanently left to join rival Anthropic. Peter Deng, VP of Consumer Product, has also departed.

• OpenAI’s president and co-founder, Greg Brockman, is taking a four-month sabbatical.

• John Schulman, another OpenAI co-founder, has permanently left to join rival AI company Anthropic.

• Peter Deng, VP of Consumer Product at OpenAI, has also departed from the company.

OpenAI CEO Sam Altman teased ‘Project Strawberry’, a secretive AI technology that enables advanced reasoning, planning, and autonomous AI agents.

• The technology is capable of complex tasks beyond step-by-step user prompts.

• Reasoning has been one of the trickiest problems to solve in the pursuit of human-level intelligence, making Strawberry a breakthrough in achieving AGI.

• A timeline for the reported technology is unknown, and Altman’s post could be an attempt to cultivate buzz during a tumultuous time for OpenAI.

NASA has postponed the launch of its next crew to the International Space Station (ISS) due to ongoing issues with Boeing’s Starliner spacecraft, and is considering alternatives to return the two astronauts currently stuck on the ISS.

• The Starliner spacecraft has been parked outside the space station for two months, with no update on when it will return.

• NASA officials are running tests on the spacecraft to try and identify the root cause behind the thruster failure.

• Recent reports suggest that SpaceX’s Dragon spacecraft could launch with two astronauts instead of four to make room for the Starliner crew.

This has got to be so embarrassing for Boeing - I don’t know how this will affect the future of space travel for Boeing but I do know they are going to have to move back to caring about quality, as this is just the latest in a long string of safety issues.

Meta and Google secretly targeted minors with Instagram ads on YouTube, deliberately serving ads to kids between 13-17 years old. The campaign used a loophole in Google’s advertising systems to disguise the group skewed towards teenagers. This was done despite Google’s own rules against advertising to children.

• Meta and Google worked together to run a secret campaign targeting minors on YouTube, breaking Google’s own rules.

• The campaign used a loophole in Google’s advertising systems to disguise the group skewed towards teenagers.

• The companies intentionally served ads to kids between 13-17 years old despite having policies against advertising to children.

I don’t think we should be surprised by any of this, but be careful with allowing any kids to use social media. Ad blocking is always a good idea, though blocking ads within an app is difficult. Apple’s move to allow in-web app neutering of code within Safari using “Distraction Control” might actually help parents get in front of it, but the sophistication required to use it will mean that only the tech-savvy will be above the tech-knowledge-poverty level required to avoid this. The next article explains more…

Safari has introduced a new feature called Distraction Control that allows users to hide parts of web pages.

• You can manually choose the part of the page you want to hide.

• The feature does not permanently remove ads and other content that update frequently.

• Apple has announced a new feature in Safari called Distraction Control, which lets users hide parts of web pages.

Neuralink has implanted a brain chip into a second patient with a spinal cord injury similar to the first test patient.

• The company inserted its implant in January 2024.

• Musk gave very light details on the reported patient, stating that it ‘seems to have gone extremely well’.

China’s secretive spaceplane has launched for its third flight and is nearing its previous record of eight months in orbit, with new images showing solar panels attached to the spacecraft.

• China’s secretive spaceplane has launched for its third flight.

• The spaceplane is nearing its previous record of eight months in orbit, with new images showing solar panels attached to the spacecraft.

• New images reveal the surprising appearance of what appear to be solar panels stuck to the tail-end of the spacecraft, which was not expected to have them.

Here comes the militarization of space, and the moon and beyond. Keep in mind the Kessler Syndrome might occur if we ever get to a star-wars shooting war in space. If that occurs, GPS and satellite communication could be a thing of our past, so let’s hope that doesn’t occur.

Riverlane, a UK-based company, has secured $75 million in funding to develop its quantum computing technology, which could lead to breakthroughs in fields such as drug development and climate change.

• The company’s founder predicts that the technology will have its ‘Sputnik’ moment within years.

• Riverlane is developing a dedicated quantum decoder chip that detects and corrects errors currently holding back the technology.

• Quantum computers are well-suited for simulating complex interactions between particles, atoms, and molecules, with potential applications in fields such as medicine and fertilizers.

Microsoft’s Entra ID identity and access management service contains an obscure issue that allows hackers to escalate from privileged to super-privileged in cloud environments, giving them complete takeover capabilities. The attack requires an existing admin-level account, but with that, the possibilities are limitless.

• The issue is present in Entra ID, Microsoft’s identity and access management service, which manages and secures access and permissions across cloud applications and services.

• An attacker can use this system quirk to effectively act as their targeted application when interfacing with Entra ID.

• The problem identified by Eric Woodruff begins with the fact that users with privileged Application Administrator or Cloud Application Administrator roles can assign credentials directly to a service principal.

CrowdStrike has implemented changes to its platform following the recent incident that crashed over 8.5 million Windows systems worldwide. The security vendor has also asked two independent third-party security vendors to review the code for its Falcon sensor technology and quality control and release processes.

• The security vendor has made new content configuration system test procedures, additional deployment layers and acceptance checks for its content configuration system, and new validation checks for its updates.

• CrowdStrike’s CEO said that the company is using the lessons learned from this incident to better serve its customers.

If Delta gets sued by their shareholders and also loses this lawsuit against Crowdstrike this could be a disaster of huge proportions for the airline. It wasn’t that they were unique in the damage, it’s that they were unique in how slow they were to fix the issue.

Cyber threat intelligence leaders from various organizations have developed a new maturity model for cyber threat intelligence (CTI) programs. The CTI Capability Maturity Model (CTI- CMM) aims to help organizations build their CTI capabilities by aligning with defined practices and stakeholder business domains.

• Cyber threat intelligence leaders from various organizations have developed a new maturity model for cyber threat intelligence (CTI) programs.

• The CTI Capability Maturity Model (CTI- CMM) aims to help organizations build their CTI capabilities by aligning with defined practices and stakeholder business domains.

Microsoft is working to fix a vulnerability in Windows Update that allows hackers to strategically downgrade Windows versions and expose previously patched vulnerabilities.

• A researcher discovered a flaw in the Windows Update process that enables hackers to downgrade Windows versions, exposing historical vulnerabilities.

• The vulnerability allows hackers to manipulate the update process without being detected, making it difficult for systems to realize anything is amiss.

• Microsoft is working on fixes and mitigations to protect against these risks, including revoking vulnerable system files.

A background check company has been breached, exposing nearly 3 billion people’s confidential data, including names, addresses, Social Security numbers, and personal details. The breach occurred earlier this year, but was only recently discovered. Those affected may not even know they are involved.

• The breach exposed confidential data for nearly 3 billion people, including full names, former and current addresses, Social Security numbers, and personal details.

• The breach occurred earlier this year, but was only recently discovered, with the affected individuals being notified in July.

• National Public Data reportedly gathers its data by scraping information about individuals from non-public sources without their knowledge or consent.

Hackers compromised an ISP’s infrastructure to deliver malware to Windows and Mac users by tampering with software updates over unsecure connections. The attack worked even when targets used DNS from Google and Cloudflare. Researchers believe there may be other active attacks around the world that are undetected.

• Hackers exploited an ISP’s infrastructure to deliver malware to users.

• The attack was successful even with non-encrypted public DNS services like Google’s 8.8.8.8 or Cloudflare’s 1.1.1.1.

• Researchers believe there may be other undetected attacks globally.

This really shouldn’t be possible due to code signing, but not all software is as robust as operating systems. So while I don’t think this is as big a deal as it might sound for the operating systems or browsers, other software…? May be bad.

Tens of thousands of small office/home office devices sold by Ubiquiti Inc. are vulnerable to a five-year-old bug, researchers warn.

• The vulnerability, CVE-2017-0938, was assigned a ‘high’ 7.5 score on the CVSS scale.

• Despite patches being available, around 20,000 devices remain vulnerable.

If you use Ubiquity, make sure you turn on auto-patching. It’s worth double-checking because I have seen situations where things get turned off or a failed update leads to no further updates.

Cash App users are eligible to claim up to $2,500 due to security breaches in 2022 and 2023. The settlement is worth $15 million and requires submitting a claim online. Users who experienced fraudulent transactions between August 23, 2018, and August 20, 2024, are eligible for compensation.

• Cash App users can claim up to $2,500 due to security breaches.

• The settlement is worth $15 million and requires submitting a claim online.

• Users who experienced fraudulent transactions between August 23, 2018, and August 20, 2024, are eligible for compensation.

A US appeals court has temporarily blocked the Federal Communications Commission’s (FCC) decision to reinstate some net neutrality rules, siding with broadband providers.

• The FCC wanted to resume oversight of broadband internet, but a US appeals court has temporarily blocked the decision.

• New oral arguments will be scheduled for late October or early November, which falls around the same time as the presidential election.

Bad for consumers, but great for broadband providers who want to commercialize the Internet. It hasn’t turned into the hellscape that people feared it might be so far, and likely because there is more consumer choice in broadband. If any one of them gets too bad, the move to switch would be swift. Not to mention there are VPNs.

Thanks for reading, and once again, if you feel this newsletter was useful, please forward it to friends/family… anyone who could get value from it. Thanks!