Cybersecurity Awareness Month - MacPaw Supports Ukraine

Written by ChrisChinchilla | Published 2022/10/14
Tech Story Tags: cybersecurity | cybersecurity-awareness | cybersecurityawarenessmonth | privacy | data-security | hackernoon-top-story | ukraine | tech-stands-with-ukraine

TLDROctober is Cybersecurity Awareness Month. Hackernoon has picked up some cybersecurity-related topics from a trip to Ukraine. This article looks at a free app that can identify applications with potential connections to Russia or Belarus.via the TL;DR App

It's Cybersecurity awareness month every October and this year I thought I'd share something relevant from my recent trip to cover IT Arena in Lviv, Ukraine.

While I was there I bumped into some of the team from MacPaw a macOS and iOS software company based in Kyiv, Ukraine.

I have met MacPaw employees many times at conferences over the years, and even once visited their wonderful offices in Kyiv where I saw their famous Mac museum and met their equally famous office cats.

They are probably best known for CleanMyMac, Gemini, and Setapp. But since the beginning of Russia’s invasion, they also created a handful of small apps designed to help personal and digital security in a time of conflict.

Inspired to write your own cybersecurity-related article? Use our writing prompt and enter the Twingate writing competition!

SpyBuster - Unmask data spies

First is SpyBuster, a free application for iOS, macOS, and Chrome-base browsers. Its main aim is to identify applications with potential connections to Russia or Belarus. This could be due to developers located there, or due to application data sent or received from those countries.

I don’t have an iPhone, so first I tried it on macOS. You download the application, open it, and wait a moment.

There are two sections in the application window: static analysis and dynamic analysis.

Static Analysis

This checks for software you have installed by looking at their binaries and resources. On launch, SpyBuster flagged Telegram and Raindrop.

It flagged Telegram for “probable ties to the Russian Federation”. Telegram and its possible connections to Russia are a subject of lengthy discussion, and personally, I have always been a little suspicious of Telegram for a whole host of other reasons.

But I continue to use it as it’s what many of my friends want to use to communicate, trusting it more than anything from Meta. it’s also very popular in Ukraine, including by people actively using it to oppose Russia, so that’s an interesting conundrum.

It also flagged Raindrop, a cross-platform bookmark manager I rely on heavily. I think I knew the developer (one person) was based in Russia, and they do seem to have dropped all mentions of this fact from the website.

However, all the application code is open source and says it only uses AWS infrastructure.

Dynamic Analysis

This checks the data flow of running applications to determine where they might be sending and receiving data to and from.

I left it running for a little while, including interacting with Raindrop and Telegram. The only traffic I saw for Raindrop went to and from the USA, and for Telegram to the UK.

I didn’t really anticipate any software I ran communicating with Russia, and I guess this confirms it.

Browser Extension

Next, I added the browser extension to Brave and thought it would be a good chance to trigger it by heading over to RT.com 😅.

That instantly caused a warning in the SpyBuster desktop application, but I continued anyway, just to see what would happen.

This instantly caused a service called “dos-guard.net” to get rather upset with me, which according to Wikipedia is based in Russia and doesn’t have a particularly positive history.

I visited their website, which SpyBuster didn’t flag if I visited the English website, but did if I visited the Russian one. I guess the company used different regional hosts for each language.

Of course in both cases, these were sites I knew were based in Russia and I don’t think I am personally that likely to access that many sites unknowingly.

Together

Taking a different approach to personal security, Together focuses on keeping track of the well-being of displaced and far-flung employees.

It's open source, self-hosted, and runs as a Slack bot that periodically asks employees where they are and how they feel.

This then allows everyone to connect with colleagues that ended up near them and provide support to those who need it.

Together requires a handful of prerequisites including:

  • A Slack workspace and the ability to add bots to it
  • A Postgres database server
  • Google Geocoding and Places API keys
  • A Mapbox public key
  • An SSO or OAuth provider

And there are optional requirements for setting up scheduled jobs and deployment.

These requirements make Together complex to set up, but help ensure the data it stores is secure, which essential for an application of this function.

Over to You

For the rest of Cybersecurity awareness month, we're inviting you to contribute your own tips and thoughts.

You can use our writing prompt, enter the Twingate writing competition, or of course, write anything else related to the topic you wish and use the "cybersecurity" or "cybersecurityawarenessmonth" tags when you do.

Written by ChrisChinchilla | Freelance technical communicator to the stars. Podcaster, video maker, writer of interactive fiction
Published by HackerNoon on 2022/10/14
ABOUTHow hackers start their afternoons. We publish tech stories and build publishing software.

READEntirely free library read by hundreds of millions to learn anything about any technology.

WRITEHackerNoon elevates quality technology writing far and wide across the interwebs.

PARTNERHackerNoon works directly with tech companies to place ads by content relevancy