Connect with us

Tech

Russia’s Twitter throttling may give censors never-before-seen capabilities

Published

on

Cartoon padlock and broken glass superimposed on a Russian flag.
Enlarge / What’s happened to Russia’s flag?

Russia has implemented a novel censorship method in an ongoing effort to silence Twitter. Instead of outright blocking the social media site, the country is using previously unseen techniques to slow traffic to a crawl and make the site all but unusable for people inside the country.

Research published Tuesday says that the throttling slows traffic traveling between Twitter and Russia-based end users to a paltry 128kbps. Whereas past Internet censorship techniques used by Russia and other nation-states have relied on outright blocking, slowing traffic passing to and from a widely used Internet service is a relatively new technique that provides benefits for the censoring party.

Easy to implement, hard to circumvent

“Contrary to blocking, where access to the content is blocked, throttling aims to degrade the quality of service, making it nearly impossible for users to distinguish imposed/intentional throttling from nuanced reasons such as high server load or a network congestion,” researchers with Censored Planet, a censorship measurement platform that collects data in more than 200 countries, wrote in a report. “With the prevalence of ‘dual-use’ technologies such as Deep Packet Inspection devices (DPIs), throttling is straightforward for authorities to implement yet hard for users to attribute or circumvent.”

The throttling began on March 10, as documented in tweets here and here from Doug Madory, director of Internet analysis at Internet measurement firm Kentik.

In an attempt to slow traffic destined to or originating from Twitter, Madory found, Russian regulators targeted t.co, the domain used to host all content shared on the site. In the process, all domains that had the string *t.co* in it (for example, Microsoft.com or reddit.com) were throttled, too.

That move led to widespread Internet problems because it rendered affected domains as effectively unusable. The throttling also consumed the memory and CPU resources of affected servers because it required them to maintain connections for much longer than normal.

Roskomnadzor—Russia’s executive body that regulates mass communications in the country—has said last month that it was throttling Twitter for failing to remove content involving child pornography, drugs, and suicide. It went on to say that the slowdown affected the delivery of audio, video, and graphics, but not Twitter itself. Critics of government censorship, however, say Russia is misrepresenting its reasons for curbing Twitter availability. Twitter declined to comment for this post.

Are Tor and VPNs affected? Maybe

Tuesday’s report says that the throttling is carried out by a large fleet of “middleboxes” that Russian ISPs install as close to the customer as possible. This hardware, Censored Planet researcher Leonid Evdokimov told me, is typically a server with a 10Gbps network interface card and custom software. A central Russian authority feeds the boxes instructions for what domains to throttle.

The middleboxes inspect both requests sent by Russian end users as well as responses that Twitter returns. That means that the new technique may have capabilities not found in older Internet censorship regimens, such as filtering of connections using VPNs, Tor, and censorship-circumvention apps. Ars previously wrote about the servers here.

The middleboxes use deep packet inspection to extract information, including the SNI. Short for “server name identification,” the SNI is the domain name of the HTTPS website that is sent in plaintext during a normal Internet transaction. Russian censors use the plaintext for more granular blocking and throttling of websites. Blocking by IP address, by contrast, can have unintended consequences because it often blocks content the censor wants to keep in place.

One countermeasure for circumventing the throttling is the use of ECH, or Encrypted ClientHello. An update for the Transport Layer Security protocol, ECH prevents blocking or throttling by domains so that censors have to resort to IP-level blocking. Anti-censorship activists say this leads to what they call “collateral freedom” because the risk of blocking essential services often leaves the censor unwilling to accept the collateral damage resulting from blunt blocking by IP address.

In all, Tuesday’s report lists seven countermeasures:

  • TLS ClientHello segmentation/fragmentation (implemented in GoodbyeDPI and zapret)
  • TLS ClientHello inflation with padding extension to make it bigger than 1 packet (1500+ bytes)
  • Prepending real packets with a fake, scrambled packet of at least 101 bytes
  • Prepending client hello records with other TLS records, such as change cipher spec
  • Keeping the connection in idle and waiting for the throttler to drop the state
  • Adding a trailing dot to the SNI
  • Any encrypted tunnel/proxy/VPN

It’s possible that some of the countermeasures could be enabled by anti-censorship software such as GoodbyeDPI, Psiphon, or Lantern. The limitation, however, is that the countermeasures exploit bugs in Russia’s current throttling implementation. That means the ongoing tug of war between censors and anti-censorship advocates may turn out to be protracted.

Continue Reading
Advertisement
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Tech

US government strikes back at Kremlin for SolarWinds hack campaign

Published

on

US government strikes back at Kremlin for SolarWinds hack campaign

Matt Anderson Photography/Getty Images

US officials on Thursday formally blamed Russia for backing one of the worst espionage hacks in recent US history and imposed sanctions designed to mete out punishments for that and other recent actions.

In a joint advisory, the National Security Agency, FBI, and Cybersecurity and Information Security Agency said that Russia’s Foreign Intelligence Service, abbreviated as the SVR, carried out the supply-chain attack on customers of the network management software from Austin, Texas-based SolarWinds.

The operation infected SolarWinds’ software build and distribution system and used it to push backdoored updates to about 18,000 customers. The hackers then sent follow-up payloads to about 10 US federal agencies and about 100 private organizations. Besides the SolarWinds supply-chain attack, the hackers also used password guessing and other techniques to breach networks.

After the massive operation came to light, Microsoft President Brad Smith called it an “act of recklessness.” In a call with reporters on Thursday, NSA Director of Cybersecurity Rob Joyce echoed the assessment that the operation went beyond established norms for government spying.

“We observed absolutely espionage,” Joyce said. “But what is concerning is from that platform, from the broad scale of availability of the access they achieved, there’s the opportunity to do other things, and that’s something we can’t tolerate and that’s why the US government is imposing costs and pushing back on these activities.”

Thursday’s joint advisory said that the SVR-backed hackers are behind other recent campaigns targeting COVID-19 research facilities, both by infecting them with malware known as both WellMess and WellMail and by exploiting a critical vulnerability in VMware software.

The advisory went on to say that the Russian intelligence service is continuing its campaign, in part by targeting networks that have yet to patch one of the five following critical vulnerabilities. Including the VMware flaw, they are:

  • CVE-2018-13379 Fortinet FortiGate VPN
  • CVE-2019-9670 Synacor Zimbra Collaboration Suite
  • CVE-2019-11510 Pulse Secure Pulse Connect Secure VPN
  • CVE-2019-19781 Citrix Application Delivery Controller and Gateway
  • CVE-2020-4006 VMware Workspace ONE Access

“Mitigation against these vulnerabilities is critically important as US and allied networks are constantly scanned, targeted, and exploited by Russian state-sponsored cyber actors,” the advisory stated. It went on to say that the “NSA, CISA, and FBI strongly encourage all cybersecurity stakeholders to check their networks for indicators of compromise related to all five vulnerabilities and the techniques detailed in the advisory and to urgently implement associated mitigations.”

A representative of VPN provider Pulse noted that patches for CVE-2019-11510 were released in April 2019. “Customers who followed the instructions in a Pulse Secure security advisory issued at that time have properly protected their systems and mitigated the threat.” FortiNet in recent weeks has also pointed out it patched CVE-2018-13379 in May 2019. The makers of the other affected hardware and software have also issued fixes.

cves targeted by russia

CISA

The US Treasury Department, meanwhile, imposed sanctions to retaliate for what it said were “aggressive and harmful activities by the Government of the Russian Federation.” The measures include new prohibitions on Russian sovereign debt and sanctions on six Russia-based firms that the Treasury Department said “supported the Russian Intelligence Services’ efforts to carry out malicious cyber activities against the United States.”

The firms are:

  • ERA Technopolis, a research center operated by the Russian Ministry of Defense for transferring the personnel and expertise of the Russian technology sector to the development of technologies used by the country’s military. ERA Technopolis supports Russia’s Main Intelligence Directorate (GRU), a body responsible for offensive cyber and information operations.
  • Pasit, a Russia-based information technology company that has conducted research and development supporting malicious cyber operations by the SVR.
  • SVA, a Russian state-owned research institute specializing in advanced systems for information security located in that country. SVA has done research and development in support of the SVR’s malicious cyber operations.
  • Neobit, a Saint Petersburg, Russia-based IT security firm whose clients include the Russian Ministry of Defense, SVR, and Russia’s Federal Security Service. Neobit conducted research and development in support of the cyber operations conducted by the FSB, GRU, and SVR.
  • AST, a Russian IT security firm whose clients include the Russian Ministry of Defense, SVR, and FSB. AST provided technical support to cyber operations conducted by the FSB, GRU, and SVR.
  • Positive Technologies, a Russian IT security firm that supports Russian Government clients, including the FSB. Positive Technologies provides computer network security solutions to Russian businesses, foreign governments, and international companies and hosts recruiting events for the FSB and GRU.

“The reason they were called out is because they’re an integral part and participant in the operation that the SVR executes,” Joyce said of the six companies. “Our hope is that by denying the SVR the support of those companies, we’re impacting their ability to project some of this malicious activity around the world and especially into the US.”

Russian government officials have steadfastly denied any involvement in the SolarWinds campaign.

Besides attributing the SolarWinds campaign to the Russian government, Thursday’s release from the Treasury Department also said that the SVR was behind the August 2020 poisoning of Russian opposition leader Aleksey Navalny with a chemical weapon, the targeting of Russian journalists and others who openly criticize the Kremlin, and the theft of “red team tools,” which use exploits and other attack tools to mimic cyber attacks.

The “red team tools” reference was likely related to the offensive tools taken from FireEye, the security firm that first identified the Solar Winds campaign after discovering its network had been breached.
The Treasury department went on to say that the Russian government “cultivates and co-opts criminal hackers” to target US organizations. One group, known as Evil Corp., was sanctioned in 2019. That same year, federal prosecutors indicted the Evil Corp kingpin Maksim V. Yakubets and posted a $5 million bounty for information that leads to his arrest or conviction.

Although overshadowed by the sanctions and the formal attribution to Russia, the most important takeaway from Thursday’s announcements is that the SVR campaign remains ongoing and is currently leveraging the exploits mentioned above. Researchers said on Thursday that they’re seeing Internet scanning that is intended to identify servers that have yet to patch the Fortinet vulnerability, which the company fixed in 2019. Scanning for the other vulnerabilities is also likely ongoing.

People managing networks, particularly any that have yet to patch one of the five vulnerabilities, should read the latest CISA alert, which provides extensive technical details about the ongoing hacking campaign and ways to detect and mitigate compromises.

Continue Reading

Tech

Autonomous trucking company Plus will use AI and billions of miles of data to train self-driving semis

Published

on

Autonomous trucking company Plus will use AI and billions of miles of data to train self-driving semis

This article is part of a VB Lab Insight series paid for by Plus.


The safest drivers are those with the most experience. Studies show it can take years of practice for automobile drivers to become careful and competent road users. Similarly, the more experience a truck driver has the less likely it is that they will cause a serious crash.

What holds true for human drivers holds true for autonomous driving systems — up to a point. The safest self-driving vehicle platforms are those that have accumulated the most experience.

Since driving experience is so important, how can technologists make sure computerized driving systems get the training they need to operate safely on the nation’s roads and highways?

Solving this challenge is the key to unlocking a fully autonomous future.

How computers learn to drive a semi-truck

Thanks to advances in sensor technology and artificial intelligence (AI), an automated truck is capable of analyzing many objects on the road and making a decision about how to respond.

This is accomplished in large part by training so-called “deep learning” algorithms. Repeatedly expose a self-driving system to all kinds of obstacles, from a cut-in vehicle to a construction site, and the system will start to understand how to react when an obstruction appears on the highway.

Here it is important to note that unlike people, machines lack common sense and don’t do well handling novel situations. Human drivers know to slow down in the face of an unexpected obstacle — a bear, say — because we can make decisions based on similar situations we have already encountered or extrapolate from other incidents.

Unlike humans, however, deep neural networks can only learn from data they have been trained on, whether from public roads, closed courses, or computer simulations.

So back to the original question: How do you train the machines so they are exposed to the full range of the driving experience?

Data, data, and more data

Plus’s goal is to help truck drivers on long-haul routes, where they encounter a variety of road and weather conditions. In addition to closed-road testing and computer simulations, the company’s PlusDrive system is learning on the open road, where the trucks can be exposed to real-world obstacles and situations. Junk flying from a pickup bed. Ice slicks. A wind turbine blade. A zigzagging motorcycle.

Plus3

Though these so-called “long tail” phenomena comprise less than 1% of the time behind the wheel, knowing how to safely navigate them is critical for machines. Society expects that a computer-operated machine must be at least an order of magnitude safer than a human driver.

Billions of miles of on-road testing

Starting this summer, Plus will put its supervised automated driving system into factory production. It is also retrofitting existing trucks with the system. By this time next year, hundreds of automated trucks powered by PlusDrive will be on the road, hauling commercial cargo.

Human drivers will be behind the wheel. Like an experienced professional training a new recruit, Plus drivers will monitor the autonomous trucks while teaching them how to handle unexpected obstacles.

Plus estimates that its fleet will accumulate billions of collective miles before the company deploys fully driverless vehicles. Taking an evolutionary approach to full autonomy enables the company to rack up miles more quickly, with the assistance of on-board professional drivers who are training and validating the system.

To support its global deployment in the U.S., China, Europe, and other markets, Plus recently raised $420 million in new funding.

Truck driver retention and low-carbon solution

The drivers benefit too. The Plus supervised autonomous trucking solution elevates the role of the truck driver, upskilling them in preparation for an autonomous future. At the same time a digital co-pilot will ease driver exhaustion on long-haul routes, and fleets will spend less on the hiring process.

The system yields other gains. Fuel comprises about a third of a trucking company’s operating budget, by far the largest cost for heavy trucks. When an automated system understands the road, pulling in GPS and weather data too, they optimize shifting and braking. Plus has run pilot projects showing that  PlusDrive saves 10% of the tank compared to the most efficient drivers, a win for the bottom line and the environment.

The autonomous trucking future, now

Commercial space travel, solar-powered cities, autonomous vehicles — the first two visions of the future depend on specific economic inflection points, while the third is wholly dependent on the amount of data a system has accumulated.

Plus is building the necessary feedback loop of information today. Its trucks are accumulating the data. Its drivers, who are among the safest and most efficient Class A drivers, are training the system with their responses. Its engineers are fine-tuning PlusDrive’s algorithms and decisions. And eventually PlusDrive will be one of the safest and most experienced drivers on the road.

Plus is applying autonomous trucking technology to trucks today. For more information, please visit www.plus.ai.


VB Lab Insights content is created in collaboration with a company that is either paying for the post or has a business relationship with VentureBeat, and they’re always clearly marked. Content produced by our editorial team is never influenced by advertisers or sponsors in any way. For more information, contact [email protected]

Continue Reading

Tech

Misfits Gaming esports group launches Women of Misfits speaker series

Published

on

Misfits Gaming esports group launches Women of Misfits speaker series

Join Transform 2021 this July 12-16. Register for the AI event of the year.


Esports company Misfits Gaming Group is leaning into female gamers with the launch of its Women of Misfits speaker series, and it will turn into a wider platform over time.

The Boca Raton, Florida-based company will use its fame in esports to elevate issues for women in gaming and esports, and it’s happening at a time when problems such as sexual harassment and under-representation of women at game studios and at esports organizations have been in the headlines.

Women are a prevalent part of the esports and gaming landscape. Nearly 40% of all gamers are female with 80% of them being 18 or older. The Women of Misfits initiative will provide a space for women to discuss ideas and be inspired by influential women both inside and outside the organization in addition to supporting the growth and development of women within MGG. We’ll have a Women in Gaming Breakfast at our GamesBeat Summit 2021 on April 28-29.

The platform will features a series of monthly guest speakers. The first speakers are Chris Evert, 18-time Grand Slam singles champion and tennis legend; GloZell Green, comedian and YouTuber; Bianca Smith, the first Black woman to serve as a professional baseball coach; Angela Ruggiero, CEO Sports Innovation Lab and four-time Olympian and Gold Medalist for the U.S. Hockey team; and Maya Enista Smith,7 am embargo Executive Director of the Born This Way Foundation.

The focus of the Women of Misfits platform will be mentorship, development, network, and advocacy. The platform will be led by female executives within MGG including chief development officer Hillary Matchett; president of media and branding Ella Pravetz; chief revenue officer Lagen Nash; president of Misfits Agency Amy Palmer; vice president of Communications Becca Henry; chief wellness adviser Carolyn Rubenstein; and cofounder Laurie Silvers.

The Women of Misfits platform includes a monthly speaker series with industry leaders and visionaries which will air on MGG’s YouTube channel. The sessions will be moderated by MGG executives and guest speakers will share topics that matter to them and inspire both the gaming community and women to pursue their dreams.

“I am truly inspired and amazed with our women at MGG and their many accomplishments and eager to watch this platform ascend,” said Misfits CEO Ben Spoont, in a statement. “The determination and dedication to push one another to break the boundaries as women within the esports industry is remarkable, and I am confident this platform will resonate not only within MGG but also within our wider community.”

GamesBeat

GamesBeat’s creed when covering the game industry is “where passion meets business.” What does this mean? We want to tell you how the news matters to you — not just as a decision-maker at a game studio, but also as a fan of games. Whether you read our articles, listen to our podcasts, or watch our videos, GamesBeat will help you learn about the industry and enjoy engaging with it.

How will you do that? Membership includes access to:

  • Newsletters, such as DeanBeat
  • The wonderful, educational, and fun speakers at our events
  • Networking opportunities
  • Special members-only interviews, chats, and “open office” events with GamesBeat staff
  • Chatting with community members, GamesBeat staff, and other guests in our Discord
  • And maybe even a fun prize or two
  • Introductions to like-minded parties

Become a member

Continue Reading

Trending