This Week In Security: Ukraine, Nvidia, And Conti

The geopolitics surrounding the invasion of Ukraine are outside the scope of this column, but the cybersecurity ramifications are certainly fitting fodder. The challenge here is that almost everything of note that has happened in the last week has been initially linked to the conflict, but in several cases, the reported link hasn’t withstood scrutiny. We do know that the Vice Prime Minister of Ukraine put out a call on Twitter for “cyber specialists” to go after a list of Russian businesses and state agencies. Many of the sites on the list did go down for some time, the digital equivalent of tearing down a poster. In response, the largest Russian ISP stopped announcing BGP routes to some of the targeted sites, effectively ending any attacks against them from the outside.

A smattering of similar events have unfolded over the last week, like electric car charging stations in Russia refusing to charge, and displaying a political message, “GLORY TO UKRAINE”. Not all the attacks have been so trivial. Researchers at Eset have identified HermeticWiper, a bit of malware with no other purpose but to destroy data. It has been found on hundreds of high-value targets, likely causing much damage. It is likely the same malware that Microsoft has dubbed FoxBlade, and published details about their response. Continue reading “This Week In Security: Ukraine, Nvidia, And Conti”

The Battlefield That’s 5 KHz Wide

The airwaves are full of news from the battle in Ukraine, with TV and radio journalists providing coverage at all hours. But for those with a bit of patience there’s something else from the conflict that can be found with a radio receiver, the battle over 5 kHz of spectrum starting at 4625 kHz. This has for many years been the location on the dial for “the Buzzer“, a Russian military transmitter whose nickname describes its monotonous on/off buzzing transmission perfectly. As the current Ukrainian situation has taken shape it has become a minor battleground, and the Buzzer now shares its frequency with a variety of other stations broadcasting music, spectrograms, and other radio junk intended to disrupt it.

A spectrogram showing the wavy line of an air raid siren
The air raid siren produces a particularly distinctive spectrogram.

For the curious this can be watched unfolding on a spectrogram or through headphones by anyone within range who has an HF receiver, or for everyone else, with a WebSDR. In Western Europe it’s best listened to in hours of darkness, we suggest you consult the webSDR.org list to see which has the best signal. We’ve heard it on receivers in Poland, Russia, and the ever-reliable uTwente WebSDR in the Netherlands. Over the time we’ve been monitoring it we’ve heard overlaying speech, and music varying from the Soviet and American anthems through dance music and K-pop to 1960s British rock and of course Boney M’s Rasputin, with a few slightly macabre choices such as Final Countdown and an air raid siren. We’ve even heard TV intros from the Benny Hill Show, the A-Team and Mission Impossible, so whoever is doing this has a wide taste.

Alongside the music at about 4628kHz meanwhile we’ve watched a series of spectrogram messages scroll past in Ukrainian, Russian, and English, ranging from “Stop war” to lewd suggestions about the Russian President. It’s fair to say that none of these transmissions have obscured the Buzzer, but they have had the effect of significantly increasing the noise on the channel.

To have a listen yourself, point a receiver within range at the appropriate time of day towards 4625 kHz and select USB demodulation and a 5 kHz bandwidth. Meanwhile, for some background on the Cold War HF relics, have a read about numbers stations.

A purple 3D-printed case with an LCD screen on the front and Pikachu on top

Avoid Repetitive Strain Injury With Machine Learning – And Pikachu

The humble mouse has been an essential part of the desktop computing experience ever since the original Apple Macintosh popularized it in 1984. While mice enabled user-friendly GUIs, thus making computers accessible to more people than ever, they also caused a significant increase in repetitive strain injuries (RSI). Mainly caused by poor posture and stress, RSI can lead to pain, numbness and tingling sensations in the hand and arm, which the user might only notice when it’s too late.

Hoping to catch signs of RSI before it manifests itself, [kutluhan_aktar] built a device that allows him to track mouse fatigue. It does so through two sensors: one that measures galvanic skin response (GSR) and another that performs electromyography (EMG). Together, these two measurements should give an indication of the amount of muscle soreness. The sensor readout circuits are connected to a Wio Terminal, a small ARM Cortex-M4 development board with a 2.4″ LCD.

However, calculating muscle soreness is not as simple as just adding a few numbers together; in fact the link between the sensor data and the muscles’ state of health is complicated enough that [kutluhan] decided to train a TensorFlow artificial neural network (ANN), taking into account observed stress levels collected in real life. The network ran on the Wio while he used the mouse, pressing buttons to indicate the amount of stress he experienced. After a few rounds of training he ended up with a network that reached an accuracy of more than 80%.

[kutluhan] also designed a rather neat 3D printed enclosure to house the sensor readout boards as well as a battery to power the Wio Terminal. Naturally, the case was graced by a 3D rendition of Pikachu on top (get it? a mouse Pokémon that can paralyze its opponents!). We’ve seen [kutluhan]’s fondness for Pokémon-themed projects in his earlier Jigglypuff CO2 sensor.

Although the setup with multiple sensors doesn’t seem too practical for everyday use, the Mouse Fatigue Estimator might be a useful tool to train yourself to keep good posture and avoid stress while using a mouse. If you also use a keyboard (and who doesn’t?), make sure you’re using that correctly as well.

Continue reading “Avoid Repetitive Strain Injury With Machine Learning – And Pikachu”