all repos — site @ 72606270bd2403956a5b3c89b058fb437252033a

source for my site, found at icyphox.sh

RU vs GB post

Signed-off-by: Anirudh Oppiliappan <x@icyphox.sh>
Anirudh Oppiliappan x@icyphox.sh
Thu, 12 Dec 2019 16:52:38 +0530
commit

72606270bd2403956a5b3c89b058fb437252033a

parent

908fe828156616709e6a3c641955eaaeac9a6454

M bin/update_index.pybin/update_index.py

@@ -25,7 +25,7 @@ path = "../pages/_index.md"

with open(path, "r") as f: md = f.readlines() ruler = md.index("| --- | --: |\n") - for post, i in zip(posts, range(4)): + for post, i in zip(posts, range(5)): md[ruler + i + 1] = post + "\n" with open(path, "w") as f:

@@ -41,13 +41,13 @@ l = l.replace(l, l + s)

print(l, end=""), -top_four = [] +top_five = [] metas = [] lines = [] fnames = [] -for i in range(4): - top_four.append(getrecents(blog)[i]) +for i in range(5): + top_five.append(getrecents(blog)[i]) metas.append(markdown_path(getrecents(blog)[i], extras=["metadata"]).metadata) fnames.append(os.path.basename(os.path.splitext(getrecents(blog)[i])[0]))
M pages/_index.mdpages/_index.md

@@ -12,13 +12,8 @@ # latest posts ([see all](/blog))

| | | | --- | --: | +| [Disinfo war: RU vs GB](/blog/ru-vs-gb) | `2019-12-12` | | [Instagram OPSEC](/blog/ig-opsec) | `2019-12-02` | | [Save .ORG!](/blog/save-org) | `2019-11-23` | | [Status update](/blog/2019-11-16) | `2019-11-16` | | [IRC for DMs](/blog/irc-for-dms) | `2019-11-03` | - -# currently reading ([see all](/reading)) - -[Kakegurui](https://myanimelist.net/manga/73603/Kakegurui) -*still reading* | started **15th October, 2019** -
M pages/blog/_index.mdpages/blog/_index.md

@@ -9,6 +9,7 @@ ## Computers, security & computer security.

| | | | --- | --: | +| [Disinfo war: RU vs GB](/blog/ru-vs-gb) | `2019-12-12` | | [Instagram OPSEC](/blog/ig-opsec) | `2019-12-02` | | [Save .ORG!](/blog/save-org) | `2019-11-23` | | [Status update](/blog/2019-11-16) | `2019-11-16` |
M pages/blog/feed.xmlpages/blog/feed.xml

@@ -11,7 +11,196 @@ <link>https://icyphox.sh/blog/</link>

</image> <language>en-us</language> <copyright>Creative Commons BY-NC-SA 4.0</copyright> - <item><title>Instagram OPSEC</title><description><![CDATA[<p>Which I am not, of course. But seeing as most of my peers are, I am + <item><title>Disinfo war: RU vs GB</title><description><![CDATA[<p>This entire sequence of events begins with the attempted poisoning of +Sergei Skripal<sup class="footnote-ref" id="fnref-skripal"><a href="#fn-skripal">1</a></sup>, an ex-GRU officer who was a double-agent for +the UK&#8217;s intelligence services. This hit attempt happened on the 4th of +March, 2018. 8 days later, then-Prime Minister Theresa May formally +accused Russia for the attack.</p> + +<p>The toxin used in the poisoning was a nerve agent called <em>Novichok</em>. +In addition to the British military-research facility at Porton Down, +a small number of labs around the world were tasked with confirming +Porton Down&#8217;s conclusions on the toxin that was used, by the OPCW +(Organisation for the Prohibition of Chemical Weapons).</p> + +<p>With the background on the matter out of the way, here are the different +instances of well timed disinformation pushed out by Moscow.</p> + +<h2 id="the-russian-offense">The Russian offense</h2> + +<h3 id="april-14-2018">April 14, 2018</h3> + +<ul> +<li>RT published an article claiming that Spiez had identified a different +toxin &#8211; BZ, and not Novichok.</li> +<li>This was an attempt to shift the blame from Russia (origin of Novichok), +to NATO countries, where it was apparently in use.</li> +<li>Most viral piece on the matter in all of 2018.</li> +</ul> + +<p>Although technically correct, this isn&#8217;t the entire truth. As part of +protocol, the OPCW added a new substance to the sample as a test. If any +of the labs failed to identify this substance, their findings were +deemed untrustworthy. This toxin was a derivative of BZ.</p> + +<p>Here are a few interesting things to note:</p> + +<ol> +<li>The entire process starting with the OPCW and the labs is top-secret. +How did Russia even know Speiz was one of the labs?</li> +<li>On April 11th, the OPCW mentioned BZ in a report confirming Porton +Down&#8217;s findings. Note that Russia is a part of OPCW, and are fully +aware of the quality control measures in place. Surely they knew +about the reason for BZ&#8217;s use?</li> +</ol> + +<p>Regardless, the Russian version of the story spread fast. They cashed in +on two major factors to plant this disinfo:</p> + +<ol> +<li>&#8220;NATO bad&#8221; : Overused, but surprisingly works. People love a story +that goes full 180°.</li> +<li>Spiez can&#8217;t defend itself: At the risk of revealing that it was one +of the facilities testing the toxin, Spiez was only able to &#8220;not +comment&#8221;.</li> +</ol> + +<h3 id="april-3-2018">April 3, 2018</h3> + +<ul> +<li>The Independent publishes a story based on an interview with the chief +executive of Porton Down, Gary Aitkenhead.</li> +<li>Aitkenhead says they&#8217;ve identified Novichok but &#8220;have not identified +the precise source&#8221;.</li> +<li>Days earlier, Boris Johnson (then-Foreign Secretary) claimed that +Porton Down confirmed the origin of the toxin to be Russia.</li> +<li>This discrepancy was immediately promoted by Moscow, and its network +all over.</li> +</ul> + +<p>This one is especially interesting because of how <em>simple</em> it is to +exploit a small contradiction, that could&#8217;ve been an honest mistake. +This episode is also interesting because the British actually attempted +damage control this time. Porton Down tried to clarify Aitkenhead&#8217;s +statement via a tweet<sup class="footnote-ref" id="fnref-dstltweet"><a href="#fn-dstltweet">2</a></sup>:</p> + +<blockquote> + <p>Our experts have precisely identified the nerve agent as a Novichok. + It is not, and has never been, our responsibility to confirm the source + of the agent @skynews @UKmoments</p> +</blockquote> + +<p>Quoting the <a href="https://www.defenseone.com/threats/2019/12/britains-secret-war-russia/161665/">Defense One</a> +article on the matter:</p> + +<blockquote> + <p>The episode is seen by those inside Britain’s security communications team + as the most serious misstep of the crisis, which for a period caused real + concern. U.K. officials told me that, in hindsight, Aikenhead could never + have blamed Russia directly, because that was not his job—all he was + qualified to do was identify the chemical. Johnson, in going too far, + was more damaging. Two years on, he is now prime minister.</p> +</blockquote> + +<h3 id="may-2018">May 2018</h3> + +<ul> +<li>OPCW facilities receive an email from Spiez inviting them to +a conference.</li> +<li>The conference itself is real, and has been organized before.</li> +<li>The email however, was not &#8211; attached was a Word document containing +malware.</li> +<li>Also seen were inconsistencies in the email formatting, from what was +normal.</li> +</ul> + +<p>This spearphishing campaign was never offically attributed to Moscow, +but there are a lot of tells here that point to it being the work of +a state actor:</p> + +<ol> +<li>Attack targetting a specific group of individuals.</li> +<li>Relatively high level of sophistication &#8211; email formatting, +malicious Word doc, etc.</li> +</ol> + +<p>However, the British NCSC have deemed with &#8220;high confidence&#8221; that the +attack was perpetrated by GRU. In the UK intelligence parlance, &#8220;highly +likely&#8221; / &#8220;high confidence&#8221; usually means &#8220;definitely&#8221;.</p> + +<h2 id="britains-defense">Britain&#8217;s defense</h2> + +<h3 id="september-5-2018">September 5, 2018</h3> + +<p>The UK took a lot of hits in 2018, but they eventually came back:</p> + +<ul> +<li>Metropolitan Police has a meeting with the press, releasing their +findings.</li> +<li>CCTV footage showing the two Russian hitmen was released.</li> +<li>Traces of Novichok identified in their hotel room.</li> +</ul> + +<p>This sudden news explosion from Britan&#8217;s side completely +bulldozed the information space pertaining to the entire event. +According to Defense One:</p> + +<blockquote> + <p>Only two of the 10 most viral stories in the weeks following the announcement + were sympathetic to Russia, according to NewsWhip. Finally, officials recalled, + it felt as though the U.K. was the aggressor. “This was all kept secret to + put the Russians on the hop,” one told me. “Their response was all over the + place from this point. It was the turning point.”</p> +</blockquote> + +<p>Earlier in April, 4 GRU agents were arrested in the Netherlands, who +were there to execute a cyber operation against the OPCW (located in The +Hague), via their WiFi networks. They were arrested by Dutch security, +and later identifed as belonging to Unit 26165. They also seized a bunch +of equipment from the room and their car.</p> + +<blockquote> + <p>The abandoned equipment revealed that the GRU unit involved had sent + officers around the world to conduct similar cyberattacks. They had + been in Malaysia trying to steal information about the investigation + into the downed Malaysia Airlines Flight 17, and at a hotel in Lausanne, + Switzerland, where a World Anti-Doping Agency (WADA) conference was taking + place as Russia faced sanctions from the International Olympic Committee. + Britain has said that the same GRU unit attempted to compromise Foreign + Office and Porton Down computer systems after the Skripal poisoning.</p> +</blockquote> + +<h3 id="october-4-2018">October 4, 2018</h3> + +<p>UK made the arrests public, published a list of infractions commited by +Russia, along with the specific GRU unit that was caught.</p> + +<p>During this period, just one of the top 25 viral stories was from +a pro-Russian outlet, RT &#8211; that too a fairly straightforward piece.</p> + +<h2 id="wrapping-up">Wrapping up</h2> + +<p>As with conventional warfare, it&#8217;s hard to determine who won. Britain +may have had the last blow, but Moscow&#8212;yet again&#8212;depicted their +finesse in information warfare. Their ability to seize unexpected +openings, gather intel to facilitate their disinformation campaigns, and +their cyber capabilities makes them a formidable threat. </p> + +<p>2020 will be fun, to say the least.</p> + +<div class="footnotes"> +<hr /> +<ol> +<li id="fn-skripal"> +<p><a href="https://en.wikipedia.org/wiki/Sergei_Skripal">https://en.wikipedia.org/wiki/Sergei_Skripal</a>&#160;<a href="#fnref-skripal" class="footnoteBackLink" title="Jump back to footnote 1 in the text.">&#8617;</a></p> +</li> + +<li id="fn-dstltweet"> +<p><a href="https://twitter.com/dstlmod/status/981220158680260613">https://twitter.com/dstlmod/status/981220158680260613</a>&#160;<a href="#fnref-dstltweet" class="footnoteBackLink" title="Jump back to footnote 2 in the text.">&#8617;</a></p> +</li> +</ol> +</div> +]]></description><link>https://icyphox.sh/blog/ru-vs-gb</link><pubDate>Thu, 12 Dec 2019 00:00:00 +0000</pubDate><guid>https://icyphox.sh/blog/ru-vs-gb</guid></item><item><title>Instagram OPSEC</title><description><![CDATA[<p>Which I am not, of course. But seeing as most of my peers are, I am compelled to write this post. Using a social platform like Instagram automatically implies that the user understands (to some level) that their personally identifiable information is exposed publicly, and they

@@ -83,8 +272,8 @@ are better cropped out of pictures. They reveal the time, notifications

(apps that you use), and can be used to identify your phone&#8217;s operating system. Besides, the status/nav bar isn&#8217;t very useful to your screenshot anyway.</p></li> -<li><p>Avoid sharing your voice, if avoidable. In general, reduce your -footprint.</p></li> +<li><p>Share your voice. In general, reduce your footprint on the platform +that can be used to identify you elsewhere.</p></li> <li><p>Think you&#8217;re safe if your account is set to private. It doesn&#8217;t take much to get someone who follows you, to show show your profile on their device.</p></li>
A pages/blog/ru-vs-gb.md

@@ -0,0 +1,165 @@

+--- +template: +title: Disinfo war: RU vs GB +subtitle: A look at Russian info ops against Britain +date: 2019-12-12 +--- + +This entire sequence of events begins with the attempted poisoning of +Sergei Skripal[^skripal], an ex-GRU officer who was a double-agent for +the UK's intelligence services. This hit attempt happened on the 4th of +March, 2018. 8 days later, then-Prime Minister Theresa May formally +accused Russia for the attack. + +[^skripal]: https://en.wikipedia.org/wiki/Sergei_Skripal + +The toxin used in the poisoning was a nerve agent called _Novichok_. +In addition to the British military-research facility at Porton Down, +a small number of labs around the world were tasked with confirming +Porton Down's conclusions on the toxin that was used, by the OPCW +(Organisation for the Prohibition of Chemical Weapons). + +With the background on the matter out of the way, here are the different +instances of well timed disinformation pushed out by Moscow. + +## The Russian offense + +### April 14, 2018 + +- RT published an article claiming that Spiez had identified a different +toxin -- BZ, and not Novichok. +- This was an attempt to shift the blame from Russia (origin of Novichok), +to NATO countries, where it was apparently in use. +- Most viral piece on the matter in all of 2018. + +Although technically correct, this isn't the entire truth. As part of +protocol, the OPCW added a new substance to the sample as a test. If any +of the labs failed to identify this substance, their findings were +deemed untrustworthy. This toxin was a derivative of BZ. + +Here are a few interesting things to note: + +1. The entire process starting with the OPCW and the labs is top-secret. +How did Russia even know Speiz was one of the labs? +2. On April 11th, the OPCW mentioned BZ in a report confirming Porton + Down's findings. Note that Russia is a part of OPCW, and are fully + aware of the quality control measures in place. Surely they knew + about the reason for BZ's use? + +Regardless, the Russian version of the story spread fast. They cashed in +on two major factors to plant this disinfo: + +1. "NATO bad" : Overused, but surprisingly works. People love a story + that goes full 180°. +2. Spiez can't defend itself: At the risk of revealing that it was one + of the facilities testing the toxin, Spiez was only able to "not + comment". + +### April 3, 2018 + +- The Independent publishes a story based on an interview with the chief +executive of Porton Down, Gary Aitkenhead. +- Aitkenhead says they've identified Novichok but "have not identified +the precise source". +- Days earlier, Boris Johnson (then-Foreign Secretary) claimed that +Porton Down confirmed the origin of the toxin to be Russia. +- This discrepancy was immediately promoted by Moscow, and its network +all over. + +This one is especially interesting because of how _simple_ it is to +exploit a small contradiction, that could've been an honest mistake. +This episode is also interesting because the British actually attempted +damage control this time. Porton Down tried to clarify Aitkenhead's +statement via a tweet[^dstltweet]: + +> Our experts have precisely identified the nerve agent as a Novichok. +> It is not, and has never been, our responsibility to confirm the source +> of the agent @skynews @UKmoments + +[^dstltweet]: https://twitter.com/dstlmod/status/981220158680260613 + +Quoting the [Defense One](https://www.defenseone.com/threats/2019/12/britains-secret-war-russia/161665/) +article on the matter: + +> The episode is seen by those inside Britain’s security communications team +> as the most serious misstep of the crisis, which for a period caused real +> concern. U.K. officials told me that, in hindsight, Aikenhead could never +> have blamed Russia directly, because that was not his job—all he was +> qualified to do was identify the chemical. Johnson, in going too far, +> was more damaging. Two years on, he is now prime minister. + +### May 2018 + +- OPCW facilities receive an email from Spiez inviting them to +a conference. +- The conference itself is real, and has been organized before. +- The email however, was not -- attached was a Word document containing +malware. +- Also seen were inconsistencies in the email formatting, from what was +normal. + +This spearphishing campaign was never offically attributed to Moscow, +but there are a lot of tells here that point to it being the work of +a state actor: + +1. Attack targetting a specific group of individuals. +2. Relatively high level of sophistication -- email formatting, + malicious Word doc, etc. + +However, the British NCSC have deemed with "high confidence" that the +attack was perpetrated by GRU. In the UK intelligence parlance, "highly +likely" / "high confidence" usually means "definitely". + +## Britain's defense + +### September 5, 2018 + +The UK took a lot of hits in 2018, but they eventually came back: + +- Metropolitan Police has a meeting with the press, releasing their +findings. +- CCTV footage showing the two Russian hitmen was released. +- Traces of Novichok identified in their hotel room. + +This sudden news explosion from Britan's side completely +bulldozed the information space pertaining to the entire event. +According to Defense One: + +> Only two of the 10 most viral stories in the weeks following the announcement +> were sympathetic to Russia, according to NewsWhip. Finally, officials recalled, +> it felt as though the U.K. was the aggressor. “This was all kept secret to +> put the Russians on the hop,” one told me. “Their response was all over the +> place from this point. It was the turning point.” + +Earlier in April, 4 GRU agents were arrested in the Netherlands, who +were there to execute a cyber operation against the OPCW (located in The +Hague), via their WiFi networks. They were arrested by Dutch security, +and later identifed as belonging to Unit 26165. They also seized a bunch +of equipment from the room and their car. + +> The abandoned equipment revealed that the GRU unit involved had sent +> officers around the world to conduct similar cyberattacks. They had +> been in Malaysia trying to steal information about the investigation +> into the downed Malaysia Airlines Flight 17, and at a hotel in Lausanne, +> Switzerland, where a World Anti-Doping Agency (WADA) conference was taking +> place as Russia faced sanctions from the International Olympic Committee. +> Britain has said that the same GRU unit attempted to compromise Foreign +> Office and Porton Down computer systems after the Skripal poisoning. + +### October 4, 2018 + +UK made the arrests public, published a list of infractions commited by +Russia, along with the specific GRU unit that was caught. + +During this period, just one of the top 25 viral stories was from +a pro-Russian outlet, RT -- that too a fairly straightforward piece. + +## Wrapping up + +As with conventional warfare, it's hard to determine who won. Britain +may have had the last blow, but Moscow---yet again---depicted their +finesse in information warfare. Their ability to seize unexpected +openings, gather intel to facilitate their disinformation campaigns, and +their cyber capabilities makes them a formidable threat. + +2020 will be fun, to say the least.
M static/style.cssstatic/style.css

@@ -71,6 +71,16 @@ width: 40%;

line-height: 1.8; } +.content-index { + position: relative; + font-size: 17px; + top: 20%; + left: 30%; + right: 30%; + width: 40%; + line-height: 1.8; +} + pre { padding: 10px; }

@@ -104,7 +114,7 @@ }

.logo { width: 220px; - padding-bottom: 60px; + padding-bottom: 65px; } .footer {
M templates/index.htmltemplates/index.html

@@ -27,7 +27,7 @@ <header class="header">

{{ header }} </header> <body> - <div class="content"> + <div class="content-index"> <div align="left"> {{ body }} </div>