So my WiFi enabled printer got me thinking.
Obviously this thing is not just a gaping security hole in any network but also a blatant kick in the pants for privacy...
Oh, you want me to print a document? From your phone? On the same network? Oh... I'm just going to send your document to one of our servers somewhere in the world, but don't worry!
Well, who cares about that right? I mean it's not like we cant be reasonably sure that all our '''''private''''' data isn't being aggregated by at least a few different agencies. (And if you tell me it's too much data for anyone to sift through, I've got a blog post coming for that.)
No, what I mean is, my WiFi enabled printer REALLY got me thinking.
Have you heard about using capacitance signals from WiFi radio antenna to learn about people's locations? Turns out that using a hacked WiFi router, it's entirely possible for someone to track your location as you walk around your house. There was a story about how this was used in a real crime investigation that I have to dig out.
In fact this technique has been refined to not just track location, but also to perform 'pose estimation'. So in theory, and with some learning, your ISP could be monitoring how much time you spend taking a shit.
But that's just your ISP (or the half a million routers controlled by the people behind VPNFilter). I mean meh.
Have you ever heard of primary surveillance radar? In particular how it can be used to create a virtual passive radar system?
Putting the pieces together can't you imagine sitting outside someone's house and just passively monitoring their every move? Or, using a network of WiFi signals, everyone's every move? What? Too paranoid?
Indeed, if precise enough, can't you imagine your WiFi enabled printer quietly relaying your heart rate, your respiration rate and your blink rate back 'home'?
So next time you're in a jihadist fueled ferver about the latest post you read on the Daily Mail, unplug your fucking printer.
OK, so this is sci-fi, but in my next post I want to talk about how all this data can be aggregated to create a nation state simulation within which everything we do is carefully surveilled.
All in the name of a good old fashioned delusional paranoid fervor.
Thinking about the history of WannaCry, a crudely implemented ransomware built on top of a 'highly weaponized' zero-day(?) exposed by The Shadow Brokers which was quickly neutralized before causing too much 'geopolitical' influence' sparked a number of ideas.
The Lazarus Group is clearly a state sponsored APT, but what are The Shadow Brokers? We understand them as a an anonymous internal hacker group not aligned to the mission of the NSA or the USA, but what if that conception is simply a consequence of information manipulation?
Obviously I'm making a lot of assumptions here, and speculating on the possibility of strange new battle lines in an emerging cyber warfare landscape. A landscape where perhaps ţhe old geopolitical lines have been redrawn in cyberspace. A truly transnational 'space' for which the term 'geopolitical' is anachronistic.
Specifically, how do geopolitics translate into cyberspace? There is no longer a 'geo', only a set of shared cultural, ideological and political alliances as well corporate and pragmatic alliances (my enemy's enemy).
At this stage, it seems naive to consider that cyberwarfare isn't in full swing, whereby anachronistic nationastates seeks to damage other nationstates by attacking critical banking, industrial, political and medical infrastructure through software, both malicious and benign.
One example that comes to mind is the mortar projectile calculator app that was being used by Ukrainians in the crimea. It turns out the app was authored by the Russian military, and was being used to reveal the location of the Ukrainian mortar positions.
Not to mention the 5th domain battleground.
So WannaCry was a Russian authored ransomware attacking UK based critical medical infrastructure based on zero days 'leaked' by groups close to American intelligence agencies.
Was the release of the shadow brokers Vault 7 tools actually a strategic play to enable other nationstates to attack each other? And was the 'kill switch' that saved the NHS from total IT collapse evidence that this was simply a demonstration of "cyber power" on behalf of the USA using a Russian patsy?
At this stage, it seems naive to consider that cyberwarfare isn't in full swing.
Siraj Raval promotes a new package manager with critical backdoors that let the NSA inject arbitrary code into 'signed' third party libraries running the backbone of the web for country X... What? Too paranoid?
I wonder to what extent mutual assured destruction has been achieved, or wether we are going to see more muscle flexing, akin to shooting down satellites (shutting down or even blowing up nuclear reactors, for example).
I fully expect the UK to be leading the world in cyber decoys, but this is just a hunch.
I heard about the former head of MI5 going around and talking to companies about defensive solutions, however, I wonder to what extent such systems are also ready for offensive capability.
Who's botnet is bigger? The NSAs? The FSBs?
Will the web splinter for national security reasons?
Can we, the transnational citizens of cyberspace resist the retrograde, reactionary, anachronistic political models of the past, and architect a new future of individual freedom, security, privacy and sovereignty?
Ours is not a caravan of despair.
Let us empower ourselves with antifragile systems for robust cyber-interaction free from political influence that isn't of our own conception.
