Drone Countermeasures Against Laser Weapons

I’ve been getting involved in a counter-drone market for many years now, including time spent in government offices with operators discussing the “latest” technology advances. Not everyone seems excited to hear about details in this area of security research.

One thing that regularly has come up is whether venerable laser weapons are effective yet. I say venerable because the US Air Force itself will tell you they’ve been experimenting with lasers shooting down drones since the early 1970s (according to AFD-070404-025).

…1972 when technicians fired a ground­ based 100 kilowatt CO2 laser that propagated at 10.6 microns against a variety of stationary targets. The tests went so well the project elevated to firing the laser at a moving airborne target. On November 13, 1973, the laser was used against a 12 ­foot­ long Northrop MQM­33B
radio controlled aerial target, a drone, in an attempt to knock it out of the air. Indeed, the drone did drop, but not precisely as planned.

Northrop (Radioplane) OQ-19/KD2R/MQM-33 drone was produced for over four decades

In theory the laser tracks the target drone and then emits hot light to melt inexpensive plastic. Popular Mechanics has just posted a good example of this theory being turned into real-world application, called “This Is How a Laser Weapon Torches Drones Out of the Sky“.

Unfortunately the story was written around “a simple promotional video for Rafael’s Drone Dome, an anti-drone laser weapon”, making it a bit of PR extending the PR released by the manufacturer themselves.

Instead of taking the video at face value, better analysis is in order.

Here are a few thoughts on why perhaps it’s not such a bright idea for journalists to uncritically post a laser vendor’s demonstration.

1) Light reflection. Mirrors are a simple and logical countermeasure. As Dr. Seuss might put it, any chrome drone would bounce a drone dome. The dissipation of energy, to be fair, isn’t child’s play so the mirrors have problems to tackle. But an Office of Navy Research is definitely proving the point with their work on Counter Directed Energy Weapons. More to the point, the Air Force says the latest reflective anti-heat technology developed for energy efficient buildings (windows and roofs) is something that could be applied to all their weapons systems.

2) Dissipation of energy. In a famous case in Mexico, a liquid-cooled door greatly slowed police battering rams. The point here really is to push energy into heat sinks or disposable parts to slow absorption. Again, energy efficient buildings are developing things like phase change materials to absorb energy that easily could be applied to drones. Slowing the energy effectiveness on the drones could mean a moderately-sized swarm might easily overwhelm or avoid laser weapons.

3) Obfuscation. Both above technologies have very useful civilian applications, and thus are likely to improve faster than any expensive laser weapon can innovate. There’s also a more traditional countermeasure, which is to foul the environment a laser has to pass through. Drones could generate a synthetic cloud or fog. A swarm of drones could even create a blanket or corridor that renders laser weapons ineffective. NASA a couple years ago described a version of this working.

10 canisters about the size of a soft drink can will be deployed in the air, 6 to 12 miles away from the 670-pound main payload. The canisters will deploy between 4 and 5.5 minutes after launch forming blue-green and red artificial clouds.

Again slowing down the laser weapon is all that is needed. As one counter-counter-drone researcher put it to me “the glitter bomb is a zero cost defense”.

4) Counterattack. Lasers depend on being able to see, and be seen, so drones can fire lasers back at the source in order to blind the tracking systems or disrupt the light waves.

There are four devastating examples and more probably exist. In every one it’s economics, a matter of having inexpensive and rapidly iterating countermeasures that bypass the extremely expensive and slow-developing laser weapons.

Let me be clear, laser weapons are effective against operations that are not explicitly trying to build countermeasures to laser weapons. There is still a need for laser weapons. However, journalists do us no favors by promoting vendor PR and repeating nonsense like “100% effective”, given we have nearly 50 years of evidence how and why laser weapons fail.

Interactive Map of U.S. Supply-Chain Vulnerabilities

Years ago I wrote about the secret history that lurks behind a famous American dessert.

Nobody else, at least to my knowledge, has been thinking and writing about the supply-chain vulnerability management required for America to promote itself as home of the banana split.

Now there’s an interactive map of supply-chain vulnerabilities, which seems like it would be ideal for speeding up research and illustrating stories like the one I wrote.

FEW-View™ is an online educational tool that helps U.S. residents and community leaders visualize their supply chains with an emphasis on food, energy, and water. This tool lets you see the hidden connections and benchmark your supply chain’s sustainability, security, and resilience.

FEW-View™ is developed by scientists at Northern Arizona University and at the Decision Theater® at Arizona State University. FEW-View™ is an initiative of the FEWSION™ project, a collaboration between scientists at over a dozen universities (https://fewsion.us/team/).

FEWSION™ was founded in 2016 by a grant from the INFEWS basic research program of the National Science Foundation (NSF) and the U.S. Department of Agriculture (USDA). The opinions expressed are those of the researchers, and not necessarily the funding agencies.

However, there are two problems I see already with the map. First, it doesn’t go backward in time. The illustrations would be far more useful if I could pivot through 1880 to 1980. Second, the interactive maps allow you to break out a booze category but I have yet to find a way to filter on bananas and pineapples let alone ingredients for three flavors of ice cream.

Blade Runner 2020: Are We There Yet?

First a recent DARPA video shows how a swarm of drones would be carrying out an urban exercise:

Second, special operations describes their “future fights” training as assessing trustworthiness of partners in the field:

..instructors hear a gunshot echo in the woods. An extrajudicial killing ‘is obviously not ideal,’ one Special Forces instructor said.

Add these two together and you get special operators dropping into urban areas to identify and ultimately eliminate untrustworthy partners, which obviously means drones in the near future.

That pretty much sounds like the thesis of Blade Runner, which is finding presence of machines that lack empathy and then eliminating them. The tough question being, as the instructor said, is an assessment of imminent harm judicial or scientific enough to warrant hitting the off button?

Add Threat and Business Data to Vulnerabilities Using the Latest Open Source Risk Tools

Kenna’s open source Exploit Prediction Scoring System Calculator (EPSS) threat calculator is a significant advance in risk theory beyond using the Common Vulnerability Scoring System (CVSS) on its own

For example, CVE-2019-0708 (Remote Desktop Services Remote Code Execution Vulnerability: May 14, 2019) has a EPSS threat score of 95.2% being exploited in the next 12 months, with a CVSS score of 9.8 (Critical).

That might be an obvious outcome, but it hopefully illustrates some of the importance in adding threat data to the vulnerability remediation timeline.

The real trick is finding CVSS that are low with EPSS that are high because that indicates a risk perception imbalance that quickly can lead to disaster.

On top of this advancement, consider also the riskquant tool recently released that does basic likelihood/severity mapping that probably has been debated in every disaster recovery planning audit meeting for the last 20 years let alone NIST SP 800-30.

…annualized loss is the mean magnitude averaged over the expected interval between events, which is roughly the inverse of the frequency (e.g. a frequency of 0.1 implies an event about every 10 years)…

Both tools are meant to help move from point scores of severity to trends of probabilistic likelihood and should be given a look sometime in the near future.

Glory to the Modern Propagandists

The nature of propaganda is that a tiny seed of truth is grown into massive distraction.

People tend to overlook the basic fact that an adversary has used a tiny seed to confuse their whole plans. Any sense of real progress — ultimately a target’s fractured resources are more easily divided or disabled from within than confronted as a whole directly from the outside — falls victim to a tactic that really shouldn’t be so easy.

The problem, to paraphrase Mark Twain, is that it’s much easier to manipulate people than to persuade them they’re being manipulated.

I’ve presented about this many times in the past, such as 2012 when I explained how Vanuatu’s rapid mobile phone adoption made it ripe for a political coup by manipulating voters. Most recently I spoke of the Russian government targeting foreign athletes with psychological warfare to “get in their heads” and reduce competitive performance against weaker Russian athletes.

Some new analysis from the alliance for securing democracy shows how this all works. Their “Hamilton Dashboard” highlights two important findings in a post titled “Why the Jeffrey Epstein saga was the Russian government-funded media’s top story of 2019”

…few topics dominated the Russian government-funded media landscape quite like the arrest and subsequent suicide of billionaire financier and serial sex offender Jeffrey Epstein. In its year-end review, RT named the Epstein saga “2019’s major scandal,” and RT UK media personality George Galloway listed it as his number one “truth bomb” of the year (ahead of all the aforementioned events). Given the lack of any notable connection between Epstein and Russian interests, the focus on Epstein highlights the Kremlin’s clear prioritization of content meant to paint a negative image of the West rather than a positive image of Russia.

The first finding is a somewhat obvious one that Russia actively uses seeds that are meant to destroy positive imagery of the West (i.e. reverse the “Hope” campaigns that had resulted in President Obama). Epstein falls into this category.

The second finding is more subtle and implicit. Russia fails miserably to generate any positive image of itself. Every analysis I have read suggests Putin is both desperate and incompetent at forming a national identity, despite ruthlessly positioning himself as a long-term dictator with total control of all resources.

To put it in some context, Putin is a trained assassin, with little to no evidence he can develop a sense of national interest or ability to convey any leadership story about belonging. In fact, these two positions may be contradictory (inherent weakness of being an assassin) given how anyone forming greater identity and purpose would be assassinated; rise of identity could be seen as potential threat to the man with an artificially inflated sense of self worth above everyone else.

Anyway the graphic for the Hamilton Dashboard of the securing democracy site really caught my eye as a beautifully done rendition of the classic Soviet propaganda art that Putin seems incapable of achieving (a bit like doing the work for him):

The Hamilton 2.0 dashboard, a project of the Alliance for Securing Democracy at the German Marshall Fund of the United States, provides a summary analysis of the narratives and topics promoted by the Russian government and Russian state-funded media on Twitter, YouTube, broadcast television (RT), and state-sponsored news websites.

For comparison here’s some actual Soviet propaganda that celebrates creating a powerful aviation industry (a suspicious claim given staggering death tolls in their airline: in 1973 alone the Soviet aviation industry had 27 incidents and 780 people were killed)

This genre of “positive” spin poster of prosperity was backed by a complete suppression of any and all “unfavorable” communication that would challenge a progressive narrative (e.g. propaganda seeds of despair pushed by running a story about Epstein). Especially suppressed by the Russians were news of crimes against humanity (massacres, famines and energy/environmental disasters on Russian soil).

In other words, two diametrically opposed threads can be tracked in Cold War propaganda, posters of hope by the Soviets and counter-posters of despair by the CIA (the subject of Putin’s study while in the KGB).

Example of a Soviet poster pushing a positive narrative of prosperity from labor:

Map of the Soviet Union highlighting the contributions to the economy of its major cities and regions, each represented by symbols for dams, factories, mines, agriculture, and so on. Quoting Premier Nikolai Bulganin (served 1955-58). Source: Boston Rare Maps

Contrarian example of a CIA poster pushing negative narratives (indirectly via Italian media platforms) of demoralizing labor brutality:

A map flanked by long text notes describing the Gulag’s size — “if consolidated, would make a submerged empire the size of Western Europe” — and its staggering brutality, with an “average mortality rate… exceed[ing] 12% a year.” Source: Boston Rare Maps

In the modern context, being the typical self-promoting KGB agent trained in the art of copying everything the CIA did and trying to use it for his own gain, we see clear evidence in the Hamilton Dashboard that Putin is pushing a despair campaign using today’s social media platforms. He doesn’t, however, seem to be able to come up with any positive sense of identity for his own nation.

And I have to say, despite me being a student of these communication methods (even having a degree related to their usage) my attempts at art in this domain simply pale in comparison to what the Hamilton Dashboard has come up with.

Hats off to them…although really I would expect some despair in their graphic if they wanted to play this game right. I mean it seems a bit counter productive to gift the enemy with banner-level positive glorification imagery that everyone sees when they come to study the enemy.

The same mistake probably should be said for me, in retrospect, as here’s my 2017 image that used to show up in many of my presentations:

“cyberbombs away” 2017

It was a refresh of the 2016 rendition that was even more snarky about the U.S. being way ahead in kinetic yet woefully behind in the more pressing cyber domain…

One CSO and the Three Biggest Breaches of All Time

What if the wolf was blowing hot air from the inside?

Equifax soaks up a lot of news as the example of bad leadership, and there has been a lot said about the CSO role and person.

However, by the numbers, Equifax appears to sit among a wide group of breaches that each lost around 100-150 million accounts (Under Armor, eBay, Target, Heartland, Rambler, TJX, AOL, MyHeritage and LinkedIn).

Granted that the group is defined by a quantitative measure, it is not clear how qualitative measures (type of data) would change the discussion.

Applying qualitative measures doesn’t explain, for example, why three of the biggest breaches of all time (on the relatively new “best in business” identity platforms containing all information about a person) saw a CSO treated so incredibly lightly compared to the breach of the antique Equifax.

When you look for a correlation of CSO to massive breaches (both quantity and quality of data), all of the following track back to a single person who never did the job before (or even a similar job at a public or large organization) and arguably never should be allowed to attempt it again:

  1. Yahoo 2013 (undisclosed until 2016) 3 billion breached
  2. Facebook 2017-2019 over 600 million breached
  3. Yahoo 2014 500 million breached

And yet nothing like the following seems to exist for Yahoo or Facebook…

We need to seriously consider whether an Equifax CSO was treated by social media pundits as an outlier and pilloried because she is a woman.

Why wasn’t the Yahoo/Facebook CSO scrutinized in a similar fashion given his documented/obvious lack of qualifications in organizational leadership, let alone all the other CSO within the “100-150 million tier” of breached companies?

On top of the massive confidentiality breaches under the Facebook CSO, his legacy also is some of the biggest data integrity failures in history (given 50 million accounts breached, failed to block unfiltered harmful content and is alleged to have facilitated political destabilization and atrocity crimes).

The bottom line is one person attempted to be CSO twice, with no prior experience, and seems to have a track record now of nearly 4 billion accounts compromised with highly questionable disclosure practices. Yet this man seems to have escaped all the scrutiny applied to a woman.

Update Feb 3, 2020: Vice reports “penalties for data breaches and lax security are often too pathetic to drive meaningful change”.

Update Feb 10, 2020: While Facebook pivoted its CSO role to an external academic appointment at Stanford, and thus continues to be embroiled in breaches, Equifax went the other direction and has stayed above board.

Statement from the new Equifax CSO and criminal charges by US Gov shows a clear difference:

This morning, the DOJ identified the perpetrators who attacked Equifax in 2017. With breaches, identification of the attackers (or “attribution”) can be incredibly difficult—even impossible. Being able to share this information is the result of an enormous amount of work by authorities. We cannot thank the U.S. Department of Justice, Federal Bureau of Investigation (FBI), and so many others enough for their tireless efforts to achieve this result.

In parallel, Equifax has been transforming our security program—embedding security into our DNA by driving cultural change, implementing advanced controls tailored to the specific threats we face, achieving relevant certifications, and—just as importantly—sharing what we’ve learned with our customers, partners, and authorities.

Equifax partnered with authorities right from the beginning, and two-way information sharing remains a key part of our security program. The importance of partnering with authorities cannot be overstated. If your security team doesn’t know who to contact at the FBI and the Secret Service, change that today.

At Equifax, we are doing our best to make sure that this never happens again and to support others who want to learn from our experience.

Nothing even close to that for Facebook has appeared, only more breaches.

What if “Something You Are” Can Be Impersonated?

A print of abolitionist U.S. President Abraham Lincoln actually was a composite. Thomas Hicks placed his head on the body of Andrew Jackson’s rabidly pro-slavery Vice President John Calhoun. It went undetected until Stefan Lorant, art director for London Picture Post magazine, noticed Lincoln’s mole was on the wrong side of his face. Source: Atlas Obscura

In multi-factor authentication systems, you typically are dealing with three data categories to establish uniqueness: something you know, something you have or something you are.

While you can create knowledge, create a thing to hold, it is the third category of “being” that often raises concern. There’s an inherent contradiction in treating a thing you expose everywhere and that in theory never changes, as some kind of unique secret that can’t be replayed by someone else. The state of “being” tends to be inherently observable, else you cease to exist.

For example you’ll be hard pressed to avoid leaving your fingerprints all over the place.

On top of the exposure contradiction of biometric secrecy, there also is a complexity and cost consideration in the biometric business, which lowers challenge quality (look for a couple spots that match instead of every detail and thousands of points) to profit/margin and is usually how we see decades of simple bypasses.

Nonetheless, despite the contradictions and bypasses, stark warnings about biometrics do appear. Consider the “lasting damage” claimed in an analysis of Digital ID applications:

In Zimbabwe, we spoke to people who did not know why the government was transitioning from the old metal ID to a biometric ID. There were theories about the ID system’s connection to national security and surveillance but little knowledge of the government’s intentions or the purpose of collecting biometric data (i.e., unique physical measurements such as fingerprints and iris scans)–which isn’t essential for providing legal identity. This type of data is forever associated with a person’s body, meaning that these systems can lead to privacy violations that cause lasting damage.

Meanwhile in RPI research news, we see the march of science challenging our sense of reality:

Scientists have created 3D-printed skin complete with blood vessels, in an advancement which they hope could one day prevent the body rejecting grafted tissue. The team of researchers at Rensselaer Polytechnic Institute in New York and Yale School of Medicine combined cells found in human blood vessels with other ingredients including animal collagen, and printed a skin-like material. After a few weeks, the cells started to form into vasculature. The skin was then grafted onto a mouse, and was found to connect with the animal’s vessels.

In related news, scientists also now can “knit” an artificial skin.

“We can sew pouches, create tubes, valves and perforated membranes,” says Nicholas L’Heureux, who led the work at the French National Institute of Health and Medical Research in Bordeaux. “With the yarn, any textile approach is feasible: knitting, braiding, weaving, even crocheting.”

This suggests we are entering an entirely new level of impersonation possibilities, which both are bad (unwanted) and good (wanted). You could knit a new set of fingerprints that even have blood-flowing in them.

Somehow I doubt the scientists considered the impact of bypassing authentication systems as part of their research, yet we’re clearly approaching a time when you can really do an about face and give the finger to biometric authentication vendors.

It all begs the ancient philosophical questions of whether quaint notions of authenticity are really something to hold a hard line on (e.g. authorize authenticity policing), or instead we should focus on harms and virtue ethics. For a simple quiz, would you sooner criminalize actors for doing modern voice impersonations or appearance impersonations?

Czech Patton Museum Comes to America

The 75th anniversary of liberation from Nazi occupation is giving Americans a chance to see memorials to them that usually are found only in Czechia.

The exhibition, entitled Liberation of Pilsen, will be unveiled at Czech Centre New York on Wednesday afternoon. It outlines the advance of Allied troops from Normandy to Pilsen, the role of General George S. Patton and other historical circumstances.

Ivan Rollinger of the Patton Memorial Pilsen museum, who curated the exhibition, says it also maps the many memorials to civilians and soldiers in the region of Pilsen.

“Even today, 75 years after the end of the war, there are still new monuments being erected to the victims of the Second World War, including fallen US soldiers.

“We still come across new information about the individual victims in the region, for instance in the Washington National Archive or in daily reports, and then we unveil new memorials to them.”

New Book: Going to War Against Fascists Earlier Prevents Late Realization That Fascism is Really Bad

It’s a complicated claim, given how fascism is based on constant deception and lying; yet the facts are in again that the far more powerful armies would have benefited from earlier political support to declare war against the expanding lies and aggression of fascism.

Caquet’s most potent argument, borrowed as well from Winston Churchill, is that in 1938 the Allies were in a much stronger military position than Germany. By virtually every measure, including the number of soldiers, ammunition, tanks and aircraft, he reveals, the combined armed forces of England, France and Czechoslovakia greatly exceeded those available to be deployed by the Nazis.

In 1938, Germany was only about halfway through its rearmament initiative, and remained somewhat constrained by restrictions in the Treaty of Versailles. France and Czechoslovakia alone could produce twice as many armored divisions than the Reich, following a general mobilization. German supplies of oil, iron and aviation lubricants sufficed for three months or less. German construction of battleships, aircraft carriers and submarines had just begun. German bombers lacked the range to effectively bomb Britain. And in 1938, Caquet points out, with Czechoslovakian forces on high alert, Germany could not launch a surprise attack. That the Allies did not call Hitler’s bluff and go to war, he implies, resulted from a lack of political will and not inferior military might.

“Supermarine Spitfire, Britain’s premier fighter plane from 1938 through World War II.” Source: Britannica

See also: death camps described by an escapee in detail to London June 1942

Timeline: Did 2018 WhatsApp Security Flaw Lead to Assassination of WashPo Journalist?

This is a timeline of proprietary and centralized end-to-end encryption technology (albeit using an open source protocol) for secret delivery of malicious content to targets (apps and people) that seems to have led to massive privacy loss as well as targeted killings.

January 2018:
Facebook’s CSO campaigned on Twitter to restore trust in WhatsApp after researchers alleged privacy flaws.

…clear notifications and multiple ways of checking who is in your group prevents silent eavesdropping. The content of messages sent in WhatsApp groups remain protected by end-to-end encryption.

March 2018:
Amazon CEO is invited to have dinner with the Saudi Crown Prince Mohammed bin Salman.

April 2018:
Amazon CEO and Crown Prince have dinner, exchange phone numbers linked to WhatsApp accounts.

May 2018:
WhatsApp message from the Crown Prince (believed to have included a malicious video file) is sent end-to-end encrypted to the Amazon CEO’s phone.

A huge amount of data (130MB) suddenly is uploaded from the CEO’s phone (29,000% jump), and then about 100MB/day is uploaded in the months following (compared to under 0.5MB/day in months prior). (Full Report by “FTI Consulting” via Vice News story).

June 2018:
Amazon’s WashPo journalist Jamal Khashoggi’s contacts (who use WhatsApp) also receive malicious links.

July 2018:
NYT reports spread of harmful videos on WhatsApp is leading directly to dozens of violent deaths: “How WhatsApp Leads Mobs to Murder in India“.

WhatsApp’s design makes it easy to spread false information. Many messages are shared in groups, and when they are forwarded, [despite CSO promoting “multiple ways of checking who is in your group”] there is no indication of their origin.

August 2018:
Facebook CSO leaves to take position at Stanford doing research for Facebook, pushing for greater use of WhatsApp (see Oct 2019 Stanford tweet).

…companies like to say things like ‘we follow local law’, but in reality, they resist orders every day by saying ‘sorry…

His statements promoting WhatsApp usage completely contradict his infamously bizarre 2015 argument with the NSA (just before being hired by Facebook), which suggested he saw moral equivalence in all lawful orders from everywhere.

…if we’re going to build defects/backdoors or golden master keys for the US government, do you believe we should do so — we have about 1.3 billion users around the world — should we do for the Chinese government, the Russian government, the Saudi Arabian government, the Israeli government, the French government? Which of those countries should we give backdoors to?

September 2018:
Amazon CEO’s phone uploads 500MB.

October 2018:
Khashoggi is murdered at the Saudi consulate in Istanbul.

Slate reports on spread of harmful content on WhatsApp, describing it as dangerous tool for mob rule and abuse of power: “How False News Haunted the Brazilian Elections…it was worse than ever.”

And it coincided with the rise of Brazil’s far-right president-elect…political communication is completely vulnerable, especially on WhatsApp because it’s not monitorable… Just 8 percent of the most-shared information in groups was correct… WhatsApp, which she described as “the biggest misinformation engine during elections this year”, was unwilling to take action against fake news on its platform. …the company “at no point showed itself willing to sit down and talk with fact-checkers to think about solutions.”

November 2018:
US White House occupant reportedly in a “bizarre, inaccurate and rambling” manner “issued a statement in which he said the U.S. would maintain a ‘steadfast’ alliance with Saudi Arabia, refusing to blame Saudi Crown Prince Mohammed bin Salman for Khashoggi’s killing even though the CIA has reportedly concluded that the crown prince ordered his assassination.”

March 2019:
US Congress sends letter criticizing WhatsApp being used in White House for communications with foreign leaders during September and October of 2018 (murder of WashPo journalist).

April 2019:
Ex-Facebook CSO gives talk claiming (without any evidence) “The day WhatsApp turned on encryption was probably the most privacy enhancing day of all time” while Amazon CEO’s phone is uploading GB of extremely sensitive data due to security flaw in WhatsApp; self-congratulatory boasts of the ex-CSO go unchallenged.

April/May 2019:
Amazon CEO’s phone completes 9GB of data uploaded in three large bursts.

12 days after last burst, a full forensics investigation begins by FTI. While unable to find malware FTI writes report showing bursts of suspicious traffic.

November 2019:
Facebook announces CVE-2019-11931, which explains sending a malicious video file to a WhatsApp user has been a serious open vulnerability allowing spyware to be installed. May 2018 to November 2019 is 1.5 year response time to a critical exploit in the wild.

Description: A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. The issue was present in parsing the elementary stream metadata of an MP4 file and could result in a DoS or RCE. This affects Android versions prior to 2.19.274 [OCT 3, 2019], iOS versions prior to 2.19.100 [OCT 17, 2019]….

January 2020:
Guardian breaks the story of Amazon CEO and Whatsapp breach, barely hinting at a US White House role.

[In high-profile and long-standing “challenge” to Amazon CEO] Trump and his son-in-law Jared Kushner have maintained close ties with the crown prince…

Further stories roll like NYT “Beware WhatsApp accounts…”, which bring us full circle to the Facebook CSO making a provably false claim in public that “clear notifications and multiple ways of checking who is in your group prevents silent eavesdropping”.

To be clear the phrase “prevents silent eavesdropping” was a very tall claim that deceptively lured victims to false sense of trust in WhatsApp. Eavesdropping wasn’t prevented entirely, and harmful content wasn’t even attempted to be prevented, so many people died as a result of overconfidence from WhatsApp marketing coupled with its critical security flaws.

the poetry of information security