Notices by Ravi Nayyar (ravirockks@infosec.exchange)

Some interesting bits from a great chat at CSIS on the US DIB, looking back and looking forward: https://www.youtube.com/live/wP3JsXCfMmQ

'In an April 2020 guide ... Signal had been approved ... “official decisions made on this platform must be documented and saved to [the records management system]”.

'... instructed on how to turn on disappearing messages in Signal ... not to enable chat backup.

'A separate policy document ... advised employees to “extract, take a screenshot or take note of any official business conducted on a mobile messaging application” for recording'.
https://www.theguardian.com/australia-news/2025/may/05/home-affairs-let-staff-use-signal-and-disappearing-messages-amid-covid-lockdowns-documents-show

'A Reuters review of almost 100 Chinese and Hong Kong companies added to the U.S. entity list in 2023 and 2024 found more than a quarter, or 26 entries, contained erroneous details ...

'... trade in restricted items by some entities, aided by loopholes, paper companies and networks of freight forwarders and shipping agents ...

'BIS is "woefully under-resourced" ...

'Makkaveev said he got around his company's blacklisting by setting up two new firms on Hong Kong's Companies Registry, which took less than a week. He said he used e-commerce platforms to process payments after banks shunned him.

'At one COMSEC firm, Inter Group, a manager surnamed Yang said it still represented hundreds of companies linked to people in Russia'.
https://www.reuters.com/sustainability/boards-policy-regulation/us-blacklist-china-is-riddled-with-errors-outdated-details-2025-05-02/

@patrickcmiller You can tell how much fun the sub-editor had with the headline - well done.

'Reuters, drawing from a headline on CNBC, published a story ... Reuters has withdrawn the incorrect report and regrets its error.

'As we [CNBC] were chasing the news of the market moves in real-time, we aired unconfirmed information in a banner'.

Mainstream media should know better, especially when they keep telling us how they are the defenders of our democracy and stuff.

Also, an appalling headline which does not mention the root cause being stuff-ups by legacy outlets.
https://techcrunch.com/2025/04/07/how-one-tweet-wreaked-havoc-on-the-stock-market/

'If you hit yourself in the face with a hammer, it’s not the hammer’s fault. It’s really on you to make sure you know who you’re talking to.

'… the use of Signal suggests … were conducting the conversation on internet-connected devices—possibly even including personal ones—since Signal wouldn’t typically be allowed on the official, highly restricted machines intended for such conversations.

'… the core issue was communicating about incredibly high-stakes, secret military operations using inappropriate devices or software.

'Multiple sources … noted specifically that downloading consumer apps like Signal to Defense Department devices is highly restricted and often banned … [SECDEF] either obtained an extremely unusual waiver to install Signal on a department [of Defense] device, bypassed the standard process for seeking such a waiver, or was using a non-DOD device for the chat.

'… Hegseth himself is the classification authority for the information.

'… establishing an information designation or declassifying information happens through an established, proactive process'.

Core issue with Signalgate = Governance, governance, governance!
https://www.wired.com/story/signalgate-isnt-about-signal/

'... researcher with no prior malware coding experience successfully tricked popular generative AI (GenAI) tools—including DeepSeek, Microsoft Copilot, and OpenAI’s ChatGPT—into developing malware that can steal login credentials from Google Chrome'.

Well done, mate.
https://www.catonetworks.com/blog/2025-cato-ctrl-threat-report-top-4-ai-predictions-for-the-year-ahead/

'[MSFT] has walked away from new data center projects in the US and Europe ... about 2 gigawatts of electricity ... attributed the pullback to an oversupply of the [computing] clusters ...

'... reflected the company’s choice to forgo some new business from ChatGPT maker OpenAI ...

'... Google had stepped in to grab some leases Microsoft abandoned in Europe ... while [Meta] ... had scooped up some of the freed capacity in Europe.

'... we [MSFT] are well positioned to meet our current and increasing customer demand ... added more capacity than in any other year in its history.

'After a frantic expansion to support OpenAI and other artificial intelligence projects, the company expects spending to shift from new construction to fitting out data centers with servers and other equipment.

'... believe the lease cancellations and deferrals of capacity points to data center oversupply relative to its current demand forecast ...'
https://archive.md/7Lae0

Three words: The right call.
https://www.malaymail.com/news/malaysia/2025/03/25/not-even-five-seconds-to-decide-anwar-says-rejected-us10m-ransom-demand-after-mahb-hacking/170765

'On February 21, in Helsinki, Finland, Executive Vice-President Henna Virkkunen presented the Joint Communication of the Commission and the HRVP to strengthen the security and resilience of submarine cables'.

Missed this.
https://digital-strategy.ec.europa.eu/en/news/commission-and-high-representative-present-strong-actions-enhance-security-submarine-cables

Ah: https://therecord.media/finland-eagle-s-tanker-released-3-crew-still-detained

‘The owner of the cable, Finnish telecom operators Cinia, said it detected minor damage to its fibre-optic cable but added it was still functioning as usual.

‘Cinia also said it is the third time this cable has been damaged in recent months’.

Again?
https://www.bbc.com/news/articles/cy5nydr9rqvo

'We welcome that NATO has launched the enhanced Vigilance Activity “Baltic Sentry” to improve situational awareness and deter hostile activities ... NATO´s Maritime Centre for the Security of Critical Undersea Infrastructure and NATO´s Critical Undersea Infrastructure Network will support efforts ...

'As an example, the Commander Task Force-Baltic works towards establishing an integrated regional picture on critical infrastructure in the Baltic Sea that contributes to NATO’s work in protecting critical undersea infrastructure.

'We will also take actions for accountability and stronger enforcement against those responsible for damaging undersea infrastructure, including compensation for damage. [What if it's China?]

'We will take further steps to enhance resilience of our communications network and energy infrastructure, including reliable supply chains, enhancing physical and cybersecurity measures, developing European undersea surveillance capabilities and swift repair capacity, engaging with the private sector.

'In close coastal state co-operation, we are increasing surveillance of the vessels, including the inspections of vessel insurance certificates'.

No mention of China in here. Only Russia.
https://www.presidentti.fi/joint-statement-of-the-baltic-sea-nato-allies-summit/

'The suspected culprit behind the damage, the Eagle S, has been seized and transferred to the oil port of Kilpilahti in Porvoo, east of Helsinki, while investigators continue to analyze devices from the ship and question its crew on suspicion of aggravated criminal mischief. Last week, the NBI said eight of the ship’s crew — an increase from the initial seven — had been issued with travel bans so they could continue to be questioned'.
https://therecord.media/finland-russia-spy-ship-anchor

‘… the communications cable between Lithuania and Sweden was also damaged.

‘Meanwhile, data transmission between Finland and Germany was completely interrupted.

‘The failure of the only link between Finland and Central Europe …’
https://www.lrt.lt/en/news-in-english/19/2416006/undersea-cable-between-lithuania-and-sweden-damaged-telia

SHOCKING!
https://www.reuters.com/world/europe/finland-finds-drag-marks-baltic-seabed-after-cable-damage-2024-12-29/

Good, but if only the Swedes could have lawfully seized the Yi Peng 3 re that cable cut.

Of course, ‘can’t upset the Chinese’ despite their sponsorship of the Russians.
https://www.abc.net.au/news/2024-12-27/finland-seizes-tanker-after-underwater-power-cable-outage/104765296

👇🏼
https://blog.cloudflare.com/resilient-internet-connectivity-baltic-cable-cuts

'Danish authorities appear to have narrowed down a possible culprit to Chinese bulker Yi Peng 3, which traveled over the reported incident site at the time of the failure. Its AIS track shows the vessel drifting back and forth for around an hour the morning of November 18.

'By the time Yi Peng 3 reached Danish waters the country’s Navy had dispatched several vessels shadowing the vessel. Online reports suggest that a Danish pilot was placed onboard the vessel during the afternoon of November 19 as it continued passing through Danish Straits.

'The Finnish investigation of the [earlier] NewNew Polar Bear incident concluded that the vessel dropped its anchor during a storm dragging it over the Balticonnector pipeline. The vessel had been spotted with a missing anchor during its first port call following the incident'.
https://gcaptain.com/details-of-baltic-sea-cable-incident-remain-murky-as-danish-coast-guard-shadows-chinese-vessel/

Ah.
https://therecord.media/sweden-releases-ship-suspected-cable-sabotage