Dan Black
@danwblack.bsky.social
Previously Google, NATO, 🇨🇦 Government. Views mine and mine only.
Pinned
Dan Black
@danwblack.bsky.social
· Feb 19
Signals of Trouble: Multiple Russia-Aligned Threat Actors Actively Targeting Signal Messenger | Google Cloud Blog
Russia state-aligned threat actors target Signal Messenger accounts used by individuals of interest to Russia's intelligence services.
cloud.google.com
Today, Google Threat Intelligence is alerting the community to increasing efforts from several Russia state-aligned threat actors (GRU, FSB, etc.) to compromise Signal Messenger accounts.
cloud.google.com/blog/topics/...
cloud.google.com/blog/topics/...
Reposted by Dan Black
State of Statecraft (SOS) is a new security and intelligence conference that brings together experts on espionage, sabotage, influence, and other unique forms of covert statecraft to share their work with a community hyper-focused on tackling state-sponsored operations.
July 8, 2025 at 2:54 AM
State of Statecraft (SOS) is a new security and intelligence conference that brings together experts on espionage, sabotage, influence, and other unique forms of covert statecraft to share their work with a community hyper-focused on tackling state-sponsored operations.
Extending the veneer of grassroots activism «by default» to an entire category of threat activity routinely orchestrated (if not carried out directly) by intelligence agencies is just flat out irresponsible at this point.
I beg of you: stop using the label "hacktivism".
I beg of you: stop using the label "hacktivism".
June 21, 2025 at 4:57 PM
Extending the veneer of grassroots activism «by default» to an entire category of threat activity routinely orchestrated (if not carried out directly) by intelligence agencies is just flat out irresponsible at this point.
I beg of you: stop using the label "hacktivism".
I beg of you: stop using the label "hacktivism".
Reposted by Dan Black
... maybe Teams isn't so bad
The strike on the Revolutionary Guard HQ was during a crisis meeting of senior Iranian leaders.
June 13, 2025 at 2:29 AM
... maybe Teams isn't so bad
Reposted by Dan Black
Short thread (hopefully in plain English) on the nuclear deterrence dynamics in the India-Pakistan relationship and where this goes if escalation continues. <1>
May 10, 2025 at 1:52 AM
Short thread (hopefully in plain English) on the nuclear deterrence dynamics in the India-Pakistan relationship and where this goes if escalation continues. <1>
Reposted by Dan Black
Fascinating to see reference to GRU unit 20728 from FR relative to Russia's offensive cyber program -- as far as I'm aware, a first from a Western service?
www.diplomatie.gouv.fr/fr/dossiers-...
www.diplomatie.gouv.fr/fr/dossiers-...
Russie – Attribution de cyberattaques contre la France au service de renseignement militaire russe (APT28) (29.04.25)
La France condamne avec la plus grande fermeté le recours par le service de renseignement militaire russe (GRU) au mode opératoire d'attaque APT28, (…)
www.diplomatie.gouv.fr
April 29, 2025 at 5:16 PM
Fascinating to see reference to GRU unit 20728 from FR relative to Russia's offensive cyber program -- as far as I'm aware, a first from a Western service?
www.diplomatie.gouv.fr/fr/dossiers-...
www.diplomatie.gouv.fr/fr/dossiers-...
Credibility of claims aside, the slow creep toward direct mirroring of US public attribution has reached its final stop:
www.reuters.com/technology/c...
www.reuters.com/technology/c...
China accuses US of launching 'advanced' cyberattacks, names alleged NSA agents
Chinese police in the northeastern city of Harbin have accused the United States National Security Agency (NSA) of launching "advanced" cyberattacks during the Asian Winter Games in February, targeting essential industries.
www.reuters.com
April 15, 2025 at 1:02 PM
Credibility of claims aside, the slow creep toward direct mirroring of US public attribution has reached its final stop:
www.reuters.com/technology/c...
www.reuters.com/technology/c...
Reposted by Dan Black
This is very cool. "Sensational stories of flying saucers dominated U.S. newspaper headlines from June to July 1947. Could they have been purposely planted as part of a U.S. strategic deception operation, aimed at breaking the Soviet Diplomatic Code?" www.tandfonline.com/doi/abs/10.1...
Flying Saucers: An Opening Salvo of the Cold War?
Sensational stories of flying saucers dominated U.S. newspaper headlines from June to July 1947. Could they have been purposely planted as part of a U.S. strategic deception operation, aimed at bre...
www.tandfonline.com
April 4, 2025 at 10:43 AM
This is very cool. "Sensational stories of flying saucers dominated U.S. newspaper headlines from June to July 1947. Could they have been purposely planted as part of a U.S. strategic deception operation, aimed at breaking the Soviet Diplomatic Code?" www.tandfonline.com/doi/abs/10.1...
Incredibly important piece here, bravo @lhn.bsky.social and @agreenberg.bsky.social
www.wired.com/story/signal...
www.wired.com/story/signal...
SignalGate Isn’t About Signal
The Trump cabinet’s shocking leak of its plans to bomb Yemen raises myriad confidentiality and legal issues. The security of the encrypted messaging app Signal is not one of them.
www.wired.com
March 26, 2025 at 8:12 PM
Incredibly important piece here, bravo @lhn.bsky.social and @agreenberg.bsky.social
www.wired.com/story/signal...
www.wired.com/story/signal...
Reposted by Dan Black
In order to help protect people from falling victim to sophisticated phishing attacks, Signal introduced new user flows and in-app warnings. This work has been completed for some time and is unrelated to any current events. 5/
March 25, 2025 at 10:52 PM
In order to help protect people from falling victim to sophisticated phishing attacks, Signal introduced new user flows and in-app warnings. This work has been completed for some time and is unrelated to any current events. 5/
Reposted by Dan Black
The memo used the term ‘vulnerability’ in relation to Signal—but it had nothing to do with Signal’s core tech. It was warning against phishing scams targeting Signal users. 3/
March 25, 2025 at 10:52 PM
The memo used the term ‘vulnerability’ in relation to Signal—but it had nothing to do with Signal’s core tech. It was warning against phishing scams targeting Signal users. 3/
Reposted by Dan Black
One piece of misinfo we need to address is the claim that there are ‘vulnerabilities’ in Signal. This isn’t accurate. Reporting on a Pentagon advisory memo appears to be at the heart of the misunderstanding: npr.org/2025/03/25/n.... 2/
March 25, 2025 at 10:52 PM
One piece of misinfo we need to address is the claim that there are ‘vulnerabilities’ in Signal. This isn’t accurate. Reporting on a Pentagon advisory memo appears to be at the heart of the misunderstanding: npr.org/2025/03/25/n.... 2/
Reposted by Dan Black
It's never a bad time to take a look at your online accounts and see if you spot a weird device or login.
We have a comprehensive guide on how to check if your Gmail, Apple ID, Facebook, IG, WhatsApp, Telegram, Discord, etc have been hacked.
techcrunch.com/2025/03/25/h...
We have a comprehensive guide on how to check if your Gmail, Apple ID, Facebook, IG, WhatsApp, Telegram, Discord, etc have been hacked.
techcrunch.com/2025/03/25/h...
How to tell if your online accounts have been hacked | TechCrunch
This is a guide on how to check whether someone compromised your online accounts.
techcrunch.com
March 25, 2025 at 9:25 PM
It's never a bad time to take a look at your online accounts and see if you spot a weird device or login.
We have a comprehensive guide on how to check if your Gmail, Apple ID, Facebook, IG, WhatsApp, Telegram, Discord, etc have been hacked.
techcrunch.com/2025/03/25/h...
We have a comprehensive guide on how to check if your Gmail, Apple ID, Facebook, IG, WhatsApp, Telegram, Discord, etc have been hacked.
techcrunch.com/2025/03/25/h...
Russia's intelligence services have spent time and resources to develop Signal-specific tradecraft because it is best-in-class for secure communications.
It is Signal's lack of vulnerability that makes the app the high priority target that it is.
It is Signal's lack of vulnerability that makes the app the high priority target that it is.
It's really crucial to understand how badly framed this is. There is no Signal vulnerability. The Pentagon email did a bad job explaining a Google report from a month ago and NPR repeated it.
This is like saying because you got a phishing email at your Gmail address, there's a Google vulnerability.
This is like saying because you got a phishing email at your Gmail address, there's a Google vulnerability.
News: NPR’s Tom Bowman reports of a Pentagon-wide warning about Signal’s security vulnerability - one week ago 👇🏼
March 25, 2025 at 11:34 PM
Russia's intelligence services have spent time and resources to develop Signal-specific tradecraft because it is best-in-class for secure communications.
It is Signal's lack of vulnerability that makes the app the high priority target that it is.
It is Signal's lack of vulnerability that makes the app the high priority target that it is.
Reposted by Dan Black
It's really crucial to understand how badly framed this is. There is no Signal vulnerability. The Pentagon email did a bad job explaining a Google report from a month ago and NPR repeated it.
This is like saying because you got a phishing email at your Gmail address, there's a Google vulnerability.
This is like saying because you got a phishing email at your Gmail address, there's a Google vulnerability.
News: NPR’s Tom Bowman reports of a Pentagon-wide warning about Signal’s security vulnerability - one week ago 👇🏼
March 25, 2025 at 11:25 PM
It's really crucial to understand how badly framed this is. There is no Signal vulnerability. The Pentagon email did a bad job explaining a Google report from a month ago and NPR repeated it.
This is like saying because you got a phishing email at your Gmail address, there's a Google vulnerability.
This is like saying because you got a phishing email at your Gmail address, there's a Google vulnerability.
Reposted by Dan Black
We are looking for a motivated Research Analyst to join our cyber and tech team at @rusi.bsky.social. You need to be able to work in London. Full job spec below 👇
royalunitedservicesinstitute.peoplehr.net/Pages/JobBoa...
royalunitedservicesinstitute.peoplehr.net/Pages/JobBoa...
Research Analyst
This position sits in RUSI’s Cyber and Tech Research group, which seeks to shine a light on UK and international cyber and technology issues. We take what can sometimes be complex and technical subjec...
royalunitedservicesinstitute.peoplehr.net
March 23, 2025 at 5:06 PM
We are looking for a motivated Research Analyst to join our cyber and tech team at @rusi.bsky.social. You need to be able to work in London. Full job spec below 👇
royalunitedservicesinstitute.peoplehr.net/Pages/JobBoa...
royalunitedservicesinstitute.peoplehr.net/Pages/JobBoa...
Developing low visibility, low signature forms of compromise for signal accounts is a clear area of investment for Russia's services as well.
Generally speaking if you use the app for sensitive comms: audit your linked devices. Do it now.
cloud.google.com/blog/topics/...
Generally speaking if you use the app for sensitive comms: audit your linked devices. Do it now.
cloud.google.com/blog/topics/...
March 25, 2025 at 11:57 AM
Developing low visibility, low signature forms of compromise for signal accounts is a clear area of investment for Russia's services as well.
Generally speaking if you use the app for sensitive comms: audit your linked devices. Do it now.
cloud.google.com/blog/topics/...
Generally speaking if you use the app for sensitive comms: audit your linked devices. Do it now.
cloud.google.com/blog/topics/...
Reposted by Dan Black
Right now a single technical organization is being asked to defend (at least) one side in a major regional war, the political communications of the entire US administration, the communications of anyone opposed to that administration, big piles of NGOs, and millions of “ordinary” folks to boot.
March 25, 2025 at 9:15 AM
Right now a single technical organization is being asked to defend (at least) one side in a major regional war, the political communications of the entire US administration, the communications of anyone opposed to that administration, big piles of NGOs, and millions of “ordinary” folks to boot.
Reposted by Dan Black
For no reason at all, re-upping this blog from @danwblack.bsky.social, which shows the high interest that Russian APTs have in getting access to Signal messages.
cloud.google.com/blog/topics/...
cloud.google.com/blog/topics/...
Signals of Trouble: Multiple Russia-Aligned Threat Actors Actively Targeting Signal Messenger | Google Cloud Blog
Russia state-aligned threat actors target Signal Messenger accounts used by individuals of interest to Russia's intelligence services.
cloud.google.com
March 24, 2025 at 5:26 PM
For no reason at all, re-upping this blog from @danwblack.bsky.social, which shows the high interest that Russian APTs have in getting access to Signal messages.
cloud.google.com/blog/topics/...
cloud.google.com/blog/topics/...
Reposted by Dan Black
🚨NEW REPORT: first forensic confirmation of #Paragon mercenary spyware infections in #Italy...
Known targets: Activists & journalists.
We also found deployments around the world. Including ... #Canada?
And a lot more... Thread on our @citizenlab.ca investigation 1/
citizenlab.ca/2025/03/a-fi...
Known targets: Activists & journalists.
We also found deployments around the world. Including ... #Canada?
And a lot more... Thread on our @citizenlab.ca investigation 1/
citizenlab.ca/2025/03/a-fi...
March 19, 2025 at 8:43 PM
🚨NEW REPORT: first forensic confirmation of #Paragon mercenary spyware infections in #Italy...
Known targets: Activists & journalists.
We also found deployments around the world. Including ... #Canada?
And a lot more... Thread on our @citizenlab.ca investigation 1/
citizenlab.ca/2025/03/a-fi...
Known targets: Activists & journalists.
We also found deployments around the world. Including ... #Canada?
And a lot more... Thread on our @citizenlab.ca investigation 1/
citizenlab.ca/2025/03/a-fi...
Reposted by Dan Black
Gorbachev believed the Soviet Union had to reform or die. But his reforms were so incoherent and inconsistent, yet persistent, he wound up destroying the USSR-something practically no one when he started thought was a possible outcome.
March 15, 2025 at 1:20 AM
Gorbachev believed the Soviet Union had to reform or die. But his reforms were so incoherent and inconsistent, yet persistent, he wound up destroying the USSR-something practically no one when he started thought was a possible outcome.
One of things I miss the most now that I'm fully remote is the old in-office nerding out about what was in the news.
This podcast has really helped to fill that void. Highly recommend.
This podcast has really helped to fill that void. Highly recommend.
NEW POD ALERT: Revisiting the US/Russia cyber stand down order and the diplomatic optics. Plus, a dissection of ‘The Lamberts’ and connections to US intelligence agencies, attribution around ‘Operation Triangulation’, VMware 0days and i-Soon indictments securityconversations.com/episode/revi...
Revisiting the Lamberts, i-Soon indictments, VMware zero-days - Security Conversations
Three Buddy Problem – Episode 37: This week, we revisit the public reporting on a US/Russia cyber stand down order, CISA declaring no change to […]
securityconversations.com
March 8, 2025 at 9:43 PM
One of things I miss the most now that I'm fully remote is the old in-office nerding out about what was in the news.
This podcast has really helped to fill that void. Highly recommend.
This podcast has really helped to fill that void. Highly recommend.
Reposted by Dan Black
Our new leader. The @economist.com has always been staunchly Transatlanticist. We don't say this lightly: "Europe must prepare to be abandoned or extorted. Not to prepare for that could leave Europe vulnerable to Russia and to an increasingly hostile America" www.economist.com/leaders/2025...
The lesson from Trump’s Ukrainian weapons freeze
And the grim choice facing Volodymyr Zelensky
www.economist.com
March 5, 2025 at 11:18 AM
Our new leader. The @economist.com has always been staunchly Transatlanticist. We don't say this lightly: "Europe must prepare to be abandoned or extorted. Not to prepare for that could leave Europe vulnerable to Russia and to an increasingly hostile America" www.economist.com/leaders/2025...
Reposted by Dan Black
⚡️Russia launches largest drone attack since start of full-scale invasion.
Ukraine’s air defense shot down 138 drones while 119 decoy drones were lost out of a total of 267 drones launched by Russia, the Ukrainian Air Force said.
Ukraine’s air defense shot down 138 drones while 119 decoy drones were lost out of a total of 267 drones launched by Russia, the Ukrainian Air Force said.
Russia launches largest drone attack since start of full-scale invasion
Ukraine’s air defense shot down 138 drones while 119 decoy drones were lost.
kyivindependent.com
February 23, 2025 at 11:11 AM
⚡️Russia launches largest drone attack since start of full-scale invasion.
Ukraine’s air defense shot down 138 drones while 119 decoy drones were lost out of a total of 267 drones launched by Russia, the Ukrainian Air Force said.
Ukraine’s air defense shot down 138 drones while 119 decoy drones were lost out of a total of 267 drones launched by Russia, the Ukrainian Air Force said.