Compiled by Maya Nicholson
Articles
Backdoor in XZ Utils that Almost Happened
Bruce Scheiner explained how an unpaid volunteer maintaining XZ Utils—an open-source data compression library on hundreds of millions of computers—discovered a backdoor that could have had cybersecurity consequences nationwide. He argued that open-source projects need to be funded and treated by the government and tech companies as a national security problem.
There’s an important moral to the story of the attack and its discovery: The security of the global internet depends on countless obscure pieces of software written and maintained by even more obscure unpaid, distractible, and sometimes vulnerable volunteers. It’s an untenable situation, and one that is being exploited by malicious actors. Yet precious little is being done to remedy it.
Kyber Sprotyv: Ukraine’s Spec Ops in Cyberspace?
Stefan Soesanto and Wiktoria Gajos examined the activities of the alleged Ukrainian state-coordinated cyber group, Kyber Sprotyv, against Russian military officers, civilians and politicians. They discussed how to define the group’s role in the Ukrainian information ecosystem and the emerging legal challenges that arise from armed conflict in cyberspace.
Kyber Sprotyv’s existence was publicly revealed on Feb. 24, 2023, when the group’s public Telegram channel was created. The group describes itself as “a team of hacktivists who have been cooperating with various law enforcement agencies of Ukraine since 2014, as well as with volunteers from the international intelligence community InformNapalm, the Myrotvorets Center and the National Resistance Center.” The group’s claims of cooperation with Ukrainian law enforcement and intelligence agencies are difficult to verify, but evidence suggests a special relationship exists. The group’s active cooperation with Myrotvorets, InformNapalm, and the National Resistance Center is beyond any doubt. To showcase the ecosystem that Kyber Sprotyv operates within, this piece will explain each component and unpack some of the available evidence.
Podcasts
The Lawfare Podcast: Juliette Kayyem on the Baltimore Bridge Collapse and Crisis Management: Matt Gluck sat down with Juliette Kayyem to discuss the bridge that collapsed in the early morning hours of March 26 in Baltimore, how authorities responded to it, and what it all means for the resilience of U.S. critical infrastructure and the state of crisis response. They talked about whether or not the bridge was adequately protected, how governments and the private sector should prepare to prevent crises and respond to the aftermath when they inevitably occur, and more.
Announcements
On April 3, Lawfare announced another auction item on the Givebutter campaign— the “Black Hole of Awful” Post-It by Quinta Jurecic, one-of-a-kind Lawfare sketch born from a conversation with Benjamin Wittes that illustrates the extent to which trial delay is advantageous to Trump. Other items of exclusive Lawfare merchandise up for auction include an autographed Lawfare jigsaw puzzle and Wittes’s Twitter sensation and protector of democracy #BabyCannon. Place your bids to support Lawfare’s Trump Trials coverage. You can also support Lawfare’s Trump Trials coverage by making a contribution here.
Support Lawfare
Follow us on Twitter, Facebook, YouTube, and LinkedIn. Become a material supporter on Patreon and Substack or make a one-time tax-deductible contribution on Givebutter. Sign up to receive Lawfare in your inbox. Check out relevant job openings on our Job Board.