Skip to main content

The problem with Starlink in Gaza

Delivered every Monday by 10 a.m., Weekly Cybersecurity examines the latest news in cybersecurity policy and politics.
Oct 30, 2023 View in browser
 
POLITICO's Weekly Cybersecurity newsletter logo

By Joseph Gedeon

— With help from John Sakellariadis

Driving the day

— Internet service in Gaza is partially restored after a blackout, but unlike in Ukraine, Starlink may not be a viable solution for improved connectivity — or for Israeli officials.

HAPPY MONDAY, and welcome to MORNING CYBERSECURITY! I spent this weekend a little way out of town, and some of it was spent trapped in a moonlit corn maze for some sort of Halloweekend activity. It was a way, way better time than I expected. Me and my city-slicking ways have a lot to learn about how the rest of America does Halloween.

Have any tips or secrets to share with MC? Or thoughts on what we should be covering? Email me at jgedeon@politico.com. You can also follow @POLITICOPro and @MorningCybersec on X. Full team contact info is below. Let’s dive in.

Want to receive this newsletter every weekday? Subscribe to POLITICO Pro. You’ll also receive daily policy news and other intelligence you need to act on the day’s biggest stories.

Today's Agenda

Department of Homeland Security Science and Technology undersecretary Dimitri Kusnezov, DHS management undersecretary Randolph “Tex” Alles, CISA’s associate chief of strategic technology Garfield Jones and others are joining the DHS’ Strategic Industry Conversation IX on innovation, research and development. Starts at 9:30 a.m.

CISA’s executive assistant director for cybersecurity Eric Goldstein is joining the Federal Communications Commission for a joint-agency roundtable on America’s public alert and warning systems. 9:30 a.m.

The International Scene

WISH UPON A STAR(LINK) — Internet connectivity for more than two million people in Gaza has been partially restored after being blacked out by Israeli airstrikes on Friday, but is still far below pre-conflict levels.

While the lack of internet connectivity causes heavy disruption to Hamas’ communication technologies, the limited network also severely limits the messages civilians can send out — with experts remarking that network connectivity is not at all sustainable, especially if Israeli bombardments continue.

“What we've observed on Friday is the new normal,” Alp Toker, the founder of London-based global internet monitoring group Netblocks, tells Morning Cyber. “This connectivity — which hovers around the 20 percent level — is actually the baseline of infrastructure that is still undamaged and that is now becoming a new kind of flat framework for what is the availability of connectivity.”

One potential lifeline for Gaza is Elon Musk's offer of the battle-tested Starlink’s high-speed satellite internet service — but this may not be the fix Gazans are hoping for.

— Not up and running: Starlink is not yet fully operational in Gaza, and it’s unclear when it will be. It could be a matter of days, much like for Ukraine in the immediate aftermath of Russia’s invasion, but it’s also not that simple.

On Feb. 26, 2022, Ukrainian Minister of Digital Transformation Mykhailo Fedorov tweeted at Musk asking for Starlink terminals, with Musk replying within hours. The first shipment would reach Ukraine before the end of that month and played a vital role in Ukraine’s war effort — providing essential comms infrastructure to both military and civilians.

However, the quick work by SpaceX was thanks to prior planning — the company had already been working to launch Starlink services in Ukraine and other places in Europe before the formal request, and had already secured landing rights for the satellites.

— Not for everyone: Musk has said that he will only provide the satellite internet service to “internationally recognized” humanitarian aid groups, which means that many other people and groups in Gaza may not be able to access it anyways. That’s likely to include hospitals (that are run by Hamas as the de facto government of Gaza), news media and other organizations.

There’s a risk that the connectivity could fall into the hands of Hamas militants, Toker explained, which Israel’s government fears could be used to sow disinformation and propaganda campaigns. While Hamas isn’t known to act through sophisticated cyber operations, Starlink could stamp out that possibility anyway by using precise geolocation tools that filter out connections to make sure only allowed groups are using it.

Still, the offer doesn’t sit right with Israeli officials like minister of communications Shlomo Karhi, who posted on X that “Israel will use all means at its disposal to fight this,” and threatened to cut ties with Starlink.

— Uncertain future: It’s unlikely the Gaza Strip will achieve full connectivity any time soon, and it's more and more likely that the network will again face total shutdown at some point. An anonymous senior U.S. official told the Washington Post on Sunday that Israel had intentionally shut off communications in Gaza and turned it back on after U.S. pressure.

Artificial Intelligence

IT’S AI TIME — In a 100-plus-page draft executive order obtained by POLITICO, the Biden administration lays out serious steps to manage the risks of artificial intelligence in critical infrastructure and cybersecurity.

The EO comes as Washington becomes increasingly concerned about the potential for AI to be used in malicious attacks, such as developing powerful new cyber weapons or to create and deploy deepfakes ahead of the elections. Here’s what sticks out to us.

— Cyber weapons: The order would require companies developing AI models that have the ability to be used for malicious purposes or have access to sensitive data to provide regular reports to the Commerce Department outlining how they are protecting their technology from espionage or digital subversion.

It would also require large cloud services providers to notify the government each time a foreign entity rents server space to train a large AI model.

— Critical infrastructure: The order paves the way for new federal cybersecurity regulation in critical infrastructure sectors like hospitals, gas pipelines and the electric grid.

Agencies with regulatory authority over critical infrastructure will have three months to assess the potential risks related to the use of AI in those sectors. That includes identifying ways in which deploying AI could make critical infrastructure systems more vulnerable to failures or cyberattacks.

The order also requires the Department of Homeland Security to develop guidelines for critical infrastructure owners and operators on how to manage AI-specific cyber risks. Those guidelines will be based on existing security guidance and NIST’s AI Risk Management framework.

— Advisory committee: DHS will be tasked with establishing an AI safety and security advisory committee that’s expected to be up and running in early 2024. The committee will have to provide advice to the critical infrastructure community on how to improve security, resilience and incident response related to AI usage.

The key committee will comprise AI experts from the private sector, academia and the government.

— Pilot projects: The order directs the Department of Defense and DHS to carry out operational pilot projects within six months using AI for defensive efforts to identify, test and fix vulnerabilities in critical United States government software, systems and networks.

Ransomware

WHITE HOUSE TO UNVEIL RANSOM BAN — The U.S. and dozens of foreign governments will soon issue a joint commitment not to pay ransoms to cybercriminal gangs, a senior administration official told MC.

The pledge, John writes in, which represents the latest effort by the White House to tamp down the continued scourge of online extortion, will be unveiled later this week as part of third-ever gathering of the international counter-ransomware initiative in Washington.

However, the payment ban will not necessarily include all 48 national governments that are party to the CRI, said the official, who was granted anonymity as a condition of talking about the planning for the summit. “There's still a few nations that have not yet signed up to that statement, but it'll be the vast majority,” the official said.

— What else to watch: The CRI, which also counts the EU and INTERPOL among its members, will announce new intelligence-sharing, anti-money laundering and capacity-building initiatives, deputy national security adviser for cybersecurity and emergency technology Anne Neuberger said last week.

In addition, there is a push among CRI members to “get as much transparency as possible” around how many ransomware attacks occur within each member country, the official told MC. Many victims do not report attacks due to fear of legal, reputational or regulatory liability, complicating law enforcement’s ability to understand the prevalence of the problem.

In addition, members are talking about creating a fund “to assist nations that are in distress,” the official said, and exploring mechanisms to ensure the CRI endures long after the Biden administration, which spearheaded the partnership. “I don't think that the ransomware problem is going away anytime soon,” the official said.

Vulnerabilities

STEALING FROM AWS — A fast-moving cryptojacking campaign has been targeting exposed Amazon Web Services credentials on GitHub since at least December 2020, according to a new report from Unit 42.

Researchers from Unit 42, the threat intelligence arm of Palo Alto Networks, dubbed the operation “EleKtra-Leak” and note attackers have been able to detect and use exposed credentials within five minutes of their initial exposure on GitHub — a show of force that displays how cyber gangs can leverage cloud automation techniques to achieve their cryptojacking dreams.

— What’s the damage?: Researchers believe there have been 474 unique miners potentially linked to the attackers who mined Monero, a digital asset with strong privacy controls that mean the exact amount stolen can’t be determined.

— How it’s being done: Researchers believe the attackers use automated tools to scan for exposed identity and access management credentials on public GitHub repositories. Once they find a set of exposed credentials, they use them to create EC2 instances (a virtual server that enables you to run applications on AWS infrastructure) that they then use for cryptojacking.

The researchers were able to track the criminal movements by automating the creation of randomized AWS and user accounts with targeted overly permissive credentials.

ATTACKS BREAKING THROUGH — Security teams are struggling to get ahead of attacks lobbed at their organizations, with reactive measures meaning more than 40 percent of cyberattacks are being treated after their defenses have been successfully penetrated, according to a new report from Tenable.

Most cyber professionals in the report say they focus almost entirely on fighting successful attacks rather than working to prevent them in the first place — resulting in only being able to fend off about 57 percent of cyberattacks encountered in the last two years. Cyber professionals claim the reactive stance is largely due to their companies' struggle to get an accurate read of their attack surface.

— Greatest exposure point: Seventy-five percent of respondents point to cloud infrastructure as the highest source of risk for most organizations.

— Tack on the SEC rules: There are industry and governmental fears that the new SEC rules on cyber risk management and incident disclosure that take effect in December are likely to put even more strain on organizations looking to improve preventive measures.

Along with public companies having to disclose serious cyberattacks, there’s a stipulation that they outline their processes for assessing and identifying material risks from cyber threats.

Tweet of the Day

Now that’s what I call a derailment of duty.

Source: https://twitter.com/NSA_CSDirector/status/1718239165353967836

Quick Bytes

TIME’S TICKING — Russian-linked ransomware group LockBit claimed to have hacked Boeing and threatened to leak stolen data by Thursday, reports Stefanie Schappert and Vilius Petkauskas for CyberNews.

SCHOOL DISTRICT BREACHED — The Clark County School District in Nevada, the fifth largest in the U.S., is dealing with potential massive data breach after hackers email parents their children's data. Get the details from BleepingComputer’s Lawrence Abrams.

ICYMI — StripedFly malware, disguised as a cryptocurrency miner, evaded detection for five years, infecting more than 1 million devices, writes SecurityWeek’s Ionut Arghire.

Chat soon. 

Stay in touch with the whole team: Joseph Gedeon (jgedeon@politico.com); John Sakellariadis (jsakellariadis@politico.com); Maggie Miller (mmiller@politico.com); and Heidi Vogt (hvogt@politico.com).

 

Follow us on Twitter

Heidi Vogt @HeidiVogt

Maggie Miller @magmill95

John Sakellariadis @johnnysaks130

Joseph Gedeon @JGedeon1

 

Follow us

Follow us on Facebook Follow us on Twitter Follow us on Instagram Listen on Apple Podcast
 

To change your alert settings, please log in at https://www.politico.com/_login?base=https%3A%2F%2Fwww.politico.com/settings

This email was sent to rouf@idiot.cloudns.cc by: POLITICO, LLC 1000 Wilson Blvd. Arlington, VA, 22209, USA

Please click here and follow the steps to unsubscribe.

Comments

Popular Posts

Can’t get no satisfaction

Presented by Electronic Payments Coalition: Shia Kapos' must-read rundown of political news in the Land of Lincoln Jun 28, 2024 View in browser   By Shia Kapos Presented by  ...

Want to win $100? Who doesn't!

Anyone can win up to $100 when they play this game. They make ALL the choices. They even get to set the game up any way they like!!  But no matter how clever they are, you win every time. Watch a FULL performance here: https://www.penguinmagic.com/p/16416 Here's what happens: 1. You set up a board with 6 spaces lettered A-F. 2. Your spectator decides where to put 6 different prizes: ($1, $5, $10, $20, $50 and $100).  It's a genuine free choice. 3. When they're satisfied, you reveal the steps of the ga...

Israel helps U.S. avoid cyberattack / NATO launching cyber rapid response force / Lazarus believed to have hacked Horizon

Plus: Amazon patches high-severity bug Inside.com Part of   Network June 30, 2022 Presented by Israel's IDF Unit 8200 helped stop a cyberattack on U.S. power plants. The announcement was made by the deputy chief of Unit 8200. More: IDF members realized that an attack on the U.S. power plants was brewing while they fought attacks on Israel's water system. The unit then informed law authorities in the U.S. The rest of the details were not presented due to the classified nature of the information, but similar attacks throughout the world have shown that energy remains one of the most targeted sectors by hackers. IDF Unit 8200 is the military intelligence unit of the IDF. The unit is highly secretive and consists of the most elite cyber specialists in Israel. Zoom Out: Israel's intelligence authorities have previously warned the U.S of other cyber...

Breaking News: Justice Department charges DePape following Paul Pelosi assault

The Justice Department on Monday charged David DePape with assault and attempted kidnapping following his alleged break-in at the home of Speaker Nancy Pelosi and her husband Paul. Paul Pelosi was hospitalized after DePape allegedly struck him with a hammer early Friday morning. Police tackled DePape after arriving on the scene, where officers found a roll of tape, white rope, a second hammer, gloves and zip ties, DOJ said Monday. DePape called out for Nancy Pelosi during the break-in, according to law enforcement officials — an echo of rioters' vocal search for the speaker during the Jan. 6 Capitol siege. The kidnapping charge carries a maximum sentence of 20 years in prison, and the assault charge carries a maximum sentence of 30 years. Read the latest To change your alert settings, please go to https://www.politico.com/_login?base=https%3A%2F%2Fwww.politico.com/settings .. This email was se...

Breaking News: Senate Republicans nudge Trump's trade chief for a tariff end game

Senate Republicans nudge Trump's trade chief for a tariff end game Breaking News Alert ...

Supercell ID Login [014 987]

014 987 - Use the verification code below to log in. ...

Breaking News: Appeals court clears way for Trump to restart mass firings of probationary workers

Appeals court clears way for Trump to restart mass firings of probationary workers Breaking News Alert ...

IN STOCK: "I freaking love this routine - I do it all the time!" -Dan Sperry, Illusionists, AGT

Watch a performance: https://www.penguinmagic.com/p/17842 "I've been a professional magician for over 50 years, and I've seen it all. I've only written 3 reviews. This is my 4th and for good reason. As far as getting deeply emotional reactions, this trick is the easiest way to do it. And every single time it has never failed to garner the reactions shown in the trailer." - Larry Kugelman ...

📄 Al Fahad Al Fahad posted an update

  🤣😂           Facebook                 📄 Al Fahad Al Fahad posted an update. 30 April at 22:47   View Status               This message was sent to ludomallam@idiot.cloudns.cc . If you don't want to receive these emails from Facebook in the future, please unsubscribe . Facebook, Inc., Attention: Community Support, 1 Facebook Way, Menlo Park, CA 94025         To help keep your account secure, please don't forward this email. Learn more.      

"This will fool you." -John Bannon (and he's right!)

One of my all-time favorite tricks, this one fooled me BADLY, and it'll fool you too. The secret is so clever, so fool-proof, it caught me completely by surprise. It takes zero skill, and works every time.   Before you watch:  Keep in mind the spectator shuffles the deck thoroughly, and fairly immediately before the trick starts -- you never rearrange their order! https://www.penguinmagic.com/p/13384 You're about to play a game.. and predict the outcome. 1. Your  spectator thoroughly shuffles the deck, an...