We don’t have many details: > President Donald Trump suggested Saturday that the U.S. used cyberattacks or > other technical capabilities to cut power off in Caracas during strikes on the > Venezuelan capital that led to the capture of Venezuelan President Nicolás > Maduro. > > If true, it would mark one of the most public uses of U.S. cyber power against > another nation in recent memory. These operations are typically highly > classified, and the U.S. is considered one of the most advanced nations in > cyberspace operations globally.

Reuters is reporting that the White House has banned WhatsApp on all employee devices: > The notice said the “Office of Cybersecurity has deemed WhatsApp a high risk > to users due to the lack of transparency in how it protects user data, absence > of stored data encryption, and potential security risks involved with its > use.” TechCrunch has more commentary, but no more information.

Two essays were just published on DOGE’s data collection and aggregation, and how it ends with a modern surveillance state. It’s good to see this finally being talked about.

Mitre’s CVE’s program—which provides common naming and other informational resources about cybersecurity vulnerabilities—was about to be cancelled, as the US Department of Homeland Security failed to renew the contact. It was funded for eleven more months at the last minute. This is a big deal. The CVE program is one of those pieces of common infrastructure that everyone benefits from. Losing it will bring us back to a world where there’s no single way to talk about vulnerabilities. It’s kind of crazy to think that the US government might damage its own security in this way—but I suppose no crazier than any of the other ways the US is working against its own interests right now...

At a Congressional hearing earlier this week, Matt Blaze made the point that CALEA, the 1994 law that forces telecoms to make phone calls wiretappable, is outdated in today’s threat environment and should be rethought: > In other words, while the legally-mandated CALEA capability requirements have > changed little over the last three decades, the infrastructure that must > implement and protect it has changed radically. This has greatly expanded the > “attack surface” that must be defended to prevent unauthorized wiretaps, > especially at scale. The job of the illegal eavesdropper has gotten > significantly easier, with many more options and opportunities for them to > exploit. Compromising our telecommunications infrastructure is now little > different from performing any other kind of computer intrusion or data breach, > a well-known and endemic cybersecurity problem. To put it bluntly, something > like Salt Typhoon was inevitable, and will likely happen again unless > significant changes are made...

In “Secrets and Lies” (2000), I wrote: > It is poor civic hygiene to install technologies that could someday facilitate > a police state. It’s something a bunch of us were saying at the time, in reference to the vast NSA’s surveillance capabilities. I have been thinking of that quote a lot as I read news stories of President Trump firing the Director of the National Security Agency. General Timothy Haugh. A couple of weeks ago, I wrote: > We don’t know what pressure the Trump administration is using to make > intelligence services fall into line, but it isn’t crazy to ...

In the span of just weeks, the US government has experienced what may be the most consequential security breach in its history—not through a sophisticated cyberattack or an act of foreign espionage, but through official orders by a billionaire with a poorly defined government role. And the implications for national security are profound. First, it was reported that people associated with the newly created Department of Government Efficiency (DOGE) had accessed the US Treasury computer system, giving them the ability to collect data on and potentially control the department’s roughly ...

From the Washington Post: > The sanctions target Beijing Integrity Technology Group, which U.S. officials > say employed workers responsible for the Flax Typhoon attacks which > compromised devices including routers and internet-enabled cameras to > infiltrate government and industrial targets in the United States, Taiwan, > Europe and elsewhere.

Interesting analysis: > We introduce and explore a little-known threat to digital equality and > freedom­websites geoblocking users in response to political risks from > sanctions. U.S. policy prioritizes internet freedom and access to information > in repressive regimes. Clarifying distinctions between free and paid websites, > allowing trunk cables to repressive states, enforcing transparency in > geoblocking, and removing ambiguity about sanctions compliance are concrete > steps the U.S. can take to ensure it does not undermine its own aims. The paper: “...