Notices by Kevin Collier (kevincollier@mastodon.social)

Kristi Noem spoke at RSA today and said she had had a "candid" conversation with tech leaders here in SF earlier in the day. My understanding is they were executives in tech, critical infrastructure, and cyber.

Do you know of anyone who attended? I'm looking for details of the guest list and what the conversation was like. Can keep your identity private. Signal is kevincollier.01, email kevin.collier@nbcuni.com.

Security and privacy folks: How is TikTok identifying American users? Even using Tor or VPNs with a laptop, I'm unable to load TikTok.com. Is this a cookie thing? Have they stored MAC addresses related to accounts with a US phone number and are blocking them en masse? (Actual answers only please)

We are in full blown election disinfo whack-a-mole mode.

New: US intelligence thinks the likely next move for Iranian influence ops is reaching out directly to American voters, a la their threatening emails to Florida Democrats in 2020.

https://www.nbcnews.com/tech/security/iran-foreign-influence-election-us-campaign-email-news-rcna177269

If this campaign were directed by the Russian or Iranian governments instead of a Musk-funded super PAC, it would be outed as disinformation by the US intelligence community, possibly disrupted by IC, indicted by DOJ. But it's American, so it's legal.
https://www.opensecrets.org/news/2024/10/pro-trump-dark-money-network-tied-to-elon-musk-behind-fake-pro-harris-campaign-scheme

Strong indication Iran had access to least some Trump campaign materials as recently as last week. Not immediately clear if that means they regained access or never lost it.
https://www.semafor.com/article/09/23/2024/trump-hack-continued-into-last-week

Good morning cyber folks. A borderline literally incredible story from Lebanon, where Reuters is reporting that a simultaneous mass attack on Hezbollah members was...Israel hacking their pagers. Possibly Teletrim.
https://www.reuters.com/world/middle-east/dozens-hezbollah-members-wounded-lebanon-when-pagers-exploded-sources-witnesses-2024-09-17/
https://x.com/michaelh992/status/1836032469537005570

Cyber folks, I have a funny problem. Multiple sources are trying to fwd me IRGC phishing emails for me to examine, but I can't receive them because email protection keeps blocking them. I've tried several email providers. What's one that won't be such a narc about Iranian military hackers?

It's very surreal to watch a man write a book falsely portraying the people you grew up with, then see the rich liberals you live around as an adult make it a bestseller, then that success nets him a GOP senate seat, then he becomes a consensus freak laughing stock tanking a far-right pres ticket.

Joe Biden covid positive test cyber angle

This is the case that prompted DOJ guidance for the FBI to stop warning social media companies about foreign influence campaigns on their platforms, though they had somewhat resumed
https://www.nbcnews.com/politics/supreme-court/supreme-court-tosses-claim-biden-administration-coerced-social-media-c-rcna151356

Amazing reporting. I read it not as "lol opsec fail" but how on a long enough timeline, anyone's ability to use the internet while remaining anonymous is very close to nonexistent.
https://www.theguardian.com/world/2024/apr/05/top-israeli-spy-chief-exposes-his-true-identity-in-online-security-lapse

A big natsec angle to the Tiktok ban I have not seen discussed much is how much of an enormous intelligence boon it has been for the US since the 90s that global social media companies are American and follow American laws and court orders. TikTok (and to a lesser extent Telegram) is really the first major challenge to that dominance.

Props to Reuters here: it's significantly harder to report on cyber or influence campaigns that the US uses against China or Russia than the other way around
https://www.reuters.com/world/us/trump-launched-cia-covert-influence-operation-against-china-2024-03-14/

Change Healthcare's latest announcement about its ongoing, devastating ransomware attack uses some PR speak: more than 90% the 70,000+ US pharmacies that use it have developed workarounds.

That seems worded to hide that thousands are totally offline.
https://www.nbcnews.com/tech/security/ransomware-attack-us-health-care-payment-processor-serious-incident-ki-rcna141322

Even if this was just a misconfiguration issue, which it almost certainly was, I think this is great. Telecom triolpoly means AT&T has absolutely no qualms refusing to tell the public almost anything about what happened. It's a good use of public-good legal authority to compel them, IMO.

This is truly jaw-dropping. Absolutely no one's doubting her credentials. A young Black woman already doing the job of acting National Cyber Director can't get formally Senate confirmed in that role because she has debt?
https://www.washingtonpost.com/national-security/2023/07/15/kemba-walden-nomination-cyber-director/

When there's major societal collapse, the internet often goes with it. Imagine your country's dealing with a military coup and suddenly you're cut off from all outside information and most means of communication.
https://mastodon.social/@netblocks/110245391449669838

The Biden admin is looking into a seemingly impossible task: how it could possibly legally or logistically track obscure corners of the internet like the Discord server where the 50+ leaked Top Secret documents were published earlier this year.
https://www.nbcnews.com/politics/national-security/us-intel-agencies-missed-classified-documents-leaked-on-discord-rcna79404