Friday Squid Blogging: Squid Cartoon

As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

Posted on February 20, 2026 at 5:05 PM • 39 Comments

DHS PALANTIR DEAL
https://www.wired.com/story/department-homeland-security-ice-billion-dollar-agreement-palantir/

The MSS has been recruiting in defense, law enforcement, government, and other areas.

‘https://en.parapolitika.gr/greece/148363/greek-air-force-commander-breaks-in-espionage-case-names-chinese-handler/

The Greek wing commander had expertise in electronic systems and electronic warfare.
https://in-cyprus.philenews.com/international/spy-thriller-in-the-greek-armed-forces-widens-as-investigators-hunt-a-shadow-figure/

This looks as though it was summarized by AI, but contains further detail.
https://athens-times.com/how-the-greek-air-force-group-captain-was-recruited-by-chinese-intelligence-nato-conference-meeting-and-beijing-trip/

Fancy a large private prison/warehouse in your backyard?

The rapidly expanding budget of DHS will have to grow far more rapidly to accommodate its plans to whack up or convert massive detention complexes in U.S. towns and cities.

ICE wants to use large warehouses across the U.S. as giant private prisons.The safety of detainees and the intrusion on nearby residents is a problem of real concern. Securing such facilities and providing medical care and other services in such unpractical spaces would present immense difficulty. Private prison investors will of course get a return.

The budget of DHS has swelled from a few billion, to over $90 billion in recent times.

‘https://www.bloomberg.com/news/features/2026-01-29/us-spends-hundreds-of-millions-on-warehouses-for-ice-detention-centers

The facilities would require a huge amount of infrastructure, including water and sewerage.
https://projectsaltbox.substack.com/p/nternal-ice-documents-reveal-38-billion

From the same news outlet for the Greek Spy scandal I saw,

https://in-cyprus.philenews.com/international/sergey-tropin-former-russian-minister-death-moscow/

This story from a couple of weeks back kind of did not appear in UK and similar news outlets.

Which is strange as it’s portrayed with all the usual “fingerprints” of the “panty poisoner”.

Three engineers who worked at Google, Qualcomm and Intel stole trade secrets for Iran.

‘https://www.courtlistener.com/docket/72303995/united-states-v-ghandali-etal/

The list of stolen files is stated to be in the hundreds and related to mobile processors.

This included information about cryptographic and security features of Tensor processors used in Pixel phones and other details regarding Qualcomm’s Snapdragon processors.

One of the accused is said to have copied internal Google files as early as 2022.
https://www.pcmag.com/news/3-silicon-valley-engineers-arrested-allegedly-sent-trade-secrets-to-iran

This has nothing to do with the global decline in amphibians, but it is interesting.

GosNIIOKhT (State Research Institute of Organic Chemistry and Technology) synthesized epibatidine. Epibatidine is toxic even in small doses. The poison first causes paralysis, followed by death. GosNIIOKhT created the Novichok family of nerve agents.

Synthesis and assassination using epibatidine is a violation of the Chemical Weapons Convention. Epibatidine was likely chosen because it has no antidote. As the poison dart frog obtains the toxin through its diet, the poison cannot be made from frogs in captivity.

GosNIIOKhT also conducted research to see if the synthesized toxin could be detected. It and another Russian institute studied two different methods for the poison’s production.

Symptoms exhibited by Navalny at the time of death match those of the deadly neurotoxin.
https://www.gov.uk/government/news/uk-confirmsrussia-poisoned-navalny-in-prison-with-rare-toxin

“ICE wants to use large warehouses across the U.S. as giant private prisons.”

I suspect the reason for “warehouses” is people now have “drones”.

The US have run such detention camps in the past with little more than barbed wire.

Lookup “Rhine Camps” or “Rheinwiesenlager” from a little over 80 years ago,

Such thinking has happened on a regular occurrence since. The illegal detention center in Chicago, is apparently still up and running.

https://en.wikipedia.org/wiki/Homan_Square_facility

So as it has been around for over a quarter of a century we can assume that “blue prints” for such warehouse “conversions” are already in existence.

“Three engineers who worked at Google, Qualcomm and Intel stole trade secrets for Iran.”

The implication is that what Iran has done with regards it’s younger generation that is breaking away from the religious nut-bar is mass spying enabled by such information.

With the list of dead and disappeared apparently over 40,000 in recent events and Iran screaming at the UN over Starlink it’s not going to be difficult to “try in the press” then “rubber stamp” in a court.

However before making accusations against them I would look into their “relatives” still in Iran.

Using family as leverage is a very standard Iranian technique, the same as it is for China, oh and the USA (and many more besides).

As has been shown by the deaths of many CIA “assets” in China and Iran, all that mostly matters to such agencies is “results” not the “methods” to get them…

“Never travel with personal or corporate electronics, and dump any you acquire abroad before returning”

“Do not contact family or friends whilst abroad and have a single ‘special’ point of contact for ‘proof of life and freedom’ with say a lawyer.”

Remember in Iran and other Countries like Russia and China even accessing “News Feeds” can carry long jail time, premature death, or both. Thus “keeping your nose clean” is virtually impossible especially when you might be worth considerable amount of “political ransom / leverage”.

These are the realities of modern geo-politics and they are only going to get worse for the foreseeable future.

Symptoms exhibited by Navalny at the time of death match those of the deadly neurotoxin.

Many high level Russian politicians and business leaders die unexpectedly in odd ways, eg, falling out of Windows and drowning in their bathtub. Often it is unclear whether it is inter- and intra-gang warfare or a random political purge.

However, esoteric poisons seem to be the privilege of Вова Отравитель (Vlad the Poisoners).

These chemical weapons seem to be reserved for those Вова sets as an example to the world. For those people Вова wants to signal that he himself ordered the killing, and not some scheming or back stabbing underlings.

“Often it is unclear whether it is inter- and intra-gang warfare or a random political purge.”

The Panty Poisoner would not allow “high level Russian politicians and business leaders” to get ‘off’d’ unless he had sanctioned it. If unsanctioned the retribution would be significant so that “fear” would be felt at quite a distance.

There have been something like 30 killings of Russians in the UK alone that have in effect been ignored by the Met Police, on we assume instructions from the UK Home Office minister so that “the boat does not get rocked”… One of whom lived just around the corner from me and I was on “nodding acquaintance” with.

Other Russians living in the UK who are in effect “escapees from the system” –who have skills wanted in the UK– if you talk about it warn you off… Because they are scared for those of their family still in Russia who are in practical effect still in “the system” as leverage etc.

The same thing with those from China and North Korea that have ended up in the UK to “escape to a better life”, find that “escape” is difficult at best.

China has set up something like 200 “friendship and assistance” centers that act as unofficial police stations and worse,

https://www.theguardian.com/world/2023/apr/20/explainer-chinas-covert-overseas-police-stations

The Panty Poisoner would not allow “high level Russian politicians and business leaders” to get ‘off’d’ unless he had sanctioned it.

Indeed, for the important ones. But dictators thrive on division.

All dictators have nurtured competing factions within their power structures. Their competition ensures the elite won’t unite to dispose of them.

I have seen speculations that those a level below the kremlinarchs who control cash flows or finances get crushed in the internal faction fights between the kremlinarchs.

Multiple U.S. federal agencies (FBI, DEA, ICE and State Department) have signed a three-year contract with Oxygen Forensics, a Russian software company founded by “former” FSB agents, specializing in software for geolocation and extraction of deleted data from smartphones.

https://maligninfluenceoperations.substack.com/p/ice-is-using-phone-extraction-software

https://www.timesofisrael.com/backed-by-trumps-son-israeli-founded-ai-drone-startup-plans-to-go-public-on-nasdaq/

‘XTEND, an Israeli developer of a human-guided AI drone operating system, announced plans Tuesday to merge with US firm JFB Construction Holdings, as part of a deal to go public on the Nasdaq, at a company valuation of $1.5 billion.

XTEND has built a human-guided autonomous operating system utilizing AI that it says enables users, even without any experience, to fly a drone or navigate robots to perform accurate maneuvers in any scenario, indoors and outdoors, without relying on GPS, and with minimal training.

The startup’s technology is geared to help soldiers perform complex and dangerous combat missions such as scanning tunnels and remote buildings for terrorists and explosives, or launching grenades, without having to risk their lives.

Before the outbreak of the Hamas war, XTEND’s biggest client was the US Department of Defense.

“By combining our platform with JFB, we are acquiring the resources we need to scale our manufacturing capabilities in the US and gaining access to the US public markets.”

Make Russia Great Again • February 21, 2026 7:25 PM

https://www.schneier.com/blog/archives/2026/02/friday-squid-blogging-squid-cartoon-3.html/#comment-452329

Make Russia Great Again. Literally.
If it wasn’t for the American stalling, sabotaging, and obstructing the Ukrainians, Russia would have been beaten BIGLY but decent people know that there’s no winning if USA is secretly sabotaging you, no matter what country you are PLUS those who want to know, they will know how much of foreign aid to Ukraine was ABUSED BY The Ukrainian CORRUPT GOVERNMENT and channeled/funneled into “investing” outside Ukraine as their private funds.
Many countries, when they found out about it – they simply stopped helping with their funds because why would you send a ton of money to Ukraine only to find out they are using it to buy some fancy real estate in USA or anywhere else, or buy multi-million dollar yachts with your tax-payer’s money while you, yourself, have many things in your own country that could use repairing/fixing. Many countries wanted to held, and did help Ukraine, but when you find out how they abuse that foreign aid, you then just start ignoring their requests for money. Bidens have done well in Ukraine, they got millions of dollars for themselves, into their private bank accounts and in return gave Ukraine billions of dollars of OUR MONEY (The US tax-payer’s money). It’s easy to give away something that’s not your own private money, especially if you get a lot of money in return for it, which ends up in your private account. Why do we Americans have to deal with this SHIT is what bothers me. Biden is pro-Ukraine, and Trump is CLEARLY pro-Russian. Why not just be PRO-American? Did not happen yet! If you’re an American – start packing and go anywhere else but another US State because these PRECEDENTS that are being set by this Administration will continue by all next Administrations and NOBODY WILL EVER BE ABLE TO STOP IT because they will all refer us all to “hey, the last Administration did it and they got away with it” – people in USA have NO IDEA WHAT THEY HAVE TOLERATED so far which will set the BASELINE for the future presidents which will be allowed to get away with ANYTHING!

A number of governments have ignored the murder of their citizens by Vlad’s thugs. The police turn a blind eye to such incidents, along with most of the public. Our institutions became weak and frail because the public at large, avoided placing any pressure on police and prosecutors to address such problems, by demanding detention and charges be pressed.

Thugs, extremists and crooks are most often unaware who they are really working for, to get a “leg-up” or earn a quick buck. Nor do they have any concern for the innocent lives they harm. These people, and corrupt officials, are very useful to any foreign power looking to fund and run covert interference and gain access to sensitive information in bulk.

Without arrest taking place, proper investigation of such cases does not proceed. This requires community and family support of the victims of crime, preferably before death.
Yet the courts are often empty of those one might expect to support those who have been subjected to a campaign of terror from agents and their associates acting for a foreign power. Undeclared agents also use “disposables” to continue harassing their targets.

The lack of community pressure to maintain integrity within institutions can be seen with cases of abuse that have taken place inside sporting bodies, religious orginisations, child care, schools, state facilities, law enforcement and other government departments. All of these cases have come to light not through the media or the government, but because the children who were abused took the matter to court themselves. There have been few adults who supported the victims, took the story to the media, or pressured law enforcement.

The political leadership ignored the issues and the victims when these matters were raised with them, and they too allowed the integrity of the system to rot. Hence corruption set in. Moral within these institutions collapsed and the staff learned to look the other way.

It is unsurprising that younger generations have a low level of trust in institutions, as they are mistreated by law enforcement, police do not turn up at court to give evidence in regards to violent crime committed against minors, the prosecutors behave like feral animals even in the presence of other other adults and court staff, yet no single adult has the courage to speak up and file a formal complaint – or aid the victims with the burden.

There is always the kindness of strangers, but is is short lived. The capacity of humans to ignore the suffering of their own friends, family and neighbours is enormous, especially when they are facing an overwhelming and dangerous situation alone and without assistance.

You cannot turn a society against itself if it is not already halfway down the path. Modern society has set the conditions to be exploited, fragmented, ill-informed, bitter and jaded.
Anger and distrust is not the remedy, but it is always easier not to look at our own actions, lob hand-grenades, shift the blame, or occupy our time avoiding responsibility.

We worked hard, kept our heads down, followed the rules and therefor are absolved of sin.
Our leaders do it. The police do it. So why can’t we ignore these problems ourselves?

And so it is that our technology and creations hold up a mirror to show us ourselves. 😉

Predator hides camera and mic activity by intercepting ALL sensor activity…

https://www.jamf.com/blog/predator-spyware-ios-recording-indicator-bypass-analysis/

Urgent research needed to tackle AI threats, says Google AI boss. Sir Demis Hassabis said the industry wanted “smart regulation” for “the real risks” posed by the tech.

What is Seedance? The Chinese AI app sending Hollywood into a panic.

“Predator hides camera and mic activity by intercepting ALL sensor activity…”

Yup, a long known issue that actually predates the Apple iPhone.

As some know I designed both cordless and later RF comms phones last century and have discussed the failings of what are just,

“Embedded software devices with external wide area communications.”

Which includes just about every consumer device these days due to “System On a Chip”(SOC) chips being as cheap or in most cases now cheaper than a more secure microcontroller.

1, If it can be updated / patched in anyway it’s vulnerable.
2, If it’s OS is kernel based it’s vulnerable.
3, If it’s security is ‘code signing’ it’s vulnerable.
4, If apps run in RAM it’s vulnerable.
5, If drivers are loadable it’s vulnerable.

I could go on but you probably get the message by now of,

At all levels of the computing stack, from the physical layer (0) all the way up through presentation (7) to legislative and beyond consumer and commercial devices are vulnerable

The only real point of interest is the type of attack,

1, Do you need to have hands on.
2, Do you need to be an insider.

In by far the majority of cases you need to be neither, thus can exploit vulnerabilities from across the globe.

Those are the painful realities of “doing it on the cheap” design and implementation that every commercial or consumer device is subject to.

It all falls out this way because of decisions made back in the 1950’s that still apply today. It was only in the 1980’s and early 1990’s when microcontrollers were extremely resource constrained that secure designs happened in embedded consumer and commercial designs.

It’s a reality that some understand and have tried to take steps toward eliminating.

If you look back on the first decade or so of this blog you will see I was pointing this out and discussing it with the early “Usual Suspects”[1].

I am an “engineer of many types” by training and practice, and have an eye on systems and their design that our host used to describe as “thinking hinky”.

Back then I had to be way more careful in what I said, as I was party to things that were not in the academic/public arena and had to wait untill someone else “put it there” before discussing it (the UK had laws that Margaret Thatcher badly abused[2] and she used them in ways never intended and I was very nearly a victim of it as I’ve mentioned before).

An example of things becoming public was the “jitterbugs” paper by Matt Blaze and students,

https://www.mattblaze.org/papers/jbug-Usenix06-final.pdf

To this day very few realise the “flood gates” this paper actually enabled to be opened.

I had for a long time being saying here and other places –much to many idiots saying otherwise– that an inexpensive AM radio using an “envelope detector” would pick up the RF envelope of a GSM mobile phone. It was in effect a “bug detector” known as a “Crystal Receiver” or as most RF engineers call it a “Diode Probe” or “micro watt meter”. With an adjustable tuned circuit the “Crystal Receiver” when connected to an oscilloscope makes a “poorman’s spectrum analyser”…

Matt also helped dispell much of the nonsense many mobile telecoms engineers already knew, that “Faraday shield bags don’t really work that well, and are fairly easy to get around,

“It’s important to recognize that a Faraday pouch, no matter how effective, only prevents radio communication. A malicious phone might do harmful things that don’t involve the use of radio. For example, it could still record audio, and wait for the phone to come out of the pouch to exfiltrate it. So for the truly paranoid, even the best possible Faraday cage might not provide sufficient protection.”

“Leave your phone on, with ring off, on charge at home.”

It’s simple and it’s defendable, because every one does it. Whilst faraday bags are a “going equipped” to commit a crime if you are found with one without “good reason” (where good reason is in a police officers opinion and a prosecutors argument, so totally biased well beyond “reasonable doubt”).

Eventually the major flood gates were opened by the Ed Snowden Trove of documents in 2013, though most journalists totally fluffed it going for political sensationalism of the already known, rather than technical fact.

The work of Matt Blaze and the Ed Snowden publicity along with a comment by a US General finally made it clear that mobile phones were “killing people” especially “political journalists” and “opposition politicians” and that various Italian and Israeli companies were “making a killing” out of the weaknesses involved with mobile phones and similar equipment.

So Ed Snowden teamed up with Andrew “bunnie” Huang to come up with a low level hardware attempt to spot your iPhone betraying you. And Cory Doctorow wrote about it,

https://boingboing.net/2017/09/08/impaired-judgment-phones.html

As for the device they came up with it’s way to obvious and paints a big fat target on your back even to the dumbest of cops (which is why I still talk about cheap AM radios and how to modify them in unobvious ways).

I could go on, it’s a subject I have very in-depth knowledge of, but this post is way to long as it is.

[1] The phrase comes from the Film Casablanca where the Chief of Police utters the immortal line to a subordinate of “round up the usual suspects” knowing full well none of them were guilty.

[2] These were the two “Official Secret Acts”(OSA) and the “Defence of the Realm Act”(DORA) and earlier Fraud Act. She conspicuously failed in Court but that did not stop her. It was her own party that did, by “booting out the mad old bat” out of power that finally put an end to it. Though Tony Blair and Boris Johnson both revived the technique in various ways, most notably by changing the judicial process and bringing in new no defense legislation. A practice that the current sitting idiot Sir Keir Starmer continues to this day…

A classic information security story to brighten your day:

How the ‘McMillions’ scammers rigged McDonald’s Monopoly game and stole $24 million
https://www.cnbc.com/2020/02/07/how-mcmillions-scam-rigged-the-mcdonalds-monopoly-game.html

Can’t recall if it was shared here, but there was a fascinating story on GlueTube of a guy who worked for a lottery commission and managed to taint at least one other lottery beyond the one where he worked. The last scarce resource on this planet will be trust. I continue to make progress on renewable energy, which will end general scarcity. In Asia well before North America.

I still haven’t been able to find the George Carlin clip about education and putting a man on the moon. I had another bout of gargling dogshit today with Gemini3 and it claims that this is the correct quote:

“Do you think the country that put a man on the moon couldn’t fix education tomorrow if it really wanted to? They don’t want to. They want a certain percentage of the population to be permanent, functional illiterates.”

You would think that being able to provide an exact quote would be much the same thing as being able to provide an exact citation, but you’d be wrong again, and never in doubt.

I think that what passes for a US elite are scared spitless that it is too little, too late to counter the rise of China and Asia. Not sure how the Iran situation will play out. The most likely person to have written the article that I described here in August 2022 is Xuequn Jiang. I hope that I posted some of his work previously.

https://www.schneier.com/blog/archives/2022/08/friday-squid-blogging-squid-acronym-for-making-conscious-choices.html/#comment-409001

Appreciate very much @Clive and @Winter chiming in on the topics.

The most relevant thing that XJ has said is that we can apply game theory to geopolitics. I think that @Clive has an innate sense of game theory applied in the area of computer security. Thinking hinky is just good poker.

Geo-Strategy #1: The Iran Trap
Professor Jiang Xuequn Lectures 2.88K subscribers
126K views | 10 days ago
https://www.youtube.com/watch?v=vEp2lFz7PJA

“The most relevant thing that XJ has said is that we can apply game theory to geopolitics.”

We are currently seeing this play out with nuclear non proliferation treaties…

Interestingly the arguments behind the “W Questions” of Who, What, When, Why, etc apply to all arms race arguments, and will when we get around to it, start taking the risks of AI seriously and if sensible for strategic limitations treaties on them and what are incorrectly calked cyber-weapons.

Some of you might follow Perun over on “GlueTube” and in general I find his one hour a week videos to be worth the time invested.

The one just dropped is about “non proliferation treaties” and their advantages and disadvantages, and I advise all to watch it in the “broader security aspect” especially AI and Cyber not just nuclear.

Just remember one important factor that is not really mentioned which is “economic churn” which every nations economy actually rests on. Every unit of currency tied up in “arms production” or similar removes approximately ten units of currency of economic activity… Yes some call it a “lost opportunity cost” but in reality it’s a lot worse than that because “lost opportunity cost” often does not factor in the multiplying effect of “churn” in most peoples thinking / figuring.

But the video does talk about the fact that non proliferation treaties enable arms races to be stopped or curtailed thus freeing up the capital for economic development.

“The last scarce resource on this planet will be trust.”

Treaties where nobody gets everything they want, but everyone gets something and there is a strong verification process in effect build trust. And have a curious effect, they tend to unwind existing arms races thus divert capital into economic growth. This increases trade between nations which makes them co-dependent thus much more secure thus less likely to need arms races at all.

Equitable trade, brings peace and stability inequality in trade does the exact opposite and causes arms races to build up. It’s one of the reasons why “sanctions” almost never work and as any half way sensible economist will tell you “tariffs are self inflicted podial target practice” with all the same effects on your economy.

The only way known for actual economic growth consists of two parts,

1, Inward investment in your own economy.
2, Unencumbered bilateral trade across borders.

The first step starts with “high quality education” and “maintaining the health and fitness” of the general population.

Two things that should always be “socially provided” and most definitely not for “profit” a mistake oh so many nations make… Because “for profit” in social provision always develops into internal arms races, lack of trust, and all that follows.

When you have seen the security services intercept various transmissions and gain access to a whole range of other devices, installations and facilities, very little seems secure. And many systems were never designed to be secure in the first place, or patched on ad-hoc.

The dangers of a missile defense systems increasing proliferation and nuclear risk.

‘https://thebulletin.org/2026/02/who-were-richard-garwin-and-hans-bethe-a-response-to-the-recent-attack-on-their-integrity-in-the-bulletin-by-benjamin-wilson/

The Safeguard system was to be built to protect ICBM silos, rather than the public.
https://www.thecrimson.com/article/1969/2/14/sentinel-pbibn-response-to-community-and/

People were not happy about having 1000 nuclear targets deployed in their backyards.
https://www.nytimes.com/1975/11/25/archives/safeguard-abm-system-to-shut-down-5-billion-spent-in-6-years-since.html

The arms companies are experts in game theory and there is an entire PR industry to assist.

Today nuclear weapons programs cost significantly more. The arms companies who build them exert enormous political influence and stand to earn equally enormous profits.

In order to ratify New START, Republicans demanded Obama upgrade the Nuclear Triad.

‘https://www.stimson.org/2024/reconsider-nuclear-modernization-plans/

In response to the U.S. building a new class of ballistic missile submarine, a new stealth bomber, upgrades to its current stock of nuclear weapons, a new cruise missile and billions of dollars on other programs, Russia and China began upgrading their nuclear systems and developing new classes of weapons, and Pakistan, India, North Korea, the United Kingdom…

https://www.npr.org/sections/parallels/2016/05/25/479498018/obamas-nuclear-paradox-pushing-for-cuts-agreeing-to-upgrades

Trump officials then campaigned to push the nuclear upgrade above the US$1.7b earmarked for modernization… with many nation states then deciding for further upgrades.
https://www.armscontrol.org/act/2024-12/features/trump-united-states-and-new-nuclear-arms-race

Have not heard from Snowden in a while – wander if Putin would be willing to give him to Trump provided the latter one wants him?

This one is shall we say is “new” and a result of Government Stupidity that most Governments are unfortunately making…

Attacker gets into France’s database listing all bank accounts, makes off with 1.2 million records

“An unknown attacker accessed the French government’s database listing every bank account in the country and made off with 1.2 million records.

France’s Ministry of Economics, Finance and Industrial and Digital Sovereignty last week revealed the incident took place in January, after unknown attackers used stolen credentials to access the database.

The Ministry said the attacker’s access was restricted immediately upon discovery of the attack, but that the miscreant still managed to access personal information about 1.2 million accounts, including account numbers, account holder’s addresses, and tax identification numbers.“

https://www.theregister.com/2026/02/22/french_bank_hack/

So the attacker could have got away with every account holders details from the whole of the French population, if they had not be fortuitously detected after “just under” a couple of percent of the records had been downloaded…

I wonder what the French prosecutor for their GDPR responsibilities is going to do. After all the Government fining the Government would be a little bit like “shuffling deck chairs”.

Treaties where nobody gets everything they want, but everyone gets something and there is a strong verification process in effect build trust. And have a curious effect, they tend to unwind existing arms races thus divert capital into economic growth. This increases trade between nations which makes them co-dependent thus much more secure thus less likely to need arms races at all.

“Treaties where nobody gets everything they want … increase trade between nations which makes them co-dependent …”

This sounds fine in theory. In practice when you operate a political system that allows you to elect a tub-thumper as leader, then you find he will not sign a treaty where he doesn’t get everything he wants, and he does not seek codependence through increased trade.

It may not be sufficient to allow election of a different tub-thumper after four years when the electoral system is run by people who believe trust can be bought and sold.

Global regulators say AI image tools don’t get a free pass on privacy rules

Watchdogs warn models that can generate realistic images of people must comply with data protection laws

“A global coalition of privacy watchdogs has fired a warning shot at the generative AI industry, saying companies churning out realistic synthetic images can’t pretend that data protection rules don’t apply.

“Recent developments – particularly AI image and video generation integrated into widely accessible social media platforms – have enabled the creation of non-consensual intimate imagery, defamatory depictions, and other harmful content featuring real individuals,” said the signatories. “We are especially concerned about potential harms to children and other vulnerable groups, such as cyberbullying and/or exploitation.”

The warning lands weeks after the ICO and DPC opened formal probes into Elon Musk’s xAI following reports that its Grok chatbot produced sexual images of real people without their consent.

The group says organizations dabbling in generative AI need to build safeguards from the start and think carefully about risks such as non-consensual imagery, misuse of someone’s likeness, and potential harms to children – all areas where the tech has raced ahead of social norms and, in some cases, common sense.“

https://www.theregister.com/2026/02/23/privacy_watchdogs_ai_images/

Not exactly surprising and I suspect most people after a pause for thought would agree with it.

That said “The Genie is out of the bottle” on this and I can not see certain people “giving it up” in the US.

Watch out for supposedly “cleaned up surveillance footage” appearing from “Guard Labour” that for “national security reasons” can not ve shown to a defendant. Which will trickle down into law enforcement etc that is in fact faux/fake-video where a blurry image is “cleaned up by AI” and just so happens magically to look like their chosen suspect rather than who it might actually be in reality. Likewise with the Trumpetter in charge and mid-terms and the like coming up it’s going to remain “anything goes for the win”.

Infosec community panics as Anthropic rolls out Claude code security checker

“Anthropic sent the infosec community into a tizzy on Friday when it rolled out Claude Code Security, a new feature that scans codebases for vulnerabilities and suggests patches to fix the issues.

The announcement sent some cybersecurity stocks into a downward spiral and prompted much pontificating about the end of security as we know it – along with a dissenting opinion from CrowdStrike co-founder and CEO George Kurtz. His firm’s shares were among those hit on Friday, closing the day down nearly 8 percent from the previous close, and Kurtz asked Claude if its new security tool could replace what CrowdStrike does (tl;dr: Claude said no).

The reality, however, isn’t nearly as gloomy for the security industry – nor as exciting and sexy as AI evangelists make it out to be. Yes, large language models have shown an ability to flag some pattern-based vulnerabilities at scale.“

https://www.theregister.com/2026/02/23/claude_code_security_panic/

A very “click-batey title” but the point is valid, the stock markets are getting AI News twitchy more and more. A sign that things are entering the dangerous phase where “Mug Money” is clearly being made in what is moving from primary “pump and dump” style VC stock into secondary stock that should be more price stable.

I’ve put this separately because Sam Altman making looney and fairly easily disprovable statements happens all is to often “to be news”. In fact you have to ask if he’s breathing the exhaust fumes of a hallucinating AI belching “soft bullshit”…

Altman: You think AI is wasted energy? Try raising 100 billion humans

“AI is being unfairly targeted over its energy use, OpenAI CEO Sam Altman claims, as the naysayers ignore the vast amount of resources humans have consumed over millennia – not least to avoid being eating by predators.

He claimed such complaints ignore the total amount of energy it takes to create and train an actual human.

He said it was unreasonable to focus on “how much energy it takes to train an AI model, relative to how much it costs a human to do one inference query.”

“It takes like 20 years of life and all of the food you eat during that time before you get smart,” he said. “And not only that, it took the very widespread evolution of the 100 billion people that have ever lived and learned not to get eaten by predators and learned how to figure out science and whatever, to produce you.”

Needless to say, working out these numbers is tricky. So we asked Gemini to tell us the total energy consumption needed to create all the humans today, and it came up with 10,800,000 TWh.

By comparison, according to Gemini, the total energy invested in the global AI ecosystem stands at 850 to 1,100 TWh. Which would be minimal in comparison if we ignore the fact this has all occurred since the Second World War, with the vast bulk consumed in just the last four years – and that new models are being trained all the time.

Neither does it take into account the vast corpus of material those LLMs were trained on. Material such as “science and whatever” produced by… humans. Or at least the humans that had managed not to be eaten by major predators.“

https://www.theregister.com/2026/02/23/sam_altman_ai_efficiency/

So faux-greening or actual “Hard Bullshit” from Altman sitting in his “own (un)reality bubble”.

One important thing to note that is not directly mentioned is that untill very recently “humans get re-cycled” very quickly, easily and naturally and untill fairly recently without much majorly harmful impact on the environment.

But the components of AI Data Centers and what’s inside them, they are going to be with us for thousands of years doing considerable harm to the environment

And “God forbid” some looney does put data centers in space, a recent set of “real science” results show that “burn up” on reentry really is a significant issue that might make chemicals that destroyed large areas of the protective ozone layer look tame,

https://www.sciencealert.com/lithium-plume-in-our-atmosphere-traced-back-to-returning-spacex-rocket

Hellon Rusk obviously will not care just how much environmental damage Starlink does, nor will many other 100K+ satellite plans…

They will make faux arguments about “stuff returning to ground” or similar, but that simply is going to be a fraction of the story… What harm will it all do on the way down with not least the massive amount of energy and reactive ionised atoms being released into a protective part of our environment we know so little about.

Something you can visibly see is in South East London, around the major railway out through London Bridge. The buildings have for over 100years been coated with the cinders from train wheels grinding on the tracks. Yes it’s a very small amount every day but it’s built up enough to see on buildings close to the tracks and makes the “yellow stock bricks” look really grim and grimy, with a palpable smell in the air. And yes health census data shows it effects respiratory health and autoimmunity disease rates that have a gradient out from the tracks.

blockquote>”This sounds fine in theory. In practice when you operate a political system that allows you to elect a tub-thumper as leader, then you find he will not sign a treaty where he doesn’t get everything he wants, and he does not seek codependence through increased trade.”/

I think you will find that most know that it was Winston Churchill that back in 1947 made a comment about the fact that democracy had it’s failings…

But as We can see from his words recorded in the records (Hanssard),

“Many forms of Government have been tried, and will be tried in this world of sin and woe. No one pretends that democracy is perfect or all-wise. Indeed, it has been said that democracy is the worst form of Government except all those other forms that have been tried from time to time; but there is the broad feeling in our country that the people should rule, continuously rule, and that public opinion, expressed by all constitutional means, should shape, guide, and control the actions of Ministers who are their servants and not their masters.”

In fact it goes back to Plato who sort of took the opposite view with,

“But the government of the multitude is weak in all respects and able to do nothing great, either good or bad, when compared with the other forms of government, because in this the powers of government are distributed in small shares among many men; therefore of all these governments when they are lawful, this is the worst, and when they are all lawless it is the best; and if they are all without restraint, life is most desirable in a democracy, but if they are orderly, that is the worst to live in”

You get the feeling –if the translator got it right– Plato’s view from “The Statesman” was “government of the multitude” was not so much the people or legislators but what we would now call the “civil servants” that exist in between.

In modern parlance he is basically saying it is best when civil servants are in effect “corrupt”…

But as I’ve repeatedly said over the years two things are required of any democracy, and a third for the process of electing them,

1, Every law for the governance of the populous including that of murder should have a sunset clause.
2, All new laws or revised laws should have a cooling off period.

And the one area of law that should be not revisable by politicians is,

3, Money and other malign or self interested influence should be kept out of politics.

It is this third law where the US political system fails badly as it enables politicians to be bought and sold by the highest bidder, which automatically leads to corrupt behaviour (after a little thought you will see why it cannot be otherwise). Also why Ralph Nader famously noted,

“The only difference between the Republican and Democratic parties is the velocities with which their knees hit the floor when corporations knock on their door. That’s the only difference.”

And there is the problem, it’s a two party system operated by those who are “on the take” thus “corrupt” effectively every single one of them…

But as I’ve pointed out in the past in the UK we have an expression of “purple politics” meaning that it’s what you get when the basic morals of politicians are corrupt and they behave as though they are “on beast with mood swings”.

In the past a dog that continues to behave that way would be seen as of no use only harm, thus “taken out the back and shot”.

But as any psychiatrist will tell you the dog is mostly responding to it’s owner, thus the US people should look at themselves and ask how

To the point it is little more than a “chimps tea party” where the chimps” are in effect,

“Selected in a beauty pageant that rewards the worst of behaviours”.

In the UK we can in theory get rid of a politician at any time and likewise a party can fall at any time and be replaced.

https://en.wikipedia.org/wiki/Recall_of_MPs_Act_2015

Tend to make the process “ineffective” and dependent on “His Majesty’s Courts and Tribunals” behaviour that is often viewed as very partisan by many of the public. Hence you hear claims of “two tier justice” and similar being made.

As far as I’m aware the most senior UK politician so far that it should have been used against was Boris Johnson (born in US and technically guilty of tax evasion there). Who was found guilty of Perjury and later Contempt of Parliament. He evaded recall by resigning as an MP.

As for the current US most senior politician, I suspect it would be difficult to find anyone who is a “reasonably informed adult” who does not know he is both a criminal and corrupt, and causing significant “National Security” violations and now significantly harming the ordinary people of the US in as many ways as possible. But they are apparently “stuck with him” potentially for an unspecified period of time.

https://news.yahoo.com/news/articles/chinas-mysterious-shenlong-space-plane-190000208.html

‘China’s reusable space plane is circling Earth once again.

The Shenlong (“Divine Dragon”) spacecraft launched from Jiuquan Satellite Launch Center in the Gobi Desert on Feb. 6, kicking off the robotic vehicle’s fourth-ever orbital mission.

The Chinese government has revealed few details about Shenlong, whose three previous flights to low Earth orbit (LEO) launched in September 2020, May 2023 and September 2024 and lasted two days, 276 days and 266 days, respectively.

The official line is vague and anodyne: Shenlong helps test technologies that “will pave the way for more convenient and affordable round-trip methods for the peaceful use of space in the future.”

That use case is similar to the one the U.S. military gives for its autonomous X-37B space plane, which Shenlong is thought to broadly resemble. And secrecy is a shared trait: Most X-37B payloads and activities are classified.

Much of this same reasoning holds for Shenlong. It’s thought to be roughly the same size as the X-37B, for example, so we shouldn’t worry about it raining bombs on Earth. However, unlike the X-37B, Shenlong has rendezvoused with other objects in space.’

See as well on subject: https://en.wikipedia.org/wiki/Buran_(spacecraft)

It must take a certain hubris to carry about on one’s person execution videos, and plans for IEDs. But there has to be a special class of stupid to carry them on one’s person while going through Customs and Immigration.

https://www.afp.gov.au/news-centre/media-release/nz-man-charged-perth-allegedly-possessing-violent-extremist-material

Self regulation. Tell us if you have committed a crime and if it is a crime or not.

Thames Water was dumping far more raw sewerage into waterways than anyone realised. The UK environmental protection agency allowed water companies to regulate to their own standards.

‘https://www.newstatesman.com/politics/uk-politics/2026/02/revealed-thames-waters-environmental-and-financial-disaster

Thames Water continues to dump raw sewerage into waterways despite largest fine in history.
https://www.theguardian.com/business/2025/dec/02/people-living-along-polluted-thames-file-legal-complaint-force-water-firm-act

How the Australian hedge fund Macquarie sent Thames Water bankrupt…
https://michaelwest.com.au/macquarie-bank-privatisation-and-the-collapse-of-thames-water/

The dumping of raw sewerage introduced parasites and deadly pathogens into waterways.

The exposure to water contaminated by sewerage at beaches and rivers can be fatal. Hundreds of people have become ill from the effects of harmful viruses like E.coli and Hepatitis.

Some UK rivers are ecologically dead due to the discharges. Following fines and promises by water companies to take action in 2023, sewerage discharges increased by 50% into rivers.

‘https://www.reuters.com/investigates/special-report/britain-water-sewage/

Water companies used tactics like those used by the tobacco and fossil fuel industry to downplay or shift blame. They blamed dogs at beaches and pointed the finger at farmers.
https://www.nature.com/articles/s44221-024-00370-y

Who ever imagined that inspections might be required for fully automated, privatised water treatment facilities?

UK government to resume water inspections following damning review…

UK water is a good lesson in the integrity of systems. A nation abundant in waterways, which were once teeming with life, is now teeming with antibiotic resistant pathogens and large quantities of raw sewerage. The Thames has been returned to a state that first led to wastewater and sewerage systems being built, filthy and toxic.

England and Wales are the only countries with fully privatised water. To maximize profits, government set the conditions to allow water companies to regulate themselves. Inspections of wastewater and sewerage treatment facilities were replaced with a system where the water companies could report spills. The water companies fully automated many of these aging facilities. When the systems broke down and became backed up with raw sewerage, maintenance teams had no choice but to dump the backlog straight into waterways, without all of that waste undergoing any treatment. The water companies did not report these spills, leading to many people becoming ill.

Ofwat, is the body responsible for economic regulation of the privatised water and sewerage industry in England and Wales. The Environment Agency is responsible for environmental regulation, and the Drinking Water Inspectorate for regulating drinking water.

As inspections were said to be no longer needed, staff were told that cars would no longer be leased. All inspection and regulatory duties would be carried out from the desk, with no on-site inspections of wastewater and sewerage treatment facilities to take place at all. This allowed water companies to dump sewerage into waterways at least 1000 times a day. Staff were threatened with disciplinary action for speaking out publicly.

Despite 2 billion litres of sewerage being dumped into the Thames in just two days, the environment minister at the time claimed that recorded incidents of spills were at an all time low. The water regulator had been told to stop logging such incidents, which allowed water companies to rake in record profits. The current government supports ongoing privatisation and says it is not the problem.

The billions that financial groups claimed to invest in water companies were designed to increase profit (recycle excrement). Automated management systems were slapped onto waterworks equipment ad-hoc. Water companies made record profits by getting rid of treatment facility personnel and rarely upgrading wastewater infrastructure or equipment in treatment facilities. Hedge funds like Macquarie made profits by shifting debt to water companies and selling the company offices then leasing them back. Executives earned millions by keeping costs low and not reporting spills.

The government informed campaigners that cleaning up rivers is not a financially viable option.

Macquarie, which earns a majority stake in Southern Water, has now bailed it out – after similar restructuring measures (sending Southern Water to the wall) which led to Thames Water’s problems. Thames Water has asked the UK government for a fifteen year exemption from ALL environmental regulation.

https://www.theguardian.com/environment/2026/jan/23/privatisation-not-the-problem-for-englands-water-says-author-of-review

Water regulator scrapped after environmental outcomes and water quality worsen.
https://inews.co.uk/news/failing-water-regulator-ofwat-scrapped-spike-worst-sewage-spills-3814073

AI is not just a targeted or population wide surveillance threat, less well known it de-anonymizes very effectively on very little information than previously thought even in ICTsec circles.

Worse research out of sight by the usual suspects like Peter Thiel’s Palantir or similar data brokers with ambitions to be more than just acquirers and sellers of peoples PII, along with several VC backed surveillance system developers is progressing apace.

In public little is generally known about the de-anonymization aspect of Current LLM and ML Systems as research is still very limited even with the pushing of AI into “Weapon of Domination” territory.

https://simonlermen.substack.com/p/large-scale-online-deanonymization

Hopefully more people will take it onboard, before “undesirables” start making use of it.

DitchCorporateGovernmentAppleAndroidAndUseARealLinux • February 26, 2026 1:01 PM

https://reclaimthenet.org/apple-rolls-out-age-verification-to-uk-iphone-users-under-online-safety-act

Serious threat to UK iPhone users, Apple appears to be happily obeying a UK government demand to insert malware in to the operating system. Ok, so this malware doesn’t actively spy on them, upload their secrets to a cloud server, or that kind of thing… But it does obstruct them from using features of their own pieces of private property unless they can satisfy a system which says, in a round about way, that the government has granted them permission to use their own device. Again, permission in the rounda-bout way isn’t meaning an actual ID check against any of Keir Stasi’s government’s servers, but never in a civilised society has anyone needed to prove that they are of a certain age (in whatever manner would satisfy Apple) before having the right to install software on their own devices. Don’t run Apple, people! and Don’t run Android! where Google wants to block all software installs unless the developer has been ID verified and ban sideloading. Cory Doctorow’s war on general purpose computing is happening right now in the land that once birthed magna carta.

https://www.theregister.com/2026/02/24/google_android_developer_verification_plan/

And an open letter against Google’s Android anti-sideloading plans.

Chinese open source QC. A radio news broadast suggested that online users could now interact with the actual qubits. The press release is not so clear.

‘https://www.pressreader.com/china/global-times/20260226/281552297335664

This appears to be a separate development from the previosly announced

https://thequantuminsider.com/2025/10/14/china-opens-its-superconducting-quantum-computer-for-commercial-use/

From time to time I talk about the “Observer problem” that hidden or covert channels in all information transmission systems create.

One type of hiding information is simple encryption which has recently been used to prove that guide-rails on AI systems inputs and outputs will always be defeatable.

“A radio news broadcast suggested that online users could now interact with the actual qubits.”

Reminded me to mention something I’ve been “mulling over” for a few days,

Encrypting quantum information enables unlimited copies

“One of the many quirks of quantum mechanics is that unknown quantum states can’t be copied, which presents major challenges for both quantum computing and quantum communications. Now, researchers have shown they can bypass this restriction by encrypting qubits as they clone them, which could provide powerful new capabilities, including a quantum equivalent of cloud storage.“

Not immediately obvious is the effect this will have on “Quantum Key Distribution”(QKD) the only form of physical law “Theoretically Secure Communications” which relies on the fact that you “cannot copy the quantum state” of a photon as it’s only security measure.

“The researchers say the approach means it is now possible to add redundancy to quantum information systems.”

But they do not say if the duplication is horizontally or vertically. If vertically it may be possible to use it to increase the range of QKD systems. Which the article indirectly hints at with,

blockquote>“It could also make quantum communication and sensing more robust by transmitting signals as a stream of encrypted qubits rather than a single qubit that can be easily disrupted.”

There are a bunch of serious vulnerabilities found in various devices and platforms recently. Cisco Catalyst SD-WAN Controller and Cisco Catalyst SD-WAN Manager among them.

Faulty peering authentication for Cisco Catalyst SD-WAN allows creation of a rogue device with control over network management and control planes. The critical vulnerability has been exploited since at least 2023 and allows root access on unpatched systems.

https://blog.talosintelligence.com/uat-8616-sd-wan/

The Australian Signals Directorate has a guide for detection and mitigation.

‘https://www.cyber.gov.au/sites/default/files/2026-02/ACSC-led%20Cisco%20SD-WAN%20Hunt%20Guide.pdf

A PRC threat group had long-term access to telecommunications and government organisations across the globe. UNC2814 likely used this access to collect information about individuals and their communications. It appears The group ran the operation since at least 2018 in many countries.

UNC2814 used Google Sheets as a communication channel to operate a backdoor named GRIDTIDE.

‘https://www.theregister.com/2026/02/25/google_and_friends_disrupt_unc2814/

As well as illicit funds, agents require property as a base of operations.

‘https://www.telegraph.co.uk/world-news/2026/02/23/russian-spies-buy-homes-close-military-sites-europe-kremlin/

While once Russia used large amounts off illicit cash, today it can also use e-cash.
Sometimes catching a petty criminal can lead to the uncovering of multiple networks.
https://www.reuters.com/investigates/special-report/europe-espionage-teen-spy/

Economic espionage, in the context of Anti-Money Laundering (AML), refers to the unlawful and clandestine acquisition or theft of sensitive economic intelligence—such as trade secrets, intellectual property, proprietary financial information, or critical technologies—that could provide an unfair economic advantage to foreign entities or state actors. Unlike conventional financial crimes targeted by AML, economic espionage is typically state-sponsored or coordinated and seeks to influence or obtain economic, trade, or policy information through covert means.

Espionage is often financed through crime. That money needs to be laundered.
https://therecord.media/operation-destabilise-money-laundering-investigation-uk-nca

Fill in the blank: the name of this blog is Schneier on ___________ (required):

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Δ

I am a public-interest technologist, working at the intersection of security, technology, and people. I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998. I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc. This personal website expresses the opinions of none of those organizations.