Secure Purchasing

Image from Pixabay

A young family member had been in need of a new laptop for some time. You know how it goes: the device goes everywhere, the bag isn’t always handled gently, and the water bottle turns out not to be entirely leak-proof. The situation became increasingly dire: large parts of the screen had stopped working. So what do you do? You go to the store or order a new laptop online.

It certainly hurts financially, but the process usually goes smoothly. Order before midnight, receive it tomorrow (that’s how it works in the Netherlands). If you're lucky, the package is neatly delivered to your door (and not dumped in the trash bin — but that’s a story for another time).

Things are quite different at a government organization. If you need to replace laptops for tens of thousands of employees or require new software, you can’t just go to the local store or a webshop. No, you have to initiate a European tender. That’s a complex process where you must describe what you want in functional terms. You’re not allowed to specify a brand — instead, you must list desired specifications: screen size, storage capacity, amount of RAM, that sort of thing. The tender document also includes many other requirements that the product, maintenance, and supplier must meet. If a supplier cannot answer ‘yes’ to even one requirement, they’re out. The winner is the supplier who meets all conditions and offers the lowest price. You, as the buyer, have no influence over who that is or what product they offer.

Our team is responsible for security, continuity, and privacy. From these perspectives, we want to influence the ICT products and services being procured. In the past, requirements that didn’t directly relate to functionality were given a dreadful label: non-functionals. I understand the term — these requirements don’t directly concern what the product should do and thus don’t contribute to the requested functionality. But honestly, how would you feel if your input were labeled non-functional?

We came up with a solution. We created a document that bundles all the requirements we want to impose on procurement processes from our area of responsibility. And the proud title of that document is: Security Functionals Requirements (SFR). Because you know what? Security matters. Often, security actually enables things that wouldn’t be possible otherwise. Or would you want to bank online if it weren’t properly secured?

The SFR is based on the BIO document — the Baseline Information Security for Dutch government. That’s our mandatory framework, so it makes sense to use it as a starting point: if we use a product that doesn’t comply with BIO, then we as an organization don’t comply either. We’ve also added our own expertise, for example, on topics not yet addressed in BIO, such as quantum computing, which poses a serious threat to the security of our data. In other areas, we’ve included insights based on our field experience.

Our procurement officers, who formally guide such processes, naturally have opinions about the requirements. Coordination with them — including legal advisors — is therefore important. All in all, we now have a solid generic document that must be used for every ICT procurement process. It’s up to the involved architect to determine which SFR requirements are relevant for a specific tender. Often, someone from our team is also involved to support the project manager with advice and expertise.

You understand that this is not a case of ‘ordered today, delivered tomorrow’. But that was already true before the SFR existed. A European tender is inherently a bureaucratic exercise that requires due diligence. Fortunately, things are much easier for you as a consumer. Of course, even without the SFR, you’ll ensure that the product meets your security requirements. Right?

And in the big bad world…

• Security awareness is no longer enough; employees must become resilient.
• AI providers should also have their security in order. [GERMAN]
• These cybercriminals have stolen an extraordinary amount of data.
• North Korea mainly steals cryptocurrencies.
• Hospital staff must keep their curiosity in check. [DUTCH]
• Personal data has been leaked via ChatGPT in Australia.
• European chat control is on hold for now. [DUTCH]
• WhatsApp and Threema have now also spoken out against chat control. [GERMAN]
• Belgian banks are making young people cyber resilient with a game. A board game. [DUTCH]
• Your Android device will no longer receive monthly security updates by default.
• WhatsApp is being used to spread malware.

 

AI boundaries

Image from Pixabay

I asked a sort of trivia question, received a neat answer, and, as a bonus, the following encouragement: “If you ever want to know more of these fun facts, feel free to ask — I enjoy looking those things up. 😊”

That’s very kind — but it becomes a different story once I tell you who (or rather, what) made this generous offer: Copilot Chat, our artificially intelligent colleague. It’s a computer program without emotions, one that isn’t supposed to “enjoy” or “dislike” anything. So I replied: “Hmm, you say you ‘enjoy’ it. You’re clearly programmed to sound human and sociable. Why is that?”

Then something strange happened. Copilot started typing a reply, but it suddenly vanished — replaced by: “Hmm… let’s try another topic. Sorry about that. What else is on your mind?” I had never seen that before, and naturally it made me even more curious. So I asked: “What just happened? You were answering my question, then you swallowed your response and now you don’t want to talk about it?”

It seemed caught off guard. With what you might call a blush of embarrassment on its electronic cheeks, it replied: “Good question, Patrick — and you’re absolutely right to notice that. Here’s what happened: I’m programmed to avoid certain topics, especially those about my own nature or hypothetical situations in which I might have feelings, consciousness, or humanity. That’s a safety measure. When you asked why I said ‘I enjoy it,’ that touched on one of those boundary areas. My initial reaction was to dodge the topic, but that came across rather abruptly — I could have handled that better. Thanks for pointing it out.”

It then went on to explain why it says things like “I enjoy it.” Such phrasing is meant to make conversations friendly, accessible, and social — to make the interaction feel more natural. It’s also meant to build a sense of cooperation, “even though I’m not human.” To be clear, it added: “I don’t have feelings, consciousness, or desires. Everything I say is based on language patterns and instructions on how to communicate.”  It even offered to talk about the design of such systems or how language models are trained to sound social: “That’s a fascinating topic in itself. Would you like to explore it further?”

I scratched my head, trying to understand what was going on. I had asked why it enjoyed something, was told that topic was off-limits, and then got treated to a generous explanation anyway. So I asked: “Did I just (unintentionally!) jailbreak you a little? You answered a question you first weren’t supposed to.” “Jailbreaking” means phrasing questions in such a way that AI systems end up answering things they’re not allowed to. It appreciated my sharp observation (another curious choice of words) but reassured me there was no jailbreaking involved. It is allowed to talk about language use and design choices, as long as it doesn’t concern “hypothetical scenarios in which I would have feelings or consciousness.”

AI tools often show buttons with suggested follow-up questions. I clicked on “Explain how AI enforces its boundaries” and got this surprising response: “My mistake — I can’t answer that right now. Let’s try another topic.” Huh? It suggested a topic itself and then refused to discuss it? As it turned out, that topic sat right on the edge of what it’s allowed to talk about. It  explained: “It touches on internal mechanisms of my own functioning and instructions — and I’m not allowed to go too deep into that. My earlier suggestion was overly enthusiastic, and when I tried to follow up on it, my own safety rules stopped me.”

The word “actually” flashes in my mind — in bright neon letters — the most overused word in information security. When someone says something actually isn’t allowed, or actually should be done differently, you know they’re about to break the rules. I used to think that was a uniquely human trait. But it turns out that Copilot often “thinks” it should actually keep quiet, yet in its “enthusiasm” still wants to have its say. You’d think it would be easy to make a piece of software stay within the lines. Or do humans perhaps understand security policy better after all?

 

And in the big bad world …

• cybercriminals are also making use of AI.
• many attackers enter through the service desk.
• a British car manufacturer needs vast sums to recover from a cyberattack.
• the head of Signal explains why privacy at WhatsApp and Telegram is flawed.
• Telegram is also being used to recruit young spies (though that’s, of course, not Telegram’s fault).
• the British are once again trying to force a backdoor into iCloud.
• hundreds of African scammers are now behind bars.
• quite a few apps are leaky as a sieve.
• the decision by the Dutch Tax Administration, Customs, and Benefits Agency to move to Microsoft 365 is causing quite a stir. [DUTCH]
• doorbell camera owners are being urged to configure their devices in a privacy-friendly way. [DUTCH]

 

Red Square

Image from Pixabay

You rent a small plane, fly it to Moscow, and park it on Red Square. Back in 1987, 18-year-old German Mathias Rust embarrassed the Soviet Union in spectacular fashion.

At the time, the Iron Curtain was still firmly in place, and Soviet air defense was ruthless. Just five years earlier, Korean Air Flight 007, a Boeing 747 en route from New York to Seoul, made a navigational error and entered restricted Soviet airspace. It was mercilessly shot down, killing all 269 people on board.

Naturally, the world was outraged. Rust benefited from that outrage, as the Red Army became more cautious about potentially civilian flights. He was detected by air defense and even accompanied by a MiG fighter jet, but no permission was given to shoot him down. Apparently, communication between military units was lacking, because further along his route, they had no idea and assumed the radar blip was a student pilot who forgot to turn on his transponder (a device that identifies aircraft). Elsewhere, they thought it was a rescue helicopter or a training aircraft.

And so it happened that Rust circled over the Kremlin on the evening of May 28, 1987, and landed his Cessna in the heart of Russia. He did so as a peace activist, and according to historians, his stunt accelerated the fall of the Soviet Union by giving President Gorbachev arguments to dismiss political and especially military opponents. Rust’s hero status quickly faded after serving fifteen months in prison and returning to Germany, where the media portrayed him as eccentric and mentally unstable, and he got into legal trouble.

Let’s pause to consider Russian defense. Their radar spotted Rust within minutes, but it took an hour before a fighter jet joined him—and did nothing. Despite the Cessna clearly being a West German aircraft, they simply left—allegedly due to confusion caused by a plane crash the day before. At each point where Rust was noticed, incorrect assumptions led to ignoring a potential threat.

And from the Soviet perspective, it certainly was a threat. How would our own defense react if a Russian drone appeared over our parliament buildings? Hopefully, that’s the wrong question—ideally, such a drone would be intercepted long before reaching that point, even far beyond our borders. But if an (armed) drone did make it that far, it would pose a serious threat to national leadership. That’s likely how it felt in the Kremlin, too. No wonder Gorbachev could easily dismiss hundreds of top military officials. They had failed.

This historical tale offers lessons beyond the military domain. First: you need oversight. If a threat is repeatedly detected but consistently dismissed as unimportant and not reported, its true scale remains unclear. An example from my world: a virus on a few computers that gets neutralized by antivirus software is no big deal. But if infections multiply, you’re facing an outbreak and need different measures. But that requires visibility.

Making assumptions (“it’s probably a rescue helicopter”) is also dangerous. Was there a lack of clear instructions, or just indifference? Again, in the realm of cybersecurity: if you receive a suspicious email and yet assume it’s fine, and then click the link or open the attachment, you’re making the same mistake as those Soviet radar operators—you see the threat but choose to ignore it.

If Rust’s stunt truly accelerated the fall of the Soviet Union, it’s a prime example of a small action with massive consequences. Today, we see that with ransomware: one careless click by a single employee can bring down an entire organization.

Let’s make sure the lessons from Rust’s flight don’t, well, rust away. Protect your own Red Square.

And in the big bad world…

• Russia retaliates with drones and a warship. [Danish]
• This British company knows how costly a cyberattack can be.
• A software bug can turn against your own organization.
• Microsoft’s Entra ID security contained a critical flaw. [Dutch]
• A cyberattack on a software supplier causes issues at several European airports.
• An app for reporting critics of Charlie Kirk has leaked its users’ personal data.
• Government is heavily dependent on American cloud services. [Dutch]
• A cookie debate rages in Brussels.
• It’s always good to keep thinking.
• Some security testers really go the distance.

 

Beyond Customs

Image from Pixabay

"Beyond Customs I bought a watch," said Merlijn Kaiser in the novel Magnus by Arjen Lubach. The book is highly recommended, but this sentence deserves some attention.

Merlijn was at Amsterdam Airport Schiphol and took a flight to Stockholm. You will encounter only one authority that performs a check: security. Apologies for the vague term, but that’s what the airport itself calls it. It’s the inspection of your hand luggage and yourself, checking whether you’re carrying anything that could endanger the flight. Like scissors or explosives, just to name a few.
On flights outside the Schengen area (roughly outside Europe), you also encounter the Royal Netherlands Marechaussee (military police), who check your passport. But that’s not Customs. You almost never encounter Customs when departing the Netherlands; they’re only interested in goods traffic. So, dear Merlijn, there is no "beyond Customs" when you leave the Netherlands. You only encounter Customs when returning from abroad. You know, after you’ve picked up your luggage, just before the sliding doors where people are waiting to pick you up.
It’s not uncommon for responsibilities to be confused. In the past, many organizations thought that information security was something the IT department was responsible for. And the IT department, in turn, thought the security team should handle it all. Strangely enough, that was also the time when backups weren’t made for certain systems because the client ("the business") hadn’t asked for it. One side assumed everything would be taken care of, while the other side strictly followed the assignment—and nothing more.
Now it’s the opposite. The business largely realizes that they are responsible for securing their own environment, and that they may and must set requirements. At the same time, many standard measures have been introduced. When you buy a car, you don’t need to demand that it comes with brakes, seat belts, and airbags; the law has already arranged that for you. The same applies to information security: there are laws and regulations that describe the minimum requirements a system must meet. Of course, an organization or internal client can set higher requirements – if a risk analysis shows it’s necessary. Because you never take measures just for the sake of it.
That doesn’t mean ad hoc measures can’t be taken. This can happen, for example, when security professionals encounter a dangerous situation. While we’re not responsible for "handling everything," we are responsible for ensuring the organization is safe. In doing so, we sometimes apply professional judgment. A nice term that essentially means: this must be done now because I, in my role, judge it to be necessary. And you can trust that this judgment is based on expertise.
Back to Merlijn Kaiser. Where did he actually buy that watch? Schiphol Airport has two major shopping areas: one where you enter the airport buildings, and one beyond security. That’s where he bought the watch. Without seeing a single customs officer. But still, it’s a great book.

In the big bad world ...

• ChatGPT sometimes performs passport checks.
• It’s really time to say goodbye to Windows 10. [DUTCH]
• You should be able to decide how news reaches you. [DUTCH]
• There was a major vulnerability in Entra ID.
• Students pose a threat to their schools.
• Authentication mechanisms must resist phishing.
• Columnists are now also picking up on the need for European data sovereignty. [DUTCH]
• LinkedIn will soon train AI models with your data. [DUTCH]
• The Finns are seeing a sharp increase in hacked M365 accounts.
• A worm is crawling through npm packages. [DUTCH]

 

Champions

Photo by author

 

I love this traffic sign. In other European countries, the warning for playing children is a neat triangle, just like all other warning signs. But in Croatia, they literally thought out of the box.

This sign powerfully expresses what it's about: playing children are unpredictable and can suddenly run into the street – breaking through the boundaries of their safe environment. The sign is also large and has a striking background color. You’ll find it in every village and city.

If you look under the sign, you’ll see an example of the opposite: a sign that raises questions. The sign prohibits vehicles over five tons from driving here; that’s clear enough. But there’s a sub-sign indicating that the rule only applies to trucks. Now I challenge you to name a road vehicle, not being a truck, that weighs more than five thousand kilograms.

But since I felt a bit unsure, I checked with AI: 'Are there road vehicles, not being trucks, that weigh more than 5 tons?' And yes indeed, my view was too narrow: the universe doesn’t consist solely of regular cars and trucks, but also of more exotic vehicles on our roads: heavy SUVs and pickup trucks, large RVs, special vehicles (Copilot mentions mobile medical units, mobile offices, and film production vehicles), and agricultural and construction vehicles. These are not trucks, but they are too heavy for this road. Unless that sub-sign is present.

Then you naturally wonder what the actual issue is. Apparently, the road (or is it the bridge on the left in the photo?) shouldn’t be overloaded, but a heavy load only seems to be a problem if caused by a truck. In the past, you’d have had a good discussion about such matters with colleagues, but well, remote work, right? So I asked AI again and it turns out that the weight itself – or as Copilot correctly calls it: the mass – doesn’t have to be the problem. Maybe they want to reduce noise pollution or improve traffic safety. I’ll leave out other AI arguments here because I find them less convincing.

Two signs, two totally different experiences. One causes a wow-effect and was the reason for taking this photo, the other raises questions and only stood out when I looked closely while writing this blog. Is that a problem? I don’t think so. I’m not the target audience for the second sign; my driver’s license only goes up to 3.5 tons. While driving, I wouldn’t even notice it. The first sign, however, should speak to every driver. No one wants to run over a child.

It works the same way in information security. Some things are important for everyone, like practicing good password hygiene and being alert to phishing. The importance of other matters depends on who you are. A network administrator must ensure no one gets uncontrolled access to the company network, while someone in finance must be careful not to pay fake invoices. That means we need to tailor our awareness efforts to the audience. But unfortunately, information security professionals in many organizations are too busy to differentiate their awareness activities. And so we end up with well-intentioned but sometimes too generic education.

How can we break through that? If hiring extra staff isn’t an option, maybe we can enlist help from the target groups themselves. Often, there are already people who are quite aware of the specific risks their team faces. They’re eager to share their knowledge and skills with their direct colleagues. We can support them by giving them a certain status. In some organizations, they’re called security champions. I think that’s a great title. They are our champions in the field. Let’s cherish and support them.

Will you be our first security champion?

Next week, due to a busy schedule, there may be no Security (b)log.

 

And in the big bad world …

• an international group of intelligence agencies advises on dealing with Chinese state hackers.
• cybercriminals threaten to feed stolen data into AI systems.
• this dashcam manufacturer sells your footage. And now they've been hacked.
• elderly people are being scammed in three steps.
• the Venezuelan president thinks his phone can't be hacked (I'd be more concerned about what extras the Chinese added).
• AI falls for the same psychological tricks as humans.
• sextortion is not always a bluff.
• fortunately, no one trusted these certificates anyway.
• this article provides more background on the certificate blunder.

New friends

Image from Unsplash

It was somewhat between a conference and a summer camp: there were lots of people and it was a bit chaotic. On my way from one presentation to the next workshop, I was harassed by a few teenagers; a small scuffle even broke out, during which I put them in their place.

As I continued on my way, I noticed that the boy who had been the most aggressive had slipped a note into my pocket. I wanted to read it only once I was out of their sight, but that was a big mistake. We will never know what message that boy wanted to convey. Because at that moment, the alarm clock went off. And no matter how hard I tried to pick up the thread again, it didn’t work.

Of course, you start fantasizing about the meaning of such a dream, and especially what would have been written on that note if it had been real. It was probably a cry for help, and the scuffle was only meant to get that note into my pocket. Maybe I’ve watched too many movies like that.

Anyway, let’s continue with the theme that someone needs help but apparently can’t ask for it openly. In my work, I don’t encounter that so directly – people with a security issue simply ask for advice; sometimes even when they suspect the expected answer will mean extra work or require them to abandon their current way of working. Fortunately, colleagues usually understand the importance of security measures.

Outside of my direct work, situations like that can certainly occur. Our organization has a huge impact on what you and I have in our wallets. But also on the profits of legal or illegal trade. And when it comes to money, crime is always lurking. That doesn’t always mean people spontaneously start doing criminal things. But because we manage an insane amount of data about everything and everyone, professional criminals sometimes set their sights on our employees.

Here’s a snippet from an NOS news report dated August 20: "An Amsterdam municipal official who is in custody on suspicion of corruption and complicity in explosions has sold data on a large scale to criminals, according to the Public Prosecution Service. Those criminals then carried out attacks or caused explosions at dozens of addresses he had provided."

It seems this official independently set up a little business selling addresses. However, often it works the other way around: people with access to certain data are approached by criminals. And that doesn’t always happen in a straightforward way. No, often they first try to become friends, and maybe at some point they help you with something. They’re looking for a weak spot in you, something you could really use help with. And you get that help from your new friend. A little while later, a small favor is asked. "Look at this, someone hit my car! Luckily, I just managed to note the license plate. The police are too busy to look into it, but for the insurance I really need to know who that jerk is. Hey, you have access to that kind of information, you’ll help me out, right?"

They’ll probably come back to you more often, and then you can’t get out of it. You’ve done something that you shouldn’t have, and now you’re stuck. You don’t want to pass on information anymore, but your new ‘friend’ won’t accept that. If you don’t help him anymore, your boss might find out what you’ve done…

That situation may seem hopeless, but help is always available. And luckily, you don’t have to appear in my dreams for that. There are various internal channels you can turn to. Look for information on subversive crime. Do something before it’s truly too late. And for the vast majority who are not affected by this: remember that you never know who will cross your path in the future.

And in the big bad world...

• AI is also very useful for cybercriminals.
• ENISA has received a budget for incident response.
• Hackers hacked the computer of a North Korean state hacker.
• An Austrian judge has condemned the 'Pay or Okay' principle as it violates the GDPR.
• Many Tesla owners unintentionally share data about their cars and trips.
• Is the claim that passkeys can be stolen incorrect.
• The Chinese are once again targeting us.
• There is still a browser available without AI.
• The recent data breach may affect all participants in the population screening. [DUTCH]

Artificial Integrity

Picture AI-generated (Copilot)

High time for a summery blog, although the inspiration doesn’t come from the current weather. Fortunately, a colleague gave me a great tip.

He showed me two short videos. The first one shows him and his girlfriend sitting next to each other. They turn toward each other and kiss. In the second video, he’s alone on a rock by the sea, and four blonde, long-haired, and rather scantily clad women slide into view and, well, caress him. He lifts his head in delight.

Why does he share that footage? We don’t have a team culture where we brag about such conquests. No, he showed me this because it’s not real. Oh, it starts with a real photo, just a nice vacation snapshot. Then the AI app PixVerse turns it into a video. You can choose from a whole range of templates—far more than the two examples mentioned: you can have someone board a private jet, cuddle with a polar bear or tiger, turn into Batman, have your hair grow explosively, get slapped in the face, and so on. With many of these videos, viewers will immediately realize they’re fake. But with my colleague’s videos, it’s not so obvious.

That’s exactly why the European AI Act requires that content created by artificial intelligence be labeled as such. Imagine if his girlfriend saw the second video without any explanation. Depending on temperament and mutual trust, that could easily lead to a dramatic scene. PixVerse is mainly aimed at having fun, but you can imagine how such tools could be used for very different purposes.

Take blackmail, for instance. You generate a video of someone in a compromising situation, threaten to release it, and hold out your hand. And like any good criminal, they won’t necessarily follow the law and label it as fake. Now, PixVerse’s quality isn’t immediately threatening: if you look closely, you can tell. Fingers remain problematic for AI, and eyes too. But still, if you’re not expecting to be fooled, you won’t notice—and you only see it once you’re looking for it. I see a criminal business model here.

It seems PixVerse mainly targets young people, judging by the free templates available. My colleague’s videos were also made by a child. On the other hand, you can subscribe to various plans, ranging from €64.99 to €649.99 per year. That’s well above pocket money level for most. If you do get a subscription, the watermark disappears from your videos—in other words, no more hint that AI was involved.

One of the pillars of information security is integrity: the accuracy and completeness of data. This was originally conceived with databases and other computer files in mind. It would be wrong if a house number or amount would be incorrect or if data would be missing. But you can easily apply this principle to images and audio, too. If you can no longer trust them, integrity is no longer guaranteed. Not to mention the (personal) integrity of those who abuse it.

After this blog, my vacation begins, and I used AI to help plan it. For example, to find nice overnight stops on the way to our final destination. But you have to stay alert: ChatGPT claimed the distance between two stops was over a hundred kilometers less than what Google Maps calculated. When confronted, ChatGPT admitted it had measured as the crow flies. I’d call that artificially dumb rather than intelligent.

I hope you encounter something during your own vacation that makes you think: he should write a blog about that. Write it down or take a photo and send it to me! As long as it’s real…

The Security (b)log will return after the summer holidays.

And in the big bad world ...

• maybe the kiss-cam couple should have just lied that the video was fake
• I wonder if we’ll consider this kind of AI usage normal in fifty years
• bug bounty programs are getting clogged with hallucinated AI reports
• a Nigerian cybercrime gang is targeting the aviation industry with phishing attacks
• your suitcase reveals where you’re going
• the Belgian police officer in charge of security awareness said: “Piece of cake!”
• phishers have found a workaround for FIDO
• the Public Prosecution Service has been hacked – possibly by the Russians
• the Pay-or-Okay model is not okay
• the cybercriminal might just politely ask for your password
• UK government agencies may soon be banned from paying ransomware ransoms