Google 停用了大量與中國與俄羅斯相關的帳號

在「Google Takes Down Influence Campaigns Tied to China, Indonesia, and Russia」這邊看到的,Google 的說明則是在「TAG Bulletin: Q2 2024」這邊,看起來像是例行性的更新?

與台灣有關的當然就是跟中國相關的影響,也是被停最多帳號的,在報告的最後提到 YouTubeBlogger 上面有掃到上千個與中國政府相關的宣傳帳號:

We terminated 1,320 YouTube channels and 1,177 Blogger blogs as part of our ongoing investigation into coordinated influence operations linked to the People’s Republic of China (PRC). The coordinated inauthentic network uploaded content in Chinese and English about China and U.S. foreign affairs. These findings are consistent with our previous reports.

第二多的則是俄羅斯:

We terminated 378 YouTube channels as part of our investigation into coordinated influence operations linked to Russia. The campaign was linked to a Russian consulting firm and was sharing content in Russian that was supportive of Russia and critical of Ukraine and the West.

其他的就比較零頭了...

1990 年代俄羅斯人用 VHS 帶 (錄影帶) 備份數位資料的方法:ArVid

Hacker News 上看到「ArVid: how Russians squeezed 4 hard drives into one VHS tape in the 90s」這篇,在 1990 年代俄羅斯人發明了用 VHS 帶 (錄影帶) 備份數位資料的方式,這個套件叫做 ArVid

方法是利用家裡已經有的 VHS 機 (錄影機),然後在 386 的電腦上接一張 ISA 介面的卡 (對比現在的電腦環境就是 PCI-e 介面卡),然後把 ISA 卡接到 VHS 機的 Video In (負責備份資料) 與 Video Out (負責取回資料),另外 ISA 卡還有一個紅外線 LED 發射的模組線可以接到 (貼到) VHS 機器的接收處,這樣可以讓 ISA 卡透過「遙控器」的協定控制 VHS 播放器。

這個點子用的媒介其實類似於磁帶機,只是 ArVid 為了使用現成的 VHS 機,多了一個轉換成影像的步驟。

這邊 ArVid 加上了 Hamming code,提供之後讀取時,發現錯誤以及修正的能力。

三個小時的 VHS 帶可以存 2GB 的資料,這個空間大小的感覺拉一下「History of hard disk drives」這頁的資訊,可以感覺一下 1990 年代前期時這樣的東西大概是什麼感覺:

1990 – IBM 0681 "Redwing" – 857 megabytes, twelve 5.25-inch disks. First HDD with PRML Technology (Digital Read Channel with 'partial-response maximum-likelihood' algorithm).

1991 – Areal Technology MD-2060 – 60 megabytes, one 2.5-inch disk platter. First commercial hard drive with platters made from glass.

1991 – IBM 0663 "Corsair" – 1,004 megabytes, eight 3.5-inch disks; first HDD using magnetoresistive heads

1991 – Intégral Peripherals 1820 "Mustang" – 21.4 megabytes, one 1.8-inch disk, first 1.8-inch HDD

1992 – HP Kittyhawk – 20 MB, first 1.3-inch hard-disk drive

是個很有趣的產品啊...

美國政府禁止 NVIDIA 將高階顯卡輸出到中國與俄羅斯

Hacker News 首頁上看到「US Government Bans Export of Nvidia A100 and H100 GPUs to China and Russia (sec.gov)」這篇,是 NVIDIA 發出了 Form 8-K,說明美國政府禁止 A100 與 H100 或是更高階 (更快) 的卡以及產品輸出到中國 (包括香港) 與俄羅斯:「nvda-20220826.htm」。

先是指出 A100、H100 以及 A100X (Ampere) 被管制:

On August 26, 2022, the U.S. government, or USG, informed NVIDIA Corporation, or the Company, that the USG has imposed a new license requirement, effective immediately, for any future export to China (including Hong Kong) and Russia of the Company’s A100 and forthcoming H100 integrated circuits. DGX or any other systems which incorporate A100 or H100 integrated circuits and the A100X are also covered by the new license requirement.

另外是禁止新產品的部份,效能與 A100 相等或是更好的卡也被禁止輸出,除非有取得授權:

The license requirement also includes any future NVIDIA integrated circuit achieving both peak performance and chip-to-chip I/O performance equal to or greater than thresholds that are roughly equivalent to the A100, as well as any system that includes those circuits.

然後有提到軍事相關考量:

A license is required to export technology to support or develop covered products. The USG indicated that the new license requirement will address the risk that the covered products may be used in, or diverted to, a ‘military end use’ or ‘military end user’ in China and Russia. The Company does not sell products to customers in Russia.

有看到一些報導指出 AMD 也有收到類似的禁令 (畢竟也是個顯卡大廠),但在「SEC Filings」這邊沒看到...

BBC 這次拿出短波廣播...

Hacker News Daily 上看到的,BBC 這次戰爭拿出短波廣播發送訊號,讓烏克蘭地區的人,以及一部分俄羅斯的人可以收到 BBC 的新聞:「BBC resurrects WWII-era shortwave broadcasts as Russia blocks news of Ukraine invasion」。

The BBC says its shortwave broadcasts will be available on frequencies of 15735 kHz from 4PM to 6PM and 5875 kHz from 10PM to midnight, Ukraine time. News will be read in English, which the BBC says will be available in Kyiv as well as “parts of Russia.”

主要還是用到短波廣播可以傳很遠,以及難以封鎖的特性,相較於 internet 容易被牆掉所以被拿來用...

另外 BBC 也提供了 Onion 的版本,讓俄羅斯的人可以翻出來看 BBC 的新聞:

The BBC’s current onion domain is: https://www.bbcnewsd73hkzno2ini43t4gblxvycyac5aw4gnv7t2rccijh7745uqd.onion.

不過有 Tor 的話基本上可以直接從 exit node 看,好像沒有必要特別用 Onion 位置...

Telegram 開始跟俄羅斯政府合作

雖然路透社的標題寫的像是俄羅斯政府是因為放棄封鎖 Telegram,不過讀一下內文就會發現完全不一樣:「Russia lifts ban on Telegram messaging app after failing to block it」。

報導上看起來是俄羅斯政府說 Telegram 會與政府合作打擊恐怖份子,所以解封 (先不要管「恐怖主義」之類的詞,這常常是打擊異己時用的詞彙):

Some Russian media cast the move as a capitulation, but communications watchdog Roskomnadzor said it had acted because the app’s Russian founder, Pavel Durov, was prepared to cooperate in combating terrorism and extremism on the platform.

“Roskomnadzor is dropping its demands to restrict access to Telegram messenger in agreement with Russia’s general prosecutor’s office,” it said in a statement.

現在的重點會在於 Telegram 會不會解釋,以及解釋的內容 (目前是還沒有):

There was no immediate reaction from Telegram or Durov.

因為劇本有可能是 1) Telegram 根本沒跟俄羅斯政府接觸,純粹是俄羅斯政府想搞 Telegram,或是 2) 有接觸,但談的跟報導的差很多,或是 3) 就是 Telegram 放棄掙扎了。

後續的 Telegram 回應會是重點,另外 end-to-end encryption (E2E Encryption) 的承諾會有什麼樣的變化也會是重點。

我猜測比較可能的應該是有合作,但控制權在 Telegram 手上,並不是直接讓俄羅斯政府碰 Telegram 的內部系統,不過一切都還得等後續的消息才能確認...

摸進俄羅斯的外包廠商,意外發現的專案:降低 Tor 匿名性的工具

俄羅斯政府的外包廠商 SyTech 被摸進去後,被發現裡面有些「有趣」的軟體:「Hackers breach FSB contractor, expose Tor deanonymization project and more」。

這次被放在標題的軟體叫做 Nautilus-S,透過被加過料的 Tor server 與 ISP traffic 交叉分析,試著找出俄羅斯內的 Tor 使用者:

Nautilus-S - a project for deanonymizing Tor traffic with the help of rogue Tor servers.

這不是新東西,之前就有被提出來,但並沒有這次直接給整包軟體出來:

The first was Nautilus-S, the one for deanonymizing Tor traffic. BBC Russia pointed out that work on Nautilus-S started in 2012. Two years later, in 2014, academics from Karlstad University in Sweden, published a paper detailing the use of hostile Tor exit nodes that were attempting to decrypt Tor traffic.

而且看起來有不少節點正在運行:

Researchers identified 25 malicious servers, 18 of which were located in Russia, and running Tor version 0.2.2.37, the same one detailed in the leaked files.

不知道 Tor 會不會有行動...

俄羅斯的 BGP traffic reroute...

前幾天 (12 號) BGPmon 發現有很多知名的網段被導去俄羅斯:「Popular Destinations rerouted to Russia」。

Early this morning (UTC) our systems detected a suspicious event where many prefixes for high profile destinations were being announced by an unused Russian Autonomous System.

可以看到相當多知名的網段都被導走:

Starting at 04:43 (UTC) 80 prefixes normally announced by organizations such Google, Apple, Facebook, Microsoft, Twitch, NTT Communications and Riot Games were now detected in the global BGP routing tables with an Origin AS of 39523 (DV-LINK-AS), out of Russia.

從圖中也可以看出來 AS39523 透過 AS31133 發出這些 routing,然後主要是透過 AS6939 (Hurricane Electric) 擴散:

這幾年俄羅斯在網路上的動作多很多...

俄羅斯政府透過卡巴斯基的漏洞,偷取美國國安局的文件

這下知道為什麼美國政府要直接禁用 Kaspersky 了:「Russian Hackers Stole NSA Data on U.S. Cyber Defense」。如果看不到 WSJ 的文章,可以看「Russia reportedly stole NSA secrets with help of Kaspersky—what we know now」這邊。

最近的事件被發現與 Kaspersky 的漏洞有關:

The hackers appear to have targeted the contractor after identifying the files through the contractor’s use of a popular antivirus software made by Russia-based Kaspersky Lab, these people said.

加上 Kaspersky 有濃厚的俄羅斯官方色彩 (關係良好),以及法令上與技術上都有可能性要求 Kaspersky 協助。雖然這次事件是合約工家裡電腦用 Kaspersky 造成的,但已經有足夠的風險讓美國政府決定開鍘下令完全禁用了:

For years, U.S. national security officials have suspected that Kaspersky Lab, founded by a computer scientist who was trained at a KGB-sponsored technical school, is a proxy of the Russian government, which under Russian law can compel the company’s assistance in intercepting communications as they move through Russian computer networks.

CloudFlare 的莫斯科機房啟用

如同之前 CloudFlare 預告的,在莫斯科機房啟用了:「Moscow, Russia: CloudFlare’s 83rd data center」。

先前大多都是透過瑞典或是德國的機房服務,現在變成在當地直接交換:

Previously, delivery of nearly four million Internet applications on CloudFlare to over 100 million Internet users in Russia occurred mostly from our Stockholm and Frankfurt data centers. By now localizing that delivery, we are helping shave latency down by over 20ms for a majority of Russian users.

這樣整個歐洲的據點算完整了... 接下來應該是非洲與看對北美機房了。