Privacy
The US National Security Agency has 100 people working on cyber offence for every analyst focussed on cyber defence, according to a new book by the New York Times' security correspondent. In This Is How They Tell Me the World Ends: The Cyberweapons Arms Race, Nicole Perlroth seeks to convey the scale of a threat the world and its governments appear intent on ignoring. The result, in her book, is the collapse of society under the weight of cyber attacks and disinformation. The book is published later this month. In the meantime, The New Yorker has a review.
If all that sounds hyperbolic, more details continue to emerge about the so-called 'SolarWinds' campaign, which resulted in the compromise of most US government agencies. Microsoft has described the campaign as "the new normal", but according to the US Cybersecurity and Security Agency the reality is that 30% of victims didn't actually use SolarWinds products. SolarWinds is now reported ($) to be investigating the possibility that flaws in Microsoft products were behind the access to its infrastructure - and the same issues may have been responsible for many of the other intrusions. The attackers are believed to have gained an initial foothold by trying out multiple passwords until they found one that worked. 'Password spraying' is common and it's essential to defend against it.
Meanwhile, a(nother) frightening glimpse of the future emerges from western China, as described by investigative site, The Intercept. It obtained a huge database used by the Chinese government to help surveil the Uighur community. The database resulted from a reporting tool developed by Landasoft, a private defence company. According to The Intercept, it includes police reports confirming "many elements of the persecution and large-scale internment of Muslims in the area". It also suggests that the “Physicals for All” biometric collection program, officially described as solely a health initiative, is intended as part of the policing system.