OSIRIS Brief 0.22.0
BLUF: Just because news is slow, doesn’t mean hacking is taking a vacation.
It's the Most Retrospective Time of the Year
The last two weeks of the year are usually slow for news, and so it is with cybersecurity. Hackers are probably just as active during the Christmas Holidays as during other times of the year. Most people in China, Iran, and North Korea don’t observe Christmas so neither do APTs. There is no reason to believe that criminals or government-sponsored APTs in predominantly Christian countries take Christmas off. In fact, security vulnerabilities can be like emails during vacation: they just build up over time only to come crashing down when everyone gets back to work.
As reporting and disclosure of vulnerabilities slows down, and as news agencies and media dial back on reporting, pre-packaged essays and retrospectives increase. This time of year is a natural time to reflect on the things we have learned over the year, some of the most pressing issues we currently face, and what is to come. In this brief, I’ve included more noteworthy essays than usual for your perusal, and I will continue to update the brief throughout the season. Stay safe, and have a happy holidays (or regular days, as the case may be).
Nashville Bombing May Have Been 5G Paranoia
As more details emerge about the bombing in Nashville on Christmas, a picture of a disturbed culprit emerges. One of the suicide bomber’s possible motives may include paranoia about 5G as a means for surveillance. 5G has been the subject of conspiracy theories online including a wave of arson against 5G towers in Britain.
If readers would like a more complete explanation of why 5G does not constitute the security risk conspiracy theorists describe, please leave a comment.
Anti-Trust Moves Across the World
“Trust busting” social media and online companies is picking up steam. Two weeks ago US states brought a second lawsuit against Google for anti-competitive practices. The lawsuit alleges that Facebook and Google signed a “non-competition” pact, to avoid infringing on each other’s territory. Anti-trust fervor seems to have spread to China, where the government is investigating Alibaba for monopolistic practices. It is not clear that China’s anti-trust investigation is truly interested in constraining monopolistic practices, or if it is part of a broader campaign to reign in corporate power.
Noteworthy
The Ghost of Christmas Yet to Come: How an AI ‘SantaNet’ Might End Up Destroying the World by Salmon et al.
Nosy Ex-Partners Armed with Instagram Passwords Pose a Serious Threat by Bracken
I Played the Free Online Games Your Kids Are Playing and Here’s What Happened by Christian
Does a Friend “Need Money Urgently”? Check your facts before paying out… – Naked Security by Ducklin
Can Artificial Intelligence Really be “Explainable”? by Wahi
GPT-3: The Next Revolution in Artificial Intelligence (AI) by Scott
The Best Cybersecurity Predictions For 2021 Roundup by Columbus
CrowdStrike Launches Free Tool to Identify & Mitigate Risks in Azure Active Directory by Sentonas
Why SolarWinds-SUNBURST is our Cyber Pearl Harbor by Grobman
David Benson is a Professor of Strategy and National Security focusing on cyberstrategy and international relations. You can reach him at dbenson@osiriscodex.com.
To get more insightful analysis like this in your inbox at no cost please subscribe.
Share this Brief with someone who might appreciate it.
Ask a question! Raise an objection! Leave a comment!
I’m also confused about why TikTok is such a security concern. The app itself seems harmless. But I understand that the military has banned it.
I know there were security concerns about Huawei building 5G infrastructure. I think the worry was that they could build back doors into the hardware that the CCP could then exploit. But even if a different company or companies but the infrastructure, wouldn’t similar concerns still exist? How are/should governments insure the security of their budding 5G networks?