Matthijs R. Koot

In 2024 we traveled to the Chinese city of Chengdu to find follow the trails of three APT groups: I-Soon, No Sugar Tech, Chengdu404 and Sichuan Silence. In this thread we will do some site visits, getting "thrown out" and talking to a former member of top management, all the while we are trailed by security. 1/10

I write a short blog post on the WhatsApp lawsuit. blog.cryptographyengineering.com/2026/02/02/wha…

Unredacted excerpt from 2017 FBI CI report in Epstein files (Jan 2026 release). Blackhat board, CrowdStrike, GCHQ may have ties to Jeffery Epstein. These were allegations only; many details align with public bio of Vincenzo Iozzo - unproven claims should not be treated as fact.

What is interesting is that the main reflector of the JUMPSAT SIGINT antenna seems to have deployable parts... Comparing the model vs the EMC chamber vs the shaker setup, the EMC chamber pic clearly has the reflector in a "deployed" state, vs folded for the shaker pic...

The NRO confirms our belief that there were 8 JUMPSEAT launches in 1981-87. and gives the dates for JUMPSEAT 1 and 8. Another program, QUASAR, had data relay satellites in the same orbit, and NRO has not released the dates for JS2 to 7 so we aren't sure which launch is which.

The US National Reconnaisance Office has declassified the JUMPSEAT program, which had signals intelligence satellites in Molniya orbit starting in 1971.

🚨 #𝗕𝗥𝗘𝗔𝗞𝗜𝗡𝗚 𝗠𝗔𝗝𝗢𝗥 𝗘𝗫𝗣𝗢𝗦𝗨𝗥𝗘 🚨 The "exclusive" video of Hamza Bin Laden circulating right now via @cyberpionier (Guido Blaauw), @sarahadams (Sarah Adams) and @TransatlanticIC (Guido and Sarah) is 𝗙𝗔𝗞𝗘. Guido calls it a "virtual bomb" that "the world is not ready for." He is right about one thing: The world isn't ready for how easily he was duped. How can I be 100% sure? 𝗕𝗲𝗰𝗮𝘂𝘀𝗲 𝗜 𝗰𝗿𝗲𝗮𝘁𝗲𝗱 𝗶𝘁. I fed them fabricated intel to prove they are spreading dangerous disinformation. Here is the full story. 🪡 1/11 👇

"FTM identified hundreds of soldiers from nations including Germany, UK & US on dating app Tinder. The personal details incl. home addresses of many soldiers can be found and their travel movements can be tracked via the app" (14 Dec 2024) ftm.eu/articles/tinde…

He is currently in Netherlands police custody and awaiting trial. The entry ban will be enacted from the date he has physically left, briefly put, the EU, which might not be until after he has served a sentence if convicted.

Russian former ASML employee suspected of theft of trade secrets (6 December 2024) nos.nl/nieuwsuur/arti… Re: Russian national German Germanovich Aksenov, born 22 October 1981. The Netherlands government issued a 20 year entry ban for him on 2 December 2024.

The @FBI announce a $10 m award for information leading to the arrest of GRU Unit 29155 hackers who targeted Ukrainian gov't infrastructure at the start of the invasion. They are all familiar faces to us, will do a story on them in the next few days.

We have released the 31 GB of North Korean leaked data from their cloud server. This data set mentioned in the 38north article. gofile.io/d/nLSE4n @38northnk @martyn_williams @nknewsorg @RecordedFuture @lorenzofb @josephfcox @vxunderground @BushidoToken @thegrugq

This is allegedly threat actor USDoD.

@daveaitel if it fails for you, here's a print-to-pdf of that archive: https:// cyberwar .nl/CVE-2024-38077-EXP.pdf

@daveaitel in response to your post on [dailydave]: if you're still looking for the taken-offline blog on CVE-2024-38077-EXP, see Internet Archive (remove spaces): https:// web .archive .org/web/20240809031033/https:// sites .google .com/site/zhiniangpeng/blogs/MadLicense

Damn. This guy was a human rights activist and cofounder of a significant pro-democracy organization named for victims of the Tiananmen Square massacre. He was also an MSS spy reporting to the PRC on the activities of those who joined as far back as at least 2006.

De Amerikaanse FBI heeft in samenwerking met de Nederlandse AIVD, de MIVD en de politie een Russisch desinformatienetwerk ontmanteld. Bijna 1000 nep-twitteraars zijn ontmaskerd. #Nieuwsuur

New essay: ML seems to promise discovery without understanding, but this is fool's gold that has led to a reproducibility crisis in ML-based science. aisnakeoil.com/p/scientists-s… (with @sayashk). In 2021 we compiled evidence that an error called leakage is pervasive in ML models across scientific fields. In our most recent survey the number of affected fields has climbed to 30. #rep-failures" target="_blank" rel="nofollow noopener">reproducible.cs.princeton.edu/#rep-failures Leakage is only one of many reasons for reproducibility failures. There are widespread shortcomings in every step of ML-based science, from data collection to preprocessing and reporting results. reforms.cs.princeton.edu/appendix3.html Root causes The reasons for pre-ML replication crises, such as publication bias, also apply to ML. But a new and important reason for the poor quality of ML-based science is pervasive hype, resulting in the lack of a skeptical mindset among researchers, which is a cornerstone of good scientific practice. We’ve observed that when researchers have overoptimistic expectations, and their ML model performs poorly, they assume that they did something wrong and tweak the model, when in fact they should strongly consider the possibility that they have run up against inherent limits to predictability. Conversely, they tend to be credulous when their model performs well, when in fact they should be on high alert for leakage or other flaws. And if the model performs better than expected, they assume that it has discovered patterns in the data that no human could have thought of, and the myth of AI as an alien intelligence makes this explanation seem readily plausible. This is a feedback loop. Overoptimism fuels flawed research which further misleads other researchers in the field about what they should and shouldn’t expect AI to be able to do. aisnakeoil.com/p/scientists-s… Glimmers of hope Researchers should in principle be able to download a paper’s code and data, review it, and check whether they can reproduce the reported results. And the vast majority of errors can be avoided if the researchers know what to look out for. So we think that the problem can be greatly mitigated by a culture change where researchers systematically exercise more care in their work and reproducibility studies are incentivized. We have led a few efforts to change this. First, our leakage paper has had an impact. Many researchers have used it to avoid leakage in their own work and to check previously published work. reproducible.cs.princeton.edu Beyond leakage, we led a group of 19 researchers across computer science, data science, social sciences, mathematics, and biomedical research to develop the REFORMS checklist for ML-based science. It is a 32-item checklist that can help researchers catch eight kinds of common pitfalls in ML-based science. It was recently published in Science Advances. Of course, checklists by themselves won’t help if there isn’t a culture change, but based on the reception so far, we are cautiously optimistic. reforms.cs.princeton.edu A tool, not a revolution Of course, AI can be a useful tool for scientists. The key word is tool. AI is not a revolution. It is not a replacement for human understanding — to think so is to miss the point of science. AI does not offer a shortcut to the hard work and frustration inherent to research. AI is not an oracle and cannot see the future. We are at an interesting moment in the history of science. Look at these graphs showing the adoption of AI in various fields (by Duede et al. arxiv.org/abs/2405.15828): These hockey stick graphs are not good news. They should be terrifying. Adopting AI requires changes to scientific epistemology. No scientific field has the capacity to accomplish this on a timescale of a couple of years. This is not what happens when a tool or method is adopted organically. It happens when scientists jump on a trend to get funding. Given the level of hype, scientists don’t need additional incentives to adopt AI. That means AI-for-science funding programs are probably making things worse. We doubt the avalanche of flawed research can be stopped, but if at least a fraction of AI-for-science funding were diverted to better training, critical inquiry, meta-science, reproducibility, and other quality-control efforts, the havoc can be minimized. aisnakeoil.com/p/scientists-s… P. S. Our book AI Snake Oil is all about how to separate real AI advances from hype. It's now available to preorder (and we're told preordering makes a big difference to the book's success). amazon.com/Snake-Oil-Arti… bookshop.org/p/books/ai-sna…

Respectfully, your proposal does break encryption. I am happy to spend as much time as you need reviewing in as much detail as you are comfortable with exactly how it breaks encryption, and why this is so dangerous.

Invited speakers for @Ei_PSI Security in Times of Surveillance event at TU Eindhoven (NL) on Fri 31 May 2024: Wouter Bokslag (Midnight Blue) Stephen Farrell (Trinity College Dublin) @xotoxot (RU) Carlo Meijer (Midnight Blue) @bpreneel1 (KU Leuven) More: win.tue.nl/eipsi/surveill…