Tag Archives: Could
The tiny, portable credit card readers you use to pay at farmer’s markets, bake sales, and smoothie shops are convenient for consumers and merchants alike. But while more and more transactions are passing through them, devices from four of the leading companies in the space—Square, SumUp, iZettle, and PayPal—turn out to have a variety of concerning security flaws.
Leigh-Anne Galloway and Tim Yunusov from the security firm Positive Technologies looked at seven mobile point of sale devices in all. What they found wasn’t pretty: bugs that allowed them to manipulate commands using Bluetooth or mobile apps, modify payment amounts in magstripe swipe transactions, and even gain full remote control of a point of sale device.
“The very simple question that we had was how much security can be embedded in a device that costs less than $ 50?” Galloway says. “With that in mind we started off quite small by looking at two vendors and two card readers, but it quickly grew to become a much bigger project.”
All four manufacturers are addressing the issue, and not all models were vulnerable to all of the bugs. The researchers are presenting their findings Thursday at the Black Hat security conference.
The researchers found that they could exploit bugs in Bluetooth and mobile app connectivity to the devices to intercept transactions or modify commands. The flaws could allow an attacker to disable chip-based transactions, forcing customers to use a less secure magstrip swipe, and making it easier to steal data and clone customer cards.
Alternatively, a rogue merchant could make the mPOS device appear to decline a transaction to get a user to repeat it multiple times, or to change the total of a magstripe transaction up to the $ 50,000 limit. By intercepting the traffic and clandestinely modifying the value of the payment, an attacker could get a customer to approve a normal-looking transaction that is really worth much more. In these types of frauds, customers rely on their banks and credit card issuers to insure their losses, but magstripe is a deprecated protocol, and businesses who continue to use it now hold the liability.
The researchers also reported issues with firmware validation and downgrading that could allow an attacker to install old or tainted firmware versions, further exposing the devices.
The researchers found that in the Miura M010 Reader, which Square and Paypal formerly sold as a third-party device, they could exploit connectivity flaws to gain full remote code execution and file system access in the reader. Galloway notes that a third-party attacker might particularly want to use this control to change the mode of a PIN pad from encrypted to plaintext, known as “command mode,” to observe and collect customer PIN numbers.
The researchers evaluated accounts and devices used in the US and European regions, since they’re configured differently in each place. And while all of the terminals the researchers tested contained at least some vulnerabilities, the worst of it was limited to just a few of them.
“The Miura M010 Reader is a third-party credit card chip reader that we initially offered as a stopgap and today is used by only a few hundred Square sellers. As soon as we became aware of a vulnerability affecting the Miura Reader, we accelerated existing plans to drop support for the M010 Reader,” a Square spokesperson told WIRED. “Today it is no longer possible to use the Miura Reader on the Square ecosystem.”
“SumUp can confirm that there has never been any fraud attempted through its terminals using the magnetic stripe-based method outlined in this report,” said a SumUp spokesperson. “All the same, as soon as the researchers contacted us, our team successfully removed any possibility of such an attempt at fraud in the future.”
“We recognize the important role that researchers and our user community play in helping to keep PayPal secure,” a spokesperson said in a statement. “PayPal’s systems were not impacted and our teams have remediated the issues.”
iZettle did not return a request from WIRED for comment, but the researchers say that the company is remediating its bugs as well.
Galloway and Yunusov were happy with the proactive response from vendors. They hope, though, that their findings will raise awareness about the broader issue of making security a development priority for low cost embedded devices.
“The kind of issues we see with this market base you can see applying more broadly to IoT,” Galloway says. “With something like a card reader you would have an expectation of a certain level of security as a consumer or a business owner. But many of these companies haven’t been around for that long and the products themselves aren’t very mature. Security isn’t necessarily going to be embedded into the development process.”
More Great WIRED Stories
In an otherwise dour outlook on the world’s chances of recovering from climate change, the International Energy Agency director named one bright prospect that arrived this year bearing President Trump’s signature.
IEA Executive Director Fatih Birol said the world is unlikely to achieve its Paris Agreement obligations without “major, huge technological breakthroughs,” but the 2018 federal budget could spur a breakthrough in carbon capture and sequestration.
“There is one political move recently that I should say, I welcome this strongly,” Birol said, fingering changes to the Section 45Q tax credit for carbon sequestration.
Carbon capture and sequestration was long the object of bipartisan neglect because Democrats didn’t want to extend the life of fossil fuels and Republicans didn’t want t0 admit to anthropogenic climate change. That began to change as the effects of climate change grew more palpable, and the chances dimmed of mitigating it without capturing carbon emissions.
So a bipartisan group of senators led by by Heidi Heitkamp (D-ND), John Barrasso (R-WY), Sheldon Whitehouse (D-RI) and Shelley Moore Capito (R-WV) worked to strengthen a carbon capture tax credit that already existed in U.S. law. The old credit offered a $ 10 per ton credit for CO2 used for enhanced oil recovery and $ 20 for other permanent forms of sequestration.
The oil and gas industry backed efforts to boost the credit because drillers can pump CO2 into wells to force out oil and gas, then seal the wells, leaving the CO2 underground and benefiting from the tax credit.
The Senators’ effort was incorporated in the Bipartisan Budget Act of 2018, which passed in the early morning of Feb. 9 after a nine-hour government shutdown and was signed by Trump later that day. The new law scales the tax credit as high as $ 35 for enhanced oil recovery and $ 50 for other forms of sequestration.
CCS is crucial to climate efforts, Birol said, because fossil fuels are not going away. Even though renewables have become cheaper and are being deployed at increasing rates, the percentage of energy that comes from fossil fuels is about the same as it was 30 years ago, he said–81 percent.
“There is one technology that can bring this fact together with the climate cause, and that is CCS,” Birol said. Investment into carbon capture has so far languished, representing only 0.1 percent of clean-energy investments.
“This is the reason I think this new tax credit in the U.S. may be the driver for it.”
OSLO (Reuters) – An electrified road in Sweden that is the first in the world to charge vehicles as they drive along is showing promise and could potentially help cut the high cost of electric cars, project backers Vattenfall [VATN.UL] and Elways told Reuters.
The state-funded project, named eRoadArlanda and costing about 50 million crowns ($ 5.82 million), uses a modified electric truck that moves cargo from Stockholm’s Arlanda airport to Postnord’s nearby logistics hub to test the technology.
A electrified rail embedded in the tarmac of the 2-km-long (1.24 miles) road charges the truck automatically as it travels above it. A movable arm attached to the truck detects the rail’s location in the road, and charging stops when the vehicle is overtaking or coming to a halt.
The system also calculates the vehicle’s energy consumption, which enables electricity costs to be debited per vehicle and user.
Elways’ chief executive Gunnar Asplund said the charging while driving would mean electric cars no longer need big batteries — which can be half the cost of an electric car — to ensure they have enough power to travel a useful distance.
“The technology offers infinite range — range anxiety disappears” he said. “Electrified roads will allow smaller batteries and can make electric cars even cheaper than fossil fuel ones.”
Asplund said the Swedish state, which is funding the project, was happy with the results so far, with the only issue — now resolved — having been dirt accumulating on the rail.
Elways has patented the electric rail technology and is part of a Swedish consortium backing the eRoadArlanda project that also includes infrastructure company NCC and utility Vattenfall, which provides power from the national grid to the rail.
“Such roads will allow (electric vehicles) to move long distances without big, costly and heavy batteries,” said Markus Fischer, a Vattenfall spokesman, adding that installing the arm in new cars would be cheaper than retrofitting current models.
Vattenfall said in a statement electrified roads could reduce carbon dioxide emissions from lorries, which account for about 25 percent of total road traffic emissions.
“The investment cost per kilometer is estimated to be less than that of using overhead lines, as is the impact on the landscape,” it added.
Testing at eRoadArlanda started in April and will last at least 12 months so that the electric truck can use it under different weather conditions.
Editing by Catherine Evans
Amazon has increased the price on Prime subscriptions. But that isn’t stopping some folks from finding ways around that price bump.
Over at Gizmodo’s deals site Kinja, writer Shep McAllister has come up with a novel way to sidestep Amazon’s $ 20 Prime subscription increase. He suggested you buy an Amazon Prime gift subscription now for the price of $ 99. When it’s time to renew your Prime subscription, simply redeem the gift card and take advantage of the lower price. That said, you’ll need to cancel your subscription ahead of the renewal so you can take advantage of the deal.
Amazon announced on Thursday that it would increase the price of its Amazon Prime subscription from $ 99 per year to $ 119 per year. The change goes into effect on May 11 for new customers and June 16 for those who already subscribe to Amazon Prime. If your subscription is set to auto-renew before June 16, you’ll be able to take advantage of the $ 99 pricing for one more year. If, however, your auto-renewal date is set to after June 16, you’ll need to drop $ 119.
Get Data Sheet, Fortune’s technology newsletter
The workaround McAllister has pitched was used with success the last time Amazon increased its Prime pricing, he said. But it’s unknown whether the company will allow you to take advantage of this loophole this time around or change policies so you can’t use the gift card trick. If it does work, be aware that next year when it’s time to renew your subscription, you’ll be subject to the $ 119.
Fortune has reached out to Amazon to find out whether the gift card trick will be allowed. We’ll update this story when we learn more.
Have you used a friend’s laptop to charge your iPhone and gotten a prompt that says, “Trust This Computer?” Say yes, and the computer will be able to access your phone settings and data while they’re connected. And while it doesn’t feel like your answer really matters—your phone will charge either way—researchers from Symantec warn that this seemingly minor decision has much higher stakes than you’d think.
In fact, the Symantec team has found that hacks exploiting that misplaced “Trust” comprise a whole class of iOS attacks they call “trustjacking.” Once a user authorizes a device, they open themselves to serious and persistent attacks while their phone is connected to the same Wi-Fi network as a hacker, or even remote attacks when the devices are separated.
Adi Sharabani, Symantec’s senior vice president of modern operating system security, and Roy Iarchy, the modern operating system research team leader, will make that case Wednesday, in a presentation at the RSA security conference in San Francisco.
“Once this trust is established, everything is possible,” Sharabani told WIRED last week. “It introduces a new vector of attack.”
Sharabani and Iarchy’s presentation focuses largely on a feature known as iTunes Wi-Fi Sync, the tool that lets iOS devices sync with desktop iTunes over Wi-Fi. For this process you physically connect a mobile device to a computer once, indicate that the iOS device can trust the computer going forward, and then enable iTunes Wi-Fi Sync from the PC. After that the two devices can sync and communicate whenever they are on the same Wi-Fi network without any further approval from the iPhone or iPad.
It’s a reasonable and useful feature when used as intended. But an attacker could also plant a malicious computer—perhaps one shaped like a charging station or external battery—and trick people into connecting their devices and granting trust out of confusion or disinterest.
Once a trusted Wi-Fi Sync connection is established, attackers can not only do basic syncing, but also take advantage of controls meant for developers to manipulate the victim iOS device. A hacker could work quickly to install malware on the phone, or initiate a backup to gather data like a victim’s photos, app information, and SMS/iMessage chats. Attackers with trust privileges could also start watching a target device’s screen in real-time by initiating screenshots on the phone and then syncing them to the attack computer. Or they could play a long game, silently retaining their trusted status until it is long forgotten, for a future attack.
“We discovered this by mistake actually,” Sharabani says. “Roy was doing research and he connected his own iPhone to his own computer to access it. But accidentally he realized that he was not actually connected to his own phone. He was connected to one of his team members’ phones who had connected their mobile device to Roy’s desktop a few weeks before. So Roy started to dig into what exactly he could do and find out if he were an attacker.”
You can imagine a number of scenarios where this could work as a targeted attack. Everyone has places they visit regularly: an office, a coffee shop, the local library. Attackers could anticipate that a victim iOS device would regularly connect to the same Wi-Fi network as the trusted attacker computer—enabling clandestine, malicious backups with iTunes Wi-Fi Sync. The researchers point out that an attacker wouldn’t necessarily be geographically limited; after gaining a foothold, they could combine trustjacking with a type of attack called “malicious profiles,” which takes advantage of how iOS manages configuration packages for apps to get around access restrictions, establish continuous remote access. Beginning in iOS 10, though, Apple started making it harder for hackers to carry out malicious profile attacks.
It’s tempting to put the onus on the iPhone owner here; you shouldn’t, after all, connect with sketchy computers an trust them in the first place. And Apple, which declined to comment for this story, seems to agree. When Sharabani and Iarchy disclosed their findings to the company, it did add a second prompt in iOS 11 to require a device’s passcode as part of authorizing a new computer as trusted. This makes it more difficult for anyone other than the device owner to establish trust.
But Sharabani and Iarchy argue that it’s unreasonable to put it entirely on the user to make the correct choice about trusting a device, especially since the authorization persists indefinitely once it’s established. There’s also currently no way to see a list of devices that have outstanding trusted status.
In these transactions, iOS’s wording is also unhelpful. The prompts say, “Trust this computer? Your settings and data will be accessible from this computer when connected,” which might seem to mean that nothing will be exposed when the devices are no longer physically connected. In fact, given that Wi-Fi sync can be enabled in desktop iTunes without any involvement of the mobile device, there’s much more potential for long-term connection than users may realize.
Consider, too, that an attacker who successfully infects a target’s PC with malware can exploit the trust a victim grants his own computer. A user will obviously trust their own computer, and their phone and PC will frequently be on the same Wi-Fi network. So an attacker who has infected a target’s computer can get a two-for-one of also having regular access to the victim’s iOS devices.
“Apple took the very quick act of adding the passcode,” Sharabani notes. “With that said, this is a design problem. They could better design the future behavior of the features, but it will take them time to implement. That’s why it’s so important to alert users and raise awareness. Users need to understand the implications.”
Sharabani and Iarchy say they haven’t seen trustjacking attacks in the wild so far, but that doesn’t mean they aren’t out there or coming. And though Apple doesn’t offer a list of the computers an iOS device trusts, it is possible to scrub the trusted computers list entirely. In iOS 11 users can go to Settings > General > Reset > Reset Location & Privacy to get a clean slate, after which people can start to be more cognizant of which computers they authorize. (Note that doing this reset also revokes all specially granted app permissions.) Another helpful defense for users is to encrypt iOS device backups with a strong password. With this turned on, an attacker abusing Wi-Fi Sync can still make their own backups of a victim device, but they will be encrypted with whatever password the target chose.
The researchers see iOS’s authorization prompts as a single point of failure, where the operating system could provide a few more prompts in exchange for more layers of defense against trustjacking. No one wants one seemingly insignificant mistake to blow up in their face weeks or months later. But while users wait for Apple to architect long-term solutions, their best defense is to become discerning and extremely selective about doling out trust.
The race to become the first public U.S. company valued at $ 1 trillion has largely been seen as Apple versus Google, with a recent surge by Amazon putting the e-commerce giant in the conversation as well. But on Monday, analysts at Morgan Stanley made the case that Microsoft has a good chance of reaching the $ 1 trillion mark.
With the company’s shares trading around $ 87 at Friday’s close, Microsoft had a stock market value of $ 680 billion. To reach $ 1 trillion, with some stock buybacks in the mix, its shares would have to hit almost $ 130. That’s plausible within the next three years, Morgan Stanley analysts Keith Weiss and Melissa Franchi wrote on Monday in a detailed report on Microsoft’s various lines of business called “Plotting the Path to $ 1 Trillion.”
“With Public Cloud adoption expected to grow from 21% of workloads today to 44% in the next three years, Microsoft looks poised to maintain a dominant position in a public cloud market we expect to more than double in size to (more than) $ 250 billion dollars,” the analysts wrote.
Microsoft shares jumped 5% to $ 91.90 in midday trading on Monday after the report came out. With a midday market cap of $ 707 billion, Microsoft almost exactly tied Google (goog) and trailed only Apple (aapl) at almost $ 849 billion and Amazon (amzn) at $ 733 billion.
Get Data Sheet, Fortune’s technology newsletter.
The software company run by Satya Nadella could impress investors enough to reach a $ 1 trillion value within three years by increasing revenue to $ 136 billion in its fiscal year 2020, up 41% from $ 97 billion last year, and operating income to $ 46 billion, up 58% from $ 29 billion, the Morgan Stanley analysts forecast. Nadella took over for CEO Steve Ballmer in 2014 and immediately prioritized the company’s cloud businesses, while getting out of distracting sidelines like making phones. It has worked so far, with Microsoft’s stock price nearly tripling since Nadella assumed the top job.
The key to reaching the needed level of additional growth would be Microsoft’s booming cloud business, both via its Office 365 subscription software and its Azure cloud platform for businesses, analysts Weiss and Franchi wrote. At the same time, shrinking sales of traditional Windows PCs and servers would need to stabilize.
That could happen as the number of corporate users of Office 365 could almost double from 105 million at the end of 2017 to 204 million at the end of 2020, the analysts said, with revenue from the popular software subscription package increasing from $ 10.7 billion to $ 25.6 billion. Revenue will compound even more quickly at Azure, growing from $ 3.9 billion last year to $ 21.6 billion in 2020. Altogether, total cloud revenue at Microsoft—which includes Office 365, Azure, search ad revenue and a few other items—should grow from $ 22.3 billion last year to $ 58.5 billion in 2020.
The analysts warned that they could also be underestimating Microsoft’s (msft) growth if its Xbox gaming business expands faster than expected, the company’s tax rate drops more than Microsoft forecast, or the company increases purchases of its own stock.
[unable to retrieve full-text content]
Travel with me to the year 2100. Despite our best efforts, climate change continues to threaten humanity. Drought, superstorms, flooded coastal cities. Desperate to stop the warming, scientists deploy planes to spray sulfur dioxide in the stratosphere, where it converts into a sulfate aerosol, which reflects sunlight. Thus the planet cools because, yes, chemtrails.
It’s called solar geoengineering, and while it’s not happening yet, it’s a real strategy that scientists are exploring to head off climate disaster. The upside is obvious. But so too are the potential perils—not just for humanity, but for the whole natural world.
A study out today in Nature Ecology & Evolution models what might happen if humans were to geoengineer the planet and then suddenly stop. The sudden spike in global temperature would send ecosystems into chaos, killing off species in droves. Not that we shouldn’t tackle climate change. It’s just that among the many theoretical problems with geoengineering, we can now add its potential to rip ecosystems to shreds.
The models in this study presented a scenario in which geoengineers add 5 million tons of sulfur dioxide to the stratosphere, every year, for 50 years. (A half century because it’s long enough to run a good climate simulation, but not too long that it’s computationally unwieldy. The group is planning another study that will look at 100 years of geoengineering.) Then, in this hypothetical scenario, the sulfur seeding just stops altogether—think if someone hacks or physically attacks the system.
“You’d get rapid warming because the aerosols have a lifetime of a year or two, and they would fall out pretty quickly,” says study co-author Alan Robock, a climate scientist at Rutgers University. “And then you’d get all this extra sunlight and you’d quickly go back up to what the climate might have been without the geoengineering.” We’re talking a rise in land surface temperatures of almost a degree per decade. “Even if you do it over five years, you’re still going to get this rapid warming,” he says.
Now, species haven’t survived on Earth for 3.5 billion years by being wilting flowers; if the climate changes slowly, species can adapt to withstand extra heat or cold. But suddenly blast the planet with a massive amount of solar energy that quickly, and you’re liable to catch a species off-guard.
And it’s not just temperatures they’d have to adapt to. Dramatic shifts in precipitation would force species to quickly move to new climes or face destruction. Species like amphibians, which are sensitive to temperature and precipitation changes, would have a tough go of it. And of course, not all species have the option of fleeing. Populations of trees and clams and corals would be pretty much kaput.
Even if a species is particularly resistant to these changes, the downfall of a keystone species could bring its whole ecosystem crashing down. Take coral, for instance. “If you lose the corals, you lose the species that live within those corals and you lose the species that rely on those species for food,” says John Fleming, a staff scientist with the Center for Biological Diversity’s Climate Law Institute who wasn’t involved in the study. “And so it really is an up-the-chain process.”
Knowing these risks, it might seem implausible that humans would just suddenly stop geoengineering efforts once they’ve started. Why not just keep pumping sulfur dioxide into the air ad infinitum to keep the planet on life support? Robock explains that the scenario they used isn’t definitive—it’s just a possible option. And there’s a possibility that we might not willingly stop geoengineering.
Say the world came together and decided that solar geoengineering is our only hope for survival. Planes start flying over the equator, spraying millions of tons of gas. The planet cools—but alas, this doesn’t affect everyone equally. Some nations might find themselves the beneficiaries of extra precipitation, while others descend into drought.
In that situation, a massive country like China or India suffering ill effects could blame the geoengineers and demand they stop. “There is the potential for clubs of countries to wield a lot of power to make a global geoengineering deployment work more for their interests than for less powerful countries,” says lead author Chris Trisos of the University of Maryland.
Or maybe the Earth itself plays a wildcard. Volcanoes spew their own sulfur dioxide into the atmosphere all the time; get a big enough eruption and you can send the climate into disarray. That happened in 1815 with the eruption of Mount Tambora, which led to the Year Without a Summer. Or Laki in 1783, which caused famine in India and China because it weakened vital monsoons.
“If there was a series of volcanic eruptions that produce a cooling effect, then that might be the reason why people say, ‘Well, actually, we better stop doing the solar engineering,’” says University of East Anglia environmental scientist Phil Williamson, who was not an author of the paper but who penned a companion analysis of it. “And then you get the rebound effect as a result of that.”
To be fair, science’s exploration of solar geoengineering is still in its early days. Hell, the technology to do it doesn’t even exist yet. It may well be that scientists find that deploying aerosols is just too risky. Maybe a better idea is 2CO2 sequestration. Or marine cloud brightening, as another way to bounce light back into space.
But now is the time to start considering the ethical and regulatory pitfalls of pursuing such a strategy. Late last year, Congressman Jerry McNerney introduced a bill that would require the National Academies of Science to produce two reports—one that looks at research avenues and another that looks at oversight. “I hope that we can sooner rather than later figure out what the potential benefits and risks are of doing this geoengineering so society will know whether it’s even a possibility,” says Robock. “If not, if it’s too dangerous, then it’ll put a lot more pressure on us to do mitigation soon rather than later.”
“The ultimate fear with geoengineering is that we’re trying to alter a system that’s much too complex for us to truly predict,” says Fleming. “So doing that can put us in a worse situation than we’re in already.”
In the meantime, here’s an idea: Let’s dramatically reduce greenhouse gas emissions. The whole of life on Earth would certainly appreciate it.
The New Year is a beginning and an opportunity to get quiet, slow down and be intentional about what you want your next 365 days to be like. As an entrepreneur, you probably do this for your business, but do you do this for your life?
One year ago I created a tool to help me make sense of where I was and where I wanted to go. It was a wonderful experience and so now I’m excited to share it with you.
Filling out this one sheet of paper was incredibly clarifying for me. Once I finished it, I set it on my desk where I would see it every day. Within 3 months, all of my goals for the year were accomplished – even “the big intimidating one” that I was scared to name.
But here’s the thing – it wasn’t work – instead it felt like magic.
The act of writing things down helps us own our path. Our words and our thoughts are powerful things, and this tool can put those to work for you. Here’s what this process is designed to do:
- Clarify and understand what guides you
- Create an inventory of your life (today as it is now)
- Set your intentions for what you want to create (in the future)
- Get honest about what challenges you face
This is not a difficult process – but it can be. It can be joyful or it can be painful. It is different for everyone. No matter what, I hope this tool brings you clarify and for you. Feel free to share with others. And I hope you enjoy the journey.
And Happy New Year.
President Trump has approved a plan to send Javelin anti-tank missile systems to Ukraine to help the U.S.-backed government there fight Russian-allied forces. Russian military and allied forces have been active in Ukraine since the 2014 ouster of pro-Russian president Viktor Yanukovych.
The sale, reported by the Wall Street Journal, would put a uniquely effective weapon into play in the conflict. The Javelin, developed by Raytheon and Lockheed-Martin and first put in service in 1996, is a shoulder-fired missile designed to track targets by infrared. But rather than hitting a tank in the front or sides, where its armor is thickest, the Javelin projectile flies along a long arc to hit a tank’s roof, where the armor on most models is thinnest.
The Javelin is both more powerful, more expensive, and more tightly controlled than other anti-tank weapons, such as the older BGM-71 TOW system. According to an in-depth overview by The National Interest, the Javelin had a major showing in the 2003 invasion of Iraq. In one battle, it enabled a small group of U.S. special operations troops with four Javelin launchers to destroy a substantially larger Iraqi tank unit.
Get Data Sheet, Fortune’s technology newsletter.
The Javelin is said to be effective against most tanks in the Russian arsenal, though it has not been battle-tested against the most modern tanks. The State Department also recently approved the sale of Javelins to Georgia, which has had its own recent clashes with Russia, and has also sent units to Lithuania and Estonia.
Russian tanks have been instrumental in some victories by pro-Russian forces in the Ukrainian conflict. However, commentators have also described tank battles as relatively rare. That has led some to speculate that the decision is primarily political rather than tactical, intended to signal deeper American support for anti-Russian forces. Ukraine expert Michael Kofman told the Washington Post that Russia would “see this as a premise of the U.S. wanting to kill Russians,” pointing to a possible escalation of both the conflict, and broader U.S.-Russia tensions.