Lifeboat Foundation

Ukrainian authorities are investigating a potential security breach at a local nuclear power plant after employees connected parts of its internal network to the internet so they could mine cryptocurrency.

The investigation is being led by the Ukrainian Secret Service (SBU), who is looking at the incident as a potential breach of state secrets due to the classification of nuclear power plants as critical infrastructure.

Investigators are examining if attackers might have used the mining rigs as a pivot point to enter the nuclear power plant’s network and retrieve information from its systems, such as data about the plant’s physical defenses and protections.

Cambridge Quantum Computing has a demo of its quantum key security generation at Ironbridgeapi.com.

In a session at the Crypto and Privacy Village within the DEF CON 27 conference in Las Vegas, Cat Murdock, security analyst at GuidePoint Security, outlined a nightmare scenario seemingly straight out of an episode of Black Mirror (the session, coincidentally, was titled Black Mirror: You Are Your Own Privacy Nightmare – The Hidden Threat of Paying For Subscription Services).

Murdock detailed how simply having a Netflix account could potentially be the key that enables an attacker to gain access to a user’s banking information. She noted that approximately 60% of the adult population pays for some form of online subscription service, be it Netflix, Spotify or something else. She also noted that everyone with an online subscription has a bank account.

One way a financial institution verifies an account holder when they try to gain access is to verify a recent transaction, which is where subscription services come into play. Murdock observed that there are only so many plans that a subscription service offers and the payments typically recur at the same time every month.

For the last two years, hackers have come to the Voting Village at the Defcon security conference in Las Vegas to tear down voting machines and analyze them for vulnerabilities. But this year’s village features a fancy new target: a prototype of a so-called secure voting machine, created through a $10 million project at the Defense Advanced Research Projects Agency. You know it better as DARPA, the government’s mad science wing.

Several countries have been targeted by a long-term campaign operated by financially motivated threat actors who used a backdoor and a remote access Trojan (RAT) malicious combo to take control of infected computers.

The two malicious payloads dubbed BalkanDoor and BalkanRAT by the ESET researchers who spotted them have been previously detected in the wild by the Croatian CERT in 2017 and, even earlier, by a Serbian security outfit in 2016.

However, ESET was the first to make the connection between them, after observing several quite significant overlaps in the entities targeted by their operators, as well as Tactics, Techniques, and Procedures (TTP) similarities.

The Defense Department is looking to build tools that can quickly detect deepfakes and other manipulated media amid the growing threat of “large-scale, automated disinformation attacks.”

The Defense Advanced Research Projects Agency on Tuesday announced it would host a proposers day for an upcoming initiative focused on curbing the spread of malicious deepfakes, shockingly realistic but forged images, audio and videos generated by artificial intelligence. Under the Semantic Forensics program, or SemaFor, researchers aim to help computers use common sense and logical reasoning to detect manipulated media.

As global adversaries enhance their technological capabilities, deepfakes and other advanced disinformation tactics are becoming a top concern for the national security community. Russia already showed the potential of fake media to sway public opinion during the 2016 election, and as deepfake tools become more advanced and readily available, experts worry bad actors will use the tech to fuel increasingly powerful influence campaigns.

A short drive south of Alice Springs, the second largest population center in Australia’s Northern Territory, there is a high-security compound, code-named “RAINFALL.” The remote base, in the heart of the country’s barren outback, is one of the most important covert surveillance sites in the eastern hemisphere.

As mentioned by H. Girard in the article at the link http://www.i-sis.org.uk/BW.php&h=AT2S6vfN4BKfFUss7oiAPJJ…w2jb-y0arw, in 1960, the CIA approved a proposal for a very sophisticated electroencephalography instrument that could be used to interpret brain activity, decipher thought content and obtain information whether a person would wish to disclose it or not. They also added to this a bibliography search with five objectives, the fifth termed €œTechniques for Activating the Human Organism by Remote Electronic Means €. This study became known later as MKULTRA subproject 119, with MKULTRA being the CIA €™s mind control program.

Documents that are related to MKULTRA were obtained by a FOIA request by John Marks who conducted research for his book “The Search For The Manchurian Candidate — The CIA and Mind Control, The Secret History of the Behavioral Sciences” (1979) published by W. Norton — paperback 1991, ISBN 0−393−30794−8. The author donated the documents to the National Security Archive of the George Washington University (http//www.seas.gwu.edu/nsarchive.html).

How dictators work in the 21st century.

The new president of Kazakhstan is now proving that he will keep the old, oppressive systems alive for the 21st century, using advanced technical tools.

The man in the middle: Beginning last week, Kazakhstan’s government is intercepting all HTTPS traffic inside the country, ZDNet reports. HTTPS is a protocol meant to offer encryption, security, and privacy to users, but now the nation’s internet service providers are forcing all users to install certificates that enable pervasive interception and surveillance.

Continue reading “How an authoritarian regime will intercept all internet traffic inside its country” »