Category Archives: Security

Security

The Fall of Assad: Transformation of Damascus Ahead

Leave a comment

Moscow lost Syria this week, both the physical and information space simultaneously. The immediate collapse of Russian influence following Ahmad al-Sharaa’s takeover of Damascus represents more than just another Middle Eastern power shift. It marks the most significant realignment of regional security architecture since the Iranian Revolution. And the real story isn’t about Russia’s flatulence and defeat. It’s about what happens when an extremist promises transitions to state governance in the age of digital warfare. The new leader of Syria may have bona fides in operational success that only now are being scrutinized externally.

The transformation playing out in Damascus defies conventional analysis, but rather begs decolonization frameworks and indigenous revolutionary leadership. Al-Sharaa’s rapid forces now control not just territory, but complex systems: banking networks, power grids, government databases, and suspected chemical weapons sites. Each system represents both a governance challenge and a security vulnerability. The next six months will determine whether Syria becomes a case study in successful transition or a cautionary tale about usual dangers in abrupt militant regime change.

Understanding the risks requires examining al-Sharaa’s particular path from birth to power. His journey from Golan Heights parents to Intifada to Camp Bucca detainee to Damascus’s new leader tracks an evolution in militant operations that security professionals should not underestimate. While attention focused on his break from ISIS and later al-Qaeda, al-Sharaa was building something unprecedented: a hybrid governance model that combines tight operational security with sophisticated digital administration with domestic roots.

This transition stands in stark contrast to the 1991 collapse of Siad Barre’s regime in Somalia, where Paul Manafort’s lobbying efforts helped maintain a façade of stability while the actual state apparatus hollowed out completely. When Barre fell, there was nothing left to govern with. The US hawks create the fairy tale model of governance — hard shell candy power vacuum with nothing inside — that makes state collapse inevitable.

We see now how Russian limited capacity, incompetence and Iranian distraction produced an opposite effect, unintentionally. They drifted so far from a focus on Assad’s dependence on them to maintain dictatorial control, they missed the shadow state rising under their noses. Where Somalia descended into chaos under American policy to ensure no alternative political structure could exist, Syria’s transition threatens to succeed precisely because a more capable indigenous parallel system arose ready to take over. Al-Sharaa’s forces weren’t in competition with Assad as much as they were systematically competing with themselves to become the best replacement.

The Idlib experiment proved crucial. Running a province of 4 million people required more than just maintaining order – it demanded managing complex bureaucratic systems, coordinating with international aid organizations, and building functional administrative structures. Al-Sharaa’s forces didn’t just occupy Idlib; they learned to govern it more effectively than the dictatorship claiming to run the country. This matters because Damascus presents the same challenges at a vastly larger scale.

But Idlib also reveals the limits of current analysis. Security services tracked weapon shipments and troop movements but apparently missed a systematic development of large governance capabilities. Al-Sharaa was building state apparatus functions far beyond exercise of military might. A rapid integration of existing Damascus bureaucracy into his administration suggests stepping into state operations wasn’t improvised – it was planned.

The digital dimension proves particularly telling. Al-Sharaa’s information operations show a sophisticated understanding of functional modern state power. The progression from his tight operational security to a professional media presence wasn’t just about public relations, it was about developing capabilities needed to run a state through control of open communications. His forces now control Syria’s entire digital infrastructure. The security implications are profound.

Russia’s position also deserves more specific mention, as it may unravel the billionaire-club bluster of Putin’s henchmen. The loss of Tartus naval base and Khmeimim air base critically impacts Moscow’s power projection capabilities. And the deeper loss is strategic: Russia no longer can credibly claim to protect client states through interventions or aid. At best Putin cruelly and selfishly transfers foreign state coffers into $40 million Moscow apartments while undermining stability of the political climate, like a colonial vampire extraction model of short-term high-cost mercenaries and management consultants. With forces committed in Ukraine and economic resources strained, Putin lacks both capability and credibility to reverse any setbacks. This creates a power vacuum that regional actors are already moving to fill. Putin clearly has been at a loss for words about Assad’s fall, revealing how unprepared Russia is, in a catastrophic narrative failure.

Iran’s position also is notable as it seems particularly precarious. The loss of air cover for operations and exposed supply routes to Hamas or Hezbollah fundamentally alters Tehran’s strategic calculus. And the real vulnerability lies in cyber security. Years of integrated operations with Syrian intelligence services have left digital footprints that could prove catastrophic: everything from covert operation details to financial transfers to agent networks suddenly are at risk of exposure.

The regional dynamics are shifting further. Turkey of course has to be factored as it gains influence through existing support relationships with al-Sharaa’s network. Saudi Arabia sees opportunities with a Riyadh-born leader. Israel faces a more complex but potentially more pragmatic northern front. I’ve had Lebanese military recently tell me they applauded Israel’s newest intervention, which may gel with this Syrian leadership. Jordan’s buffer role takes on new significance. But this isn’t about traditional power relationships –- it’s about who can offer technical expertise that Damascus desperately needs to shift into operational mode.

The immediate challenges reveal the true sophistication of Al-Sharaa’s operation. The transfer of power isn’t just about changing office nameplates – it’s about maintaining control of Syria’s non-trivial nervous system. His forces must simultaneously:

  • Maintain authentication chains across government systems while preventing both data loss and unauthorized access
  • Keep critical infrastructure running (power, telecommunications, financial networks) while switching control structures
  • Prevent hostile actors from exploiting transition vulnerabilities in everything from traffic control to water treatment systems
  • Secure state surveillance apparatus without losing its intelligence value; not just seizing but rapidly reversing targeting priorities while maintaining technical capabilities
  • Manage access control systems that touch everything from ministry buildings to weapons stockpiles

What makes this fascinating from a security perspective is how Al-Sharaa’s forces appear to have mapped these systems during their Idlib operations. When Damascus fell, they didn’t just have a military plan – they had a technical transition playbook. This isn’t the usual revolutionary scramble to figure out how to run a country after taking power. They’re executing a prepared technical transition plan that treats information systems as primary terrain, not afterthoughts.

Al-Sharaa must establish safety in critical infrastructure, prevent sectarian violence, and build legitimate institutions to reduce operational waste. The longer-term challenge becomes more fundamental: can institutions he’s building outlive his leadership or prevent a roll-back into extremism? The answer depends less on traditional metrics of state power and more on the resilience of administrative systems being built now.

The cybersecurity implications create a fascinating race condition. Every hour these systems remain in transition creates new vulnerability vectors. Al-Sharaa’s forces are essentially performing a high-stakes system migration while keeping the state running.

Looking ahead, as well as back 100 years, several indicators will prove crucial. The treatment of Damascus minorities will signal institutional strength. Economic policy choices will reveal governance capacity. Regional diplomatic initiatives will show strategic sophistication. But the most telling indicator will be the evolution of the security apparatus, particularly its information technology capabilities.

The next six months will reveal whether we’re watching the emergence of a new model for state transformation or the prelude to another failed transition. The key isn’t whether al-Sharaa has changed, but rather whether the institutions being built can sustain positive change beyond his leadership as a legacy instead of a dependence on him. More critically, we must watch for Syria to build resilient systems in a region where institutional weakness has been a norm (Israel and the U.S. moving fast right now to take advantage of the weakness, bombing ISIS).

The implications extend far beyond Syria’s borders. This transition represents the first time a militant group seized control of the large digital infrastructure of a modern state. How they handle this challenge will shape regional security architecture for years to come, whether the model of revolutionary change can be replicated elsewhere. The lesson for security professionals is clear: in the modern state system, technology governance capabilities matter today perhaps as much as military ones.

The power vacuum that a feeble and speechless Russia leaves behind will be filled. Whether it will see functioning institutions rise or failing ones fall, depends less on traditional power and more on modern operational sophistication that Al-Sharaa quietly cultivated and just unleashed. His forces mastered military tactics, yes, and more importantly they developed deep technical capabilities to run complex systems efficiently to replace the inefficient and brutal elements before them. They just made Hezbullah and Hamas look like rank amateur barbarians.

Like the Toyota War in Chad that saw top-down Libyan armored divisions defeated by open-top unarmored technicals, Syria’s transformation hints at a fundamental shift in how to understand emerging security transitions. Where Chad’s forces used Toyota’s mobility to outmaneuver Soviet-made armor, Al-Sharaa’s operation leveraged technical sophistication and digital infrastructure to vastly outmaneuver traditional state power structures propped up by Russia.

The tools have evolved –- from reliable trucks to reliable networks –- but the lesson remains, that through operational efficiency and adaptability a raw big power may rapidly collapse.

This isn’t just another client state collapse like Somalia, where American policy deliberately created a hard candy shell around nothing. Instead, it represents something new: a technically sophisticated parallel state structure emerging precisely because dominant powers were too busy competing elsewhere to remain competitive. Where Manafort had been laser-focused on profits from hollowing out Somalia’s institutions while maintaining an American façade of aid, the Manaforts of Russia and Iran were distracted enough for alternative institutions to develop under their watch. The tools that enabled this transition, whether talking about authentication chains or surveillance systems, follow a simple principle: agile local forces with deep technical competence can outmaneuver big brand high-stakes competitive power structures that mistake gold faucets and shaved faces for capability.

The Syrian Wizard of Oz just had his curtain pulled, fleeing like a Snowden to early retirement in Moscow. But unlike the kind of unstable vacuum that American policy hawks created in Afghanistan, Somalia and Iraq… Syria formed an emergent shadow state ready to step into the light.

Revolutionary Formulation

    1982: Ahmad al-Sharaa born in Riyadh to Syrian parents from Golan Heights
    1989: Moves to Damascus’s middle-class Mezzeh district
    2000: Radicalizes during Second Palestinian Intifada
    2003: Enters Iraq, joins al-Qaeda under Zarqawi
    2005-2008: US detention creates crucial network (shared Camp Bucca time with future ISIS leadership)

Civil War Years

    2011: Ahmad al-Sharaa returns to Syria with 6 men and $50,000 monthly from Baghdadi
    2013: Strategic split from ISIS, maintains al-Qaeda ties
    2016: Breaks from al-Qaeda, rebrands as HTS
    2019-2023: Governs Idlib (4M population)
    2024: Takes Damascus, uses real name for first time

Al-Sharaa’s forces succeeded because they understood modern state power operates simultaneously across all these domains:

  • Technical infrastructure
  • Military capability
  • Institutional relationships
  • Information space

It turns out the transition happened so quickly because it was such a long time in development. Once the technical-administrative capacity was proven in Idlib, the other pieces could fall rapidly because the groundwork was laid. The opposition wasn’t just militarily effective or diplomatically savvy, they had built a complete alternative state structure that could immediately step into the void.

This isn’t an insurgent getting lucky for twenty years, either. It’s a template for how technical competence can overcome conventional military and political advantages in the digital age. The point isn’t whether this model will influence future state transformations, but where it will emerge next. The next revolution won’t just be digitized –- it may be optimized.

History, Poetry, Security

The BlueSky FirEhose: Surveillance Vulnerability as Performance Art

4 Comments

A little bit ago, I warned of insecure architecture risks in BluEsky, which facilitate surveillance. On the other hand (as some have commented to me privately) there has been a ballooning number of “artists” visualizing what they can see with a federated protocol that offers “efficiency” for surveillance.

One of the core primitives of the AT Protocol that underlies Bluesky is the firehose. It is an authenticated stream of events used to efficiently sync user updates (posts, likes, follows, handle changes, etc).

Many applications people will want to build on top of atproto and Bluesky will start with the firehose, from feed generators to labelers, to bots and search engines.

In the atproto ecosystem, there are many different endpoints that serve firehose APIs. Each PDS serves a stream of all of the activity on the repos it is responsible for. From there, relays aggregate the streams of any PDS who requests it into a single unified stream.

This makes the job of downstream consumers much easier, as you can get all the data from a single location. The main relay for Bluesky is bsky.network, which we use in the examples below.

Their example code has given birth to a number of “artistic” endeavors. Here are but a few.

EmoJirain (I know, it’s supposed to say emoji, but who doesn’t see this as emo?)

A script surveills Bluesky to dump out all the emoticons

RainBowsky (I know, it’s supposed to say rainbow, but the Russian in me sees bowsky):

A script surveills BlueSky to draw a stripe every time it finds a color

InTothEbluEsky:

A script surveills Bluesky and prints messages vertically

FirEhose3D:

A script surveills Bluesky and prints text into a rotating box

NightSky:

A script, which obviously should have been named Blacksky, surveills Bluesky and prints conversations as dynamic white dots

Need I go on?

FinalWords prints all the text being deleted so there’s a record of things people want to make disappear, 3D Connections is a graph of everyone’s associations, Emotions is a live display of sentiment online…

Whee! Surveillance features can be repackaged as creative tools.

These “artistic” visualizations aren’t just pretty pictures, they offer live demonstrations of mass surveillance capabilities:

  • EmoJirain and BluEskyEmo show real-time monitoring and classification of user emotional expression
  • RainBowsky and InTothEbluEsky prove continuous scanning and pattern matching of all user content
  • FirEhose3D and NightSky demonstrate real-time tracking of user activity and interaction patterns
  • 3D Connections maps personal relationships and social networks across the entire platform
  • FinalWords archives deleted content that users specifically wanted removed
  • Emotions conducts mass-scale sentiment analysis of the entire user base

Each tool leverages the same centralized firehose of user data, just with a different veneer painted over surveillance capabilities.

While today we see emoji rain, tomorrow the same firehose could be used for… behavior pattern analysis and user profiling, network mapping of user relationships and communities, content monitoring for any topic of interest, real-time tracking of information spread, mass collection of user metadata (post times, devices, engagement patterns)… oh, hold on, that’s already happening.

The artistic expressions are processing the entire firehose of user activity, and who knows where they are physically, with a “friendlier” output than the operators of the infamous room 641a of San Francisco.

Thus the firehose feature fundamentally creates a broad attack surface by design and we are seeing it deployed. Bluesky, or is it BlueSky, …FireHose or FirEhose? Either way we’re literally talking about intentional access to all user activities. The architectural choice to create a centralized “firehose” of all user activity fundamentally undermines claims of decentralization.

Who ordered the complete visibility into centralized user behavior at scale?

Well, as they say in the docs, “relays aggregate the streams…into a single unified streambecause why?

rsc := &events.RepoStreamCallbacks{
  RepoCommit: func(evt *atproto.SyncSubscribeRepos_Commit) error {
    fmt.Println("Event from ", evt.Repo)
    for _, op := range evt.Ops {
      fmt.Printf(" - %s record %s\n", op.Action, op.Path)
    }
    return nil
  },
}

I’ll say it again.

Why?

The simplicity of the BluEsky example code isn’t just poor documentation about the risks, it clearly reflects an architecture decision to increase “efficiencyagainst privacy protection.

Look mom, just three lines of code is all it takes for you to tap into every user action across the platform!

While the example code shows how to technically connect to a centralized stream, it more importantly raises obvious critical security considerations that everyone should consider. I’m not exposing vulnerabilities in code — because that probably makes everything worse right now — but rather talking here about management decision to push “efficiency” into an architecture that begs surveillance and abuse.

  1. Volume of data
  2. Storage and processing of user activity data
  3. Authentication and rate limits
  4. Abuse of streams

The fact “art” is the motive, instead yet of targeted assassinations or mass deportations, doesn’t make BlueSky publishing code and docs for surveillance any less concerning.

This wouldn’t be the first time surveillance was dressed up in artistic clothing without explanation. In fact, the parallels to history are striking.

Recently I spoke with survivors of the East German Stasi infiltration of artistic communities (1970s-1980s). The state police saw cultural spaces such as galleries as opportunities for surveillance, especially related to cafes like Potsdam’s HEIDER.

The “avant-garde” artists actually worked as informants. This was arguably and extension of the Soviet Composers’ Union that monitored artistic expression.

Ok historians, let’s be honest here, this problem hits much closer to home than Americans like to admit. President Jackson and President Wilson were horrible abusers of surveillance, infamously using state apparatus to intercept and inspect all postal mail and all telephone calls. But we’re really talking about modern precedents like the GCHQ and NSA operation Optic Nerve 2008-2010 on Yahoo (years after I quit, please note) that sucked up a firehose of webcam images in a state-sponsored “art project”. And then the Google Arts & Culture face-matching app (2018) collected massive amounts of biometric data under the guise of matching people to classical paintings…

Wait a minute!

Optic Nerve (2008-2010) predated the ImageNet competition (2009-2017), based on unethical privacy violations by a Stanford team, that sparked the “big data” revolution we’re now swimming in.

Are we seeing history rhyme again with BlueSky’s “artistic” firehose? Surveillance keeps reinventing itself while using the same playbook.

Something smells rotten in BluEsky, and no amount of that EmoJirain is going to mask it for those who remember past abuses.

Security

DE Tesla Kills One Pedestrian

Leave a comment

Police say the pedestrian entered the Tesla’s path of travel, rather than the Tesla entered the pedestrian’s path. In either case, the Tesla is infamous for its dangerous blindness and repeatedly killing pedestrians.

On December 5, 2024, at approximately 5:31 p.m., a 2021 Tesla Model 3 was traveling westbound on Governor Printz Boulevard near Downing Drive. At the same time, a pedestrian was walking in a northern direction as she was attempting to cross Governor Printz Boulevard from the area of Downing Drive. As the pedestrian attempted to cross the roadway, she entered the Tesla’s path of travel, and was struck by the car. The location where the pedestrian was attempting to cross is not equipped with a marked crosswalk and it is dark with no streetlights in the immediate vicinity.

Security

NY Tesla Blows Intersection and Kills Two

Leave a comment

Witnesses say the brake lights never came on as the Tesla rapidly ran through an intersection and into a concrete wall, killing everyone inside.

Two people were killed in a single-car crash in Pelham Manor when a Tesla struck a wall and caught fire. It happened at the intersection of Shore and Pelhamdale roads around 9:15 a.m.. Police say the Tesla went through an intersection on Shore Road before striking a wall and catching fire.

This is very similar to many other Tesla tragedies we have seen before around the world. Design failures are suspected.

Perhaps most notable is the Cybertruck crash that just killed three students, during the last month that saw more than 20 dead from Tesla crashes.

Key Observations: Data clearly shows that both serious incidents (orange line) and fatal incidents (pink line) are increasing at a steeper rate than the fleet size growth (blue line). This is particularly evident from 2021 onwards, where: Fleet size (blue) shows a linear growth of about 1x per year. Serious incidents (orange) show an exponential growth curve, reaching nearly 5x by 2024. Fatal incidents (pink) also show a steeper-than-linear growth, though not as dramatic as serious incidents. The divergence between the blue line (fleet growth) and the incident lines (orange and pink) indicates that incidents are indeed accelerating faster than the production/deployment of new vehicles.