Security Now Episode 861 Transcript

Please be advised this transcript is AI-generated and may not be word for word. Time codes refer to the approximate times in the ad-supported version of the show. 

Leo Laporte (00:00:00):
It's time for security. Now, Steve Gibson is here kind of a single topic show this week, everything Ukraine what's going on in the war. Cyber warfare, the call for cyber hackers Russia's response. And then the very real prospect of Russia disconnecting completely from the internet. Steve talks about it all in the next on security. Now podcasts you love from people you trust. This is TWiT. This is Security Now with Steve Gibson episode 861 recorded Tuesday, March 8th, 2022. Rogue nation's cyber consequences. Security now is brought to you by progress. Progress has the technology you need to secure, analyze and integrate your applications. Network and processes. Find out more and download a free trial at progress.com/security-now and by express VPN using the internet without express VPN is like taking a call on a train or a bus on speaker for everyone to hear you don't know who has access to your most private sensitive information.

Leo Laporte (00:01:17):
Secure your online data today by visiting expressvpn.com/securitynow, and get an extra three months free on a one year package and by Acronis. Get all in one data protection and cyber security to keep business flowing. No matter what with Acronis cyber protection, go to go.acronis.com/twit-4. It's time for security. Now the show we cover your safety, security and privacy online with this guy right here. No, not this guy right here. That's the Lennox penguin. No, this guy right here. Mr. Grc.Com. Steve Gibson. Hi Steve. Yo Leo. Great to be with you again, once again, epi Lori this morning ask me, she said, what number is this? She's counting down. Isn't she eight? I know, I know 861. And she says only 130, eight more. That's right. We're gonna make it. We're gonna make it. And Leo at only 52, actually 51.

Leo Laporte / Steve Gibson (00:02:22):
Oh no, but do we do that one? So 52 a year? Yeah. Yeah, we got, we got a few years. About a half years. Yeah. Yeah, we're good. We got we're okay. Yeah. Okay. So there was some interesting news about a proposal from the EU that involves mucking around with TLS certificates and it's got all of the bra vendors up in arms, and that's what I was gonna talk about, but all of the news, well, okay. With some, a few exceptions, the ma vast majority of the news was about the cyber consequences of what's happening with Russia and Ukraine. So, and, and as I began to flesh that out and, you know, pull things together, I just thought, okay, I don't have room for anything else. So we'll probably talk about that next week when I dig into it and see it's podcast worthy today's episode 861 for March 8th is titled rogue nation cyber consequences.

Leo Laporte / Steve Gibson (00:03:30):
And I think a lot of really interesting cyber aspects to what's happening. We've got the Ukraine I'm sorry, Ukraine. I'm trying not, I'm trying to educate myself. We're not supposed to say the anymore. That's old way to do it. The Ukraine has formed an it army that with amazing strength and sort of the theme of this is with the world of as interconnected as it is today, can a rogue nation go it alone. We're seeing, you know, lots of consequences of what's happening as a, as a result of this. As I said, the, we got the it army, we've got hacking groups, many of them well known, forming up and picking sides in this. The question is whether Elon Musk's star link might be a hope where connectivity is being threatened actors on both sides of Russia's borders and well, yeah, both sides.

Leo Laporte / Steve Gibson (00:04:38):
Russia's borders are selectively blocking internet content. Google has become proactive. Now one domain registrar name cheap ha is decided to withdraw its services in a way that I find a little questionable. We'll talk about we also have the surprising, well, maybe not that surprising explosion of the telegram encrypted messenger usage, as a consequence of all this cryptocurrency exchanges are blocking tens of thousands of wallets Russia's release the IP addresses and domains attacking them. And it looks like some that are probably not actually doing that. They're also preparing believe it or not. Well, yeah, you can believe it to amend their laws, to permit software piracy. And they appear to be preparing to entirely disconnect from the global internet. Something that we talked about last summer when they did a DNS dry run. So, you know, this is all the stuff we've been talking about for years everything's in play.

Leo Laporte / Steve Gibson (00:05:46):
So lots of news to talk about relative to, you know, the cyber consequences of someone upsetting the rest of the world. Can, is it possible these days to, you know, be on your own? I don't think so. Yeah. I think it's interesting. We talked Cory doctoral was on Twitter on Sunday and we talked about why it would be a very bad idea for ICAN to disconnect as, as, as, as one, at least one Ukraine minister requested disconnect Russia from the internet. That's not how it works. So yeah. Good, good topic coming up. Certainly very timely. We're gonna get to that in just a second, but first a word about progress. Progress is a good word. Isn't it? We wouldn't have the, the future without progress.

Leo Laporte / Steve Gibson (00:06:36):
Progress has the technology you need to secure and analyze and integrate all of your applications, your network, your processes, whether you're a security professional, looking to keep your data safe, an it individual tasked with keeping end users, secure progress. As you covered progress has been enabling enterprise experiences for decades. You've probably heard the, a name and they have assembled a bunch of technologies to empower business, to thrive in this new world of ours. This post COVID world of ours, most companies don't have the resources to invest in technology. You know, you look at companies like apple and Google and Microsoft, and you see how you know their it spend is. And you think, you know, is that the standard? No, of course not. Because most companies, first of all you know, don't have the budget to do that, or even the need to do that.

Leo Laporte / Steve Gibson (00:07:30):
But you do need to use technology to create differentiation, to help your business go forward to support progress into the 21st century. You just need to do it with a lesser investment. You can do all of that by turning to progress as your trusted provider with progress, any organization can achieve the level of differentiation. That's critical in today's business environment. They have a variety of tools. Some of you probably heard about some of these, but there's such a it's, it's hard to know all of it. Let's let me talk about a couple of them move it. You've heard about that. I'm sure I have their managed file transfer solution, which is something everybody needs a secure way to do file transfers, which give you complete control of the file. Complete visibility about who's opening it and accessing it. Can't be transferring. I think we've said this many times on this show, confidential data through the public internet not only is it insecure, it opens your organizational liability and it may even be a violation of the law depending on the business you're in with move it.

Leo Laporte / Steve Gibson (00:08:34):
You can securely send and receive sensitive data with their managed file transfer. So you'll have complete visibility and control tamper evident logging and centralized access controls to meet your operational requirements. And of course, compliance requirements. Let's not forget. They also have flow Mon. You've heard of that. Their network intelligence tool, it's a network detection and response solution NDR that detects threats hidden inside your network traffic. It focuses on minimizing your it's attack surface by bridging the gap between perimeter and endpoint security all while employing multiple detection methods. To alert you on things like network anomalies and provide early detection of advanced persistent threats with network monitoring and anomaly detection, you can eliminate blind spots found in your network and stay proactive rather than reactive. I want you to find out more progress has the technology you need to secure to analyze, to integrate your applications and network processes.

Leo Laporte / Steve Gibson (00:09:33):
Find out more download of free at progress.com/security dash. Now don't miss out. Visit progress.com/security dash. Now for your very own progress swag bag who needs trade shows, we can get swags right on the right on the internet. These days progress P R O G R E S S .com/security-now. Make sure you put that dash in there and please do use security-now. So they know you saw it here. Thank you. Progress for your support of the very important work Steve's doing here. Prag. I thank you for supporting Steve by going to progress.com/security-now I look at that domain and I think, you know, that probably costs them more than the apple hardware you just bought the, yeah, I bet. Unless they got it really early, right? If you're lucky you got it really early. You remember Dan? Yes. Who used to be, you know kind of our executive producer here really nice guy, sweet guy started off with us in the very earliest days.

Leo Laporte / Steve Gibson (00:10:34):
I think he was my second or third hire. Yeah. He, he always said, you know, I've got hay.com, you know, and its, and I said he had dane@hey.com E y.com and got it early obviously. Oh I know. Well, lo and behold, couple years ago I saw that the folks behind you know, Jason freed and Daniel, David, Hannah, IER Hansen the folks who do that I can't anyway, they're very successful software entrepreneurs bought it and started hey.com email. And I thought you were smart Dane. He held onto it. He said, I'm not selling this unless it's a lot of money. And I think they got a lot of money, so good on Dame, you know, I bet. And boys, Hey, a perfect name for an email. Isn't it? Dane. Oh yeah. I, I just got an offer of $50 for grc.com. 50 bucks. You just more, but it is three letters that's no, no, no, no. 50,050 OU. Yeah. Yeah, yeah. And you know, but I'm, I can't sell it. I'm using it. So I figure it'll only go up in time. So there's no hurry. You should yeah, you should get 50 Bitcoin for it.

Leo Laporte / Steve Gibson (00:11:51):
I'm just saying that'd be good. Yeah. Very good. No, I'm sorry. Okay. So our picture of the week is just one I've had, it's not apropo of today's topic. It was just around and it's kind of fun. And I, I just thought it was interesting how the laptop is now the icon for the computer, you know, once upon a time it was, you know, staring into a big screen in front of you and, but you never see that anymore. Right. It's just, people use laptops. That's just anyway, that's random observation. But anyway, so our, our guy he's, he's got his wife behind him sort of like with her hand on the, on his chair back and, and looking on at what he's doing. And he's saying to her as he's typing on the laptop, of course this website is safe as an extra measure of security. They make you sign in with your social security number. Mother's maiden name, your bank account, your home address, phone number, and date of birth. It's gotta be you. Oh, it's got you. Nobody else would know that. Good until you do not until I do it. Yeah.

Leo Laporte / Steve Gibson (00:12:59):
Okay. So unsurprisingly as I said, at the top of the show, the world's cyber news this past week was dominated by the cyber aspects of Russia's invasion of Ukraine. We've been living through and the as TWiT podcast network is documented and chronicled important and fascinating aspects of, you know, the evolution of the personal computer and the internet. When I think back Leo to where we were with honey Mon, honey monkeys, you know, almost 18 years ago, it's like, okay, a lot has changed. HTTP was a thing, right? No S now good luck if you don't have an S there. And, and I have to admit that when this first, when this podcast security now began, I was personally skeptical of the idea of cyber warfare. It just like really like packets. You know, well, obviously since then, I've been well disused of, of any such skepticism.

Leo Laporte / Steve Gibson (00:14:08):
And I've been interested to note that in the last few weeks, all the experts cuz like cyber warfare is like a topic. Now we like on, on any time, like there's a discussion of what's going on. It's like, oh, what a, you know, this threat of cyber warfare and the presumption is that it would not be constrained to Russia and Ukraine. It would be, you know, global to some degree. But all the point is that all the expert that I'm hearing talk about it feel much as I do, which is that it's something, no one is really that excited to unleash. Very much like, you know, the cold war days of mutually assured destru destruction. And as I said last week, the feeling is that no one has any real confidence in their own defenses being adequate. So nobody wants to be the first to initiate what, whoa, what, I forgot to turn that down.

Leo Laporte / Steve Gibson (00:15:10):
Or a little friend telling me I've got email, sorry. No, one's that, you know, confident about their own defenses being adequate. So no one wants to be the first to initiate what might be mutually assured cyber destruction. We don't even know what that looks like and nobody wants to find out yet. Here we are today kind of, of picking around the edges of exactly that possibility, such that more than any other time in the past, it's on everyone's lips. Okay. So I'm not gonna spend an an or amount of time on any one of these topics, but the, the literally as I was going through the last week's, what is there to talk about? It was all about this. It was all about the consequences of this. So Saturday before last on the 26th Ukraine's minister of digital transformation, whose name will hear of a few times today Michaela Federov announced the creation of an army of it specialists to fight for Ukraine in cyberspace, Michaela said, quote, we have many talented Ukrainians in tech developers, cyber specialists, designers, copywriters, marketing specialists, targeting specialists, wow.

Leo Laporte / Steve Gibson (00:16:36):
Targeting specialists. And he said, we are creating an it army. All operational tasks will be posted here. There's plenty to do for everyone. We continue our fight at the cyber front. So of course being that he's their, their digital transformation guy. His focus is that anyway, turns out that McKay's call did not go unheated. At, when I captured this particular report, the number of volunteers that had signed up and we'll see that by the time we end this podcast, that number has gr has grown. At this point it was already 175,000 people had said, yeah, I want to, you know, sign me up. I want 175,000. Wow.

Speaker 2 (00:17:32):
I didn't know. There were that many people with

Leo Laporte / Steve Gibson (00:17:34):
Skills. Well, and, and they said, copywriters marketing specialists. So, so BA you know, like you don't have to actually know how to sharpen the front edge of a packet in order to send it off. Wow. you just have to know what that packet should contain. I guess if it was some propaganda need any it specialist to manage the database of volunteers that's is what they're gonna need. That's right. So he said many have been tasked with launching DDoS attacks against Russian websites, including government websites, banks, and energy companies on the 27th, the day after this officials also towed volunteers to target websites registered in Belarus McKay also publicly released the targeting list. Okay. So, so this is the it army of Ukraine. It says for all it, he specialists from other countries, we translated tasks in English. So he says, task, number one, we encourage you to use any vectors of cyber and DDoS attacks on these resources.

Leo Laporte / Steve Gibson (00:18:45):
So mean, this is the publicly posted list from Ukraine. So we've got three categories, business, corporations, banks, and the state. So for example, business corporations, gas, prom, I, I can't even pronounce these things. I, I won't try, but there's like 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 70 18, 19 specific business corporations where the there URL. And I think without exception, or there is a.com by, by far the most or dot of course there are some, there's a.org. Predominant are you, then we've got three banks the SPER bank VTB and gas prom bank. And then the third category is the state there's public services, Moscow state services, president of the Russian Federation, government of the Russian Federation ministry of defense tax, whatever that is customs pension fund. And our favorite Ross com Manor is also there. So you know I mean, obviously they're being put upon that as Ukraine is, and they're saying, Hey, cyber is now a vector of, of counter attack.

Leo Laporte / Steve Gibson (00:20:16):
So let's go and, you know, here's your initial targeting list. Yikes. An open call for everyone, you know, anyone and everyone to participate. You know, and, but let's be clear that the perceived just this, if that's how you feel of this, cause does it make it legal? Right. So people listening that dunno, don't go, don't go off attacking Russia because the, you know, because some guy in Ukraine and said, yeah, here's, here's where you go. Don't do that. According to Victor Zora, an official at the Ukrainian cybersecurity agency charged with protecting government networks, he said Russian media outlets that are constantly lying to their citizens and financial and transportation organizations supporting the war effort are among the potential targets for digital attacks from the so-called Ukrainian it army. He said that the it army is a loose band of Ukrainian citizens and foreigners that are not part of the Ukrainian government, but Keve is encouraging them.

Leo Laporte / Steve Gibson (00:21:31):
It's an example of how the Ukrainian government is pulling out all the stops to try to slow rushes military assault and illustrates how cyber attacks have played a supporting role in the war. The goal of these it army of Ukraine is to quote, do everything possible to make the aggressor feel uncomfortable with their actions in cyberspace and in Ukrainian land. And so, you know, this was Victor Zora in a video conference with journalists on Friday. And, and I will say, cuz I've just gone through this myself, assembling this 17 in page notes for this podcast. If you follow along by the end of this podcast, I, I would argue you'll have a very mature, complete, almost comprehensive. I dare say appreciation for everything that is going on, like you everywhere on this. It's, it's what we are here to talk about. So one organization, the so-called cyber unit technologies, the C UT is paying for a tax on Russia.

Leo Laporte / Steve Gibson (00:22:46):
You know, given what we've been seeing in the news, it's unclear actually, why you would need to give any Ukrainian hacker, a bounty to encourage them to launch cyber attacks against Russia. You know, just making it legal is all I would need, I would imagine, but last but last Tuesday a week ago, the key based cybersecurity firm, cyber unit technologies initiated a campaign to reward hackers for taking down Russian websites, pledging an initial a hundred thousand dollars for the program. Although as we'll see next many traditional criminal gangs have publicly expressed their allegiance of is either way this C UT emphasized that the company only seeks to work with locally known security experts. They said to prevent infiltration by Russian agents. And actually they referred to them as white hat hackers. And that gave me pause, cuz I'm thinking, okay, wait a minute.

Leo Laporte / Steve Gibson (00:23:54):
I'm not sure that your hat stays white when you attack anybody else again, no matter how you feel about it. That sort of seems like you've, you know, your hat's gonna get at least a little gray in the process, but if such hackers already had mature tools that they had been using for sanctioned, you know, we've talked about red, blue and purple teaming, right. You know, all the li li light like attack and counter or attack in order to, to build up, you know, through drills and exercises, the, the, the, the skills that you need both to you know, predominantly to defend against attacks, but you need to have somebody attacking you, right? So you use a team to do that. You know, they might well be able to retarget those tools, which have been sharpened as a consequence of doing local drills.

Leo Laporte / Steve Gibson (00:24:51):
And you kind of have to imagine that Ukraine being as much in Russia's cyber cross hairs they have been for the past 20 years that they've had the occasion to develop and hone such tools over time. So this is probably the reason why NATOs NATO has an organization known as C, C, D C OE. Everybody likes their abbreviations. That's the cooperative cyber defense center of excellence of I'm sorry, of excellence, which has just as a result of its 30th committee meeting, invited Ukraine to become involved as a participant in this cooperative cyber defense center of accidents. It is a NATO organization. Ukraine of course, is famously not a member of NATO. But yet, you know, they're gonna be invited in because they have so much expertise that they're gonna be able to, to share. So, okay. Hackers taking sides as a result of Russia's determination to unilaterally and by sheer force attempt to illegally annex Ukraine as they did.

Leo Laporte / Steve Gibson (00:26:10):
We have the world's well known hacking groups now squaring off and taking publicly declared sides for and against last Friday, recorded futures publication. The record described the declarations on both sides as follows. They said Russia's invasion of Ukraine has taken place both on and offline blending, physical devastation with escalating digital warfare, ransomware gangs, and other hacking groups have taken to social media to announce where their allegiances lie. The record will be tracking who these groups align with as well as any attacks they launch related to the conflict. Many of the pronouncements from these groups include threats against critical government infrastructure. Some collectives are state sponsored while others are decentralized, but all are able to take down computer systems and breach organizations. Alan Lika, a ransomware expert, a recorded future said it is now an inevitable part of any military action that so-called cyber Patriots will engage the perceived enemy either of their own free will or at the direction of their own government.

Leo Laporte / Steve Gibson (00:27:32):
Some of these activities such as anonymous, launching deep Doss attacks will be nothing more than minor new nuisances, but others could have real consequences. Ransomware groups, for example, have more targets than they can go after right now, and may decide to focus on attacking the enemies of their country to create real disruption. And the more skilled groups can have an even greater impact. LIS GA Warren, that sand worm and UNC 1151 are among the most concerning in terms of their capabilities in activity and should be closely monitored. Okay. So what do we know at the moment about who's on which side of this mess? Well, the well known collective anonymous declared via a Twitter on February 24th, that its collective is quote officially in a cyber war against the Russian government. The group later tweeted that they had targeted the Russian state controlled international television network, RT and quote has taken down the website of the Russian propaganda station. RT news.

Leo Laporte / Steve Gibson (00:28:48):
Now we've talked about anonymous. Everyone is probably familiar with that, that logo that they use. There, they could describe themselves as a decentralized hacktivist group that targets different government institutions and government agencies and the church of Scientology. Okay. there's also GNG a hacking group affiliated with anonymous. They've gained access to ES per bank's database and leaked hundreds of its data files ES per bank, who is Russia's largest lender is apparently now facing failure. NB 65 is another affiliate of anonymous who tweeted their support for Ukraine. Quote anonymous is not alone. NB 65 has officially declared cyberware cyber war on Russia as well. You want to invade Ukraine, good face resistance from the entire world. Ukraine war, all of us are watching. All of us are fighting.

Leo Laporte / Steve Gibson (00:29:55):
And also as if February 28th, another group under the anonymous umbrella named deep net Anan has joined in the operations against Russia by attacking and intercepting Russian radio receivers. The group tweeted the Russians have now taken offline. The second web server hosting a software defined radio receiver used to intercept with frequencies too bad. There's many more sites we can use. Excuse me. The collective also announced that they have successfully hacked the ministry of economic development of Russia. The group one level crew also showed their support for Ukraine tweeted tango down, and then a URL HTTP calling slash pfr.gov dot U. And that was actually one of the targets that the it army had been assigned. That's the pension fund of Russia, which they tweeted as for, as a result of this tango down is offline. Another collective known as H U G made a clear statement via Twitter saying I'm not here to deface slash destroy your website.

Leo Laporte / Steve Gibson (00:31:12):
I'm here to liberate Ukraine as of last Wednesday, another affiliate named whoa three, you are 0 5, 1 5, maybe that's neuro, probably neuro something other took to Twitter to declare support and call on YouTube to take down Russian propaganda. We'll be talking a little bit later about Google's moves along those lines. The group has administered DDoSs at 10 acts and taken down RIA dot U the official Russian information website. Joining the Alliance collective Vogel sec, announced that they had hacked into the Russian space research Institute, database and leaked files from Ross cosmos though. The lack the though the hack has not yet been confirmed. Ghost sec announced their support for Ukraine saying in support of the people in Ukraine, we stand by you also known as ghost security. The group considers itself a vigilante group and was initially formed to at ISIS websites that preach Islamic extremism ghost sec has also commonly referred to as an offshoot of anonymous.

Leo Laporte / Steve Gibson (00:32:34):
And we have against the west at w they, while they're against the west is standing with Ukraine. The group's Twitter account says we are back in action, standing against Russia active until Russia stands down. The group's actively working to breach Russian infrastructure, including Russian railways and Russian government con at Proman on March 1st, the group issued a new statement for further clarification. Actually it's a little waffling. They said we won't be collaborating with anonymous at w remember that's against the west. We'll be split into two groups, one for Russia related breaches, one for Chinese related, the group stated ATW accused anonymous of taking the credit for the work they had done saying anonymous has had a lot of media publicity over the years for hacking. And to see it didn't sit right referring to some credit that anonymous took. They said ATW appears to have been suspended from Twitter as of last Thursday, March 3rd. So again, like I said, this stuff is not all legal folks. S H D w sec, which joins the movement to support Ukraine. The group is working in collaboration with, at w a anonymous in operations against Russia SA and they tweeted S H D w sec, joined forces with against the west first stage. Now on the role expecting us is too late, expecting us is too late brace for impact more to come. Oh Lord.

Leo Laporte / Steve Gibson (00:34:29):
Yeah, these are 12 year olds. Come on. I think a lot of that. Yes, you're right. Some of these guys it's clear are, are that I'll skip over some of these. We have the Bello cyber partisans supporting Ukraine. We have Kelvin security announcing they stand with Ukraine raid forum. Two also stands with Ukraine. The, the group announced raid forum. Two is in support of Ukraine. Members are actively DDoSing Russia in websites and attacking Russian infrastructure. We also have reason to believe that Chinese are hacking Ukrainian networks, though. They didn't support that accusation previously labeled as only raid forum. The collective is now operating as raid forum too, after having outage and says issues. Yeah, maybe a counter attack. It's unclear what went wrong with the original raid forum. However, KTI leaks is significant. Definitely not KTI. We'll get to them a little bit more in a minute, but they also back Ukraine, the group has exposed the infamous ransomware group KTI from the inside out following February 27th KTI statement, a full KTI statement, a full Russian support and a out named KTI leaks, leaked, hundreds of files containing internal KTI communications.

Leo Laporte / Steve Gibson (00:36:04):
The informant is believed to be Ukrainian and continued to leak more and more files as days have gone by more recent data shows communication depicting the chaos within KTI, where for example, one person says hi, all VM farms are cleared and deleted servers are disabled. And then somebody responds. I deleted all the farms with the shredder and shut down the servers. So, you know, attacker speak. Okay. So, and of course we'd also have KTI, which is in full support of Russia, MCI softs ransomware expert, Brent Callo shared a tweet from the KTI gang. They said, if anybody will decide to organize a cyber attack or any war activities against Russia, you, we are going to use all our possible resources to strike back at the critical infrastructures of an enemy. And of course, as we know, the Kati ransomware gang is certainly one to be reckoned with.

Leo Laporte / Steve Gibson (00:37:11):
They are very sophisticated and known for being the first group to weaponize the log for shell vulner and operate a fully deployed attack chain, but it appears that not everyone within KTI shared the group's loyalty to mother Russia, as I mentioned, this this what was their name? Kati leaks, Kati leaks group leaked 400 files of internal communications between members of the group, the leaked messages go back more than a year to January of 2021. The data was shared with the malware research group, VX hyphen underground, who have since posted an archive of all the leak data on their site. I have a link to it in the show notes after having take a look, a look at it last evening. And I, I tweeted the link because I thought it might be of interest to some of our listeners.

Leo Laporte / Steve Gibson (00:38:11):
It looks like a legitimate you know source of Conti leaked information though, obviously, you know, ch read it with skepticism. There is, oh, and this was one that the, the, the record had referred to a mins based group, UNC 1151 in support of Russia, their belief to be a state sponsored by Belarus group. And they've already been working to compromise the email accounts of Ukraine, military personnel, the group's members, or officers of the ministry of defense of the Republic of Belarus. Facebook has taken down accounts used by UNC 1151, which targeted Ukrainian officials through Facebook posts that displayed videos depicting Ukrainian soldiers as weak Facebook also blocked various phishing domains that were being used to jeopardize Ukrainian accounts. We also have Z Tochi is supporting Russia through the spread of disinformation via the group's Twitter account, among many of their claims.

Leo Laporte / Steve Gibson (00:39:21):
The account stated kill net has already taken down the anonymous website, which announced the start of a cyber war with the Russian government, as well as the right sector website and the website of the president of Ukraine. And again, that's not true. And speaking of kill net, they also clearly stand with Russia. The group published a video, addressing the people of Russia, UR, encouraging them to never doubt their country. The video features a hooded figure with a distorted voice claiming to have taken down the website, belonging to anonymous a again, it's not down little is known about the group, and it's unclear as to whether the group existed previously. There's also, and I'll skip details of the rest of these since it goes on on Zach net backing Russia. The storm is ransomware collective standing with Russia, digital co Bri gang free civilian United with Russia sand worm.

Leo Laporte / Steve Gibson (00:40:22):
That is a serious group. The group known for its recent malware called Cyclops. Blinks is comprised of Russia state sponsored hackers. They've been around for a while. We've we've spoken of sand worm on the podcast before and have wear which targets watch guard, fire box firewalls. We got the red band acute name and the Cuming project, an international hacker group announced in a statement, hello, everyone. This is a message. We will help the Russian government if cyber attacks and conduct against Russia. So broken English they're linked to the 20, 21 data breach and leak of the south African national space agency. So all this going on with the groups declaring for and against, and it, it does seem even clear. If we are to believe the tweets of those who have said they are, you know, going to attack Russia and then providing details that there is a lot of activity aimed in that direction.

Leo Laporte / Steve Gibson (00:41:33):
We need to talk about Starlink and their potential involvement with Ukraine, but I clearly need to clear my throat and drink a little something. So Leo, let's talk about a sponsor. Okie do. We're gonna take a little break, come back with more with Steve and the, the, the hackers of the week, but first word from ExpressVPN. Although you might now think, boy, I need a good VPN. Don't I to protect myself using the internet without ExpressVPN that I dunno, that's like taking a call on a, on public transit, on a speaker for everyone to hear. Hello, first of all, it's annoying everybody. But second, you don't know who's listening who has access to your most private sensitive information. Don't be that person ExpressVPNs, like put on headphones. It's like keeping your stuff private wherever you are, whatever network you're using.

Leo Laporte / Steve Gibson (00:42:26):
I recommend and use ExpressVPN, the only VPN and I use because I trust them. So that's the most important thing, you know, you can say, okay, I need a VPN, but then the question is, but who do I trust? Cuz remember the VPN has to be as trustworthy as you need it to be. They're the ones who everything's gonna go through. So that's why I use ExpressVPN continuous audits by independent security experts at Pricewaterhouse Coopers. They say the privacy statement is accurate. They say this amazing trusted server technology ExpressVPN is private. So you are literally protecting yourself against everybody else. Who's snooping by using the absolute best VPN. The one that the, the company that goes the extra mile to make sure you are secure. I, I was just reading an article in our favorite publication bleeping computer. This was last month, they're offering a hundred thousand dollars to the first person to hack their servers.

Leo Laporte / Steve Gibson (00:43:27):
Actually, this is not new. They've been doing it for some time and no one has yet hacked their servers. Their servers are very secure but they thought, well, maybe we're gonna increase that bug bounty. Maybe, maybe more people who, you know, will, will bang on this thing. I think that's great. We are big fans. This is a bug bounty run through bug crowd, which is a good place to do that. Bug bounty. Let me just tell you a little bit about what trusted server is doing. So trusted server is a custom-built OS it's based on Debbie and Linux featuring proprietary security enhancements for ExpressVPN and only ExpressVPN has this it's a Ram only approach for its servers. In fact, they employ data wiping system that activates on every reboot. So the now only is there no logging going on, even if there were anything written, any trace information about you or your use of express VPN that gets wiped out every time the server gets rebooted.

Leo Laporte / Steve Gibson (00:44:27):
And I think that that happens. Yeah. The system has a build verification, which prevents insider code from tampering and is patched every week with clean installations on every ExpressVPN server. I mean, they go the extra mile to make sure it is absolutely safe, absolutely secure. This bug bounty has been gone for six years and zero O discovery, zero bugs. It's it's the best. That's why I use ExpressVPN. And it's so easy to use. You can tell your family and friends to use it. It's a simple app on iOS, Android, windows, Mac, Linux, press a big button, your secure, it even works on smart TVs. They even have software from routers. You can check to see if your router's compatible, put it on the router and protect the whole house. And the best thing about ExpressVPN. They invest in their infrastructure so you can use it.

Leo Laporte / Steve Gibson (00:45:21):
And no one's gonna say, why did the internet slow down? It's fast, fast enough to watch HD business insider rates at number one, the verge rates at number one, it's the only one I use secure your online activity today. You know, you need a VPN now, you know which one ExpressVPN go to expressvpn.com/securitynow. You'll get an extra three months of ExpressVPN free when you buy a 12 month package. So that's a good deal expressvpn.com/securitynow. Expressvpn.Com/securitynow. We thank them so much for supporting Steve's work here and you support it too, by going to that address. So they know you saw it here. So please go to expressvpn.Com/securitynow. Okay, Steve. Okay. So Starlink, we know what Starlink is. It's E lawn Musks low earth orbit, satellite technology. I've got one very good friend, Mark Thompson. Who's in a, an area in Phoenix where he can believe it or not.

Leo Laporte / Steve Gibson (00:46:24):
He doesn't have any broadband internet service. And he's he's hoping that this is all gonna work out well. This Ukraine minister of digital transformation the, I think he's 31 years old. He looks young McKay Federov on the 26th. He tweeted to Elon Musk. He said, he said at Elon Musk, while you tried to colonize Mars, Russia, try to occupy Ukraine while your rockets successfully land from space, Russian rockets, attack, Ukrainian civil people. We ask you to provide Ukraine with Starling stations and to address sane Russians, to stand to his credit. Elon reply. Starlink service is now active in Ukraine. It hadn't been a day before and he's had more terminals on route. Okay. So although so far Ukraine's internet access has been relatively stable and it's actually been surprising people concerns over the possibility of widespread outages.

Leo Laporte / Steve Gibson (00:47:36):
You know, as Russia has been increasingly attacking communications infrastructure have recently increased. So is, was with some sense of relief that an equipment trunk arrived from Starlink like that day which of course is the internet subsidiary of Elon Musk's SpaceX. So will it be helpful? Was it another PR stunt for which of course Elon is rather famous. It's too soon to say, but it would take more trucks, many trucks in order to make a significant difference. According to Ukraine's ministry of digital transformation, only one truck of Starling kits has arrived so far. The ministry is raising funds to purchase additional Starling equipment, according to Forbes Ukraine. Crane is also per considering the purchase of used Starling devices. If they can get them according to business insider, a standard Starling kit costs $500 with a subscription to the network costing $99, presumably that's per month.

Leo Laporte / Steve Gibson (00:48:47):
You know, and so the system appears to be helping some, you could to stay connected the general stability of the Ukrainian internet service should, and, and in general has been allowing Ukraine's president and other citizens to outside the, you know, to, to stay in contact with the outside world and keep everyone updated about what's going on. But internet connectivity has been affected in the south and Eastern regions of the country where the fighting has been the heaviest Ukrainian officials stated that Russia would not be able to switch off internet access easily for the entire country. And it turns that Ukraine's multiple land fiber connections, which come in from the west, makes it more difficult to take Ukraine off the net as a whole. So they've been able to stay online so far, still many Ukrainians fear that they would be cut off from the world.

Leo Laporte / Steve Gibson (00:49:48):
If Russian troops were to destroy the critical infrastructure respons for television and the internet. And you know, our, our, we had an internet outage briefly Y yesterday, and it is amazing how much we've come to be dependent and to take for granted, you know, the connectivity that we have with the world control of the internet and telephone communications can, is obviously of immensely important. Strategic value. Ukraine has limited the Russian troops access to networks by having its phone carriers Keve star Vodafone and life cell shut down network access to phones from Russia and Belarus. So troops from those countries will be unable to send messages and spread false information via phone calls. And, you know, obviously just thwarting your enemies. Communications is makes, is good policy. And interestingly, Elon had apparently been having trouble obtaining a license until now to activate Starlink in Ukraine.

Leo Laporte / Steve Gibson (00:50:56):
One can imagine the political pushback from the existing carriers who were no hurry to increase their competition from above but no one bat an eye when Elon said, give me permission to turn it on. And I will. They did. He did and afterwards a Ukrainian engineer Ole Coff OV said in an interview with the verge that his Starling dish got a signal from one of space X's satellites in just 10 seconds. He told the verge quote, I honestly didn't believe it would work. So it, it certainly is the case that satellites are gonna be, you know, unless you shoot them out of the out of orbit are gonna be impossible to cut off all. I guess you could jam the signal except, you know, they can also be targeted that is you line of site connections to the, to the dish.

Leo Laporte / Steve Gibson (00:51:51):
So it might be the jamming is, it's also much more difficult to do. On their side, Russia has blocked access to Facebook, Twitter, and foreign news outlets. You know, this would be the two can play game line they've blocked access to Facebook after meta deactivated or restricted access to accounts, belonging to pro Kremlin media outlets and news agency, including that RIA that the main Ru Russia outlet Novosti that also Sputnik and Russia today. And our favorite Russian agency, Ross Naor told inter facts that Russia has now also blocked access to Twitter, following a demand made by the prosecutor General's office. I had read that that happened last Friday. On Thursday, Ross Kor asked MEA to immediately lift all restrictions on Russian media outlets. That is the, that the members of the RT media group, Ross Kor said Friday, that the decision was motivated that their decision to disconnect by Facebook discriminating against Russian media and information resources starting in October of 2020.

Leo Laporte / Steve Gibson (00:53:20):
So quite some time ago, Ross Kor stated on March 4th, a decision was made to block access to the Facebook network within the Russian Federation, although notably some other properties Instagram and WhatsApp have, as far as I know, still not yet been blocked, only Facebook and all. So last Friday, Ross Ross K Naor blocked access to multiple foreign news outlets. Some of them designated as foreign agents including voice of America, the BBC DW and radiofree Europe and radio Liberty, not that they had to, but Russia justified the media outlets ban saying that they spread fake news regarding the ongoing invasion of Ukraine, the message, the methods used by its military against Ukrainian citizens and infrastructure, and the number of casualties suffered by the Russian army. You know, we in the west have seen a great deal of coverage and I'm unsurprising that Russia would not want all Russians to see what we see here going on.

Leo Laporte / Steve Gibson (00:54:34):
Google was also asked on Thursday to stop advertising campaigns spreading what Ross commands or called misinformation on YouTube videos about the Russian invasion of Ukraine. Ross Kor said that online ads with no age labels and inaccurate content are being used to instill protest moods and spread false info on the Russian special operation. As they're calling it in UK rain and YouTube has become quite important. As I was putting this together, I hadn't yet gotten to a chart that I saw indicating that it is the number one social media outlet used in Russia. It's like way above everything else. So Ross Kor sent a letter to Google LLC demanding that Google immediately stopped disseminating false information of a political nature about the special operation of the Russian armed forces in Ukraine on the territory of Russia. Well, of course, that's rich Ross Kor's demand continued saying such advertising messages are shown to the Russian users of the video hosting site, YouTube and contain misinformation aimed at forming a distorted perception of the events taking place and creating protest sentiments among the Russian internet audience.

Leo Laporte / Steve Gibson (00:56:05):
The agency considers it unacceptable to use YouTube in the information war against Russia, including using the advertising capabilities of the platform. And I'll just give everybody hint. This is all building towards a conclusion that we'll be getting to here at the end of the podcast which is, you know, ultimately what Russia's probably gonna have to do. Ross Kor also notified all independent Russia media outlets, not to spread false information. That is, you know, the media outlets inside Russia that are independent not to spread false inform about this shelling of Ukrainian cities, as well as calling the ongoing operation and attack invasion or declaration of war. And I'm sure everyone is probably heard by now. Russia is also planning to introduce a new law that would punish the spreading of what they consider to be fake news about the Russian armed forces, military operations in Ukraine with up to 15 years in prison for their part, Google has already taken action to stop actual misinformation, taking down disinformation campaigns regarding Russia's invasion and blocked YouTube channels, belonging to Russia today and Sputnik across Europe at the request of the European union authorities Roth Roth Roth Naor protested YouTube's decision.

Leo Laporte / Steve Gibson (00:57:38):
As we said, demanding that the immediate removal of all access restrictions to the official accounts of Russian media, including RT and Sputnik in Europe, previously, Google demonized, Russian state funded media across all its platforms. I'm don't mean demonized, I'm sorry, demonetize, Google demonetize, Russian state funded media across all its platforms to block Russian state funded media from running ad campaigns. And YouTube has removed hundreds of channels with thousands of videos, which VI, which violate its community guidelines, including channels engaging in ordinate deceptive practices as Google labeled them. Google said, quote, when people around the world search for topics related to the war in Ukraine on search or YouTube, our systems prominently surface information videos, and other key context from authoritative news sources. So for the time being Google said that most of its services, including search YouTube and maps remain available in Russia to provide Russians with access to global information and perspective. So overall the situation appears to be developing as we would've expected it to the providers of the content, hold the cards, they and they alone are able to decide which content their platforms serve up and which they block and delete. The only power a local authoritarian government has, is to choose to block everything from a provider.

Leo Laporte / Steve Gibson (00:59:30):
Also Google has been even more proactive on the security front. They announced last Tuesday that they were focusing upon increasing security measures to help protect Ukrainian civilians and websites, which other us technology providers like meta, you know, Facebook had also been doing meta has been actively working to disrupt the flow of disinformation in the region and take down accounts that targeted Ukrainian officials with phishing attempts. But as for Google, in a statement by Kent Walker, their president of global affairs, Google said the measures include SOS alerts on its search function, automated detection and blocking of suspicious activity, Gmail notifications of government backed attack warnings, increased authentication challenges, the, and the expansion of its advanced protection and project shield programs. In other words, rapid and strengthening strengthening of Google's authentication as for search and map functions, the company has disabled, various live Google maps features within Ukraine, such as traffic information to prevent public access to population densities within different areas.

Leo Laporte / Steve Gibson (01:00:47):
The company also issued SOS alerts that will guide users to United nations resources for refugees and asylum seekers when they search for refugee and evacuation instructions. So they've been more carefully curating their search engine results during all of this, and they've reportedly expanded security protections after its threat analysis group. Remember the tag team THG reported an increased focus from threat actors on Ukrainian targets. They've blocked, attempted attacks with, without any compromise. They said of Google accounts as a result of the campaign, they increased the frequency of authentication challenges for Ukrainian civilians and are relying on their advanced protection program to safeguard hundreds of high risk accounts in the region. A campaign known as project shield is also being used to help protect over 100 websites, belonging to news publications, human rights groups, political organizations, and other groups that are targeted by distributed denial of service attacks.

Leo Laporte / Steve Gibson (01:01:59):
So they're also stepping up and strengthening the sites they are that they're responsible for against DDoS. And following the statement issued by Google last Tuesday, apple announced as we've probably heard that they had ceased all sales of their technology in Russian online stores after Ukraine's prime minister pleaded with them to shut down the app store and halt all Russian sales, which they've done. Microsoft also recently, I think it was on Friday, said that they are suspending all of the, the sale and support inside Russia orders a domain registrar name cheap that I've heard of in passing eight days ago. They their Phoenix based you know, Phoenix, Arizona based founded 20 only two years ago. So they've been around for a while in the year 2000 now operating in 18 countries with 1700 employees and managing 14 million domains.

Leo Laporte / Steve Gibson (01:03:12):
They sent an email that I guess I feel of, of mixed mind about this went out on eight days ago to all of their registrants, their customers, their domain name customers located in Russia. They said, unfortunately, due to the Russian regimes war crimes and human rights in Ukraine, we will no longer be providing services to users registered in Russia. While we sympathize that this war may not affect your may not affect. That's what they said affect your own views or opinion on the matter. The fact is your authoritarian government is human rights abuses and engaging in war crimes. So this is a policy decision we have made and will stand by. If you hold any top level domains with us, we ask that you transfer them to another provider by March 6th, two days ago, 2022. Okay. So that was say seven day a one week notice of unilateral service cancellation.

Leo Laporte / Steve Gibson (01:04:28):
Their note continues briefly, additionally, and with immediate effect, you will no longer be able to use name cheap posting, easy WP and private email with the domain provided by other registrar in Russian top level domains. All websites will resolve to 4 0 3 forbidden. However, you can contact us to assist you with your transfer to another provider and predictably. This email generated some angry pushback from Russians to which name CEO replied over on Y Combinator. He said we haven't blocked the domains. We are asking people to move. There are plenty of other choices out there when it comes to infrastructure services. So this isn't de platforming. I sympathize with people who are not pro regime, but ultimately even those tax dollars, they may go, they may go generate, go to the regime. We have people on the ground in Ukraine being bombarded now nonstop. He says, I cannot with good conscience, continue to support the Russian regime in any way, shape or form people that are getting angry need to point at that point that at the cause their own government, if more grace time is necessary for some to move, we will provide it.

Leo Laporte / Steve Gibson (01:05:58):
Free speech is one thing, but this decision is more about a government that is committing war crimes against innocent people that we want nothing to do with. Now, I'll just note that expecting anyone in Russia to successfully move their domain at this moment with banks closed visa, mass card and PayPal, all having suspended service and the value of the Russian Rubal having collapsed is, you know, it's totally infeasible. So in practice, this really doesn't represent, I mean, it does represent effective abandonment. And as I said, I feel a little queasy about it seems to me that individual Russian citizens, small businesses, charitable organizations, et cetera, ought to have the west standing with them to help them survive this period rather than abandoning them in their time of what could be great need. All indications are that Russian citizenry is quite divided in their feelings about the actions of their own regime, to the degree that they know what's going on.

Leo Laporte / Steve Gibson (01:07:06):
You know, being politically aware in the us, we certainly understand the nature of division. There are many topics of decision or of, of topics of discussion, which are now off limits between my own much beloved family members. So we too are a divided nation, but when name cheap took their Russian customers money, they didn't ask about their political sentiments. They took their money in return for a promise to provide service. For some period of time, commitments are not subject to reconsideration. You know, that's what makes them a commitment. I would have no problem if name cheap were to announce that they would be suspending the renewal of domains at their expiration. So giving their Russian customers fair, notice of the need to find another service at that time. You know, I don't see name cheap offering to refund their customers money in us dollars, which are now quite valuable at the current dollars to rubs exchange rate.

Leo Laporte / Steve Gibson (01:08:06):
You know, but even doing that would still have left those customers stranded. So I don't know that to me, that seems like a, a, a hard to defend breach of commitment. Two days after that they posted effective immediately. We will begin offering free anonymous hosting and domain name registration to any anti Putin, anti regime and pro test websites for anyone located within Russia and Belarus, please contact our support for details. And, you know, since this announcement followed two days after their Russia abandonment email you know, doing a little reading between the lines, I wouldn't be surprised if this was their way of selectively backpedaling and arranging to continue offering some services and hosting, but only to those entities whose politics they're aligned with. So anyway even DNS providers are getting in on all of this telegrams use has explode over this period and Leo let's take our last break and then we will continue.

Leo Laporte / Steve Gibson (01:09:21):
We'll talk about telegram. Thank you, Steve. Let's talk about our sponsor of the hour the fine folks at Acronis who are makers of, as you probably know a great many excellent tools, they're kind of a, you know, a, a excellent solution provider for backup for disc imaging. And they've combined this all into a all in one cyber protection tool. You're gonna want to know about organizations, users, and systems are always getting harder to demand if you're in the it department, you know, that the value and volume of data of systems of applications is constantly growing. And of course, that makes a sweeter and sweeter target for the bad guys who are creating at the same time, as you're working hard, more sophisticated and damaging malware. So you need the protection. It's more than just a simple backup strategy. And of course, Aros is very well known for their backup solution, but they offer so much more.

Leo Laporte / Steve Gibson (01:10:24):
They all in one cyber protection includes backup. Yes, but also recovery next generation, AI based anti malware and protection management, trusted by millions of users. One agent does it all. One web based management console, one license which I think is great. Cause it eliminates the complexity of having these variety of heterogeneous tools and the risks too associated with a, you know, unintegrated solutions. You're gonna get five critical stages of cyber protection on the prevention side, you'll be proactively protecting your, your data, your systems, and your applications by preventing attacks happening in the first place. That's always the best choice, right? Antivirus, anti malware, things like URL, filtering, global threat monitoring, continuous data protection patch management. We know that's really important too. Now prevention's just one part though. Then you've got detection. So you wanna be able to detect issues and threats before they pose a risk to your environment.

Leo Laporte / Steve Gibson (01:11:22):
That includes vulnerability assessments and virus and malware scans, and they do it in the Acronis cloud hard drive health control dashboards reports, that's prevention, that's detection. Now we got response cuz if you do get attacked, you wanna enable quick action. Cuz the faster you act, the less risk to you, a Kronos cyber protection operation center, PAC has realtime alerts that will let you know incoming so you can respond. They'll help you do data, a compliance reporting. They'll give you a data protection map. They'll help you with safe recovery. You know, backups only half the job. You gotta then put it back, right? Fail, safe, patching malware, quarantining. And then of course, when it comes to recovery, you can quickly and safely restore data. In the event, it gets compromised. You're probably very familiar or disc imaging solutions. There's also a krons instant restore, a krons universal restore.

Leo Laporte / Steve Gibson (01:12:19):
These are safe recovery solutions and even forensics, you can mitigate future risks by collecting and performing forensic investigations, forensic backups, audit support all the tools you need in an award-winning efficient and secure your cyber protection toolbox. Whether it's an individual business, it team service providers you need Aus get all in one data protection and cyber security to keep business flowing. No matter what with Acronis cyber protection, here's the URL. Please use this. So we get credit go.acronis.com/twit-four. That's a line that's a little complicated. Let me say it again. Go.Acronis A C R O N I S .Com/twit-4. All in one data protection and cybersecurity from one of the leaders in the business, Acronis, Acronis is at go.Acronis.Com/twit-four. We thank of so much for their support of this year. Show security now, and now Steve we'll will talk about telegram.

Leo Laporte / Steve Gibson (01:13:39):
So we've talked about telegram, you and I Leo for the past nine years, ever since it first appeared in 2013. And as our listeners know, despite its popularity, I have always looked a scans at it. Since for reasons, I will never understand its authors unnecessarily violated the Cardinal rule of cryptography. They rolled their own and unlike, you know, the many other properly designed alternatives, such as signal and Thema, just to name two and offering a bounty for someone who cracks their crypto is not the same as designing it properly for all. We know it has been cracked by someone like the NSA and the knowledge they have. And the access this provides is worth far more to them than telegrams bounty. You know, they would want things to remain just the way they are you know, with telegram being unexamined, apparently unbroken but certainly not fixed.

Leo Laporte / Steve Gibson (01:14:41):
So in any event, I mean it is. I remember when I first, you know, rolled up my sleeve, done, looked at it. It was just the, the SCRT random pile of crypto primitives anyone had ever seen. And it's been described the same way, not just by me, but by other crypto experts who are like, what, but anyway you know, as far as this goes, no one could care less. What I think telegram is super popular and as popularity has recently exploded during this horrific Russia Ukraine mess as we followed Ross Kons and the Russian federal security services, you know, the FSBs ultimately futile efforts through the years to shut down and block telegram. We saw them finally give up a couple years ago. They just, you know, telegram just kept dodging and weaving and refused to be taken offline and, and they've survived.

Leo Laporte / Steve Gibson (01:15:43):
The risk intelligence company flashpoint noted in a recent report that six out of 10 Russians used telegram precisely because cause their country's authorities are unable to impose any oversight on the platform. So it should also be at no surprise that telegrams messaging has taken a pivotal role in the ongoing conflict between Russia and Ukraine and is being widely used by both hacktivists and cyber criminals. According to a report from checkpoint, the number of telegram groups has increased sixfold since February 24th. And some of them dedicated to certain topics have exploded in size. In some cases counting more than a quarter million members, three cat go, which have rapidly gained in popularity as a direct result of the Russian invasion of Ukraine R first volunteer hackers, engaging in DDoS and other kinds of cyber attacks against Russian entities. Second fundraising groups, oops, that accept cryptocurrency, see donations allegedly for Ukrainian support and third various news feeds and gotta put that in air quotes too.

Leo Laporte / Steve Gibson (01:17:04):
Cuz you know, just citizens aiming their smartphone somewhere that promised to offer reliable reports from the front line. We've already talked about the group that stands out among those that lead the anti Russia cyber warfare operations, the so-called it army of Ukraine whose membership is now at. Okay. And remember it was at the beginning of the podcast, I said 175,000, I got an updated number. We're now at 269,972. Wow. So just shy of 270,000 subscribers are like members of this, it army of Ukraine. I would not want to have all those people like, you know, empowered to do what dastardly thing they can. That would be, that would be daunting. In addition to targeting orchestrating and launching DDoS attacks against key Russian sites, the group exposes the personal hails of opinion makers in Russia and other people who play a significant role in the conflict.

Leo Laporte / Steve Gibson (01:18:15):
So yeah, again, I, I wouldn't want that aimed at me as for the fundraising groups. You know, that's in air quotes because naturally, and unfortunately the majority of the self-declared donation and support groups in telegram are scams as they're gonna be that take advantage of sentiments to relieve people of their money. And then there's the news also in air quotes, checkpoints coverage of telegram notes, they said in the era of social media, traditional news channels are merely a sideshow for numerous newsfeed telegram groups. These groups on telegram report unedited non censored feeds from war zones, 24 hours a day, including footage that traditional mainstream media often refrained from airing live a could imagine. In fact, they said about 71% of the groups we see are dedicated to news around the current conflict. So just shy of three quarters of telegram groups are about, you know, providing news checkpoint researchers.

Leo Laporte / Steve Gibson (01:19:28):
They said observed such groups appearing rapidly from the beginning of the conflict and have continued to grow since then in such groups. The quality of news feeds is not a factor and users often leverage this to spread news in quotes and facts in quotes that are not verified or checked. This is a form of psychological weapon used to do moralize and influence morale. So, you know, the bottom line is to be skeptical, use your own judgment and guard against becoming seduced by anyone's narrative. That seems too good to be true. It may indeed be too good to be true or you know, too horrific to be true. And in fact, Michael Horowitz, a geopolitical and security analyst who who's the head of intelligence for the firm libe international recently tweeted, he said, quote, I have deleted footage of a plane being shot down above car Keve as it seems to be from a video game, he said, that's a very realistic one, sorry for the mistake.

Leo Laporte / Steve Gibson (01:20:43):
So yeah, be careful what you think of is real. As I mentioned before, Microsoft has also shut down in Russia. There were some interesting tidbits in what their chairman advise and president Brad Smith posted under the title, Microsoft suspends, new sales in Russia. He said like the rest of the world, we are horrified angered and saddened by the images and news coming from the war in Ukraine and condemn this unjustified unprovoked and unlawful invasion by Russia. I wanna use this blog that I'm just gonna share the top of it to provide an update on Microsoft's actions, building on the blog we shared earlier this week, he said, we're announcing today that we will suspend all new sales of Microsoft products and services in Russia. In addition, we are coordinating closely and working in lockstep with the governments of the United States, the European union and the United Kingdom.

Leo Laporte / Steve Gibson (01:21:46):
And we're stopping many of our business in Russia in compliance with governmental sanctions decisions. We believe we are most effective in aid eating Ukraine. When we take concrete steps in coordination with the decisions being made by these governments. And we will take additional steps as this situation continues to evolve our single most impactful air area of work almost certainly is the protection of Ukraine's cyber security. We continue to work proactively to help cybersecurity officials in Ukraine defend against Russian attacks, including most recently a cyber attack against a major Ukrainian broadcaster. Since the war began, we have acted against Russian positioning destructive or disruptive measures against more than 20 Ukrainian government it and financial sector organizations. We've also acted against cyber attacks targeting several additional civilian sites. We have publicly raised our concerns that these attacks against civilians violate the Geneva convention. So Microsoft two, in addition to a growing list and I actually, I have a, a, a brief list in a minute Coinbase last Saturday, the sixth, Paul Gral the chief legal officer for coin base announced the employment of crypto tech to promote sanctions compliance.

Leo Laporte / Steve Gibson (01:23:18):
They announced that they are actively blocking access to more than 25,000 blockchain addresses. In other words, you know, wallets linked to Russian individuals and entities, the coin base and Coinbase shared all of the blocked addresses with the us government in order to further support sanctions enforcement. So they used their blockchain analytics in order to say, here's the people here's the Wallace that we've seen them link to Coinbase will also be blocking sanctioned entities from opening new accounts and actively detecting attempts to evade the ban. The ban addresses sanctioned lists maintained by countries worldwide, including the United States United Kingdom, European union, United nations, Singapore, Canada, and Japan citing an example. Paul wrote, for example, when the United States sanctioned a Russian national in 2020, it specifically list three associated blockchain addresses through advanced blockchain analysis. We proactively identified over 1200 additional addresses potentially associated with a sanctioned individual.

Leo Laporte / Steve Gibson (01:24:43):
Okay, now I'll just stop and say, wait a minute, what do you wanna be? That's a ransomware entity, cuz they're saying, you know, it sounds like the us had three blockchain addresses these guys dug in and found everything that, that those three were connected to the fact that it exploded into 1200 additional dresses. That sure feels to me like, you know, somebody who was doing a lot of, you know, monetary movement through various chains anyway, 1200 additional dresses potentially associated with a sanctioned individual, which we added to our internal block list today, coin based blocks over 25,000 addresses related or to Russian individuals or entities, we believe to be engaged in illicit activity. Many of which have identified. They said, he said, we have identified through our own proactive investigations. Now two weeks ago on the 27th of February our friend in Ukraine McKay Federov asked for more than the crypto exchanges were willing to do.

Leo Laporte / Steve Gibson (01:25:56):
He tweeted, I'm asking all major crypto exchanges to block addresses of Russian users. It's crucial. He tweeted to freeze, not only the addresses linked to Russian and be Russin politicians, but also to sabotage ordinary users, but coin and the other crypto exchanges, including Binance refused to freeze all Russian users accounts, their various spokespeople added that while they will not block all Russian accounts on their platforms. The crypto exchanges will take steps to identify all sanctioned entities and individuals and block those accounts and transactions Coinbase side, the economic freedom in the world. And Binance said it was about the greater financial freedom for people across the globe. And, you know, banning users access to their cryptocurrency Binance said would fly in the face of the reason why crypto exists in the first place. So cryptocurrencies are also involved now you know, naturally Russia has not been doing nothing last Thursday amid the continually escalating Russian attack on Ukraine.

Leo Laporte / Steve Gibson (01:27:20):
Russia's N C C C there national coordination center for computer incidents published a list presumably intended to be used by those sympathetic to president Putin's expansionist agenda for retaliation against these claimed attacks on Russian cyber infrastructure. A and I, I say claimed attack because in addition to the massive list containing 17,576 individual IP addresses were 166 domains that the N C C said were behind a series of dos attacks aimed at its domestic infrastructure. So in other words, Russia is saying, we want anybody who is pro Russia to go on the cyber offensive and attack all these among the domains were the us federal bureau of investigation, the intelligence agency and websites of several media publications, including USA today and Ukraine's correspondent magazine. So it appears that not liking someone is enough to get them on the list. You know, I doubt that USA today was DDoSing Russia, but anyway, not the N C C, C is reacting to the gradual and incremental, but also probably inevitable withdrawal of Russian and non-US cyber services from Russia as part of its recommendations to counter the DDoS attacks.

Leo Laporte / Steve Gibson (01:29:03):
The agency is urging organizations to ring fence network devices, whatever that is enable logging and changing passwords, enforce data backups, and be extra alert for Phish attacks. In other words, the standard things you would do to raise, you know, better raise and, and defend yourself against cyber attack. But the coolest advice from N C C C caught me a bit surprise by surprise at first, but then I thought it was really interesting and obvious in retrospect, the N C C at its citizenry and Russian enterprises to turn off automatic software updates and disable third party plugins on websites. Now, at this point, you know, Microsoft has pulled a plug on Russian revenue, but the us is not at war with Russia. And of course we're being very careful not to be at war with Russia, however, wow. Consider the implications of Microsoft's and I'm not suggesting this has ever happened or ever would, but the implications of Microsoft's deliberate sabotage of security in aid of a war effort against Russia.

Leo Laporte / Steve Gibson (01:30:27):
And I would not be, I would not want to be on their side of, you know, on the other side of that. And I have to say this puts a spin. I had never considered on my rooting for having all of our devices phoning home and auto updating all the time. You know, we don't wanna go to war with China either. We could easily be on the receiving end with all of the I O T gadgets that most of us are now using. This is all quite sobering. It's one thing to have an, an inadvertent security mistake, be patched. It's another thing to have a deliberate attack launched as a consequence of auto update, which has just loaded a bunch of stuff that are, you know, who knows into one's computer. I know I was slow to buy into this whole cyber war idea.

Leo Laporte / Steve Gibson (01:31:20):
So I suspect I'm still probably being a little naive. The N C C C also advised its citizenry to quote, use Russian DNS servers use the corporate DNS servers and, or the DNS servers of your telecom pro operator. They said in order to prevent the organization users from being redirected to malicious resources or other malicious activity. In other words, they're, you know, getting they're they're battening down the hatches. They said if your organization's DNS zone is serviced by a foreign telecom operator, transfer it to the information space of the Russian Federation. And there again, Russian devices are necessarily trusting the certificates issued by Russian cert. I'm sorry, by Western certificate authorities, since the websites and services that Russians depend upon are serving Western certificates. Just think for a minute, how much implicit cross border trust there is in today's globally interconnected world. You know, this has been the background thought I've had all throughout this mounting aggression.

Leo Laporte / Steve Gibson (01:32:48):
It's really no longer in any way practical for any single country to completely isolate itself from the rest of the world. There's just too much true interdependence. And there is implicit trust that comes with that interdependence. And speaking of interdependence, according to the global internet access watchdog net blocks, Russia has placed extensive restrictions on Facebook within the country. We talked about that before and late last week, there were reports that Twitter had also become unavailable. Again, Twitter wasn't doing what Ross Kaman had asked. So no Twitter for you. Russians Ukraine has also updated its list of targets for its volunt. It army of civilian hackers. Now on the list are the be Russin railway network. Russia's homegrown satellite based global navigation system, blown and telecom operators, MTS and Bline.

Leo Laporte / Steve Gibson (01:33:59):
And in another shoe drop, Russian authorities are drafting a set of measures to support the country's economy against the pressure of foreign sanctions, which they're certainly feeling. And as part of this, the proposal, which is in the process of being finalized would eliminate intellectual property, right limitations in order to explicitly permit piracy within Russia, the plan is to establish a unilateral software licensing mechanism that would renew expired licenses, you know, and this is all euphemisms without requiring the consent of the copyright or patent owner. This new process will be available in cases where the copyright holder is from a country that has supported sanctions against Russia for products, without Russian alternatives, which of course are many, if not most the move is Russia's response to numerous software vendors exiting the Russian market and suspending new licensed sales, including Microsoft, Cisco, Oracle Invidia, IBM, Intel and AMD.

Leo Laporte / Steve Gibson (01:35:16):
In other words, okay, it's, you know, you don't have to honor those licenses any longer says Russia. The original article 1360 of the civil code of the Russian Federation says that quote in the original one in the interest of national security, the government of the Russian Federation shall have the right permit, the use of an invention utility utility model or industrial design without the consent of the patent holder provided that he's notified as soon as possible and payment to him and payment to him, a reasonable remuneration. Now, however, in multiple proposed amendments to this Russian civil code, the Russian ministry of digital transformation wants to bypass compensation to license holders who are under sanction restrictions so that they can continue using the software translated proposed amendments read amending article thirteens 60 of the civil code of the Russian Federation regarding the use of a license and other types of rights and the abolition of compensation to foreign companies originating from states that have acceded to the sanctions, federal law.

Leo Laporte / Steve Gibson (01:36:35):
Now of course, software products that rely on loud services or online verification as so many do now will stop working since no unilateral change in Russia's international intellectual property treaties will keep online services from being shut down. But this does feel as though Russia will be entering a bit of a dark age depending of a, on how long this goes on, you know, who would wanna sell to a rogue nation even if sanctions were not in place. And so this brings us to the big question, will Russia disconnect are we about to see Russia flip the switch? It feels like we are, although Ross Kaan has been working over time to censor information by blocking its citizens access to Western media services, such as telegram have withstood all previous blocking attempts and YouTube, as I said, remains the number one most as popular service in all of Russia, Google is refusing to comply with Rocom NAZA's censorship attempts and demands while simultaneously blocking Russia's own state sponsored propaganda from being carried by YouTube.

Leo Laporte / Steve Gibson (01:37:57):
So it may be that nothing short of disconnecting, all of Russia from the rest of the internet will be the only solution that they believe is workable. And given the things we've seen these co the comments about, you know, using your, you know, local, Russian based DNS, and if your DNS is coming from outside of Russia, switch to inside, this all feels like a preamble. We've probably we've prob previously talked about the U net, you know, Russia's sovereign internet which has been in development. We've been talking about it as it's come up from time to time for years and has remember, was successfully tested for actual deployment with the collaboration of their largest internet providers in Russia last summer, it worked, remember when we discussed the need for, and their establishment of an entirely autonomous DNS system. In other words, they needed to replace the global root servers in order, in order for their system to continue working as DNS CASHS expired.

Leo Laporte / Steve Gibson (01:39:12):
Well, this past Sunday afternoon, two days ago, a letter allegedly leaked from the deputy minister of digital marketing and mass communications of the Russian Federation was posted by anonymous on Twitter. Since it's written in Russian, of course, I cannot read what it says, but anonymous claims that it provides instructions to all organizations about how to prepare for connection to the re net and disconnection from the internet anonymous, as tweet says, Russia is preparing to disconnect from the global internet limiting access to inform for the Russian people. That means censorship and we anonymous are totally against censorship of any kind. So let's turn up the pressure exclamation point. And then in the show notes, I have a leak to their tweet, which does show a picture of this two page document written in Russian. It would seem to me that I don't know what turning up the pressure means, but it would only Hasen the pulling of the plug.

Leo Laporte / Steve Gibson (01:40:28):
You know, Russia doesn't have, and must import Western technology. They cannot duplicate our semiconductors, but unfortunately they may have reason to count on China as a, as a strategic partner. China really is the wild card in much of this, but China is not the west and cannot replace much of what only Europe, the us, the UK and others provide. So we are living in interesting times and we might be on the precipice of having Russia disconnect itself from the internet in order to, you know, once and for all isolated citizens from what's going on. Wow. And there you have about security now for another exciting week, thrilling gripping edition Steve is available@grc.com. That's where you'll find his spin, right? World's best mass storage, maintenance and recovery utility. Currently 6.0 6.1 S come, you can buy six, oh, now get six one for free.

Leo Laporte / Steve Gibson (01:41:31):
When it's available and part participate in its development. That's at grc.com while you're there, you can pick up a copy of the show. He has two unique formats, the 16 kilobit audio for the bandwidth impaired. And I always went, for some reason, I imagined somebody in the Australian Outback who's on some sort of weird satellite connection. Well, of course it started with Elaine, right? That was, she didn't want a big audio file. Yeah, she, she was satellite cuz she's out in the boonies somewhere. Right. And she said this is a big file Steve. I said, ah, I'll take care of that. So she takes it, she transcribes it. And that's the other unique format that human written transcriptions from Elaine Ferris, which makes it a great you know, read along while you listen or search for a part of the show or just, you know, have a text version of security now included all the ums and AHS and pauses grc.com.

Leo Laporte / Steve Gibson (01:42:25):
We have everything at our website too. Twit.Tv/sn there's audio. There there's video there. You could subscribe in your favorite podcast land. There's an audio stream, a dedicated audio dedicated video channel, I should say at YouTube there's lot, lots of ways to consume it. In fact, you can even watch us do it live, which we do every Tuesday at about one 30 Pacific four 30 Eastern, 2130 utc@livedottwit.tv, there's audio and video streams. There, you can chat with us@ircdottwi.club. Twit members can chat inside the discord. There's always something going on in that discord, including some really cool unique shows like our untitled Linux show club TWiT is seven bucks a month gives you ad free versions of all the shows you can get more information@twit.tv slash club TWiT. I guess that's it. That's all the business. Thank you, Steve. Great job. See you next week. Well, that's the news from there. We will we'll hopefully nothing catastrophic will happen in the cyber world if it does. We'll talk about next week, but there were other things to talk about, which we'll we'll get to next week for sure. Yes. Thank you, Steve. We'll see you all next time on security now. Bye bye.

Rod Pyle (01:43:40):
Hey, I'm rod Pyle, editor of ad Astra magazine and each week I'm joined by Tariq Mallick the editor in chief over at space.com in our new this week in space podcast. Every Friday Tariq and I take a deep dive into the stories that define the new space age what's NASA up to when will Americans once again set foot on the moon. And how about those samples from the perseverance Rover? When are those coming home? What the heck is Elon must have done now, in addition to all the latest and greatest and space exploration will take an occasional look at bits of space flight history that you probably never heard of and all with an eye towards having a good time along the way. Check us out in your favorite podcast catcher.

... (01:44:17):
Security.

... (01:44:18):
Now.