Notices by Ravi Nayyar (ravirockks@infosec.exchange)

'If you hit yourself in the face with a hammer, it’s not the hammer’s fault. It’s really on you to make sure you know who you’re talking to.

'… the use of Signal suggests … were conducting the conversation on internet-connected devices—possibly even including personal ones—since Signal wouldn’t typically be allowed on the official, highly restricted machines intended for such conversations.

'… the core issue was communicating about incredibly high-stakes, secret military operations using inappropriate devices or software.

'Multiple sources … noted specifically that downloading consumer apps like Signal to Defense Department devices is highly restricted and often banned … [SECDEF] either obtained an extremely unusual waiver to install Signal on a department [of Defense] device, bypassed the standard process for seeking such a waiver, or was using a non-DOD device for the chat.

'… Hegseth himself is the classification authority for the information.

'… establishing an information designation or declassifying information happens through an established, proactive process'.

Core issue with Signalgate = Governance, governance, governance!
https://www.wired.com/story/signalgate-isnt-about-signal/

'... researcher with no prior malware coding experience successfully tricked popular generative AI (GenAI) tools—including DeepSeek, Microsoft Copilot, and OpenAI’s ChatGPT—into developing malware that can steal login credentials from Google Chrome'.

Well done, mate.
https://www.catonetworks.com/blog/2025-cato-ctrl-threat-report-top-4-ai-predictions-for-the-year-ahead/

'[MSFT] has walked away from new data center projects in the US and Europe ... about 2 gigawatts of electricity ... attributed the pullback to an oversupply of the [computing] clusters ...

'... reflected the company’s choice to forgo some new business from ChatGPT maker OpenAI ...

'... Google had stepped in to grab some leases Microsoft abandoned in Europe ... while [Meta] ... had scooped up some of the freed capacity in Europe.

'... we [MSFT] are well positioned to meet our current and increasing customer demand ... added more capacity than in any other year in its history.

'After a frantic expansion to support OpenAI and other artificial intelligence projects, the company expects spending to shift from new construction to fitting out data centers with servers and other equipment.

'... believe the lease cancellations and deferrals of capacity points to data center oversupply relative to its current demand forecast ...'
https://archive.md/7Lae0

Three words: The right call.
https://www.malaymail.com/news/malaysia/2025/03/25/not-even-five-seconds-to-decide-anwar-says-rejected-us10m-ransom-demand-after-mahb-hacking/170765

'On February 21, in Helsinki, Finland, Executive Vice-President Henna Virkkunen presented the Joint Communication of the Commission and the HRVP to strengthen the security and resilience of submarine cables'.

Missed this.
https://digital-strategy.ec.europa.eu/en/news/commission-and-high-representative-present-strong-actions-enhance-security-submarine-cables

Ah: https://therecord.media/finland-eagle-s-tanker-released-3-crew-still-detained

‘The owner of the cable, Finnish telecom operators Cinia, said it detected minor damage to its fibre-optic cable but added it was still functioning as usual.

‘Cinia also said it is the third time this cable has been damaged in recent months’.

Again?
https://www.bbc.com/news/articles/cy5nydr9rqvo

'We welcome that NATO has launched the enhanced Vigilance Activity “Baltic Sentry” to improve situational awareness and deter hostile activities ... NATO´s Maritime Centre for the Security of Critical Undersea Infrastructure and NATO´s Critical Undersea Infrastructure Network will support efforts ...

'As an example, the Commander Task Force-Baltic works towards establishing an integrated regional picture on critical infrastructure in the Baltic Sea that contributes to NATO’s work in protecting critical undersea infrastructure.

'We will also take actions for accountability and stronger enforcement against those responsible for damaging undersea infrastructure, including compensation for damage. [What if it's China?]

'We will take further steps to enhance resilience of our communications network and energy infrastructure, including reliable supply chains, enhancing physical and cybersecurity measures, developing European undersea surveillance capabilities and swift repair capacity, engaging with the private sector.

'In close coastal state co-operation, we are increasing surveillance of the vessels, including the inspections of vessel insurance certificates'.

No mention of China in here. Only Russia.
https://www.presidentti.fi/joint-statement-of-the-baltic-sea-nato-allies-summit/

'The suspected culprit behind the damage, the Eagle S, has been seized and transferred to the oil port of Kilpilahti in Porvoo, east of Helsinki, while investigators continue to analyze devices from the ship and question its crew on suspicion of aggravated criminal mischief. Last week, the NBI said eight of the ship’s crew — an increase from the initial seven — had been issued with travel bans so they could continue to be questioned'.
https://therecord.media/finland-russia-spy-ship-anchor

‘… the communications cable between Lithuania and Sweden was also damaged.

‘Meanwhile, data transmission between Finland and Germany was completely interrupted.

‘The failure of the only link between Finland and Central Europe …’
https://www.lrt.lt/en/news-in-english/19/2416006/undersea-cable-between-lithuania-and-sweden-damaged-telia

SHOCKING!
https://www.reuters.com/world/europe/finland-finds-drag-marks-baltic-seabed-after-cable-damage-2024-12-29/

Good, but if only the Swedes could have lawfully seized the Yi Peng 3 re that cable cut.

Of course, ‘can’t upset the Chinese’ despite their sponsorship of the Russians.
https://www.abc.net.au/news/2024-12-27/finland-seizes-tanker-after-underwater-power-cable-outage/104765296

👇🏼
https://blog.cloudflare.com/resilient-internet-connectivity-baltic-cable-cuts

'Danish authorities appear to have narrowed down a possible culprit to Chinese bulker Yi Peng 3, which traveled over the reported incident site at the time of the failure. Its AIS track shows the vessel drifting back and forth for around an hour the morning of November 18.

'By the time Yi Peng 3 reached Danish waters the country’s Navy had dispatched several vessels shadowing the vessel. Online reports suggest that a Danish pilot was placed onboard the vessel during the afternoon of November 19 as it continued passing through Danish Straits.

'The Finnish investigation of the [earlier] NewNew Polar Bear incident concluded that the vessel dropped its anchor during a storm dragging it over the Balticonnector pipeline. The vessel had been spotted with a missing anchor during its first port call following the incident'.
https://gcaptain.com/details-of-baltic-sea-cable-incident-remain-murky-as-danish-coast-guard-shadows-chinese-vessel/

Ah.
https://therecord.media/sweden-releases-ship-suspected-cable-sabotage

From an excellent piece by James Corera and Jakub Janda:

'Once could be an accident, and twice might be a coincidence. But three instances look like a trend that we shouldn’t ignore or tolerate, especially since we know malign actors like Beijing and Moscow also have the capability to disrupt our critical infrastructure through prepositioned malware.

'Since China has persistently breached the same convention in the South China Sea, its disregard for the interests of other countries in the Yi Peng 3 case comes as no surprise.

'A refusal to comply with international investigative norms also encourages other states to act similarly.

'These incidents show how the Russia-China axis is increasingly working in sync to the peril of the rules-based liberal order'.
https://www.aspistrategist.org.au/baltic-subsea-sabotage-china-gets-away-with-non-cooperation/

'About 40 drone-equipped U.S. Marines have been sent to Finland to join NATO’s Baltic Sentry effort to protect undersea cables in the wake of several instances of suspected sabotage ...

'... the first commitment of American troops [to the initiative].

'The Marines will use hand-launched RQ-20 Puma surveillance drones ...

'This is also a great opportunity for the Marines to hone their cold weather skills. The Arctic is a focus of NATO and the U.S. ...

'Having Marines deployed on this mission fits into their new doctrine of positioning small units in littoral areas inside an enemy’s weapons engagement zone (WEZ), though that has been largely focused on the Pacific'.

Good stuff.
https://www.twz.com/sea/drone-equipped-u-s-marines-now-helping-protect-baltic-se-submarine-cables

On the other hand.
https://therecord.media/sweden-pm-on-suspected-russian-cable-breaks-not-an-accident

'... there is increasing confidence among their governments that the incidents were accidental and not directed by the Kremlin. [Leaks.]

'... no spike in the number of cable faults proportional to an increase in maritime traffic in the region [due to sanctions on Russia]. [Leaks.]

'... they had been briefed that sometimes incompetent ship-masters simply don’t want to go through the bother of arguing with the crew to trek out to the bow of the vessel in inclement weather to hoist the anchor. [Leaks. Really?]

'These anchors are not designed to simply “hold fast on the seabed,” explained the ICPC, which notes that in rough weather the vessel will move with the anchor ... seven egregious examples including one in 2008 when a ship dragged its anchor for around 180 miles, damaging six submarine cables'.
https://therecord.media/european-officials-baltic-sea-cable-breaks-accidental

Presenting Edition 2(2) of my cyber x geoeconomics x resilience newsletter, Circum Cyberes.

Plenty in here, from cyber to physical to geoeconomics to intelligence to military to DIB'y stuff.

Dive in, tell me what you make of my takes and give us a subscribe!
https://open.substack.com/pub/atechnolegalupdate/p/circum-cyberes-22?r=8snts&utm_campaign=post&utm_medium=web&showWelcomeOnShare=true