By Jon Lindsay
This is an interesting story about (presumably) Beijing’s use of a piece of malware to monitor protester’s communications in Hong Kong:
It points out a dilemma between seeking to restrict technology access to disable the advantages it has for the adversary (attacking their network) and ensuring the adversary’s access in order to collect intelligence (exploiting the network). There’s a passing mention also to Syria’s lifting of kill switch use in order to better monitor internet use. What’s interesting in this case is that the malware is marketed specifically to improve protester communications, and probably does a bit, but also collects on those communications to turn the user into an unwilling agent via deception.
The crowdsourced counterintelligence angle is also pretty interesting–upon discovery, the victim of a malware attack often benefits from a large and distributed forensic effort. The Iranians did with Stuxnet, too.