I'm on a tour with my new book, the international bestseller Enshittification: catch me next in Toronto (TOMORROW!), San Diego and Seattle! Full schedule here.
In their 2023 book Underground Empire, political scientists Henry Farrell and Abraham Newman describe how the modern world runs on US-based systems that other nations treat(ed) as neutral platforms, and how that is collapsing:
Think of the world's fiber optic cables: for most of the internet's history, it was a given that one end of the majority of the world's transoceanic fiber would make landfall on one of the coasts of the USA. US telcos paid to interconnect these fiber head-ends – even ones on opposite coasts – with extremely reliable, high-speed links.
This made a certain kind of sense. Pulling fiber across an ocean is incredibly expensive and difficult. Rather than run cables between each nation in the world, countries could connect to the US, and, in a single hop, connect to anywhere else.
This is a great deal, provided that you trust the USA to serve as an honest broker for the world's internet traffic. Then, in 2013, the Snowden leaks revealed that America's National Security Agency was spying on pretty much everyone in the world.
Since then, the world has undergone a boom in new transoceanic fiber, most of it point-to-point links between two countries. Despite the prodigious logistical advantages of a hub-and-spoke model for ocean-spanning fiber networks, there just isn't any nation on Earth that can be entrusted with the world's information chokepoint, lest they yield to temptation to become the world's gatekeeper.
Don't get me wrong: there are also advantages to decentralized (or even better, distributed) interconnections in the world's data infrastructure. A more dispersed network topology is more resilient against a variety of risks, from political interference to war to meteor strikes.
But connecting every country to every other country is a very expensive proposition. Our planet has 205 sovereign nations, and separately connecting each of them to the rest will require 20,910 links.
In complexity theory, this is an "Order N-squared" ("O(n^2)") problem – every additional item in the problem set squares the number of operations needed to solve it. We aren't anywhere near a world where every country has a link to every other country on Earth. Instead, we're in an unsettled period, where warring theories about how to decentralize, and by how much, have created a weird, lopsided network topology.
Obviously, fiber interconnection isn't the most important "neutral platform" that the US (formerly) provided to the rest of the world. The most important American platform is the US dollar, which most countries in the world use as a reserve currency, and also as a standard for clearing international transactions. If someone in Thailand wants to buy oil from someone in Saudi Arabia, they do so in dollars. This is called "dollar clearing."
The case for dollar clearing is similar to the case for linking all the world's fiber through US data-centers. It's a big lift to ask every seller to price their goods in every potential buyer's currency, and it's a lot to ask every Thai baht holder to race around the world seeking someone who'll sell them Saudi riyals – and then there's the problem of what they do with the change left over from the transaction.
Establishing liquid markets for every pair of every currency has the same kind of complexity as the problem of establishing fiber links between every country.
Since the mid-20th century, we've solved this problem by treating the US dollar as a neutral platform. Countries opened savings accounts at the US Federal Reserve and stashed large numbers of US dollars there (when someone says, "China owns umpty-billion in US debt," they just mean, "There's a bank account in New York at the Fed with China's name on it that has been marked up with lots of US dollars").
Merchants, institutions and individuals that wanted to transact across borders used the SWIFT system, which is nominally international, but which, practically speaking, is extremely deferential to the US government.
Issuing the world's reserve and reference currency was a source of enormous power for the US, but only to the extent that it used that power sparingly, and subtly. The power of dollarization depended on most people believing that the dollar was mostly neutral – that the US wouldn't risk dollar primacy by nakedly weaponizing the dollar. Dollarization was a bet that America First hawks would have the emotional maturity to instrumentalize the dollar in the most sparing and subtle of fashion.
But today, no one believes that the dollar is neutral. First came the Argentine sovereign debt default: in 2001, the government of Argentina wiped out investors who were holding its bonds. In 2005, a group of American vulture capitalists scooped up this worthless paper for pennies, then sued in New York to force Argentina to make good on the bonds, and a US court handed over Argentina's foreign reserves, which were held on US soil.
That was the opening salvo in a series of events showed everyone in the world that the US dollar wasn't a neutral platform, but was, rather, a creature of US policy. This culminated with the Russian invasion of Ukraine, which saw the seizure of Russian assets in the USA and a general blockade on Russians using the SWIFT system to transfer money.
Whether or not you like the fact that Russian assets were transferred to Ukraine to aid in its defense against Russian aggression (I like it, for the record), there's no denying that this ended the pretense that the dollar was a neutral platform. It was a signal to every leader in the world that the dollar could only be relied upon for transaction clearing and foreign reserves to the extent that you didn't make the USA angry at you.
Today, Donald Trump has made it clear that the US's default posture to every country in the world is anger. The US no longer has allies, nor does it have trading partners. Today, every country in the world is America's adversary and its rival.
But de-dollarization isn't easy. It presents the same O(n^2) problem as rewiring the world's fiber: creating deep, liquid markets to trade every currency against every other currency is an impossible lift (thus far), and there's no obvious candidate as a replacement for the dollar as a clearing currency.
As with fiber, we are in an unsettled period, with no obvious answer, and lots of chaotic, one-off gestures towards de-dollarization. For example, Ethiopia is re-valuing its foreign debt in Chinese renminbi:
But fiber and dollars aren't the only seemingly neutral platforms that America provided to the world as a way of both facilitating the world's orderly operation and consolidating America's centrality and power on the global stage.
America is also the world's great digital exporter. The world's governments, corporations and households run on American cloud software, like Google Docs and Office365. Their records are held in Oracle databases. Their messages and media run on iPhones. Their cloud compute comes from AWS.
The Snowden revelations shook this arrangement, but it held. The EU extracted a series of (ultimately broken) promises from the US to the effect that America wouldn't spy on Europeans using Big Tech. And now, after a brittle decade of half-measures and uneasy peace with American tech platforms, Trump has made it clear that he will not hesitate to use American tech platforms to pursue his geopolitical goals.
Practically speaking, that means that government officials that make Trump angry can expect to have their cloud access terminated:
Trump can – and does – shut down entire international administrative agencies, without notice or appeal, as a means of coercing them into embracing American political goals.
What's more, US tech giants have stopped pretending that they will not share sensitive EU data – even data housed on servers in the EU – with American spy agencies, and will keep any such disclosures a secret from the European governments, companies and individuals who are affected:
But the Eurostack's proponents are really working on the preliminaries to digital sovereignty. It's not enough to have alternatives to US Big Tech. There also needs to be extensive work on migration tools, to facilitate the move to those alternatives. No one is going to manually copy/paste a million documents out of their ministry or corporation's GSuite repository and into a Eurostack equivalent. There are a few tools that do this today, but they're crude and hard to use, because they are probably illegal under America's widely exported IP laws.
Faithfully transferring those files, permissions, edit histories and metadata to new clouds will require a kind of guerrilla warfare called "adversarial interoperability." Adversarial interoperability is the process of making a new thing work with an existing thing, against the wishes of the existing thing's manufacturer:
The problem is that adversarial interoperability has been mostly criminalized in countries all around the world, thanks to IP laws that prohibit study, reverse engineering and modification of software without permission. These laws were spread all over the world at the insistence of the US Trade Representative, who, for 25 years, has made this America's top foreign trade priority.
Countries that balked at enacting laws were threatened with tariffs. Virtually every country in the world fell into line:
But then Trump happened. The Trump tariffs apply to countries that have voluntarily blocked their own investors and entrepreneurs from making billions by supplying products that unlock and improve America's enshittified tech exports. These blocks also exposed everyone in the world to the data- and cash-plundering scams of US Big Tech, by preventing the creation of privacy blockers, alt clients, jailbreaking kits, and independent app stores for phones, tablets and consoles.
What's more, the laws that block reverse-engineering are also used to block repair, forcing everyone from train operators to hospitals to drivers to everyday individuals to pay a high premium and endure long waits to get their equipment serviced by the manufacturer's authorized representatives:
These US-forced IP laws come at a high price. They allow American companies to pick your nation's pockets and steal its data. They interfere with repair and undermine resiliency. They also threaten security researchers who audit critical technologies and identify their dangerous defects:
On top of that, they expose your country to a range of devastating geopolitical attacks by the Trump administration, who have made it clear that they will order American tech companies to brick whole governments as punishment for failing to capitulate to US demands. And of course, all of these remote killswitches can be operated by anyone who can hack or trick the manufacturer, including the Chinese state:
Speaking of China, isn't this exactly the kind of thing we were warned would happen if we allowed Chinese technology into western telecommunications systems? The Chinese state would spy on us, and, in times of extremis, could shut down our critical infrastructure with a keystroke.
This is exactly what America is doing now (and has been doing for some time, as Snowden demonstrated). But it's actually pretty reasonable to assume that a regime as competent and ambitious (and ruthless) as Xi Jinping's might make use of this digital power if doing so serves its geopolitical goals.
And there is a hell of a lot of cloud-connected digital infrastructure that Xi does (or could) control, including the solar inverters and batteries that are swiftly replacing fossil fuel in the EU:
And if you're worried about China shutting down your solar energy, you should also worry about America's hold on the embedded processors in your country's critical systems.
Take tractors. Remember when Putin's thugs looted millions of dollars' worth of tractors from Ukraine and spirited them away to Chechnya? The John Deere company sent a kill command to those tractors and bricked them, rendering them permanently inoperable:
Sure, there's a certain cyberpunk frisson in this tale of a digital comeuppance for Russian aggressors. But think about this for ten seconds and you'll realize that it means that John Deere can shut down any tractor in the world – including all the tractors in your country, if Donald Trump forces them to:
The national security case for digital sovereignty includes people worried about American aggression. It includes people worried about Chinese aggression. It includes people worried about other countries that might infiltrate and make use of these remote kill switches. And it includes people worried about criminals doing the same.
True digital sovereignty requires more than building Eurostack data-centers and the software to run on them. It requires more than repealing the IP laws that block cloud customers from migrating their data to those Eurostack servers. It requires the replacement of the cloud software and embedded code that power our infrastructure and administrative tools.
This is a gigantic task. Ripping out all the proprietary code that powers our cloud software and devices and replacing it with robust, auditable, user-modifiable free/open source software is a massive project.
It's also a project that's long overdue. And crises precipitate change. Putin's invasion of Ukraine vaporized every barrier to Europe's solar conversion, rocketing the bloc from ten years behind schedule to fifteen years ahead of schedule in just a few years.
The fact that changing out all the proprietary, opaque, vulnerable code in our world and replacing it with open, free, reliable code is hard has no bearing on whether it is necessary.
It is necessary. What's more, replacing all the code isn't like replacing the dollar, or replacing the fiber. It isn't hamstrung by the O(n^2) problem.
Because if the Eurostack code is open and free, it can also be the Canadian stack, the Mexican stack, the Ghanaian stack, and the Vietnamese stack. It can be a commons, a set of core technologies that everyone studies for vulnerabilities and improves, that everyone adds features to, that everyone localizes and administers and bears the costs for.
It is a novel and curious form of "international nationalism," a technology that is more like a science. In the same way that the Allies and the Axis both used the same radio technologies to communicate, a common, open digital infrastructure is one that everyone – even adversaries – can rely upon.
This is a move that's long overdue. It's a move that's in the power of every government, because it merely involves changing your own domestic laws to enable adversarial interoperability. Its success doesn't depend on a foreign state forcing Apple or Google or Microsoft or Oracle to do something they don't want to do:
The opportunity and challenge of building the post-American internet is part of the package of global de-Americanization, which includes running new fiber and de-dollarization. But the post-American internet is unique in that it is the only part of this project that can be solved everywhere, all at once, and that gets cheaper and easier as more nations join in.
If you'd like an essay-formatted version of this post to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:
AI Malware and Supply Chain Attacks Escalate Across Enterprises
AI-driven malware exfiltrated credentials and documents via OpenClaw skills and malicious developer packages, while NuGet, npm, and Chrome extension attacks highlighted persistent supply-chain and client-side risks.
Next Saturday (May 20), I’ll be at the GAITHERSBURG Book Festival with my novel Red Team Blues; then on May 22, I’m keynoting Public Knowledge’s Emerging Tech conference in DC.
On May 23, I’ll be in TORONTO for a book launch that’s part of WEPFest, a benefit for the West End Phoenix, onstage with Dave Bidini (The Rheostatics), Ron Diebert (Citizen Lab) and the whistleblower Dr Nancy Olivieri.
If you’ve followed my work for a long time, you’ve watched me transition from a “linkblogger” who posts 5–15 short hits every day to an “essay-blogger” who posts 5–7 long articles/week. I’m loving the new mode of working, but returning to linkblogging is also intensely, unexpectedly gratifying:
If you’d like an essay-formatted version of this post to read or share, here’s a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:
[Image ID XKCD #2775: Siphon. Man: ‘Wow, it’s true — the water doesn’t flow up the tube anymore.’ Woman: ‘Honestly, it’s weird that it ever did. Why did we ever think it was normal?’ Caption: ‘Physics news: the 2023 update to the universe finally fixed the ‘siphon’ bug.’]
My last foray into linkblogging was so great — and my backlog of links is already so large — that I’m doing another one.
Link the first: “Siphon,” XKCD’s delightful, whimsical “physics-how-the-fuck-does-it-work” one-shot (visit the link, the tooltip is great):
https://xkcd.com/2775/
[Image ID: A Dutch safety poster by Herman Heyenbrock, warning about the hazards of careless table-saw use, featuring a hand with two amputated fingers.]
Next is “Hoogspanning,” 50 Watts’s collection of vintage Dutch workplace safety posters, which exhibit that admirable Dutch frankness to a degree that one could mistake for parody, but they’re 100% real, and amazing:
They’re ganked from Geheugenvannederland (“Memory of the Netherlands”):
https://geheugenvannederland.nl/
While some come from the 1970s, others date back to the 1920s and are likely public domain. I’ve salted several away in my stock art folder for use in future collages.
All right, now that the fun stuff is out of the way, let’s get down to some crunch tech-policy. To ease us in, I’ve got a game for you to play: “Moderator Mayhem,” the latest edu-game from Techdirt:
Moderator Mayhem started life as a card-game that Mike Masnick used to teach policy wonks about the real-world issues with content moderation. You play a mod who has to evaluate content moderation flags from users while a timer ticks down. As you race to evaluate users’ posts for policy compliance, you’re continuously interrupted. Sometimes, it’s “helpful” suggestions from the company’s AI that wants you to look at the posts it flagged. Sometimes, it’s your boss who wants you to do a trendy “visioning” exercise or warning you about a “sensitivity.” Often, it’s angry ref-working from users who want you to re-consider your calls.
The card-game version is legendary but required a lot of organization to play, and the web version (which is better in a mobile browser, thanks to a swipe-left/right mechanic) is something you can pick up in seconds. This isn’t merely highly recommended; I think that one could legitimately refuse to discuss content moderation policies and critiques with anyone who hasn’t played it;
https://moderatormayhem.engine.is/
Or maybe that’s too harsh. After all, tech policy is a game that everyone can play — and more importantly, it’s a game everyone should play. The contours of tech regulation and implementation touch rub up against nearly every aspect of our lives, and part of the reason it’s such a mess is that the field has been gatekept to shit, turned into a three-way fight between technologists, policy wonks and economists.
Without other voices in the debate, we’re doomed to end up with solutions that satisfy the rarified needs and views of those three groups, a situation that is likely to dissatisfy everyone else.
However. However. The problem is that our technology is nowhere near advanced enough to be indistinguishable from magic (RIP, Sir Arthur). There’s plenty of things everyone wishes tech could do, but it can’t, and wanting it badly isnlt enough. Merely shouting “nerd harder!” at technologists won’t actually get you what you want. And while I’m rattling off cliches: a little knowledge is a dangerous thing.
Which brings me to Ashton Kutcher. Yes, that Ashton Kutcher. No, really. Kutcher has taken up the admirable, essential cause of fighting Child Sex Abuse Material (CSAM, which is better known as child pornography) online. This is a very, very important and noble cause, and it deserves all our support.
But there’s a problem, which is that Kutcher’s technical foundations are poor, and he has not improved them. Instead, he cites technologies that he has a demonstrably poor grasp upon to call for policies that turn out to be both ineffective at fighting exploitation and to inflict catastrophic collateral damage on vulnerable internet users.
Take sex trafficking. Kutcher and his organization, Thorn, were key to securing the passage of SESTA/FOSTA, a law that was supposed to fight online trafficking by making platforms jointly liable when they were used to facilitate trafficking:
At the time, Kutcher argued that deputizing platforms to understand and remove which user posts were part of a sex crime in progress would not inflict collateral damage. Somehow, if the platforms just nerded hard enough, they’d be able to remove sex trafficking posts without kicking off all consensual sex-workers.
Five years later, the verdict is in, and Kutcher was wrong. Sex workers have been deplatformed nearly everywhere, including from the places where workers traded “bad date” lists of abusive customers, which kept them safe from sexual violence, up to and including the risk of death. Street prostitution is way up, making the lives of sex workers far more dangerous, which has led to a resurgence of the odious institution of pimping, a “trade” that was on its way to vanishing altogether thanks to the power of the internet to let sex workers organize among themselves for protection:
On top of all that, SESTA/FOSTA has made it much harder for cops to hunt down and bust actual sex-traffickers, by forcing an activity that could once be found with a search-engine into underground forums that can’t be easily monitored:
Wanting it badly isn’t enough. Technology is not indistinguishable from magic.
A little knowledge is a dangerous thing.
Kutcher, it seems, has learned nothing from SESTA/FOSTA. Now he’s campaigning to ban working cryptography, in the name of ending the spread of CSAM. In March, Kutcher addressed the EU over the “Chat Control” proposal, which, broadly speaking, is a ban on end-to-end encrypter messaging (E2EE):
Now, banning E2EE would be a catastrophe. Not only is E2EE necessary to protect people from griefers, stalkers, corporate snoops, mafiosi, etc, but E2EE is the only thing standing between the world’s dictators and total surveillance of every digital communication. Even tiny flaws in E2EE can have grave human rights concerns. For example, a subtle bug in Whatsapp was used by NSO Group to create a cyberweapon called Pegasus that the Saudi royals used to lure Jamal Khashoggi to his grisly murder:
Because the collateral damage from an E2EE ban would be so far-ranging (beyond harms to sex workers, whose safety is routinely disregarded by policy-makers), people like Kutcher can’t propose an outright ban on E2EE. Instead, they have to offer some explanation for how the privacy, safety and human rights benefits of E2EE can be respected even as encryption is broken to hunt for CSAM.
Kutcher’s answer is something called “fully homomorphic encryption” (FHE) which is a theoretical — and enormously cool — way to allow for computing work to be done on encrypted data without decrypting it. When and if FHE are ready for primetime, it will be a revolution in our ability to securely collaborate with one another.
But FHE is nowhere near the state where it could do what Kutcher claims. It just isn’t, and once again, wanting it badly is not enough. Writing on his blog, the eminent cryptographer Matt Green delivers a master-class in what FHE is, what it could do, and what it can’t do (yet):
As it happens, Green also gave testimony to the EU, but he doesn’t confine his public advocacy work to august parliamentarians. Green wants all of us to understand cryptography (“I think cryptography is amazing and I want everyone talking about it all the time”). Rather than barking “stay in your lane” at the likes of Kutcher, Green has produced an outstanding, easily grasped explanation of FHE and the closely related concept of multi-party communication (MPC).
This is important work, and it exemplifies the difference between simplifying and being simplistic. Good science communicators do the former. Bad science communicators do the latter.
While Kutcher is presumably being simplistic because he lacks the technical depth to understand what he doesn’t understand, technically skilled people are perfectly capable of being simplistic, when it suits their economic, political or ideological goals.
One such person is Geoffrey Hinton, the so-called “father of AI,” who resigned from Google last week, citing the existential risks of “runaway AI” becoming superintelligent and turning on its human inventors. Hinton joins a group of powerful, wealthy people who have made a lot of noise about the existential risk of AI, while saying little or nothing about the ongoing risks of AI to people with disabilities, poor people, prisoners, workers, and other groups who are already being abused by automated decision-making and oversight systems.
Hinton’s nonsense is superbly stripped bare by Meredith Whittaker, the former Google worker organizer turned president of Signal, in a Fast Company interview with Wilfred Chan:
The whole thing is incredible, but there’s a few sections I want to call to your attention here, quoting Whittaker verbatim, because she expresses herself so beautifully (sci-comms done right is a joy to behold):
I think it’s stunning that someone would say that the harms [from AI] that are happening now — which are felt most acutely by people who have been historically minoritized: Black people, women, disabled people, precarious workers, et cetera — that those harms aren’t existential.
What I hear in that is, “Those aren’t existential to me. I have millions of dollars, I am invested in many, many AI startups, and none of this affects my existence. But what could affect my existence is if a sci-fi fantasy came to life and AI were actually super intelligent, and suddenly men like me would not be the most powerful entities in the world, and that would affect my business.”
I think we need to dig into what is happening here, which is that, when faced with a system that presents itself as a listening, eager interlocutor that’s hearing us and responding to us, that we seem to fall into a kind of trance in relation to these systems, and almost counterfactually engage in some kind of wish fulfillment: thinking that they’re human, and there’s someone there listening to us. It’s like when you’re a kid, and you’re telling ghost stories, something with a lot of emotional weight, and suddenly everybody is terrified and reacting to it. And it becomes hard to disbelieve.
Whittaker sets such a high bar for tech criticism. I had her clarity in mind in 2021, when I collaborated with EFF’s Bennett Cyphers on “Privacy Without Monopoly,” our white-paper addressing the claim that we need giant tech platforms to protect us from the privacy invasions of smaller “rogue” operators:
This is a claim that is most often raised in relation to Apple and its App Store model, which is claimed to be a bulwark against commercial surveillance. That claim has some validity: after all, when Apple added a one-click surveillance opt-out to Ios, its mobile OS. 96% of users clicked the “don’t spy on me” button. Those clicks cost Facebook $10b in just the following year. You love to see it.
But Apple is a gamekeeper-turned-poacher. Even as it was blocking Facebook’s surveillance, it was conducting its own, nearly identical, horrifyingly intrusive surveillance of every Ios user, for the same purpose as Facebook (ad targeting) and lying about it:
Bennett and I couldn’t have asked for a better example of the point we make in “Privacy Without Monopoly”: the thing that stops companies from spying on you isn’t their moral character, it’s the threat of competition and/or regulation. If you can modify your device in ways that cost its manufacturer money (say, by installing an alternative app store), then the manufacturer has to earn your business every day.
That might actually make them better — and if it doesn’t, you can switch. The right way to make sure the stuff you install on your devices respects your privacy is by passing privacy laws — not by hoping that Tim Apple decides you deserve a private life.
Bennett and I followed up “Privacy Without Monopoly” with an appendix that focused on a territory where there is a privacy law: the EU, whose (patchily enforced) General Data Protection Regulation (GDPR) is the kind of privacy law that we call for in the original paper. In that appendix, we addressed the issues of GDPR enforcement:
More importantly, we addressed the claim that the GDPR crushed competition, by making it harder for smaller (and even sleazier) ad-tech platforms to compete with Google and Facebook. It’s true, but that’s OK: we want competition to see who can respect technology users’ rights — not competition to see who can violate those rights most efficiently:
Around the time Bennett and I published the EU appendix to our paper, I was contacted by the Indian Journal of Law and Technology to see whether I could write something on similar lines, focused on the situation in India. Well, it took two years, but we’ve finally published it: “Securing Privacy Without Monopoly In India: Juxtaposing Interoperability With Indian Data Protection”:
The Indian case for interop incorporates the US and EU case, but with some fascinating wrinkles. First, there are the broad benefits of allowing technology adaptation by people who are often left out of the frame when tools and systems are designed. As the saying goes, “nothing about us without us” — the users of technology know more about their needs than any designer can hope to understand. That’s doubly true when designers are wealthy geeks in Silicon Valley and the users are poor people in the global south.
India, of course, has its own highly advanced domestic tech sector, who could be a source of extensive expertise in adapting technologies from US and other offshore tech giants for local needs. India also has a complex and highly contested privacy regime, which is in extreme flux between high court decisions, regulatory interventions, and legislation, both passed and pending.
Finally, there’s India’s long tradition of ingenious technological adaptations, locally called jugaad, roughly equivalent to the English “mend and make do.” While every culture has its own way of celebrating clever hacks, this kind of ingenuity is elevated to an art form in the global south: think of jua kali (Swahili), gambiarra (Brazilian Portuguese) and bricolage (France and its former colonies).
It took a long time to get this out, but I’m really happy with it, and I’m extremely grateful to my brilliant and hardworking research assistants from National Law School of India University: Dhruv Jain, Kshitij Goyal and Sarthak Wadhwa.
I don’t claim that any of the incarnations of the “Privacy Without Monopoly” paper rise to the clarity of the works of Green or Whittaker, but that’s okay, because I have another arrow in my quiver: fiction. For more than 20 years, I’ve written science fiction that tries to make legible and urgent the often dry and abstract concepts I address in my nonfiction.
One issue I’ve been grappling with for literally decades is the implications of “trusted computing,” a security model that uses a second, secure computer, embedded in your device, to observe and report on what your main computer is doing. There are lots of implications for this, both horrifying and amazing.
For example, having a second computer inside your device that watches it is a theoretically unbeatable way of catching malicious software, resolving the conundrum of malware: if you think your computer is infected and can’t be trusted, then how can you trust the antivirus software running on that computer.
Back in 2016, Andrew “bunnie” Huang and Edward Snowden released the “Introspection Engine,” a separate computer that you could install in an Iphone, which would tell you whether it was infected with spyware:
But while there are some really interesting positive applications for this kind of software, the negative ones — unbeatable DRM and tamper-proof bossware — are genuinely horrifying. My novella “Unauthorized Bread” digs into this, putting blood and sinew into an otherwise dry abstract and skeletal argument:
Then there are applications that are somewhere in between, like “remote attestation” (when the secure computer signs a computer-readable description of what your computer is doing so that you can prove things about your computer and its operation to people who don’t trust you, but do trust that secure computer).
Remote attestation is the McGuffin of Red Team Blues, my latest novel, a crime-thriller about a cryptocurrency heist. The novel opens with the keys to a secure enclave — the gadget that signs the attestations in remote attestation — going missing.
When Matt Green reviewed Red Team Blues (his first book review!), he singled this out as a technically rigorous and significant plot point, because secure enclaves are designed so that they can’t be updated (if you can update an enclave, then you can update it with malicious software):
This means that bugs in secure enclaves can last forever. Worse, if the keys for a secure enclave ever leak, then there’s no way to update all the secure enclaves out there in the world — millions or billions of them — to fix it.
Well, it’s happened.
The keys for the secure enclaves in Micro-Star International (AKA MSI) computers, a massive manufacturer of work and gaming PCs — have leaked and shown up on the “extortion portal” of a notorious crime gang:
As a security expert quoted by Ars Technica explains, this is a “doomsday scenario.” That’s more or less how it plays in my novel. The big difference between the MSI leak and the hack in my book is that the MSI keys were just sitting on a server, connected to the internet, which wasn’t well-secured.
In Red Team Blues, I went to enormous lengths to imagine a fiendishly complex, incredibly secure scheme for hosting these keys, and then dreamt up a way that the bad guys could defeat it. I toyed with the idea of having the keys leak due to rank incompetence, but I decided that would be an “idiot plot” (“a plot that only works if the characters are idiots”). Turns out, idiot plots may make for bad fiction, but they’re happening around us all the time.
In my real life, I cross a lot of disciplinary boundaries — law, politics, economics, human rights, security, technology. I’m not the world’s leading expert in any of these domains, but I am well-enough informed about each that I’m able to find interesting ways that they fit together in a manner that is relatively rare, and is also (I think) useful.
I admit to sometimes feeling insecure about this — being “one inch deep and ten miles wide” has its virtues, but there’s no avoiding that, say, I know less about the law than a real lawyer, and less about computer science than a real computer scientist.
That insecurity is partly why I’m so honored when I get to talk to experts across multiple disciplines. 2023 was a very good year for this, thanks to University College London. Back in Feb, I was invited to speak as part of UCL Institute of Brand and Innovation Law’s annual series on technology law:
Getting to speak to both the law school and the computer science school within a space of months is hugely gratifying, a real vindication of my theory that the virtues of my breadth make up for the shortcomings in my depth.
I’m getting a similar thrill from the domain experts who’ve been reviewing Red Team Blues. This week, Maria Farrell posted her Crooked Timber review, “When crypto meant cryptography”:
So her review means a lot to me in general, but I was overwhelmed to read her describe how Red Team Blues taught her to “read again for joy” after long covid “completely scrambled [her] brain.”
That meant a lot personally, but her review is even more gratifying when it gets into craft questions, like when she praises the descriptions as “so interesting and sociologically textured.” I love her description of the book as “Dickensian”: “it shoots up and down the snakes and ladders of San Francisco’s gamified dystopia of income inequality, one moment whizzing up the ear-poppingly fast elevator to a billionaire’s hardened fortress, the next sleeping under a bridge in a homeless encampment.”
And then, this kicker: “it’s a gorgeous rejection of the idea that long-form fiction is about individual subjectivity and the interior life. It’s about people as pinballs. They don’t just reveal things about the other objects they hit; their constant action and reaction reveals the walls that hold them all in.”
Likewise, I was thrilled with Peter Watts’s review on his “No Moods, Ads or Cutesy Fucking Icons” blog::
Peter is a brilliant sf writer and worldbuilder, an accomplished scientist, and one of the world’s most accomplished ranters. He’s had more amazing ideas than I’ve had hot breakfasts:
His review says some very nice and flattering things about me and my previous work, which is always great to read, especially for anyone with a chronic case of impostor syndrome. But what really mattered was the way he framed how I write villains: “The villains of Cory’s books aren’t really people; they’re systems. They wear punchable Human faces but those tend to be avatars, mere sock-puppets operated by the institutions that comprise the real baddies.”
One could read that as a critique, but coming from Peter, it’s praise — and it’s praise that gets to the heart of my worldview, which is that our biggest problems are systemic, not individual. The problem of corporate greed isn’t just that CEOs are monsters who don’t care who they hurt — it’s that our system is designed to let them get away with it. Worse, system design is such that the CEOs who aren’t monsters are generally clobbered by the ones who are.
So much of our outlook is grounded in the moral failings or virtues of individuals. Tim Apple will keep our data safe, so we should each individually decide to reward him by buying his phones. If Tim Apple betrays us, we should “vote with our wallets” by buying something else. If you care about the climate, you should just stop driving. If there’s no public transit, well, then maybe you should, uh, dig a subway?
[Image ID: Matt Bors’s classic Mr Gotcha panel, in which a medieval peasant says ‘We should improve society somewhat,’ and Mr Gotcha replies, ‘Yet you participate in society. Curious! I am very smart.’]
This is the mindset Matt Bors skewers so expertly with his iconic Mr Gotcha character: “Yet you participate in society. Curious! I am very smart”:
https://thenib.com/mister-gotcha/
(Which reminds me, I am halfway through Bors’s unbelievably, fantastically, screamingly awesome graphic novel “Justice Warriors,” which turns the neoliberal caveat-emptor/personal-responsibility brain-worm into the basis for possibly the greatest superhero comic of all time:)
https://www.mattbors.com/books
Watts finishes his review with:
I’ve never fully come to terms with the general decency of Cory’s characters. Doctorow the activist lives in the trenches, fighting those who make their billions trading the details of our private lives, telling us that they own what we’ve bought, surveilling us for the greater good and even greater profits. He’s spent more time facing off against the world’s powerful assholes than I ever will. He knows how ruthless they are. He knows, first-hand, how much of the world is clenched in their fists. By rights, his stories should make mine look like Broadway musicals.
And yet, Doctorow the Author is — hopeful. The little guys win against overwhelming odds. Dystopias are held at bay. Even the bad guys, in defeat, are less likely to scorch the earth than simply resign with a show of grudging respect for a worthy opponent.
I often get asked by readers — especially readers of Pluralistic, which is heavy on awful scandals and corruption — how I keep going. Watts has the answer:
Maybe it’s a fundamental difference in outlook. I’ve always regarded humans as self-glorified mammals, fighting endless and ineffective rearguard against their own brain stems; Cory seems to see us as more influenced by the angels of our better natures. Or maybe — maybe it’s not just his plots that are meant to be instructional. Maybe he’s deliberately showing us how we could behave as a species, in the same way he shows us how to fuck with DRM or foil face-recognition tech. Maybe it’s not that he subscribes to some Pollyanna vision of what we are; maybe he’s showing us what we could be.
Got it in one, Peter.
And…
It’s also about what happens if we don’t get better.
Writing on his “Economics From the Top Down” blog, Blair Fix — a heterodox economist and sharp critic of oligarchy — publishes a Red Team Blues review that nails the “or else” in my books, and does it with graphs:
Fix surfaces the latent point in my work that inequality is destabilizing — that spectacular violence is downstream of making a society that has nothing to offer for the majority of us. As Marty Hench, the 67 year old forensic accountant protagonist of Red Team Blues says,
Finance crime is a necessary component of violent crime. Even the most devoted sadist needs a business model, or he will have to get a real job.
[Image ID: A chart labeled, ‘With more plutocracy comes more murder. As countries become more unequal (horizontal axis), their murder rates go up (vertical axis).’]
Fix agrees, and shows us that murders go up with inequality.
Which is why, while the average private eye is a kind of “cop who gets to bend the rules of policing”; Hench is “a kind of uber IRS agent who gets to work in ‘sneaky ways that aren’t available to the taxman.’”
[Image ID: A chart labeled, ‘Was the US prison state the inspiration for cyberpunk? The term ‘cyberpunk’ (which describes a genre of dystopian science fiction) became popular in tandem with mass incarceration in the US. It’s probably not a coincidence.’]
This observation segues into a fascinating, data-informed look at the way that science fiction reflects our fears and aspirations about wider social phenomenon — for example, the popularity of the word “cyberpunk” closely tracks rising incarceration rates.
I hope you’ll come along! I’ve been meeting a lot of people on this tour who confess that while they’ve read my blogs and essays for years, they’ve never picked up one of my books. If you’re one of those readers, let me assure you, it is not too late!
As you’ve read above, my fiction is very much a continuation of my nonfiction by other means — but it’s also the place where I bring my hope as well as my dismay and anger. I’m told it makes for a very good combination.
If you’re still wavering, maybe this will sway you: the blogging and essays are either free or very low-paid, and they’re heavily subsidized by my fiction. If you enjoy my nonfiction, buying my novels is the best way to say thank you and to ensure a continuing supply of both.
But novels are by no means a dreary duty — fiction is a delight, and after a couple decades at it, I’ve come to grudgingly concede — impostor syndrome notwithstanding — that I’m pretty good at it.
I hope you’ll agree.
Image:
Robert Miller (modified)
https://www.flickr.com/photos/12463666@N03/52721565937
CC BY 2.0
https://creativecommons.org/licenses/by/2.0/
Catch me on tour with Red Team Blues in Toronto, DC, Gaithersburg, Oxford, Hay, Manchester, Nottingham, London, and Berlin!
The landscape of cybercrime has shifted in the last year or so. While traditional attacks are still very much a part of that landscape, with phishing, remote command execution, denial-of-service and prompt injection campaigns all being prominent and often, the real juggernaut these days is supply chain attacks. And Glassworm has been at the forefront, adapting and evolving to avoid effective disruption while continuing to spread throughout developer environments.
I first reported on it back in December, where I talked about how it’s similar to Shai-Hulud in behavior, being self-propagating through compromised credentials and its agentic nature, meaning it requires no oversight or user intervention to execute. At that time, Glassworm was abusing visual script extensions as part of its tactics for compromising developer trees, and had first been reported by The Hacker News in October, after Koi Security discovered it on the heels of a Shai-Hulud campaign targeting npm.
Part of Glassworm’s resilience is in the pattern of its architecture. It has adopted new programming languages since its inception, from JavaScript to Rust to Zig. It’s expanded across package ecosystems such as VSCode, npm, PyPI, and GitHub. And it’s built redundant infrastructure designed to survive takedown attempts like infected Solana blockchain dead drops,.peer-to-peer networking for configuration data via BitTorrent Distributed Hash Tables, Google Calendar event titles as dead-drop locations for Base64-encoded C2 paths, as well as direct server connections in more ‘traditional’ command-and-control hosted by commercial providers.
The attack cycle of this particular infection relies on multiple stages of compromise; it’s part of the persistence mechanism. An initial installation of a package with malicious but inactive code written into it, followed by delayed payloads injected into dependency trees to bypass detection and activate the ‘sleeper cell’ malware. Which then leads to data harvesting, credential theft and a Node.js remote access tool dubbed GlasswormRAT that cascades throughout a developer supply chain both laterally and downstream. And this is a cross-platform assault, affecting Windows, macOS and Linux. In order to actually disrupt this massive and pervasive malware, a more coordinated and simultaneous attempt to take down all of the C2 options must be enacted.
And that’s what CrowdStrike has done. Yesterday, in collaboration with Google and the Shadowserver Foundation, the security company’s Counter Adversary Operations team hit all four C2 channels simultaneously, cutting off the threat actors from infected machines. This move does not remove the malware from these compromised devices, but it does prevent new payloads from being delivered.
I don’t think this is the end for Glassworm; I’ve watched too many disrupted campaigns make a resurgence shortly thereafter. However, possibly infected machines can be currently checked with a key network indicator. CrowdStrike has created a benign (read: controlled by them) beacon redirect. The article contains the IP address of that redirect if you want to check your networks for its presence, which in turn marks a compromised package. Remediation of this type of attack is nearly impossible with the supply chain so reliant upon many of the dependency trees that are infected. One cannot just delete them without their entire development ecosystem collapsing. Detection after the fact does nothing for the damage control other than awareness. Prevention is also difficult considering how many are open source and therefore have little in the way of security built in.
What we really need is a change at the heart of software development. Will that happen? Eh, I’m not holding my breath. In the meantime, at least we have defenders like CrowdStrike.
Supply Chain Intrusions, Zero-Days, and Global Disruption Define a High-Impact Cyber Week
A coordinated wave of supply chain compromises across npm, PyPI, Crates.io, and the VS Code Marketplace enabled credential theft from developer environments and CI/CD pipelines, while actively exploited vulnerabilities in NGINX, Linux kernel, Microsoft, and Drupal triggered emergency patching. Concurrently, law enforcement actions and takedowns targeted phishing-as-a-service and malware-signing infrastructure linked to ransomware and cybercrime operations.
I’ve covered TeamPCP several times, the Trivy breach and subsequent use of the credentials stolen there to execute further hacks and breaches in other related entities. But I haven’t covered the supply chain attack that was running near simultaneously in Axios, the popular npm client library. The attack is attributed to UNC1069, a North Korean threat actor, and its ripple effect is still being cataloged, according to The Register’s article published on Saturday.
We talk about the sophistication of modern cybercrime, the leveraging of AI tools, the tendency to clone legitimate software, and the injection into dependency trees to maintain persistence. But by far the greatest tool in the arsenal of threat actors is social engineering. Defined as the use of psychological pressure to influence people to perform actions or divulge confidential information, it’s where most of the complexity of recent campaigns lies.
The Axios compromise began with the primary maintainer of the library, Jason Saayman, being contacted by the attackers impersonating the company’s founders. The cloned version had a realistic Slack workspace, complete with employee profiles and posts, and then they invited Saayman to join via Teams. There were no red flags; this is how online business works. “Two people from across the globe collaborating on a project that helps other people,” Ben Read of Wiz research is quoted as saying. Saayman was prompted to update his Teams software, and that ‘update’ was the malware delivery. A remote access Trojan that installed an infostealer into Axios updates for three hours before it was caught.
The actual timeframe of the compromise was short, but is indicative of how supply chain breaches can slip by even those who show know better. This attack focused on a ‘patient zero’ type of victimization, going right for the head maintainer of a widely used package to inject malicious code into an otherwise legitimate piece of software that then embedded itself into dependency further down the chain. A fair amount of setup was involved here to gain Saayman’s trust so that he didn’t question the source of what ended up being an active incursion. Saayman published a thorough breakdown of the compromise in the aftermath, including the affected versions of Axios, the platforms they’re on, what the infostealer is harvesting and how to prevent further data loss. That work is still ongoing, with the post mortem report stating that any device containing a specific lockfile should be considered compromised.
Social engineering isn’t going away. It’s an effective tool to abuse trust and exploit human error. One can argue that every scam in the history of human endeavors relies upon it one way or another. It’s a fundamental tenet of fraud and the heart of spear phishing, which is ultimately what the Axios attack was. So how do we break this cycle? Awareness is growing, at least. And that’s a good place to start.
Mandiant Consulting CTO Charles Carmakal suggests introducing a software bill-of-materials concept into developer work when using open source software. This would in essence be a list of ‘ingredients’ that are present in any open source package, so that one might know in detail what they’re working with. With known exploitation lists and catalogs available everywhere these days, it would help streamline discovery of compromises before they even begin. Granted, that only works if the malicious code being used is listed.
Another expert, Nick Biasini of Cisco Talos, suggests having a plan for secure objects and phrases. As in physical objects to show during video calls to prove one’s identity, and literal passphrases like one is entering an old-timey speakeasy. We can laugh if we want to, but I’m of the generation whose parents taught us to ask strange adults for an agreed upon password before going off with them in the latchkey era. If it’s silly but it works, it’s not silly. Why do you think account verification uses this exact system? The concept predates the internet itself.
The security industry can scream into the void all we want about not trusting links, checking source codes, being aware of what scams are out there. But it isn’t always so obvious. The Axios compromise was accomplished through a single vector – a Teams ‘update’ – that could very well have been genuine, since apps do update on the regular. Awareness isn’t enough, users also have to be proactive. Creative problems require creative – and operational – solutions.
TeamPCP is back on my newsfeed. Just a few days ago, I reported on a wiper campaign attributed to the threat actor, where they exploited Internet Computer Protocol (ICP) canisters via GitHub to stage a multi-level attack against Iranian timezone targets using CanisterWorm, after compromising the vulnerability scanner Trivy to gain access to SSH keys, cloud credentials, Kubernetes tokens and cryptocurrency wallets. Today, I have not one but two reports of TeamPCP activity. The actor – or group, few specifics are known about them – uses supply chain disruption as a tactic, leveraging cloud-based services for entry before wiping local data or destroying Kubernetes clusters (which are a group of computing nodes, or worker machines, that run containerized applications).
TrendMicro has published an article on the latest wave of TeamPCP attacks, this time targeting various developer tools including Python Package Index (PyPI), npm, Docker Hub, GitHub Actions, and OpenVSX in a single coordinated operation, with widespread results. Among the tools caught in the attack, and subsequently the starting point for TrendMicro’s analysis, was LiteLLM, a Python based package that serves as a unified gateway to multiple LLM providers and has millions of downloads a day. Versions 1.82.7 and 1.82.8 were found to have malicious code in them, deploying a credential harvester, a Kubernetes lateral movement toolkit capable of compromising entire clusters, and a persistent backdoor providing ongoing remote code execution.
Simultaneously, Socket has published an article about how TeamPCP is coordinating with Vect, a ransom-as-a-service operation, to further expand their campaign surface. The pairing was announced on BreachForums, a darkweb marketplace for buying and selling stolen data, credentials and hacking tools. Evidence suggests that this partnership began shortly after the initial Trivy compromise, hinting that ransomware attacks were the ultimate goal all along. My earlier report noted that, at that point, we didn’t know what TeamPCP hoped to gain by their activity.
These attacks are occurring at a rapid fire rate. The Trivy compromise was less than ten days ago. Instead of trying anything new in terms of toolkits or agents, TeamPCP is utilizing established exploitation vectors such as vulnerabilities, misconfigurations and recycled tooling. The only novelty here is that they are being used in concert and in such a way as to make the campaigns self-sustaining through cloud environments.
I’ve talked before about how threat actors are starting to combine tactics to make their campaigns more effective. With so many interconnected and synced applications being used for daily business, all it takes is one weak link in a supply chain to gain access to everything else. Especially with the preponderance of shared credentials across open source platforms. If you’ve ever wondered why I emphasize keeping software up to date, point out weakness in password security, or the inherent danger in third party access without zero trust authentication in place, this is the reason. Experts call this type of attack a cascade. One vulnerability starts a landslide of further exploitation until entire networks are compromised or even rendered inoperable. And threat actors like TeamPCP are ready and waiting to take advantage of it. I doubt we’ve seen the end of them.
There’s an evolution happening in real time with malware these days. Sophisticated, disparate tactics being used in concert to create innovative ways to infiltrate, exfiltrate and evade detection. It’s a mix and match selection of traits, some new like AI prompt injection, some tried and true like Trojans. In recent weeks, I’ve noticed an uptick in worm campaigns, malware that is self-perpetuating and agentic, meaning it requires no human oversight. Shai-Hulud that attacks npm packages, for example.
And now we have GlassWorm.
First reported on in October, GlassWorm shares some characteristics with Shai-Hulud, in that it attacks the developer supply chains and propagates itself via compromised credentials. It hijacks one, then finds another to in essence establish itself within a system for persistence and infectious transmission between shared networks. Where Shai-Hulud uses JavaScript commands, GlassWorm uses the Solana blockchain for command-and-control, with a backup mechanism in Google Calendar. The first wave of the attack infected 13 extensions, most of which were on OpenVSX and one on the Microsoft Extension Marketplace. A second wave hit in November, and was observed targeting GitHub repositories.
This third wave has been seen in both. 24 extensions between VS Code Marketplace and OpenVSX have been targeted, two of which have been removed at the time of reporting. The new adaptation is still using its previous tactic of Unicode variation selectors, which hides its presence from code editors by not producing any visual output. But now it includes Rust-based implants into the compromised packages, making it cross-platforming for Windows and macOS.
Worms like this abuse the nature of visual script extensions, which are auto-updated even without user interaction. Once in the system, they stay there until found. With artificially inflated download metrics as part of the malicious tactics, the infected packages are coming up in searches more frequently, often ahead of those they’re mimicking. And thus tricking the unwary into clicking on them instead of the legitimate versions. Once installed, the malware captures a variety of credentials and authentication tokens, as well as other data. These are then transmitted to the C2 servers which turns any compromised system into a remote node for further malicious activity.
The Hacker News has a list of compromised extensions, for those concerned with whether or not they’ve been infected. As does John Tuckner’s report for Secure Annex. He is credited with discovering the November wave. Because the infected versions are mimicking legitimate ones it can be hard to tell the difference between them, especially on mobile platforms where full site addresses or sources are hidden due to screen space. As always, never click an untrusted link. Although, I have to acknowledge that that advice is becoming less useful as threat actors get more creative with inserting their malware into genuine codes. This is another case where I’ll be keeping my eye on things as they develop, and will update as needed.