35 Burst results for "Zero Day"
"zero day" Discussed on Change Lives Make Money
"But you haven't made any real progress on it real progress. I mean sure you might. Maybe you posted two to three times a week on social media for the last six months. But that's the same fucking thing as the weight loss client. That has a salad and thinks that they're healthy. No more zero progress days. I feel like so many people are so good at putting in just enough work so that they can stay that they're trying but not enough work to break through so that they have the excuse of why they're not successful so that they can say that they tried and it didn't work but in reality they're just not focused on making fucking progress. No more zero progress days. I mean there's so many of you that are waiting until the last fucking minute. Y'all i'm going to be real. I'm going to drop something on you if you haven't started you're talk account and posted two to three times a day right now like you are fucking what are you doing. I'm dead serious. There's so many guys that are waiting for the last fucking minute until you make a change or you wait until kovic shuts your jim down. And then you active desperation instead of being proactive. And just making the decision that you're just gonna work on your business because it's the right thing for your life or the so many guys that are like i'm going to start my business when the pandemic ends and i get my ducks in a row then hill started or i'm going to wait until my certification has done and once my certification is then then i'll start my coaching business. I'm going to wait until my kids are back in school once. My kids are back in school. Then i'm gonna start my coaching business. All of these are justifications. Which are the actual reasons while you're not successful all of these justifications or the actual reasons why we're not successful like i believe this with every fucking part of every ounce of my soul. Is you literally. this could be the fucking moment. Listen you just have to fucking decide that now is the time and you will make progress today and nothing will get in your way so many guys that temporary roadblocks become permanent obstacles. Like kovin happens in your gym shuts down. You know you feel like loss of momentum and then all of a sudden you're fuck it's just not working. You're growing coaching business. And then you lose a few clients and because you lose a few clients you lose motivation in. You're like fucking this isn't working for me but in reality it's like you're experiencing a temporary setback and you can allow that to derail you and crush you..
"zero day" Discussed on Change Lives Make Money
"Man kyle. He's a legend. He said number one. Best podcast out there today. When i originally heard brian's podcast i almost could not believe the value that brian gave for free. I thought to myself who'd be crazy to give this much knowledge for nothing. we'll. Brian is one amazing person who built this podcast to help other people grow. There's no question be marked that this podcast will be the number one on the market period. Kyle bro. i know you're tuning in so thank you so much that rating i appreciate that. That means a lot to me. I started the podcast with that intention. I wanted to be the most valuable business coaching space. And the only way to do that is by providing value every single day and so we go live five times a week. Facebook instagram lincoln. Tick you youtube all of it and more recording these episodes so that all my trainers have a resource to us. When they're you know they might be struggling or first getting started. Or maybe you're in the academy and you dislike getting a little bit of extra motivation every single day. All right so. I appreciate you now guys in today's episode. We're gonna be talking about how to hit ten thousand dollars a month out of the people listening right now to this podcast. Who wants to hit ten k. If you're listening to this podcast right now. You're at ten k. Who wants to hit twenty. Who wants to hit dirty. Because if you want these goals then you need to listen. Because if you don't listen to what i'm going to tell you today you're going to do what a lot of people do in a lot of people wait until it's too fucking late. A lot of people say that they're going to start tomorrow or they put their. They said that they're going to start their online business in september or when their certification is done and we end up putting it off until it's too fucking late and eventually we just watch life pass by one day we wake up.
"zero day" Discussed on Daily Tech News Show
"Right to repair is getting lots of momentum even from us federal government but there are some security implications that go along with it talked about this at a fair amount here on the show. So would finding zero day vulnerability count as repair. For example seth. What are the right to repair. Movement is is super interesting. because it's you know. The sort of classic david versus goliath and the organizations the corporate organizations that have lined up against the david's in this You know are as big as apple there. organizations that build You know medical devices such as c. T. scanners And the idea that you can't have that you can't have a third party. Come in and fix something. Even after they've been trained is is a i think sort of anathema to how we've developed technology certainly in the us And then you add onto that the idea. That is part of the repair. That they can't fix a security vulnerability in the device When they have the opportunity to do so is is just sort of a remarkable of a step backwards. I think there's You know one of the if you remember the murat net from a few years ago an infected all these video cameras around the world one of the solutions proposed and i think implemented and to some degree was To force out a firmware update that would patch the vulnerability and close the security hole. That allowed the net to access that camera Does that fall under right to repair You know it's certainly not something that the vendors of those cameras in the manufacturers of those cameras Had a hand in because they were these very small manufacturers from who knows where You know and and otherwise did not include over the air updates So i personally think that that you know. Given the the risks that security vulnerabilities can face. You know being able to do so to to fix them is hugely important And we're starting to see california colorado of course Massachusetts are all working on or have passed recently..
"zero day" Discussed on Daily Tech News Show
"Right to repair is getting lots of momentum even from us federal government but there are some security implications that go along with it talked about this at a fair amount here on the show. So would finding zero day vulnerability count as repair. For example seth. What are the right to repair. Movement is is super interesting. because it's you know. The sort of classic david versus goliath and the organizations the corporate organizations that have lined up against the david's in this You know are as big as apple there. organizations that build You know medical devices such as c. T. scanners And the idea that you can't have that you can't have a third party. Come in and fix something. Even after they've been trained is is a i think sort of anathema to how we've developed technology certainly in the us And then you add onto that the idea. That is part of the repair that they can't fix a security vulnerability in the device When they have the opportunity to do so is is just sort of a remarkable of a step backwards. I think there's You know one of the if you remember the mariah dot net from a few years ago an infected all these video cameras around the world one of the solutions proposed and i think implemented and to some degree was To force out a firmware update that would patch the vulnerability and close the security hole. That allowed the bought net to access that camera Does that fall under right to repair You know it's certainly not something that the vendors of those cameras in the manufacturers of those cameras Had a hand in because they were these very small manufacturers from who knows where You know and and otherwise did not include over the air updates So i personally think that that you know. Given the the risks that security vulnerabilities can face. You know being able to do so to to fix them is hugely important And we're starting to see california colorado of course Massachusetts are all working on or have passed recently..
"zero day" Discussed on Daily Tech News Show
"Keyboard was only available with the purchase of a twenty four inch. Mac and potential future apple product news. The eurasian economic commission database has six new apple watch identifiers not too surprising as an watch series. Seven is expected in this fall. There were also two new. Mac identified identifiers added which are likely hit new macbook pros with apple's series chips after being named in a lawsuit filed by the department of fair employment and housing. The alleging sexual discrimination and harassment blizzard studio president. Alan brac has stepped down from the company and will be replaced by executive development. V jen o.'neil and gm mike bara as co leaders in a statement. Blizzard indicated a desire to change its company culture. Twitter announced a partnership with the associated. Press and reuters to add contacts to trending topics starting with english language topics. This'll be an addition to twitter's crowdsource fact checking system bird watch already in place. Twitter also introduced support for account creation and log in using google or apple accounts. Google log in works on android. Ios and the web and apple log in works on ios with web support. Coming soon so it's a black cat week Which means you can expect your feeds to be filled with. Set your hair on fire scary security stories and we will try to help you sort out the truly scary ones from the other ones. This one isn't great but at least it got caught by researchers security researchers at dulles group published the results of a pen test of a client's network penetration test in which they compromised the trusted platform module the pm chip researchers were given a lenovo laptop with full disk. Encryption using microsoft's bit locker a. t. p. m. of course you feel secure boot password protected bios and other recommended security implementations based on nist standards the encryption key for unlocking the drive was stored in the t. Pm this is the default configuration now. Microsoft does advise using a pin or password to unlock the drive instead of letting the pm just do it. But only if the user believes their risk of someone gaining physical access to their machine with enough time to open it and solder a little bit inside however the dollas group researchers figured out a way to get the decryption key. Out of the t. Pm in thirty minutes without needing to use a soldering the t. pm communicates with the cpu using a.
"zero day" Discussed on Darknet Diaries
"Change their own moral calculus a little bit Yet isn't it. That is an interesting question. I don't know if we can. I don't know where else to go with. just interview. says it's so great so far and wherever you go ideas that come up like And don't you feel weird even talking about it in the open on a microphone. I mean this is like for whatever reason this is fight club you know. No one talks about this. It does feel weird because it's a really weird situation. Software companies like microsoft take their security very seriously but their own government is trying to find flaws in microsoft products in order to collect intelligence from foreign adversaries. So it's almost like the. Us government is enemies with microsoft especially since microsoft has to do damage control of stuff that the nsa has known about for years and we discovered flame which we believe was maybe the precursor to stuck snap but was either us israeli or just just israeli. That was being used to spy on arena and systems and that Utilize dot exploited. The microsoft stopped software update mechanism. Which is the you know. Such a appointing of trust between microsoft in its customers. If you can't trust that the prompt you're getting that you need to update your software as coming from microsoft and not the nsa or unity. Two hundred in israel or whoever then that is a real problem for the company so when claim was discovered and when it was discovered that it was exploiting the microsoft software update mechanism. People inside microsoft lost their heads. You know they cannot believe that their own government potential eve was exploiting their software and this communication channel trusted communication channel with customers to hack iranian systems that they would basically throw microsoft under the bus in the name of espionage and battlefield preparation so they were already reeling from that and then snow this note and lakes didn't improve the situation now at first When the guardian and and others dropped those documents to prison slides You know it looked like the. Nsa had some secret back door and microsystems later we would learn. that was not the case But you know in terms of perception. It was a huge pr nightmare for the company and a hugely destructive for the relationship between microsoft in government. And the fact that microsoft can even come out and say wait a minute. No we do not give the government in a real time access to our servers but we do comply with requests. We can't tell you how many We get a year you know they started fighting those battles import court but you know over and over again like when the nsa was hacked by shadow brokers. We don't know who shot brokers are but we know that they dumped an exploit online that contained azero day and microsoft's code that the nsa had held onto for more than five years. And when i dug into that exploit and interview people at the agency. They knew that that code fishing with dynamite. They knew that that code that they were used and which by the way was getting some of the best counterintelligence got they told me would have been extremely dangerous and the hands of anyone else and lo and behold after it was hacked and dumped online by the shadow broker it was picked up by north korea and it was picked up by russia and it was used in the not hetchy attack which costs fedex. Four hundred million dollars and decimated vaccine production lines at merck and Saddam turned off the radiation monitoring systems at the chernobyl nuclear site and took out the production lines in tasmania to cadbury chocolate factory. So it was clear that by holding onto that code for that long We we were leaving americans at risk about her out and got out the other thing the. Us government is known to do sometimes his go to software companies and try to get these companies to just give them like secret access to their products. What happened ways. I was part of a team at the new york times with propublica and the guardian that got access to the snowden documents and It was clear that the nfc knew that there was a the nsa could break through this essentially weak random number generator and were pushing these sort of international standard bodies that set Encryption standards to use this week. Random number generator That that the agency could break. And so i wrote about that and then joe men at reuters did a subsequent story where he found out that actually it appeared that the nsa might have actually been paying our essay to bake Newsweek number generators into some of their security products and so still unclear. What exactly happened there but you know it looked like once again the. Us government was sort of pushing this vulnerable system into commercial products because it enabled them to conduct espionage. And once again it's just another example of sort of the trade offs that the us was willing to make in the name of national security But would would have laughed. Americans more vulnerable saying it's not just the us government that's doing this. There's governments all over the world now using computers exploits to break into communication channels to collect intelligence in some countries like china used these exploits to spy on their own. People and north korea uses these cyber capabilities to make money by robbing banks and launching ransomware on the world. It seems like the cards are stacked against us when it comes to securing our lives and it's very asymmetrical because if you become the target of government cyber attack they pretty much have endless resources to get what they want. And you simply won't be able to defend yourself effectively. And of course when a government becomes so secretive it becomes much less transparent we know less and less about what they're doing in cyberspace which means we have to trust them more and more but look at some of our political leaders. They didn't grow up with computers and they don't understand the of what goes on in the wires. So i'm not confident. That tech illiterate leaders can lead effectively in the digital age. We need people understand this even at a basic level so they can make good decisions for our future and for the last few decades countries around the world have been watching the us to see how they should act when conducting digital espionage. And when you have the us doing things like developing exploits and sabotaging nuclear enrichment facilities only to deny that they had any with it. That's what other countries will see and follow in due to nations around the world now acting like there's no consequence for hacking into foreign nations or companies or people they'll develop or by exploits to us and keep them extremely secret and i don't know when the world is connected in the way it is now it just seems like we're all headed towards a major catastrophic digital disaster. And that kinda thing freaks me out. Sometimes so i think i'll sign off here and go make another backup of my digital life and stored in a faraday cage.
"zero day" Discussed on Darknet Diaries
"Ways to implant itself inside that was it after the gunman project in nineteen eighty four. It was clear to the. Us that the soviets would go to great lengths to embed themselves in communication devices so the us government had to figure out ways to embed themselves in devices to and at first government wanted to figure out a way just to make a backdoor into usa devices but the tech community would always quickly point out. How back doors are vulnerable. So the us government had to figure out how to find exploits and software and communication channels to break into them to collect intelligence. And of course it's not just the us and russia who go to great lengths to spy. On other countries there are many other countries in the world who either have or want this capability. But you might think doesn't the nsa have their own research and development lab to create their own experts. Will yeah they do. Things are changing over time. I think for a long time the. Nsa didn't play in the zero market. They had the best. Cryptographer is and hackers and operations people in house. They didn't have to plan this market. And so when. I talked to one of the original zero day brokers. What he said was in the. Nsa didn't really play in this market for a long time. The biggest business that these private exploit developers and brokers had was with other agencies who were trying to play the game but didn't have the same talent pool in house so agencies like the cia And sam i had never heard of like the missile defense agency. I learned played in this market. I had never heard of the missile defense agency until Someone who sells zeroed exploits told me that. They sold to the missile defense agency. And i guess it makes sense because if you want to You know somehow perhaps interfere with north korea's missile launching task than you want to get into the missile systems. Or if you wanna find out what the schedule is or north korea's missile launches you'd wanna hack into the systems that contain details about the plan these tests So it makes sense that they would be participating in this market but for a long time the. Nsa did not because they had A lot of these capabilities in house but then later things to snowed and we know that there was a line item added to their black budget. And it wasn't very big. It was something like twenty five point. One million dollars To buy these capabilities in two thousand thirteen So we know that they. We know that they have purchased. These vulnerabilities From the outside. So we know the nsa was buying exploits from outside contractors and they would do this very covertly so there's not much information about who they're buying from or what they're buying after all if we knew what they were buying the software company would just patch it and would instantly make million dollar vulnerability worthless but coal was able to talk with some former. Nsa employees to learn more. Yes the some of the people. I talked to were basically among the top hackers within tailored access operations that. Nfc's hacking unit Some of them When i talk to their former colleagues were described as the guy. You'd go to for the impossible in you cannot get into that terrorist cell phone What do you do and you would go to one of these guys and they would find a way around it whether it was. You know packing. They're cleaning lady or Their spouse or finding something in their house to plan a bug in that kind of thing. Okay so there's this group of people who were at the nsa who are one of the best that the nsa had for heading into target computers. They saw this shift in the wind. That the nfc was paying huge amounts for exploits while. They're hey was just government office salaries on top of that. There was a lot of bureaucracy. The love the mission but got frustrated with all the red tape that they constantly had to go through it was slowing them down and frustrating them and they laugh together and they started vulnerability research labs and the goal was to develop really reliable Click shoe espionage tools or their former employer and for these other agencies and then eventually five is and what they could do on the outside that they couldn't do on the inside was really interesting. You know they were all american Being on the outside they could buy zero days from Hackers and other countries And then they would use their farms and their skills to essentially turn these into very slick seem less click and shoot tools for their former employer these other agencies and one of the things they said was when the when they were in the agency One of the biggest problems was when it came time to deploy zeroed exploit those sitting in their stockpile. Oftentimes it didn't work You know it just didn't work with that particular system or crash systems on the other end. Which is a big problem. When you're running these operations because you don't want to tip off the target and obviously if your computer suddenly crashes for no reason than you become suspicious high value paranoid target so they really worked on sort of the reliability and click and shoot elements of these tools and when turnover develop this reputation for developing some of the easiest to use most reliable tools that some of these agencies use interesting staff some of the best hackers within the nsa turned into independent contractors so they could work faster and make more money. But we're on the outside and this is one of those things that someone like. Microsoft is afraid of two if they pay too much for bugs than some of their internal book hunters might decide to quit. But keep doing the same thing. Just make more money on the outside. But i wonder what does it look like in the. Nsa when you're trying to break into a foreign adversary. How do you know what top secret tools you can use like. Is there a list of what experts the. Nsa has in their arsenal. Or is there a book of something to flip through to find. What's the right exploit for the job. I have a hard time. Visualizing it to the only thing that i was really told was that basically they have a catalog You know that when they want to get into certain system they can check in and see what they have in their catalog. But i don't know if that catalog is on hard disk at. Oh no if it's You know run by a certain secret software that no one else uses. I don't know. I don't know what it actually looks like the team vero. Do they have to demonstrate it. Are they come in for training and say all right. Here's how to use these things or you know it's it's there's a whole is are all great questions. I know they did do trainings But one of the things that they told me was once. They sold it. What they didn't get to do is what they got to do at the agency. Which was they got to actually push the button and use it and see what it turned turned over on the other side That is wet. You don't get to do once elite these agencies as you don't get to be involved in the actual mission so what they said was you know we just got these things working and then we threw it over the fence and then we didn't really know how they got used. I mean we. We used to work at that agency so we had a good idea of how these were used but as someone put it to meander trump you know they didn't know if if the use cases were changing or there was more leeway Being given in terms of how these capabilities would get used or they would get used against and so it started to.
"zero day" Discussed on Darknet Diaries
"For software companies. Who want to make secure software. They were never going to pay the rates not governments and brokers going to be offering for these tools right the going rate for a zero zero exploit at gets you into an iphones. Ios software remotely is two point. Five million dollars of that. I found one broker in researching. The book called crowd. Fans now offers even more than three million dollars for that same capability. So we're getting out priced These days other countries but you know apple is never going to be able to match. That in apple was one of the last companies major companies in silicon valley to start offering a bug bounty for these tools and they offer. You know pretty good price. But they're never going to match government prices nor would they really want to because they don't want to incentivize their own security engineers from essentially leaving the company and making more money on the outside so there's a very careful calculus at play so those are the options here. Either you can be ethical and sell your bugs to software makers or you can shop around on the gray marquette will potentially by vulnerabilities for much more but still you might be wondering what governments would even be interested in buying exploits. Well i think to answer that. We should go back even further in time before the internet was even here back to the ronald reagan era. It was there where nicole found an interesting story. Where all the started. I was really worried. I had a lot of anxiety about doing this book. Because i wanted to have a character represent one slice of the industry but the slice of the industry really worried about was the us government. Because all of these programs are classified classified. And who was going to talk to me about the development of america's offensive cyber exploitation programs. And so i was really worried about this. And when i was at work and as sitting at my cubicle does and i was sort of Ruing about this out loud. God who am. I get you know from the nsa to talk about this. And john markov. Who is my predecessor at the new york times covered cybersecurity for twenty something years that oh you just talk to the godfather of sira war. He's a gym guzzler. I think that's his name. Send you an email with his name. Say sends emails skies mayem. I'd never heard of them. And i start asking around. No one and the sort of infosec twitter world had ever heard of him. But i start asking every time. I had the opportunity to interview Us leader of one of these intelligence agencies over the last seven years. I would make a point to ask them. Who do you think you know if you had any one person who is the godfather of american cyber war. Would you stay and they all without fail. Said james guzzler. So one day. I call james guzzler. And he had spent bulk of his career at sandia national labs which is one of the nuclear lobs that develops components evaluates the components that make make their way into our nuclear arsenal but he had also spent a large chunk of his career at the nsa and at the cia. And so he he's. He's a terrific guy Say this in the book. He looks like santa claus. And when i told him that he laughed and said some people would probably describe me morris seed and but okay and he lives in nevada Out in the desert. These days outside las vegas and he was retired by the time i got in touch with them and he was really careful to not tell me anything classified But one thing he cut point to was this operation called project gunmen. The french intelligence service told the us government that the phone russian bugs listening to their communications and they warned the us that we should assume the russians are spying on us to. We started to suspect that someone had planted a bug inside the us embassy in moscow or something worse than a bag we. We started to suspect that the soviets were essentially capturing all of our communications and even our unspoken communications and we were worried that there might be a mall at the embassy. This investigation was kicked off by the nsa and was code named the gunman project. It started in one thousand nine hundred eighty three but was signed and approved by president. Ronald reagan in nineteen eighty-four. We looked around at our inventory and at that point we were actually building a new embassy in moscow which had become total disaster. The as they were finding bugs in the concrete of the construction And it was clear that basically the entire new embassy was becoming a soviet listening device and it was going to be years before we were going to be confident that we could move in without just being surveilled. Twenty four seven so we knew we had to find the bug in in the machinery inside the existing embassy and so reagan essentially approved this project. You get all of the embassies equipment. Everything was plug back to fort meade from moscow to do it. In a way that the soviets would not have the ability to intercept the machinery route back to fort meat and remove their bugs and that we would x ray evaluate every last piece of equipment at the embassy up for me and in search of the bug and we have the gave it six months and i think it took one hundred days just to get all that machinery back to fort. Meade without giving the soviets any opportunity to sort of intercept it as it was making its way back and then They tapped. I think something like two dozen of the nsa best analyst to work out in the trailer and the parking lot at at fort million and Basically searched this gear for any evidence of a bug and they were sure that it was going to be in the crypto gear. But they went through all the crypto gear. And they put it through x-rays and They couldn't find again They went through the teleprinters and everything that had been bugged at the french. Efficacy in that kind of find the bug and then finally they did an x ray of a typewriter. They discovered sort of an extra coil sitting on the back in the iran at through the x-ray machine and lo and behold what they found in the coil was the most sophisticated exploit that we had ever seen was tiny magnetometer that recorded the slightest disturbance in the earth's magnetic field and then next to it was a device that was her catalog and record each disturbance from each typer stroke. And then send it to a radio via radio to listening unit that was buried in the embassies. Chimney and and relate to the soviets in the soviets could turn it off when they're when they knew there were inspectors in the area and by the time. We found that bug and data full inventory of all the typewriters at the embassy. We learned that the soviets had been in americans typewriters at embassies and consulates all over russia after something like seven or eight years and had been capturing all of our communications and unencrypted form that way. And so what. Jim guzzler told me was to go back and learn as much as you can about project gunmen because that was really are aha moment before that we were just living in la la land after that we realized that if we did not catch up to the soviets in terms of our own exploitation if we weren't trying to find a way to capture every last communication from every new technology that hit the market we would probably lose the cold war and worse know. We would never catch up to the soviets in terms of espionage capabilities. So that is what kick-started this off and You know what i learned from. More general stations with jim guzzler and then others and then the snowden documents it was very clear that anytime any new technology came on the market. The nsa was finding ways inside.
"zero day" Discussed on Darknet Diaries
"Throw a stone hit all throws down in any direction. You'll have one but they didn't want to talk to me So there were. It was just a weird scene. I mean it was just people With the skills you know demoing how they could have cars or You know the latest up or Enterprise applications on stage and then after. These people would demo what they did on stage. I would see them kind swarmed by these people who Clearly were representatives from governments. And i've been called out on this for saying some of them are middle eastern. But i mean some of them spoke arabic You know. I kept running into that matt. The conference And i didn't know where they had come from and they they studiously avoided me but you know sometimes we'd end up in the same conversation that thing And i asked betting why are they. You know if they're interested in buying experts wire they going up to the people who just demo their best play on stage and he said oh you know. They're interested in that they want to know what they're working on next or sort of what their side. Hustle is or what what's the thing they're not going to demo onstage because they know it would make so much more money on the Underground great market for zero dax flights. So that means sense. And i ultimately ended up sitting down was yvonne arce who is one of sort of the older godfathers of this scene. One thing that yvonne told me was you know. The next generation has these other opportunities. They don't need to just work in the penetration testing business when they can make so much money selling a single zero day exploit to a government or to government broker They can do it tax free they don't have to worry about argentina's inflation problems They don't have to you know. This isn't like taxable income And as spun. James bond element to it so there is this entire lee new generation of argentina exploit developers. We're not using this for penetration testing but have found that they can make a lot of money and live pretty large In windows as by selling these capabilities under the table to governments or front companies or brokers. So that is sort of how i told the story of the argentina hacking theme but none of those young argentine exploit developers who sell them would talk to me. They really did studiously. Avoid me until maybe the very last day of the conference And then later when the book came out it was funny. Because that and said oh i thought i would have told you more but i could have sworn you a cia jenner effect. We're gonna to pause for a quick break. We'll be right back. Stay with us support for this show comes from. It pro tv. This should be your first stop for any kind of technical training. Whether you want to learn more about microsoft products cisco networking clinics. Aws vm ware. Or even security training. Like getting your security. Plus or certified ethical hacker or cis p. it pro-tv has training courses for all these technologies and so much more they have over four thousand hours of training videos for you to watch this point and their hosts do a great job and breaking down complicated topics so you can understand it. You can watch the training from a computer or their mobile app or on roku apple. Tv or chrome cast device. And when you're done with the course you'll be ready to take the certification exam with fresh new cert- you'll certainly look sharp for a new job or a promotion in your current role visit. It pro dot tv slash dark net and use promo code dark net at checkout and you'll get thirty percent off all plants. That's i t. Pro dot t. v. slash dark net and use promo code darkness at checkout one last time. It pro dot tv slash dark net. Use promo code duck net. Get thirty percent off all plants. So let's back up for a second. How did we get here. Where current world consists of people making exploits in secret in selling them to secret entities. All under the table. Well it wasn't always like that. And i think to understand how we got here. We should rewind to win. Microsoft was still a young company. Microsoft was really particular trying to play. Catch up with netscape on the internet. They really missed the boat on the internet dominated the pc mirka but they just didn't see internet coming and so they were racing to catch up and they were just putting out this crap These web servers and software is riddled with holes. Because they were more focused on speed. And just getting this stuff to market and catching up to netscape's than they were in with security and so how would find these holes and they told me you know those days there was no one eight hundred number to call up microsoft and say hey just used your web server to break into nasa. Those channels didn't exist yet and often when they would flack these problems for the company is they would get ignored or they would get sternly worded letter general counsel so they started just dumping these things on forums like bug track which was sort of like an early version of read it And you would just dump what you found on fun untracked and it was. You know in part for the street credit and part to shame. These vendors like microsoft microsystems into fixing these holes It also gave a lot of people on those forms or it administrators so it kind of gave them a heads up to these flaws and he could help develop workaround for their employers customers. And so there's just. The relationship was very broken and it was only when microsoft. Just had these very public failures when this giant worms like nim data exploited microsoft problems to essentially now impact some of microsoft's biggest customers government and and ford and others That that bill gates really started to take security seriously. And since then you know he wrote this memo. I think it was in two thousand and two called open. Trustworthy computing memo. Oray said security will be critical to the internet and and his software going forward. And we're going to reprioritize our organizational Structure to make security real priority and people laughed it off as a joke or a pr stunned but slowly you know it came. True microsoft really started putting channels plays to Allow hackers to contact them with flies. I heard that they actually had Pretty interesting database. Where they would track these hackers personality quirks and flaws. They knew who to sort of handle with kid gloves. Who you know if they brought you anything you needed to stop what you were doing. Take it very seriously. And who is just sorta trying them. And then later. After google was hacked china and saw that security was going to be a huge challenge for these companies. Because now they didn't have to worry about fraud. They had to worry about and low level criminals and hackers. They had worried that nation states breaking into their systems. They started improving their security and offering bug bounties to.
"zero day" Discussed on Darknet Diaries
"Of the scariest things i went through. It is scary but let's talk about her book earlier. This year nicole published a book called. This is how they tell me the world ends. I read it. Cover to cover. And i thought i was tuned into this world but even i was picking up my jaw off the floor. Sometimes nicole really did topnotch investigations into the zero day market. She wanted to find out who's out there developing exploits and who they're selling them to so we're going to use the term zero a lot in this episode and i want you to understand what it is. You're not lost zero day. Exploit is basically vulnerability software that the makers of that software don't know exist yet. It's called zero day. Because the vendor has been aware of it for zero days which means the vendors completely unaware of it so it goes unfixed for some time so zero day is working exploit that nobody knows about except the person who found it and whoever they give it to you now for nicole to research the story. She traveled all over the world meeting with zero developers and brokers case i went down to argentina because i kept hearing over and over again that some of the best zero d exploit developers were in the southern atmosphere that they were in argentina. So i had met An argentine hacker by the name of Caesar serrato he Had approached me because he was really focused on. Smart cities and the vulnerabilities is smart cities. And he had done this proof of concept hack of traffic lights He'd actually been able to hack into the traffic light system. And in dc. And i believe manhattan. To and so i had worked with him on on putting story together and i had the opportunity to talk down a little bit about this urgency exploit development seeing that i've kept hearing about and he said you should really come down and come to echo party which is a big Hacking conference ever every year in buenos aires. So that year. I pitched my editors doing a story about the conference and i went down and i stayed in palermo. Which is really nice. Kind of hip. neighborhood windsor as eight in the boutique hotel. I was hanging out with these hackers and noticing that there were clearly people from front companies there who are interested in buying their zero day exploits. And you know. I talked to some of the the godfather of the argentine hacking. Seen who really made clear that argentina had become what they called the india of exploit development. That is you know. People outsource a lot of their software engineering to india and in their minds argentina had become this big outsourcing hub for export development. This is where government fred companies and brokers came to purchase Zeroed exploits the use for their stockpiles of offensive. Cyber raspy twelve So one night. I went out and i'd always been really careful to to bring basically pen and paper to these conferences. I ever since that chinese hack. I realized that the biggest thing that i needed to protect or as my sources at my conversations with sources so i have been very old school about using pen and paper about bringing burner laptops and devices to these conferences. Half do all use signal. The encrypted messaging app but usually with my muslims no conversations like i have one source that we just meet up once a month at on the same day at the same place and we don't bring our devices and we ever email about those meetings we just show up with pen and paper and take notes and is that protect those conversations but in this case i had brought a burner laptop down with me. I never opened debt. Because it was so clunky useless. And i just right wicker's times with pen and paper and i put it in the safe in my hotel room and that night i'd gone out by myself And i came home and the door to my hotel room was open. The safe was open. there was still the cash i'd taken out from the cuevas sitting on a table so no one had stolen anything and when i saw the door open i thought. Oh maybe you know they're doing turnout service or something. The door the safe was open with my laptop and in my laptop was in a different position And so i don't know what happens. You know someone clearly opened the save be moved it around. They didn't take any money but they also left my door open so i never knew whether they actually did something or put something on the laptop or looked at the laptop and saw that there was nothing. There are Or whether they just left it open to scare me or send the message. Regardless i just took it. Put it in the the plastic garbage bag. That was being in the bathroom. Brought it back down the lobby through the trash cans. Engulfing away yup. I just read on the thing. I never used it. It was like this old. Pc and i had covered enough attacks to know that when someone goes to the extra trouble planting something in your laptop offered often they do it. In places that can be very hard to wipe I was down there by myself. And i just like now i am just going to throw it away okay. So as i was saying earlier. I cannot seem to find exploit developers to agree to an interview. Neither buyers or sellers are willing to talk now. I'm not talking about bug hunters. Who are looking for bugs to submit to companies for a bug bounty reward. I've interviewed them. Nor am i talking about the ethical hackers who just want to help make the world more secure by telling companies are vulnerable for free. And i have no problem finding people who find bugs to compete in a contest to win cash prizes for their bugs the most elusive people. Who i can't get on. The show are people who look for vulnerabilities and then sell them to the highest bidder. Nicole has had that same experience many times but she's more determined to get responses and is willing to travel the world. Talk to some of these people and guess what this book she did interview quite a few of these kind of people but they're really hard to find even though she was in argentina at echo party she still had a hard time finding them one. Then i did notice was there. Were a lot of young hackers there. Now i'm talking young like fifteen fifteen year olds And when i would approach them. And i would say you know. I'm here i'm trying to learn more about the exploit market. And they would just kind of scatter and i remember asking of federico kirschbaum who is a friend and and and runs the conference and i got to know him very well as i said. I really wanna talk to someone. Who's selling exploits to governments or brokers and we standing in the middle of the square the conference and he said just.
"zero day" Discussed on Darknet Diaries
"And to the times eternal credit. They let me embed with our security team and mandy which was owned by fire yet and the fbi and for several months we watched the guy we call the beijing summer and turn bowl into our systems at ten thirty in the morning beijing time and roll out at four thirty or five Beyond beijing time in search of our sources. They weren't after me. They were actually after the sources for a colleague of mine. David arpaio says stories about Some of the corruption going on and china's ruling families and funny enough his sources for those stories were just public documents. There was no real anonymous source but nevertheless they were crawling around her systems and one of the fears we had was that may be kind of destructive attack they might try to shut down our printing Ahead of a big event like the election that year We really didn't know what they were doing at purse and then slowly it became clear they were after our stores so that was my first front. Rows to the links that nation states would go to try to get access to journalists or says whoever got into the new york times was in the network during the two thousand twelve. Us presidential election which you can probably imagine how much of a huge embarrassment it would be if the newsroom got taken down on the night of the election results but whoever got in wasn't there to sabotage the times. This was an espionage attack. Mel was installed on a computer in the new york times network which gave an attacker access to the network and from there. The attackers gained access to fifty three computers belonging to new york times employees but the focus seemed to be looking through the reporters who covered china and this attack originated from a university in china. Now where us seemed to be something that chinese hackers use frequently once the times found that this attacker was in the network. They were able to lock them out and clean the systems that were infected. It was funny. Actually it was only leader after we published that one of my colleagues said. Oh by the way. I i meant to tell you that i showed up at work. One day and my entire computer was gone and all these wires were sitting on my desk and there was just a note that said took your computer You know it's it's not going to return and it turned out his computer use for Some of the Attacks on on other accounts in the times. So what's the big news agency do. When they discovered that some unauthorized person is in their network connecting from china for at least four months because sometimes when a company admits they were hacked there's some big public shaming that follows. It's embarrassing to admit such things. Their stock could take a big tumble executives. Could lose their jobs. Well it was so interesting because they didn't want me talking about it so i couldn't actually talk about what i was doing. A beyond my immediate editor and and his editor There were only maybe three or four people in the newsroom. Who knew what. I was working on for several months But i never mentioned it in story meetings and that kind of thing because we were really keeping it quiet until we felt confident that we inter advocated them from our systems. We had these last minute discussions at the new york times. And i remember Some of the editors gut checking and just asking weight. Should we publish this story. What what will the wall street journal in the washington post say and i said they're not going to say anything because there's a very good chance that they were hacked to and so we came out. We decided to publish the story and it changed everything. It was a time when so many companies had been infiltrated by chinese hackers and their intellectual property had been stolen and no one wanted to talk about it. Everyone fear that it would put a scarlet letter on their brand or lower their stock price early to class action lawsuits. So we were one of the first companies after google's hack and in two thousand nine two thousand ten that came out and announced that we've been hacked by china and talked about what the heck was looked like and and Who is behind it. And what they were after. And i remember within twenty four hours The wall street journal in the washington post and a lot of journalist raise their hands on twitter and said we. We were also hacked me. We were all sacked. It was almost like unless you've been hacked by china so it really helped shift the conversation. I think away from victim blaming to this is a gigantic problem and newsrooms are facing eh and american companies in western companies. All world are are facing this. And it's been going on for a really long time. And we need to start talking about deterrence and penalties and defense so the times published an article titled hackers in china attacked the times for the last four months other news agency started speaking up and then admitted they were hacked by china to china. Saw people were blaming them and gave a public response to these accusations. According to some investigative results which showed no proof and had groundless evidence and baseless conclusion those who china had participated an online attacks so wench totally irresponsible conclusion china china's also a victim of online attacks. China's laws clearly ban online attacks. Well it's true that in two thousand twelve when this happened there was an agreement between the us and china that neither country would hack into companies in the other nation. So this was against the rules laid down in the agreement but it was clear from all these companies that were coming forward. China wasn't respecting that agreement. And since that happened. I've been complete paranoid tinfoil hat person. When it comes to protecting my source says this was a good lesson for her to learn because a few years later nicole became the target of online attacks. It was other stuff than it was getting security alert from our internal security team saying hey someone on the dark web as advertising. Good money to anyone who can get them access to your phone and your email account and this was a few years ago at most people knew i was working on this book in this trade And you know i. I don't know whether it was related to the book or os related to one particular story. Or maybe i just pissed off on twitter. But it's never a good feeling to know that someone on the dark web is offering money to people to hack your phone or your computer. So i would say that was probably one of one.
"zero day" Discussed on Darknet Diaries
"Hey it's jack host of the show. I've been making the show about cybercrime for a few years now. I've interviewed attackers defenders. Black hats white hats law enforcement even nation state actors..
Israeli Spyware Maker Is in Spotlight Amid Reports of Wide Abuses
"Israeli firm uses windows zero days to deploy spyware microsoft and citizen lab have linked israeli spyware company. Candy also tracked as sour gum to new windows. Spyware dubbed devil's tongue deployed using now patched windows. Zero day vulnerabilities. Candy row is a secretive israel based company. That sells spyware exclusively. The government's explained citizen lab and their spyware can infect and monitor. Iphones androids max. Pc's and cloud accounts citizen lab also tied over seven hundred and fifty websites to kangaroos spyware infrastructure finding that many of these domains mimicked domains representing media companies and advocacy organizations including amnesty. International and. Black lives matter. Cyber attacks increased seventeen percent in first-quarter. Twenty twenty one with seventy seven percent being targeted attacks this according to a new positive technologies cybersecurity threats scape q. One twenty twenty one report cybercriminals typically attacked government institutions industrial companies and science and education institutions. The main motive for attacks on both organizations and individuals remains acquisition data. Other findings in the report include. That ransomware is still the malware that is most often used by attackers. That the most popular vulnerabilities for attackers. This quarter were microsoft exchange server acceleration and sonic wall. Vpn and that more cybercriminals are developing malware to conduct attacks on virtualization environments another unpacked bug in windows prince. Buhler microsoft is warning of another vulnerability in its windows print spooner that can allow attackers to elevate privilege to gain full user rights to assist them this follows they're patching of two other remote code execution bugs that collectively became known as print nightmare. Microsoft released a new advisory late. Thursday for the vulnerability tracked as cv. Twenty twenty one dash three four four eight one microsoft credited dragos vulnerability researcher jacob baynes for identifying the issue. The vulnerability exists when the windows print spoiler service improperly performs privileged file operations
"zero day" Discussed on The Shared Security Show
"If it starts with ks. It's obviously of the earth is flat and this is our just everyone knows. Kevin actually does not believe the earth is flat. He's got it somebody thinks but he but he is a five g wi fi access point. Hey i'm still mad. My vaccine did not improve my cell service. It is disappointing and mad. Vote is supposed to get six g now. Because i well with that. I think that's a good point and the podcast as we venture into conspiracy theories from cybersecurity. What we should start doing what the late night shows. You can catch us later on in the extended version late late late late shared security show. We go to some conference somewhere just us on stage and we have the audience members. Just lob things to say like you know like a whose line is it. Yeah what does it saves for my hot scenes from a hacker security researchers zero day go and we can land about it kevin. That was the podcasters. Meet up at defcon. Every year for a long time never went to through stuff at us all the time like. Yeah it was crazy. 'cause we were there with paul dot com and all of the the big podcasts of the days weekly. Yeah now security weekly. But i was security justice back then man old podcast about all that you're right and people would throw. They would actually throw alcohol at us. I do find it funny that you mentioned during this dot since just recently on twitter. Somebody shared the picture of me. Getting hit in the middleweight bridge between the eyes by that rocket for the people who build them. Listen to that not me. What no that was. The he shared your shot. The rocket at everybody doesn't know that rocket shot by thomason. It was a great shot. You obviously marine well. I was sitting extra rob fuller. And he couldn't believe it he's like i can't believe you just hit him square right between the is that is that was because rob kept throwing stuff missing. We'll that's true. And then i actually hit you. Earth like right between the eyes so starting to think you can no longer do virtual meeting throw stuff at me. But you're just you're monitor all right guys. Well thanks for. Thanks for coming on the show again and we will talk to you all next time. That's all for this week. Show visit our website..
"zero day" Discussed on The Shared Security Show
"For greater productivity in your organization so moving on to. I love these names that we come up for these exploits and vulnerabilities. This one called print. Nightmare came out print nightmare. Holy print nightmare batman maybe ruined but aren't alternators nightmares. Like forget winters is a nightmare in and of it so this this all started one. Yeah office space if you remember. Pc low letter and smashing it in the field with the baseball bats. We all hate printers completely printers. That is proof. You've never worked. It many do you have in your closet. kim none. We actually just donated all of the old equipment that was here. So i can say zero old printers you shipped all hard drives with all the. Oh yeah we. We actually purposely put sensitive data on the hard drive for the opposite. We don't wipe them. We add more load the load them up. Yeah yeah and that's just if you've got a hard drive you deserve a treat. I don't know so. It's not like i've taught a forensic class that had active casework on the cd that was handed out to the forensics class. And that's not a. I did it but i know somebody who dated. I think it's awesome. That is pretty awesome so just to clarify though. This was not a vulnerability in a printer per se but it was a vulnerability in windows print spoiler which is essentially a service that is installed on a window systems mainly windows. This affects domain controllers servers. Yeah everything essentially and they finally released a patch but the patches and goodness yes yeah. They released a patch. The patch can be basically it only addresses one use case or one type of attack. There is another attack that was demonstrated by security researchers. And i put that in air quotes. If you're not on youtube. I did that for kevin by the way but yeah so that's fascinating about this is the whole thing was i guess. Accidentally leaked like there was the proof of concept exploit originally was like accidentally released and then that just became the management nightmare from microsoft trying to address the issue. Well if you read their recommendation like before the patch was out a pushed out a recommendation. Is that okay if you can do this do this thing. You can do that do this. Other thing and i don't know an enterprise in the world that could do either of those things and still print. You could fix the problem if every computer that needed to print a printer attached to the computer. So yeah that works at my house but not right. Yeah it was a this one was a bad one end. i think. Let's be very clear..
"zero day" Discussed on NBC Meet the Press
"Orchestrated complex attempt at derailing destroying the connection which is essential for our citizens. we had a breach. We had a ransom ware attack. On our information technology systems. That is the way we run our school systems. Although the united states is thus far averted a devastating attack on national grid state-sponsored attempts to take down the foundation of our infrastructure are on the rise. So i've resisted. It's the new frontier federal reserve chairman. Powell calls it. The central banks top concern over even another global financial crisis. We spend a great deal of time and money making sure that we are resilient making sure that the banks they spent a lot of time and money all of these institutions are constantly under cyber attack. It's one of those things that you never feel like you've done enough. Another major worry is the disruption of water access. What kind of signals. Brad are you seeing that. There are big targets on our water systems across the country. Well i wouldn't point to the water system specifically as being the top target of our adversaries. I just think it's the one that perhaps we should worry about. the most. What we are seeing is a small number of countries. Russia china iran north korea steadily increased their investments and become more sophisticated in this space. Microsoft said cybercriminals reap on average three hundred thousand dollars from smaller scale attacks like on hospitals and school districts who sometimes pay ransoms to undo the damage making them lucrative and relatively easy targets Head of it got up in the morning. And he sort of checks things around five thirty in the morning with his coffee and he knew something was not quite right right away. Public schools like hey vural and massachusetts were rocked by a ransomware attack just last week forcing school to be cancelled as it. Shut down the entire network quote before the scale corruption. The system crazy very crazy. The kids couldn't get a course do their homework through their own. Classes according to an investigation by nbc. Box at least one in six communities in massachusetts was infected by ransomware last year and at least ten paid. Hackers taxpayer money to unlock their files. I think that cyber criminal organizations typically operating from abroad target institutions where they know that security has not been advanced as much as it needs to be yesterday. They look at schools or hospitals. That may have tight budgets and they figure well if they have tight budgets probably not spending as much as they should to employ an it administrator or somebody like that this comes after the fbi issued a flash alert in march on an increase in ransomware targeting education institutions using ransomware called. Py or mess. Spinoza focused on schools and seminaries in twelve states. Microsoft says vulnerabilities have only accelerated with more kids going to school from home in the pandemic last year we saw basically two years of change take place only two months so we are more dependent on this technology than ever before we're sharing more of ourselves and our data and so what it means. Is that the defense of needs. That we have are both more important and to some degree their broader. Because we're more reliant on this technology in an effort to prevent future attacks congress allocated six hundred fifty million dollars of the latest one point nine trillion dollar covert relief bill for cyber risk management programs at the cybersecurity and infrastructure security agency known as cisa. We're in a continuous low-grade cyber conflict every single day. Alex stamos is a former facebook chief security officer and director of the stanford internet observatory. Do you think that the funding is adequate to help prevent future attacks. So i've been very impressive by the team that the by emissions put together and cyber there's an executive order coming out soon that's going to have some new rules takes important but st must also argues that more resources should go towards our defensive capabilities and processing the aftermath of major hacks when a plane crashes there are people whose entire job it is to figure out what went wrong and what other manufacturers can do better the future and we have no function like that on cyber and we need we need effectively a cyber. Ntsb meanwhile on the international stage the us has been absent in two thousand eighteen dozens of countries and over one hundred private sector companies.
The M.T.A. Is Breached by Hackers as Cyberattacks Surge
"Nyc transportation authority heck using pulse. Secure zero day back in april chinese beck threat. Actors breached. the network of new york city's metropolitan transportation authority by exploiting a pulse. Secure zero day vulnerability. According to mta's chief technology officer rafael portnoy while the attacker successfully hacked into mta computer systems. They were not able to gain access to employees or customer information which portnoy attributed to. Mta's layered security controls. Mta mitigated the vulnerability on april twenty first one day. After poll secure issued an advisory cybercriminals contest defined new crypto currency exploits april twentieth prevalent russian-speaking underground forum initiated a contest calling for its community to submit new methods of attacking crypto currency and offering a one hundred fifteen thousand dollar prize to the winner according to intel four seventy one's senior vice president of global intelligence. Michael d bolt some of the top ideas so far are generating a fake blockchain front end website to steal info such as private keys and balances creating a new crypto currency blockchain from scratch increasing the hash rate speed of mining firms and botnets and building custom tools to parse cryptocurrency logs from victim machines the contest which is expected to run through september first is a reminder that criminals continue to collaborate and explore cutting edge techniques to help further their motives. Fbi confirms revival as jbs ransomware attacker. The fbi confirmed on that russian cybercriminals group revival is responsible for the ongoing ransomware attack targeting gb s. The world's largest meatpacking company the fbi issued a statement indicating they are quote working diligently to bring the threat actors to justice and quote. Rievaulx is notorious for pushing. The boundaries of the ransomware is a service industry and targeting high-profile victims including former president donald trump and lady gaga with attempted extortion schemes.
Chinese State Media Indicates China Is NOT Banning Crypto Trading
"What's going on guys. It is thursday. June third and today we are talking about why chinese state media is indicating that china has not in fact. Banned crypto. i however let's start with a quick update on ransomware. Since i dropped that episode. Yesterday i've had numerous people. Send me articles and media accounts blaming the ransomware epidemic. On bitcoin or crypto in general. Npr called it the oxygen behind the surge so unfortunately my very easy prediction of ransomware. Being next bitcoin seems coming to pass. But i also wanted to share an interesting take. I saw from a couple of folks that was really well put by andy edstrom author of why bitcoin he tweeted bill gates becomes multi-billionaire by shipping insecure software. Us government pays hackers for zero day exploits and keeps them instead of telling software companies to patch them. Equifax loses one hundred million plus identities in stock all time high. What will solve this other than ransomware. Basically the idea that. I think that indies going for is that ransomware is the natural market byproduct of insecure software by the same token however it creates the financial incentive for that software to be in a world of ransomware. The cost of buying or building insecure software. Go way up. Which presumably give the advantage to less explainable software. Yesterday we also talked about the impact that ensures playing this potentially making companies more willing to pay ransoms because they know they'll be covered however insurance companies seem to be making moves so that might not be the case or at least it won't be that easy.
Ransomware Gang Reportedly Drops Encryption
"The babic ransomware gang says it's dropping the encryption of data of victims as a tactic instead will focus strictly on data theft and blackmail to enrich itself until now the gang did both stealing data from victim organizations and then encrypting the data on the corporate servers. The threat to the victim was pay for the decryption keys. Or the copy data will be released embarrassing. You and your customers. If the company didn't have a good data backup it faced to threats embarrassment and loss of business and the loss of data this double extortion. Tactic started being adopted by ransomware groups about two years ago but creating and maintaining encryption isn't easy some cyber security companies have cracked the encryption of a few gangs and are giving away the decryption keys to any victims m saw off is one of the companies that crack the babba code now. Barbeque has apparently decided that is easier and perhaps just as lucrative to only steal data and hold it for ransom a researcher adam soft doubts that other ransomware groups will follow this strategy by the way last week the babak gang gone into the computer systems of the washington dc police department and stole data. It is still threatening to release the names of police informants unless it is paid in an interview with the new site in poland babba claim. The police departments virtual private network was hacked. With a zero day vulnerability that is vulnerability that hasn't been disclosed. That claim hasn't been confirmed.
North Korean hackers target security researchers
"North korean hackers targeting security researchers. Google threatened houses group. One that north korean government sponsored hackers are again targeting security researchers on social media something previously seen back in january. The attackers use fake twitter and lincoln. Social media accounts and of set up a fake website for the company securely climbing to offer offensive security services site hasn't yet been set up to deliver malicious content but has been edited. Google safe browsing as a precaution with known fake profiles reported by google and now removed the similar effort. Back in january attempted to install back doors into security researchers machines using zero day vulnerabilities and says it's likely the group has news zero days to exploit if they're trying the approach again report details data sent from mobile operating systems professor. Douglas j. life from trinity college at the university of dublin published a report looking at the telemetry data sent by an android devices on the os level. Finding that both os has sent data even opting out and not logged in. I m hardware serial numbers cookies and ip addresses. Were among the information sent with iowa sending some location data although up more data overall roughly one megabyte every twelve hours compared to fifty two kilobytes on both platforms transmitted data. Roughly every four point five minutes in response to the findings apple said the report misunderstands. How personal location data is protected. Google disputed the papers methodology and said it will release public documentation on the telemetry data. Collected does have the resources to succeed. Congress created the cyber security and infrastructure security agency inside the department of homeland security roughly two years ago in the wake of russian interference in the twenty sixteen election dedicated to focusing defensive cybersecurity. However recent interviews with current and former staff by politico found the roughly two thousand person agency maybe to stretch recovering from recent high profile breaches to prepare for future ones. The agency already had its hands. Full helping state and local election officials protect their systems ahead of the twenty twenty election before the solomons supply chain attack and recent microsoft exchange server. Exploits came to light. Current staffers report being somewhat exhausted with not enough personnel to fill out threat hunting. An incident response teams staffers. Acc is able to largely meet the security needs of other federal agencies but is struggling to provide support to private sector infrastructure companies. Still staff reports morale remains generally high with confidence a can fulfill its mission an energized by recent political appointees to dhs
Microsoft: 92% of vulnerable Exchange servers are now patched, mitigated
"Fast and furious exchange server hack addition. We've reported previously that microsoft released critical updates to fix for vulnerabilities in microsoft exchange servers on march second despite microsoft urging immediate attention to zero day vulnerabilities f secure reports that only about half of the visible exchange servers on the internet have been patched and criminals are attacking tens of thousands of them a day. The uk's national cyber security center recommends those who cannot patch right away should block untrusted connections to port. Four forty two andrew access through vpn. Microsoft has an automatic mitigation tool for unpacked servers. Available in defender
U.S. government to respond to SolarWinds hackers
"Us government calls for better information sharing in wake of solar winds exchange attacks. The biden administration is seeking new methods for better early threat detection of sophisticated intrusions. Such as solar winds and the exploits of the microsoft exchange server vulnerabilities. Both of these were uncovered by private firms specifically fireeye and microsoft. Both attacks originated on servers within the us placing them out of reach of the national security agency's powerful detection capabilities which us law restricts to international activities the proposed new initiative is destined to meet substantial opposition especially among private sector firms which fear damage to reputation potential data loss in working closely with the government hospitals hide pricing data from search results. Hospitals said are published their previously confidential prices to comply with the new federal rule of also blocked that information from web searches with special coating embedded on their websites. According to a wall street journal examination the information must be disclosed under a federal rule aimed at making the one trillion dollar sector more consumer friendly but of hospitals have embedded the code in their websites to prevent google and other search engines from displaying pages with the price lists according to the wall street journal examination of more than thirty one hundred sites when confronted some hospitals claim the coding to have been a legacy issue and quickly removed it new android zero day. Vulnerability is under active attack. Google has disclosed that a now patch vulnerability affecting android devices that use qualcomm chipsets is being weaponized adversaries to launch targeted attacks. Tracked as see the twenty twenty dash eleven to sixty one with a cvs s of four. The flaw concerns and improper input validation in qualcomm's graphics components that could be exploited to trigger memory corruption when an attacker engineered app requests access to a large chunk of the device's memory. The access vector for vulnerability is local meaning. That exploitation does require local access to device to deliver malicious code and set off the attack. Chain ransomware bank tells customers it lost their social security numbers flagstar. They bank based in michigan. That was hacked in january of this year has now revealed that customers as well as people who never had an account with the bank had their social security numbers. Other personal information stolen this is a correction and update to their initial statements. In which they said only employees information had been stolen. One victim of the breach said he has never been a flagstar customer but had taken a mortgage with a different bank who then sold it to flagstar without his consent in two thousand
Microsoft Exchange Hack And advice For Threat Hunting
"Matt thanks for joining us. Thanks for having me chris. Tearing indiana is that correct. That is correct. The up the mid west very good of chicago that's clauses of got to at microsoft exchange. It's pretty hot news. It's gonna continue on in fact. I've got some research. E today as well they've been monitoring it and there's a whole bunch of stuff going on yet. Those in the industry probably probably see cantata hearing about it but Fist pump dot last fraud. I was at right before that. That's kind of when things escalated to the point of Kind of global scale global event. We'll talk through where it's at you've on these strange saba security magazine We've we've put out a release from the security center and then we will say got matt on there with the video talking through it as well so you can check that out that athlete here from from the most math matt. There's a number of cds here and foreign actor involved so yeah maybe just told the story what you what. You've observed cy fire and What the situation is right. Now you know at a general sense this was a pretty complicated attack If all into the bucket of a zero day where nobody kind of saw this coming in. The third in this case was able to determine that there was a flaw in microsoft exchange. They were able to exploit and it wasn't only a single vulnerability in there is actually four three or four unique c vs In this instance that required a to be chained together to to get the successful exploit to happen so one of them would allow the unauthenticated bypass and then the other might allow you to write the file in this case a lot of the web shells that. We've we've been seeing
Microsoft races to patch massive server hack
"Kevin Mandia, CEO director of the cyber security firm, Fireeye says cyber security experts are scrambling to respond to a massive global hack of Microsoft's evil service software monster made short we have about 550 folks on the ground responding to breach is right now, and I'm not sure Climates ever been worse for the amount of work that we have? Dia says. The explosion of infiltrations of Microsoft email servers in late February appears to have come from China. The reason that was done is most likely to threat actors recognize the zero day was coming up to end of life. So they just hit everything they could with it and put a backdoor in place. You know, they put this secret door and every single house in the neighborhood kind of thing on, that's what they did here. The back door that they put in place is exceptionally consistent with the Chinese threat actors and I says the U. S. Will have to measure have response to the massive
Why the hack of Microsoft's email system is getting worse
"Welcome back to fast. We're learning more about a massive hack attack on microsoft's widely use email software. Some thirty thousand. Us companies could have been hitting this attack age avarice has got the very latest ayman. Yeah melissa the white house says it's leading a whole of government response taking this very seriously. Here's the statement from the national security council earlier in response to this hack which is allegedly coming from china. They say this is an active threat still developing and we urge network operators to take it very seriously. They say they're still figuring out. Exactly how a network operators can mitigate this threat but i talked to the president of one of the cybersecurity companies earlier today one of the cyber security companies that i spotted this exploit in the wild and actually alerted microsoft to the fact that they had a problem with their microsoft exchange email server software and i asked him why this thing was so hard to see he explained. This was tricky. Take a listen. It was quite under the radar and the sense that it wouldn't trigger any security alarm bells. Wouldn't trigger antivirus software. The actions that are being taken you know weren't too alarming of raising the alert but when our team kind of dug in a bit. You know we've found. Hey these guys are actually exploiting a bug in microsoft exchange so too big problems here. One is the fact that if you patch this software. Now you're not necessarily going to mitigate the damage because the attacker could already be inside your systems right so if the chinese are in your system reading your email and you closed the front door. The burglar is still in the building. That's necessarily a solution. The other big problem here is that other hacking entities around the world watched this unfolding last week and decided to pile on take advantage of some of the same zero day exploits that these chinese hackers were allegedly using and that means that a lot more entities out there a lot more groups of bad guys could be exploiting this same information stealing this email and doing just about anything with it so you could see ransomware attacks. You could see all kinds of other developments as a result of this hack and we still haven't seen all of that play out yet so some real problems now for. It departments and for people in the suite trying to figure out what to do with all this aim and it sounds like it's mostly small and medium sized businesses but what alarms me was that electric providers also hit reportedly in this attack. And you sort of walk through and for people who are sort of discounting this thinking just small medium sized business at the chinese get into the the personal email of an ice cream parlor like that's not going to be a big deal but the ramifications are actually much bigger than that. Yeah i mean what microsoft said in its initial posting about this is that they were targeting infectious disease experts law firms non-governmental organizations so a range of things that could involve classified technology or could involve sort of defense industrial complex stuff generally but also very specific medical and disease information potentially around covid nineteen and other other things so just imagine the damage that could happen to you as a company. If you're law firm got hit by one of these writing and that's all your secrets are right so the problem is pretty exponential and we just don't know who else has now piled on and is also stealing emails as a result of this same exploit because a lot of bad guys around the world said. Hey you know what. That's a great idea. we can do that too. And they piled in through the week last week. All right amen. Thank you
Breaking Into Secure Buildings
"Hacking large organizations. Banks governments isn't usually easy but there are ways to do it. You could fish the right employees then escalate privileges. You could find a zero day in particular software program used by the organization or you don't even have to start in cyberspace physical breaches stolen. Machines tampered with machines insider access hacking buildings themselves aren't the most widespread security threat out there but the exist. According to verizon report from twenty twenty physical actions are the six most common way that data breaches occur. And they're effective to think about it like this. Would you rather have to remotely hack into a laptop or just. Swipe it off a desk. Physical security isn't something we talk about much but we're going to today. Hi levy welcome to malicious life in collaboration with siberian and this episode. We're going to learn how to break into secure buildings or prevent others from doing it. T- my name is se aka freaky clown. I'm the co founder and co ceo of a cybersecurity company cooks agenda based in the uk. We work globally. Say genta is not like other cyber security companies and fz isn't like other hackers. His specialty is cyber physical security breaking into buildings red teaming for corporations banks and governments. But you know in real life that makes his workflow a bit. Different like for example. The first step in most major breaches is reconnaissance exploring an organization's digital infrastructure and their employees to find where they're most exposed. Fcc's reckon involves actually going somewhere and probably bringing some binoculars. Is it like the movies where you're just sitting there in your car sitting with a newspaper. That kid is sometimes more mind-numbingly boring than that. Sometimes it gets brady cold. I remember once Reconnaissance in a very calm sightsee much about on the building. I had to look at and i climbed over this. Barb wire fence it like in the morning. And i climbed through this like a thorn. Bush go early treaded by allows bleeding and had a a ski mask on. I had night vision goggles. And i had to sit in this ditch covault. This data is close enough and the ditch was half food muddy water and it just started to snow and i was really cold and wet bleeding and i had to sit there for like three or four hours whilst i watched this in order to gain some intel before i went back to my hotel room after the recon phase hackers usually send phishing email or text to the victim containing militia slink or pdf after his recon f c. Does something much more simple. In fact he doesn't even need to be a hacker for this part. So i never start with the digit i because the digital is actually harder than the physical and this sounds absolutely crazy but Each genuinely true. He is much easier to walk into a bank or any secure building than east digitally break in just walking in the front door. Oh actually be really really shocked at. How easy is i remember. Years and years ago. i was. I was on site for physical test and there was a couple of members of our company that were they and one of them said to me like audrey to like. Learn how to do the stuff you do a easy. just walk in and cable. What do i do right well. You don't really authorized to do this but our show you. How easy is right. So i'm like come with me. We walked to the front of the building. I look through the front windows right and you can see how this app is right. So the app is there's a couple of these electronic parties so someone goes up the swipe card the barriers swipe papa and they walked through okay so we have to do is follow someone through the way. These barriers work is they. They work with a small beam. That goes across right so if a large person with the suitcases going through. It doesn't shut the doors on the suitcase. Say imagine your as close as physically possible to the person in front of you. That's a legitimately allowed to go in and if you get close enough it's going to count was one person now. Will we have to ease. Make them feel humans of really pad being awkward and they wanna get away from that situation as quickly as possible. So the more would you make for that person then the less likely they are to confront you the more likely you are to succeed so it's like it. It's drizzling little bit. Oh you have to do is run to the front door. Run through the front door and basically run into the back of someone who is just going through that matt gate. Six is easy. Yeah eats really that easy so only it was. He ran up to the this of the the front door ran through the doors and picked up a person at random. He was just swiping. The card ran into the back of them and he basically said oh really. sorry how. it's a busy trying to get through really quickly. And he runs into them. They go through and they are feeling awkward. Because i just got run into. Everyone's where everyone's kinda like. Oh my god this is sorry And then they they so just let him go through.
Securing Apple devices
"Of apple's know system across multiple types of devices. You know it's it's on on one hand makes things easier protect but it also means that zero day attacks can be more pervasively destructive they cover sort of thousands of times the surface area target attack might otherwise have give and. I'm not sure if i'm getting that right. But is there sort of like a uniformity of like Apples structure whatever that may zero days especially vulnerable so apple doesn't have the same operating system across all the devices were mac. Os there's ipod iowa's grant tv os watch. Each device does have its own separated. separated operating system But is taking approaches to make that more uniform allowing to be able to pick something up from your phone and then be able to pick it back up on your mac or on your ipad so they are allowing that kind of cross use against the different operating systems are making that more like uniform. And so i don't know i i could totally see what the potential risks there Especially as apps made for ipads ios devices being added to the app store and being available on a mac because even though apple is pretty strict on their developers in what they allow in the app store we just had a case recently. Where they actually notarized mac malware to be able to be downloaded motorization was one of their big kennedy security approaches to help only allowed things that are authorized in kind of been blessed off. So they're not in there. There's no perfect defense Rate like you have to be aware of everything. There's always things that are gonna possibly slip. And so i do see that there could be potential risks with that for sure. Okay so speaking to that you know. It sounds like it's pretty hard. Is it pretty hard to sort of get one over via the app store in that way that you know they were able to authorize. This thing was so what happened with that. Was it just that. It looked very very realistic. And just sort of didn't pass the sniff astor's exactly and then it just turned out to be malware and that's that's not a common case no and that's the first i've heard of there may have been more but that was that was kind of like publicly made big knowledge. It's like okay so we want wanna talk. Obviously you're you're a bit of a mac guru here mcafee. We want to talk about. Mac specific security risks. That people should be aware of like what are some some common errors first of all that are made by apple users. You know just out in the world that opened them up to carry risks being careful what you click on that goes across any user. Just mac specific But yet just cautious of what you click on apple does a really good job of trying to put in some protections to the end user so not disabling things in the operating system right so like if you go to stack exchange looking for how to. Hey how do i do this. Really cool thing on my mac. And then they recommend that you disable internal protections like. You shouldn't do that like just cheap do rum. Yeah exactly in like there's always those targeted tools that are lake. Let's clean up your mac like here's your pop rate. That that that that happens a lot on the mac side because they are very focused on like your mac is contaminated. You need to download this kind of thing. So i think there's always that risk In depending on the type of attack and what what. The attackers like motives are is. There's always that sense of urgency rate. Like you need to do this right now. Because you're short-circuiting their commonsense. It's like right before. I can think about it. You just have kind of take a step back right like is this really is something bad But that's hard. I think there's there's always that pressure As a user to just be aware. But people like max because it's easy to use. They don't need all the ins and outs of everything Like people don't know where they're launch damon's launch In that there may be potential Tool there So i think it's just keeping be patient. Be weary of things that they download and click on Keep the native security functionality. That apple gives you enabled. Turn it off And just be more investigative into what they want me to add a would be my biggest lake just for any end user.
Two More New 0-Days Revealed in Chrome
"Two more new zero days revealed in chrome last week. We had three zero days patched in the previous two weeks today. We have five zero days patched in the previous three weeks. She's i know. And i we were just talking about this last week. Saying you know Once upon a time. I e was the favored target. Now it's clear. Chrome has become the majority browser. And you know it's trying to be kind of an every man's application execution environment. It's trying to be a little mini operating system with all the crap that that that the world wide web consortium keeps pouring into our browsers and is bugs so less wednesday. The eleventh chrome announced the stable channel. Update for windows. Mac and lennox. We're now at eighty six point zero point four to forty dot one nine eight and i had commented last week that i was already a dot one nine whatever it was or one six three or something i. I was further along then. Data made any announcement of and i didn't know why maybe this was part of that So this one is already rolled out under security fixes and rewards in their announcement of this stable update. They noted their standard boilerplate that details. Would-be kept restricted until the majority of users would no longer be effected. They indicated that both of those new in the wild zero days were discovered and reported by anonymous unquote the first on the seventh. And the second on the ninth and this thing was released on the eleventh so the update was pushed out to our desktops very quickly after it was reported to google And the bounty rewards for both of those was was dollar sign. T be d so you know to be determined The first flaw was another of those quote inappropriate implementation in eight which is exactly the exact language that was used to describe. The previous week's zero day vulnerability the other flaw was a use after free claw in the site isolation component which of course we depend upon. Because we don't want cross site exploitability and you know. This is the model for the way we need to be doing. Security moving forward researchers spot problems either doing static research or by catching something that they see happening in the wild. They report them privately to the responsible party. Whomever that is that responsible party rewards them for their discovery and for keeping their report private and then quickly updates the affected software pushing it out to all affected parties or devices depending on what it is. I mean that's what we're seeing here. Problems are being found. I mean they're going to exist in something as as crazy complicated as a modern browser not dimension an operating system. There's gonna be problems. There seems to be no end of them. You know we'll be talking about last tuesday's hundred and twelve things that were fixed and remember those are those. Those didn't just appear in the last month. Those have been lurking in windows and all related applications for probably a long time. We know that some of them affect windows seven the end. Those are not getting fixed anymore. So you know what. That's two thousand eight. That's twelve years ago. So we have this problem One thing we know today with absolute certainty is that cyber war and cybercrime either ad hoc organized are very real things
A new 0-day in Win7 through Win10
"As i said we have a new zero day and it's a complicated by the fact that it is existed at least since windows ten which as we know. Microsoft has at least since windows seven. Oh i'm sorry. Yeah since windows seven. Wow so last week. We talked at some length about the bug. Google found in the free type library which had been in use since june nineteenth. Two thousand fifteen or more than five years. What we knew then was that this flaw which was patched by that update to chrome was a zero day because it was being actively exploited. They you know. They fixed it in from one when they were notified. They fixed it within twenty four hours which was impressive response and they notified the free type people who also fixed it within twenty four hours also impressive. What we did not learn until the end of last week was that there was a previously secret. Second part to this zero day. The free type law was what was being exploited through chrome to open the door to the attacker but as is often the case thanks to modern operating system design the damage that can be done by an abberant application or exploit of an application running under the non root user account is deliberately minimal in modern operating systems. All of today's web browsers are careful to run under the users. Deliberately limited account privileges. This is why successful. Attacks and attackers often need to chain two or more exploits together to accomplish their nefarious ends. If the free type library happened to run in the kernel then a single exploit in it might have been sufficient but free type was also properly designed to run in user space so exploiting the free type flaw opened the door but the attacker then needed to elevate their privilege on the system to route or kernel level in order to get anything useful like from the attackers standpoint. Done the week before all of this. Google had seen the whole picture or presumably. The person who informed them had they saw this second phase. Which was leveraging a previously completely unknown and quite potent zero day flaw in windows to achieve privilege elevation. This was allowing the attackers. Then you know to do some real damage the privilege elevation that they discovered by watching it in action existed or actually i should say exists. Because it's still does today within the windows kernel based thus we have a problem there cryptographic services. Api and because that colonel based module the cryptographic services module exports and api. that's callable from user land. The bad guys can arrange to run their malicious code with full system permissions google's project zero folks immediately reached out to microsoft to inform them of what they had found and also to explain that since this was an act of vulnerability being exploited in the wild project zero normal patient ninety day disclosure window would be reduced as they even did for themselves to just one week actually. They only needed a day. And that's why the industry subsequently learned of this only late last week. That was seven days after. Actually eight after google told microsoft so the project zero the google's project zero day disclosure starts off with saying note. We have evidence that the following bug is being used in the wild therefore this bug is subject to a seven day disclosure deadline. And we've seen these in the past when we've talked about this and look did these in the period before the disclosure deadline all there is is just like a placeholder page no juicy details available because you know they're holding that embargoed until the problem can bet can't got fixed. They begin their right up by explaining the windows kernel. Crypt cryptography driver. C. n. g. dot says exposes a backslash device backslash c. n. g. device to user mode programs so in other words there's a. There's a divide the so that the cryptography driver looks like a device which exposes services through a device driver interface to programs running on top of the operating system and it supports a variety of a windows calls i. Ctl's i oh control calls. They said with non trivial impetus Input structures it constitutes a locally accessible attack surface that can be exploited for privilege escalation and they said such as sandbox escape. So of course they're they're they're viewing it from the stats from the standpoint of a sandbox escape because they're because the way this would have gotten in was through the browser which at and we know that running in the browser is deliberately sandbox so that it if it does something wrong it doesn't have access to much but by taking advantage of this. That code is able to escape from google's own chrome sandbox so microsoft for their part doesn't see this as such an emergency. Google has already closed and locked the front door. Through which attackers were able to reach the crypto. Api vulnerability and november's patch tuesday being next tuesday a week from this podcasts. Date of the third which you'll be the november tenth expects to have this fixed
Update Alert: Critical 0-day in Chrome
"Speaking of being challenged. The hacker news summed this up by writing attention readers in. You are using Google Chrome Browser on your windows Mac or Lennox computers you need to update your web browsing software immediately to the latest version Google released earlier today, and this was last week. So you know. Even, though that was last Tuesday even my own always sort of sluggish chrome had already updated but. This one just you our listeners may just want to make sure that they're now running eighty-six dot zero, dot forty, two, forty, dot one, one one. However, there's much more to last week's emergency update than what drove it, but we'll start with that. So last Tuesday's released closed five vulnerabilities. Four were rated high severity one was medium and one of those four high severity vulnerabilities was what we're talking about was a zero day that was seen exploited in the wild by being exploited by attackers who are using it to hijack targeted computers so You know that nasty one it was numbered CV e twenty, twenty, fifteen, nine, ninety, nine and what's significant is that it's a heap buffer overflow in free type, which is the widely used open source font rendering library, which is part of chrome but many other things. Various bounty payouts were or will be made for the other four vulnerabilities, but this biggie was discovered in house by Google's project zero researcher Sir J Glazunov. Even. So even though it was found in house, it was subjected to an accelerated seven day public disclosure released deadline because the flaw was under active exploitation and that's the project zero guidelines. You know you get. You get thirty days for things that like, yeah. You gotta gotTa get these things fixed but if it's if it's being used if it is a zero day, you get a week. As it happens, this only took one day for Google to begin pushing the update which they did on the twentieth they found out there was discovered on the nineteenth they had. They were pushing the fixed one day later, which is interesting because it wasn't even really their problem it was in the free type library not in chrome. Sir J immediately. Notified the free type developers who also developed an emergency patch to address the issue. And had it available the next day on October Twentieth And so that's free type two point one, zero, point four. This is significant because free type is everywhere. Without, revealing details of the vulnerability Ben Hawks who is project Zeros technical lead warned via twitter there while the team has only spotted an exploit targeting chrome users. It's absolutely possible that other projects that use any earlier versions of the free type, library and there will be roughly a gazillion might also be vulnerable and are advised to deploy the fix included with free type version two, point one, zero, point four, he tweeted while we only saw an exploit for chrome other users. A free type should adopt the fixed discussed here, and then I've there's he provided a Lincoln tweet I've got the link here in the show notes. And it is part of the stable release of free type again, two point one, zero, point four. So what we do know thanks to what Sir J has shared is that the vulnerability exists in free types function load s bit PNG. So it's load underscore S B it underscore PNG which processes P. Images embedded into Fox. It can be exploited by attackers to execute arbitrary code just by using specially crafted fonts with embedded PNG images, which out to be something that free type supports so in no not just curbed lifts, but you could embed images so and since web fonts can be specified by a web page, and since the browser will go download the font and then render glimpse from those fonts turning a theoretical free type flaw into an active exploit would not be difficult
Microsoft's 0-Day Folly
"But. At some level if you can get a lot of them, that's aggregated value. It's it's not good. Speaking of not good. Last week's patch Tuesday. When when zd net subs up We've patch Tuesday saying Microsoft says attackers have used a windows zero day to spoof file signatures and another Roku Remote Code execution in the Internet explorer scripting engine to execute code on. USERS devices. We need to take a closer look and actually those two things are the subject of the podcast that we will get to because. It's just hard to believe what a closer look reveals. But we have a hundred and twenty new flaws. In Microsoft's software fixed last week making it the third largest patch bundle of all time topped only by each of the previous two months with good and July, weighing in with one hundred, twenty, nine and one, hundred, twenty, three fixes respectively. This month's bundle carried a bit more urgency than usual. Since one of those seventeen flaws which were classified critical was zero day underactive attack at the time of the updates and one of the remaining more than one hundred flaws rated as merely important was also a zero day being exploited in the wild and publicly disclosed. So not even secret. The first of the two is titled It's e Two, thousand twenty, thirteen, eighty scripting engine memory corruption vulnerability being scripting engine problem. We should not be surprised to learn that the source of the trouble is e eleven. It was reported by a researcher at Kaspersky lab, and since it could be invoked by a militias office document, the belief is that it was probably spotted being used in fishing campaign. Microsoft. Had this to say about it. They said in a web-based attacks scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through I e and then. Convince a user to view the website. An attacker could also embed an activex control marked safe initialisation in an application or Microsoft Office document that hosts the I e. rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user provided content or advertisements. These websites could contain specially crafted content that could exploit owner ability in other words. Anything, that puts content. On a website that is able to evoke I e which we know they can. Can. Can do this. So keep this in mind when we get to the other end of this podcast because. It's unbelievable what the history of this is. So that remains a threat to anybody who hasn't yet applied last Tuesday's updates to their installation of windows ten. So obviously, it would be good to do that the second zero day despite being actively exploited in the wild and publicly known is only rated as important, which seems odd since it is CV twenty, twenty, fourteen, sixty, four and labeled someone innocuously as a windows spoofing vulnerability. Okay I suppose the scale of the problem should relate to what's being spoofed bugs description will catch your attention because it allows attackers to spook the identities of other companies when signing digitally signing an executable. Now, that's the way the press covered. We will get to the details a bit later and Microsoft's words. They said these spoofed signatures could allow an attacker to bypass security features. Intended to prevent improperly signed files from being loaded. Now, all of this is a bit of misdirection because the signatures are actually not being spoofed as we'll. We'll exp explain that later. So this too is not good but. Will cover the details at the end beyond those two day those two zero days. Five of the other critical bug fixes are for Microsoft's Windows Media Foundation, the multimedia framework and infrastructure, which has been used to render digital content ever since windows seven and since windows server two, thousand eight. In these cases successful exploitation would allow an attacker to install militias south ware manipulate data, or create new accounts. And among the rest because again, we had one hundred and twenty to choose from There's also twenty, two, thousand, ten, forty, six, another nasty one in the dot net framework affecting versions two point zero through four point eight. It's a remote code execution flaw. In the way dot net handles imports. An attacker could exploit this vulnerability to gain admin level control of the vulnerable system. This vulnerability would be exploited by uploading a specially crafted file to a web APP, which is, of course, not a heavy lift these days there's all kinds of Web APPs that are saying you know that that involve uploading user submitted stuff. This allows that to be exploited. So as always don't wait too long before
Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin's Most Dangerous Hackers
"Everybody from the British. Ask this week's interview. Episode has any Greenberg senior writer at wired. He just SORTA book called Sand Worm New Era of cyber war in the hunt for the Kremlin's Miss, dangerous hackers, it is all about hacking group inside of the Russian government called San Worm. They were responsible for the most damaging cyber warfare attacks over the past year there behind not PECI. The hackers took out in the mayor shipping line hospitals across the U. K San has totally escalated. What we think of Cyber War, and he's book gets all into how they were discovered how they were flushed out the. The intricacies of these various hacks. It's super interesting. The book is a thrill ride. If you're looking for something that isn't the virus. This is like a thriller, a highly recommended. It was really fun to talk to her about the stuff. one thing I. WanNa know we're all at home so during this in every might hear some kids in the background. I asked you just be a little forgiving that we're all. We're all dealing with it and he was a great interview. Check Out Sandy Greenberg of sand worm, a new era of cyber war and the hunt for the Kremlin's most dangerous hack. Any Greenberg your senior writer at wired you're also the author of Sand Worm, new era of cyber war in the hunt for the Kremlin's most dangerous. Welcome glad to be here so even writing about cybersecurity frontier I think you just said two thousand six and writing about Cybersecurity, but this book sand worm as I was reading it. It seems like it's called the new era of cyber war. It seems like there's been a huge turn in sort of state-sponsored. Particularly Russians sponsored cyber attacks. How did you come onto that notion? How did you begin reading this book I'm I'm very curious how you see. See that turn happening well. In late twenty sixteen, my former colleague Kim Zetter she had been the one who really covered state sponsored hacking in cyber war stuff, but she left wired, and this was also at the time. When you know Russian hackers were meddling in the US election, they'd hacked the democratic. National Committee and the Democratic Congressional Campaign Committee and the Clinton Campaign, so my editors were really primes on face, mantra hacking all of a sudden, but what they? They really what they told me they wanted was a actually like a big takeover of the whole magazine. All about cyber war, but cyber war to me is different than those kinds of espionage election, meddling tactics so I went looking for no real cyber war story, which means to me like a actual disruptive cyber attacks, and as I looked around. It seemed like the place where that was really happening was in Ukraine not really in the US in fact maybe. Maybe what was happening in? Ukraine seemed to me like it was in some ways, the only real full blown cyber war that was actually occurring where Russian hackers were not just attacking the election which they had done, they tried this spoof the results of a presidential election, but they had also attacks media and destroyed their computers. They had attacked government agencies and tried to like destroy entire networks, and then they had turned off the power for the first time. In December of two thousand, fifteen, the the first actual blackout triggered by hackers, and just as I was look into this happened again the the effect, the seem hacker group caused a blackout this time in the capital of Kiev so I wince looking in Ukraine for this cyber war story that. Turned into a cover story for wired that kind of gave editors what they wanted, but then also kept unfolding This cyber war kept growing in scope and scale and. The original story written for wired was kind of about the fact that you could look to Ukraine to see the future of cyber war that will what was happening. There might soon spread to the rest of the world. And that is actually what happens to like just after we publish that cover story to same hackers released this climactic terrible cyber attack in Ukraine. Called Not Petiot that spread beyond Ukrainians became the worst cyberattack history cost ten billion dollars, so when that happened, that was when I saw that there was potential to do a book about this that it was not just a kind of case study about Ukraine or even kind of predictive story, but a an actual full story arc about this one group that had carried out the what I would say was not only the first. First Real Cyber War, but the worst cyberattack in history and the you know I wanted to capture the the Ark of that story in the effects, the real experience of cyber war. Yeah, so the group is called sand worm in this is just one of the the sort of opening arcs of the book is how they've come. They come to be named this because references and code walk people through just like it's so. relatable that like even these hackers are using using this language that leads them recalled Sandwich Tell people about it. So when I started to look into the origins of this group after that second blackout attack I I found that this this company called eyesight partners which have been acquired by fire I I, said partners was the first to find these hackers in twenty, fourteen, basically using fishing in kind of typical espionage tactics, plant malware in the networks of typical Russian hacking targets like groups across Eastern, Europe and NATO in a look like what they were doing was just kind of typical espionage. They were planning. This by wear calls lack energy buds will first of all they could see that they were rushing, because they had this server that they were using to administer some of these attacks and they. They left the server, so anybody could look at it in. There was a kind of Russian language to file for how to use black energy on the service, so these guys seem like they were rushing, but even more interesting in some ways. was that they to track each victim each instance of black energy? This malware has little campaign code in each campaign was a reference to the science fiction novel Dune and you know so like one of them was something about Iraq is, and then one of them is about the sutter cars, these like imperial soldiers in in that SCI FI universe so I said partners named this group sand worm, because well just because it's a cool. Name associated with doing, but it turned out to me. It became this very powerful because a sandwich miss this monster that lies beneath the surface, and occasionally arises from underground to do terribly destructive things. partners didn't know that at the time, they they soon afterward realized what sand. was doing was not just espionage, but they were actually doing reconnaissance for disruptive cyberattacks. They were also hacking power grids. They were planning black energy, not only in the European Eastern European targets in the US power grid networks as well. The Ultimately Syndrome was the first twenty fifteen to cross that line in use black energy as the first step in a multi step attack that led to a blackout. So this was not just espionage really was kind of like you know this monster that rises from under the ground to do terrible acts of mass destruction that came to pass so one of the things that comes up over in the book. Is this growing sense of dread from security researchers and analysts? Oh this is an imminent threat to the united. States just Ukraine, but like this is happening here and then there's a sense that the United States actually open the door to this kind of warfare with stuxnet. which was an attack on Iran? How how did those connect for you that it seemed like there's a new rule of engagement new set of rules of engagement for cyber warfare that actually the United States implicitly created with with stuxnet by attacking Iran. Yeah, I mean I tried to highlight. Clearly sand worm are the real bad guys in the story, they are the actual hacker group that did these terribly reckless destructive attacks that actually in some cases put people's lives at risk, the kind of in some parts of the story they actually shutdown medical record systems and I. Think may have cost people's lives with cyber attacks today they are the actual antagonist here, but I also want to highlight the ways that the US government is is partially responsible for the state of Cyber War, and there are a few ways that that's true. I The US! Open the Pandora's box of cyber war with stuxnet. This piece of now where that. That was used to destroy Iranian nuclear enrichment centrifuges that was the first piece of our that actually have caused that physical disruption destruction, and we now see Sandra doing the same thing in Ukraine. In in fact, in some ways around the world, also the the US hordes, these kind of zero day, secret hacking techniques, some of which were stolen and leaked and used by sand worm, but then I think the in fact, the biggest way that I tried to highlight that the US is responsible or complicit or negligent. Here is that we did not call allows what Santorum was doing in Ukraine and say to Russia. We know what you're doing. This is unacceptable. Nobody should be turning out the lights. Two civilians with cyber attacks. There wasn't a message like that I. mean the Obama White House sent a message to Russia over this kind of cyber hotline to say your election hacking is not okay. We see what you're doing and we want you to stop, but they said nothing about a tube blackout attacks in Ukraine, and that was kind of implicit signal to Russia. They could keep. Keep escalating, and even as all the cyber security, researchers and Ukrainians were warning that what was happening to Ukraine, would soon spread to the rest of the world, the US government ignore this both Obama, and then the trump administration until that prediction came to pass and a sand worm cyberattack did spread to the rest of the world, and it was too late, and we all suffered globally as a result, so let's talk about patch it. WAS CATASTROPHIC IN SCOPE, right? It took out the mayor shipping line, which is a massive business. It took out some hospitals in UK like it was huge in scope. I don't think people really put it all together. Talk about how it started and how big it grew. Yeah, so not too was kind of like big apotheosis sandwich, where all of these predictions of the terribly destructive things they were doing to the rest of the world came to pass but it did it started in Ukraine. They hijacked this. The the software updates of this accounting software called me doc that is basically used by everybody in Ukraine. The quicken turbo tax of Ukraine. If you do business in Ukraine, you have to have this installed, so sanborn hijack the updates of that news to push out this worm to thousands of victims mostly in Ukraine, but it was a worm, so it's spread the mmediately end quickly kind of carpet bombs. The entire Ukrainian Internet's every computer at spread to would encrypt permanently. You could not recover the computer, so it very quickly took down pretty much every. Every Ukrainian government agency twenty two banks multiple airports for hospitals in Ukraine that I. could count and in each of these cases. What is eight took them down. I mean it destroyed essentially all of their computers, which requires sometimes weeks or months to recover from, but then as you know, this is a worm that does not respect national borders. So even though it was, it seemed to be an attack intended to disrupt Ukraine. It immediately spread beyond Ukraine's borders. Borders to everybody who had this accounting software installed? That was doing business in Ukraine and some people who didn't so that includes Maersk. The world's largest shipping firm and Fedex and Mondelez, which owns cadbury, NABISCO and ranking manufacturing firm that makes tylenol in Merck. The Pharmaceutical Company in New Jersey on each of these companies lost hundreds of millions of dollars. The scale of this is kind of difficult to capture but I in the book I tried to. To I focused in part Maersk because it is just a good company to look at because you can. They had this gigantic global physical machine that is they have seventy six ports around the world that they own as well as these massive ships that have tens of thousands of shipping containers on them. And I told the story of how on this day seventeen of their terminals of were entirely paralyzed by this attack with ships arriving with just. Piles of containers on them. Nobody could unload. Nobody knew what was inside of nobody knew how to load or unload them with around the world of seventeen terminals, thousands of trucks, Semitrailers, carrying containers were lining up in Lyons miles long because the gates that were kind of checkpoints to check in the these trucks to drop something off or pick it up. They were paralyzed as well. This was a fiasco on a global scale is responsible for a fifth of the world's lable shipping capacity. They were truly just a rendered brain dead by this attack, but yeah displayed out at all of these different victims MERC had to borrow their own each vaccine from the Center for Disease Control because they're manufacturing. Manufacturing was disrupted by this, and it ultimately spread to a company called nuance, nate speech to text software. They have a service that does this for hospitals across the US to dozens of our possibly hundreds of American hospitals at this backlog of transcriptions to medical records that were lost because of this, and that resulted in patients, being do for surgeries or transfers, other hospitals in nobody knew their medical records were updated. I mean this was scale where hundreds of hospitals each of which has thousands of patients missing changes the medical records. We don't know what the effects of that work, but very well could've actually harmed people's health. Our lives I mean the scale of not petty is very difficult to. Get your mind around, but we do know that you know monetarily cost ten billion dollars, which is by far the biggest number we've ever seen, but it also had this this kind of harder to quantify toll on people's lives, so it it you know you read about it at length and wired. Obviously these companies go down of ripples in mainstream sort of general press, but I don't feel like people really not like Oh. This Russian group called San Worms sponsored by the Russian government. Unleash this attack in it caused this cascading effect of failure and disaster cost in that because we know what we can attribute it to the government, our government. I don't feel like that connection got made for people. What is the gap between other as a hack and Oh, this is actually a type of warfare engagement, because that that connection seems very tenuous. I think for a lot of people. Even as sort of the more general mainstream press covers this stuff. Yeah, you know. I don't think that that's is just like the nature of. Of Cyber War I think that was a failing that that lack of connection is a failing on our government's parts, and on you could say even on the part of some of these victims like these large companies I mean I at the time did not pitch it happened. I was fully on the trail of standard within days. I was talking to cyber security researchers who? Who had piece together? Some of the forensics to show the not petiot was Sandra that it was a Russian state-sponsored attack in yet none of those companies that I mentioned mercker Mondelez or Maersk or Fedex, or any of them wanted to say the Russia had done this to them and know governments were talking about either like the Ukrainian government was. They're always willing to point. Point the finger at Russia, but the US government was not, and you know that to me seemed to be just kind of I mean I felt like I was being gas. Let's at that point. I had watched Russia due to Ukraine for a long time at that point tonight. I sort of understood that NATO in the West. We had this kind of cruel logic that. Ukraine is not us. Russia can do what it likes to Ukraine because they're not NATO not e you. They are Russia's sphere of influence or something I think that that's very wrongheaded, but at least it made sense. You know to have that that viewpoints, but now this attack had spread from Ukraine to hit American soil American companies in many cases and yet still the US government was saying nothing I just thought this was bizarre and you know so i. For months I was like. Trying to get any of these companies to tell the story of of their experiences, not Peta I was trying to figure out why the US government wasn't talking about the fact that this was a Russian cyberattack and ultimately I. Think it was I. think it was kind of I know partly disorganization negligence. I think it may have something to do with the fact that the. The? Trump administration doesn't like talking about Russian hackers for obvious reasons, but eight months after it took eight months ultimately for the US government to finally say not that it was a was Russia it was the worst cyberattack in history, and then a month later. The White House impose consequences in put new sanctions on Russia and response, but it took nine months and more importantly it took. Multiple years this without was the first time this was twenty eighteen, and the Russian cyber war in Ukraine had started around the fall of Twenty fifteen, so that's just incredible span of negligence when the US government said nothing about these escalating unfolding. Acts, of Cyber Award that there should have been unacceptable from the very beginning I mean these are the kind of quintessential acts of state sponsored cyber attacks on civilians, trying out the lights. You know that's the kind of thing that I believe that the US government should have called out and drawn a red line across at the very beginning took ears, so I do think it was a big failing. Of of diplomacy, it just seemed like that part of the problem, and this is kind of an expression is it's so hard to describe like if the Russian government sent fighter jets to America and live their support. Okay, like everyone understood, you can see it. You can understand what happened there. In the you know, there's like a however many decades of movies about how to fight that war. This is a bunch of people in a room typing. Like it there's just an element of this where the dangerous Oh federal where the attack is invisible, and while the effects might be very very tangible, the causes are still sort of mysterious people so. My question is who is sandwich. What what do we know about them? Where do they work? What are they like? Do we have a sense of how this operation actually operates? In some ways the the biggest challenge of reporting this book, and I spent essentially the third act of the book, the last third of the reporting of the book, trying to answer the question of who is in worm, who are these people? Where are they located? What motivates them and I guess to partially spoil the ending here. They are a unit of the year you. They are a part of Russia's military intelligence agency, which is responsible for you know, this is not a coincidence. They are responsible for election meddling responsible for the attempted assassination of You. chemical weapons in the United Kingdom they're responsible for the downing of a seventeen as commercial passenger jet over Ukraine were three hundred innocent people died on the G. R.. You are this incredibly reckless callous out military intelligence agency, but they act like kind of almost just cut through mercenaries around the world. Doing Russia's bidding in ways that are very scary, so I threw essentially like a combination of excellent work of a bunch of security researchers who I was speaking to combined with some confirmation from US intelligence agencies, and then ultimately some other clues from the investigation of Robert Muller into meddling all these things combined created the trail that led to one group within the JERE. You that were you know I? Eventually had some names and faces even address of this this group, and all that was actually only finally fully confirms After the book came out Justin in recent months when the White House finally actually was the State Department's. End as well as the UK on Australian and other governments together finally said yes, sand worm is in fact that this unit of the year you so this theory that I developed in positive near the end of the book was finally basically confirmed by governments just in recent months. So one thing that strikes me at that is I, think of the Russian military things. Gru is being foreboding being obviously, they're very very good at this other a buttoned up in then they have like a incredible social media presence that kind of POPs up throughout the book that distracts from what doing. They set up Gucci for two point Oh when they were doing the DNC hacks that fed to wikileaks in the. That account insisted it was just guy. They set up the shadow brokers which was. I read. It is just like your some goof-balls like they wanted to seem a lot dumber and a lot smaller than they were. They were very effective at it to people I. Talk About those that strategy, and then I guess my question have is like a re better at seeing that strategy for what it is well. You make a really interesting point. The uses these false flags like throughout their recent history that we I should say we don't know that they were responsible for shadow brokers. In fact, nobody knows who shot a brokers. The shadow brokers truly are, and they are in some ways the biggest mystery in this whole story, this one group that hacked the NSA apparently and leaked a bunch of their zero day hacking techniques, or maybe they were even say insiders. We still don't know the answer to that question, but the other other incidents you mentioned. That are you are responsible for this Guja for two point zero fake hacktivists leaked a bunch of the Clinton documents. They're responsible for other false flags like they at one point to call themselves the Cyber Caliphate pretended to be Isis. They've a pretended to be like patriotic pro. Russian Ukrainians at some point they they're always like wearing different masks ends. They're very deceptive. in the a later chapter of the book, some of the biggest one of the biggest attacks they. They did was this attack on the twenty thousand Olympics where they not only wore a false mask, but they actually had layers of false flags where as cyber security researchers W. This melwert was used to destroy the entire back end of the two thousand eighteen winter Olympics. Just as the opening ceremony began, this was a catastrophic events. The aware had all of these fake clues made look like it was Chinese or North Korean or maybe Russian. Nobody could tell it was like. It was this kind of confusion bomb almost designed to to just make researchers throw up their hands. Give up on attributing mallards. Any particular actor was only through some amazing detective work by some of the analysts that I spoke to the able to cut through those false flags identify that sand was behind this essentially, but yeah, it's it is a one very real characteristic of the jury you that they are almost they seem to almost take pleasure or like be showing off their deception capabilities to and their evolving those capabilities they are getting more deceptive over time as fake gets more, destructive aggressive. Advertising content when I say Utopia what comes to mind? Birds Chirping lush natural beauty dialed up and vibrant technicolor. Is it within reach. Your world. World. explained. You are an essential part of the Pathak social body. Everybody in that place. Everybody happy now. While the peacock original series brave new world takes place in a scientific futuristic utopia. The concept is nothing new Sir Thomas more. I introduced the theory five hundred years ago, but we keep looking for that community identity stability of aldous. Huxley's Utopia and not finding it. Americans are the unhappiest they've been in decades and we're increasingly lonely. whereas in a utopia, everyone belongs to everyone else. In nineteen, forty-three, the psychologist Abraham Maslov developed a theory of Yoga. One that allows total self determination in basic terms. maslow's theory says that in a utopia we decide for ourselves what we need and how we're going to get it in Huxley's Utopia. Citizens always get what they want and don't want what they can't get. Sounds pretty good right then. Why can't we make it happen? For a Utopian Society, to work, we might need to disband some of the things we hold dearest marriage government privacy individualism, even family. See for yourself if a utopian world is as perfect as it seems watch, brave new world now streaming only on peacock. This is advertising content. Hey. This is bowes I'm a podcast or By, I, a Gamer Five G. is changing the gaming world in really unexpected exciting ways with the help of Samsung Five G. I'm getting a peek at how gaming is getting faster smoother and can even improve our lives well. Let's dish some secrets about the future gaming. Dr Jean Mechanical Direct Route Game Research and development at the Institute of the future. She's also a bestselling author game inventor. She's optimistic about gaming impact on us and our minds. The biggest thing that we've seen in research is that. We need to be able to game in the moment wherever we are. So, what happens when when you're playing when your favorite games is that it fires up than her logical pathways, it's kind of like having a of caffeine and a pet dog from your favorite coach, and you've just meditated for an hour. This emotional neurological power up is called the game transfer effect, and that effect is heightened when using five. Five G. The game transfer fact requires you to be totally immersed in the game, so you want to have the most amazing graphics and the most immersive audio and with five G. to do that anywhere anytime, be one of the first to harness the game transfer effect with Samsung Galaxy Five G. now available on Galaxy, S Twenty-five g and a seventy one five G. feels good to be I with Samsung. I love to play the game of like. Imagine the meeting and imagine that the one set of meeting which is like the actual hackers finding the vulnerabilities figuring out how to jump from Windows, eight computer to some sort of physical hardware controller that actually runs like that. That's a very hard problem in and of itself, and then the other meeting. They're like what we're GONNA do is claim to be a guy called Gucci for two point, Oh and like those are. Not Connected Right, but the way they throughout the book the way they execute East campaigns they're deeply connected, and that seems like not only just a new kind of warfare, and you kind of craft, but some just consistently seems to work in surprising ways like the tech press is GonNa. Be Like Gucci. I says this and we're. There's never that next step of also we think it's Russian government, and that seems like first of all I'm dying. I imagine the meeting right. I would love to be a fly on the wall of the meeting where they decide what their twitter name is going to be today. I'm very curious how they evolve those attacks in such a way that it just seems to be more and more effective time. Yeah, I mean. I also love to have been those meetings in. It's my one kind of regret in this book that I never actually got. Interviews, it's almost an impossible thing to do. They liked find defectors from the R., you or something. He will tell those stories at a knock it murdered I mean. It's kind of a possible, but but. In some cases? I think your earlier points. They almost seem kind of bumbling in these things they do them in a very improvisational way. for two point Oh seemed almost like it was a justice thing they invented on the spot, tried to cover up some of the the accidental ups like they had left russian-language formatting errors in the documents that they had leaked from the DNC, so they admitted this guy who appeared the next day and started. Talking about being a Romanian. Friends as motherboard Lorenza, Franceschi decry he started this conversation. Align with with Guja for two point, oh basically proved at the guy could not actually properly speak Romanian. BE Russian speaker. In fact, it was. It was almost comical at the same time. They're using very sophisticated hacking techniques doing destructive attacks on a massive scale, but they're also. They seem like they're kind of making it up as they go along. They do things that don't actually seem very kind of strategically smart. They kind of seem like they're trying to impress their boss for the day. Sometimes with just like some sometimes, it's just seems like the Jere. You wakes up in asks themselves. Like what can we blow up today? Rather than thinking like? How can we accomplish the greater strategic objectives of the Russian Federation? So they are fascinating in that way and very stringent colorful group. That's I think one of the biggest questions I have here is. We spend a lot of time trying to imagine what flat and Mirror Putin wants. You know when he grows up, but it. None of this seems targeted like what is the goal for Russia to disrupt the Winter Olympics right like. Is there a purpose to that? Is that just a strike fear? Is it just to? EXPAND THAT SUV influenced. Is it just to say we have the capability furious is there? has there ever really been the stated goal for this kind of cyber warfare? That one is particularly mystifying. I mean you can imagine why Russia would want to attack the Olympics. They were banned from the two thousand Eighteen Olympics doping, but then you would think that they might want to attack the Olympics and send a message maybe like eight deniable message a message that you know if you continue to ban us. We're GONNA. Continue to attack you like like any terrorists would do, but instead they attacked the winter. Olympics in this way, that really seemed like they were trying not to get caught, and instead like make it look like the was Russia North Korea? And then you have to like what is the point of that was? The could kind of. Sit there in Moscow and kind of like rub their hands together in gleefully. Watch this chaos unfolds. It almost really does seem like it was petty vindictive thing that they just for their own emotional needs wanted to make sure that nobody could enjoy the Olympics if they were not going to enjoy them I that was, but that one is i. think outlier in some ways for the most part you can kind of see. The Russia is advancing. The G. R. You that sand worm is advancing something that does generally make sense which is that. In Ukraine for instance, they're trying to make Ukraine look like a failed state. They're trying to make Ukrainians. Lose faith in their security. Services are trying to prevent investors globally from funneling money into Ukraine trying to create a kind of frozen conflict, as we say in Ukraine where there's this constant perpetual state of degradation. They're not trying to conquer the country, but they're trying to create a kind of permanent war in Ukraine and would cyber war. You can do that beyond the traditional front end. It is in some ways the same kind of tactic that they used in other places like the US which. which here we saw more than influence operation that they were hacking leaking organizations like democratic campaign organizations and anti doping organizations to kind of so confusion to embarrass on their targets. They're trying to influence like the international audiences opinion these people, but in Ukraine, it is in some ways, just a different kind of influence operation where they're trying to influence the world's view of Ukraine. Influence Ukrainians view of their themselves under government to make them feel like they are in a war zone even when their kid hundreds of miles from the actual fighting. That's happening on the eastern fronts in the eastern region of. Of Ukraine so in a book you you you go to Kiev. You spent time in Ukraine. Is there a sense in that country that while sometimes light goes out sometimes our TV stations. Their computers don't boot anymore. Because they got rewritten, the Hydros got Zeros like. Is there a sense that this is happening? Is there a sense the defy back is there does Microsoft deploy you know dozens of engineers to to help fight back. How does that play out on the ground there? Yeah, I mean to be fair. Ukrainians are very stoic about these things and regular. Ukrainian citizens were not bothered by you know. Know a short blackout. They didn't particularly care you know. This blackout was the first ever. Hacker induced blackout in history but Ukrainian cyber security. People were very unnerved by this end, people in these actual utilities were traumatized I mean these attacks were truly like relentless sins very kind of scary for the actual operators at the controls I mean in the first blackout attack. These poor operators Ukrainian control room in western Ukraine they were locked out of their computers, and they had to watch their own mouse cursor. Click through circuit breakers, turning off the power in front of them I. Mean They watched it happen? At these kind of Phantom hands to control of their mouse movements, so they took this very very seriously, but yet Ukrainians as a whole I mean they have seen a lot. They are going through an actual physical war. They've seen the seizure of Crimea and the invasion of the east of the country. You know the the date hits. A Ukrainian general was assassinated with a car bomb in the middle of Kiev, so they have a lot of problems, and I'm not sure that cyber war is one of the top of their minds, but not patio I. Did, actually reach Ukrainians normal. Ukrainian civilians to it. It shook them as well. I talked to two regular Ukrainians. who found that they couldn't swipe into the Kiev Metro. They couldn't use their credit card at the grocery store. All the ATM's were down The Postal Service was taken out for every computer that the postal service had was taken out for more than a month. I mean these things really did affect people's lives, but it kind of. A until that kind of climactic worm. Not Patio for I think for this to really reach home for Ukrainians. who have kind of seen so much. How do you fight back? I, mean I one of things that struck me as I was reading. The book is so many of the people you talked to people who are identifying the threat. They're actually private companies. Eyesight was the first even detect it. they are contractors to intelligence agencies the military in some cases, but they're not necessarily the government right like it's not necessarily Microsoft. Who has to issue the patches from the software not necessarily GE which makes simplicity, which is the big industrial controls talk about a lot. How does all that come together into a defense because that seems like harder problem of coordination? Yeah, I mean defense in Cyber. Security is in an eternal problem. It's incredibly complicated, and when you have a really sophisticated determined adversary, it know they will win eventually ends I. think that they're absolutely lessons for defense in this book about you know. Maybe you need to really really think about software updates for instance like the kind that were hijacked to a with this medoc accounting software. As a vector for terrible cyber-attacks. Imagine that like. Any of your insecure apps that have kind of updates can be become a a piece of Malware, really unique to signature networks need to think about patching on. There are just an endless kind of checklist of things to every organization needs to do to protect themselves so. In some ways that just like a Sisyphean task and I don't. I don't try to answer that question in the book because it's too big, and it's kind of boring as well, but what I do really hammer on is the thing that the government's really could've done here. which is to try to establish norms tried to control attackers through diplomacy through kind of disciplinary action through things like kind of Geneva Convention for Cyber War if. If you think about a kind of analogy to say like chemical weapons, we could just try to give everyone in the world a gas mask that they have to carry around with them at all times, or we could create a Geneva. Convention norm that chemical weapons should not be used in if they are than crime, and you get pulled in front of the Hague. Hague and we've done the ladder and I think that in some ways should be part of the the answer to cyber war as well we need to establish norms and make countries like Russia or like organizations like the G. Are you understand that there will be consequences for these kinds of attacks, even when the victim is not the US or NATO or the? The EU and I think we're only just starting to think about that. One of the questions I had as reading is it seems like a very clear red line for almost everyone you talk to is attacks on the power grid right? That is just unacceptable. You should not do it if you do it. You've crossed a line and there should be some consequence. Is, that clear to governments. Is that something that our government says? It's something that the says it has been established. It seems like it's it's the conventional wisdom wants to salvage, but I'm not unclear whether that is actually the line that exists. It definitely has not been established, and when I kind of did these I managed to get sort of interviews with the top cyber security officials in the Obama ends trump administration Jay Michael Daniel was the cyber. Cyber Coordinator for the administration was the kind of cyber coordinator boss in the The Homeland Security Adviser for trump and both of them when I asked him about like wiped. Why didn't you know to put it bluntly like? Why didn't you respond? When Russia caused blackouts in Ukraine? Both of them essentially said well. You know that's not actually the rule that we want to set. We want to be able to cause blackouts in our adversaries networks. In their power grids when we are in a war situation or when we believe it's in our national interest, so you know that's the thing about these cyber war capabilities. This is part of the problem that every country. Absolutely the US among them isn't really interested in controlling these weapons, because we in this kind of Lord of the rings fashion, we are drawn to them to like we want to maintain the ability to use those weapons ourselves and nobody wants to throw this ring in the fires, of Mount Doom. We all wanted maintain the ring and imagine that we can use it for good in out. So that's why neither administration called that Russia for doing this because they want that power to. Make the comparison to to nuclear weapons but Negotiated drawdown and treaties with Russia in the past we count warheads where aware that the United States stockpiles can destroy the world. Fifty Times over today maybe tomorrow one hundred hundred like what we have a sense of the the measure of force that we can. Put on the world when it comes to nuclear weapons, there's a sense that Oh, we should never use these right like we have them as a deterrent, but we've gained out that actually leads to his mutually assured destruction like there's an entire body of academics. There's entire body of researchers. Entire body is got scenario planning with that kind of weapon. Does that same thing exist for for cyber weapons. There are absolutely. Know community is of academics. Policymakers who are thinking about this stuff now, but I don't think it's kind of gotten through to actual government decision. that. There needs to be kind of cyber deterrence in how that would work. In in the comparison to nuclear weapons is like instructive, but not exactly helpful. In fact, it's kind of counter-productive because we cannot deter cyber-attacks with other cyber-attacks i. don't think that's GonNa work in part because we haven't even tried to establish it yet. There are no kind of rules or read lines, but then I think more importantly. Everybody thinks that they can get away with cyberattacks that they can. They're going to create a false flag. That's clever enough that that when they blow up a power grid, they can blame their neighbor instead, so they think they're. They're gonNA. Get Away with it, and that causes them to do it anyway. A not fear the kind of assured destruction so I think that the the right response, the way to to deter cyber attacks is not with the promise of a cyber attack in return. It's with all the other kind of tools we have, and they've been used sometimes, but but they were not in the case of Sand Werman. Those tools include like sanctions which came far too late in the story indictments of hackers. In some cases, we still haven't really seen syndrome. Hackers indicted for the things that they did in Ukraine or or even not petty. And then ultimately just kind of messaging like calling out naming and shaming bad actors, and that has happened to some degree with Sandra, but in some cases there have still been massive failures there there has still been no public attribution of the Sandwich attack on the twenty eighteen Olympics I mean. My Book has been out for months. I think show pretty clear evidence that syndrome is responsible for this attack. The very least it was Russia and yet the US and Korean War, These Olympics took place at UK, none of these governments have named Russia as having done that. That attack which almost just invites them to do it again whenever our next Olympics are going to be, I guess maybe not this year, but if you don't send that message than you're just essentially inviting Russia to try again so I think might my big question is what happens now? I mean right we you write about. The NSA has tailored access operations, which is their elite hacking group. We are obviously interested in maintaining some of these capabilities. We've come to a place where people are writing books about how it works. What is the next step? What is the next? does it just keep getting worse or does this kind of diplomacy you're talking about? Is that beginning to happen I? Think there is some little glimmers of hope about the diplomacy beginning to happen I mean this year in February I think it was the State Department's called out a sand worm attack on Georgia, where a worms hackers basically took down a ton of Georgian websites by attacking the hosting providers as well as a couple of TV's broadcasters in the US. State Department with a few other governments not. said this was sand. Worm named the unit of the GRU. That's is that was confirmation that I've been looking for for a long time, but they also made a point of saying that we're calling this out is unacceptable, even though Georgia. Georgia is not part of NATO or the U. so that's that's progress. That's essentially creating a new kind of rule. That's state-sponsored. Hackers can't do certain things, no matter who the victims and that's really important. Also, it was kind of interesting because federal officials like gave me a heads up about that announcement before happened, which they have very very rarely do and I think they were trying. To say was in we. We read your book and we. Got The message okay like Stop attacking us about this like we're trying. We're doing something different here I. Don't want flatter myself that I actually changed their policy, but it did seem interesting that they wanted to tell me personally about this so i. I think that like maybe our stance on this kind of diplomacy is evolving, and we're learning lessons, but at the same time we also see the attacks evolving to. To and their new innovations in these kinds of disruption happening, we've seen since some of these terrible Sandra attacks. You know other very scary things like this piece of our called Triton or crisis that was used to disabled safety systems in a oil refinery in Saudi Arabia on that was you know that could have caused an actual physical explosion of petrochemical facility? The the attacks are evolving to okay final last real question. Tell people where they can get your book. You can find all kinds of places by on indie Greenberg Dot net. Written another book as well previously, yes. That's right. I wrote a book about wikileaks. Cypher punks and things like that. That's right well. I'm a huge fan. It was an honor to talk to you. Thank you so much for coming on I know it's. It's a weird time to be talking about anything, but the coronavirus I was very happy to talk about something else, which is that it seems a little bit more in control Even if it is quite dangerous, a thank you for the time. I appreciate it. Yeah, I'm glad to provide people with a different kind of apocalypse as a distraction.
"Some time ago about a year ago, or maybe two years ago, twitter introduced time based one time passwords google authenticated as most people know that mechanism where you have an authentic eater APP on a mobile device, and that gives you six digit codes to log in as to factor, which is much more secure than SMS SMS of course can be hijacked if your Sim Card is hijacked, so a lot of people were speculating all of these different methods of attack to me. It seems unlikely that accounts that are very familiar with some checking because. Because it happens a lot in crypto and has had a lot of high profile. Reporting would have SMS. It also seemed unlikely that even if they did that, someone was able to Sim Jack phones from big accounts across two different continents, at least because some of these accounts are china-based or singapore-based, some are europe-based. Some are a us-based that involve several different phone carriers in different countries all done within a matter of hours. It seemed to me very unlikely that I would be the case so assuming that they did have hardware two factor authentication. Or at least an authentic eater op, you can't really steal a password. That's not enough. So then, if the account security is likely to be quite secure, what are the other avenues someone can get in? The next most likely mechanism of attack would be API's so twitter has API's that allow various social media, aggregate or sites to post so that whole team of people can schedule and review and posts to multiple platforms similtaneously I. Use platforms like that, too. It allows me to work with a team of people and collaborate on what we post and schedule it out in advance. So. When you see a personal message from me, his personal, but when you see an with like I'm doing this video on Saturday, you know that's scheduled in advance and it's posted automatically. Are, not sitting there, attaching images and typing in Hashtags in real time. These services of course access the twitter API using off which is a nation protocol. It's the same protocol that's us when you log into a site using your google account and it redirects. You gets an encrypted challenge response message from uses that antedates into sight. And these gain full access the twitter time and presented in some of the site. You're probably familiar with things like hoot, sweet and buffer, sensible and various other sites like that now. These sites are not always as well secured. So that was my immediate suspicion. Because from there you can easily post the message, and if that site security isn't a strong with two factor, etc, I assumed. had been compromised than because there are only a handful of social media postings services eight. It was quite possible that all of these disparate companies were using the sang. Then the attack continued to escalate. One of the things that was noticeable was that the tweets that will come out? Were saying twitter web APP. Now when you have an off service that is posting remotely through the API. It has a clear identifier, says twitter for iphone, says hoot suite, it says some social media, posting or something like that. It doesn't say twitter web up. So my immediate suspicion was that this was a browser extension again much easier to compromise it. Browser extension that is a common single point of failure across all of these different accounts, and would have access to twitter web API to post on behalf or maybe sore credentials for users. There are a lot of sloppy browser extensions out there and then people started talking about the possibility of zero day browser exploit now. That'd be a very serious problem. Because Zero Browser, exploit effectively means that someone was compromising browsers through some click through mechanism, revolt, execution, or something like that and hijacking credentials from inside the browser secure store. That's a very serious. Because I would affect not just twitter, but then again it was only happening on twitter. And why would you use a zero day? Browser exploit that can be enormously powerful to hack only one site twitter, and then to use it to do this silly. Nigerian scam. I'm using the term Nigerian scam because Nigerians have anything to do with us, but because this type of scam originated with the Nigerian Prince Story, I mean it's a story, actually the we've seen repeat over and over and over again for two decades exactly I was reading through some kind of gaming coverage of this and many of them are likening it to scams that. That have been pulled in Yvonne Line, which is a popular sort of Laissez Faire, M., o. and ruined scape, also, which is really like a mostly for kids type of environment, and again like seven years ago. Apparently there was a rash of this type of give your money and I'll give you double back and again of course in crypto currency. We've seen this since.
"zero day" Discussed on Security Now
"Pauline deployment sort of cautiously. They said while the phased rollout is in progress. Customers who would like to manually enable wretch Pauline on their machines those with windows, Ted October twenty eighteen eighteen o nine with a broad well or older chip can do. So they wrote with the following registry. Configuration updates. And again Lincoln the show notes for the five of you out of the who knows how many listeners we have. Who are, you know, still at this point like, oh, yeah. That's me. Go get it. Meanwhile. Adobe cold. Fusion gets an emergency patch last Friday March first adobe released an emergency patch for their Java based cold fusion website development platform to close vulnerability that was being actively exploited in the wild to execute arbitrary code, so yes emergency. That's so if hopefully again, if you're using cold fusion, you are current with your Email. Update notification list, and this is already old news to you. Because this was a zero day that they became aware of the vulnerability allowed an attacker to bypass restrictions for uploading files. So to take advantage of of it the website had to be configured to accept execute -able uploads so K so that immediately hopefully disqualifies them right there. Yeah. Now on the other hand, there are places where you know, you could imagine you could be allowing execute -able uploads for some reason where they would be sequestered. And then could not be executed. The flaw allows an H T T P request to execute that uploaded file Yuxi. So not good. Good really, not good all previous cold. Fusion versions on all platforms are vulnerable to this flaw. It CV twenty nine thousand nine hundred seventy eight sixteen. I've got a link to their security advisory which you just had on the screen a second ago. Adobe summary said adobe has released a as release security updates for cold..
"zero day" Discussed on World Cafe
"A bit of zero day from the album dance on the blacktop. Nothing is the bandits to Dominic is guest hanging out with us. So that's very different presentation than what you're doing today. How much of a challenge is it to sort of deconstruct these songs for the cafe, well, you know, we've done versions of songs like acoustically throughout this disbands career. But it's funny because a lot of people don't realize it ever because when they hop on a record. They're like they've they don't see anything that happened before. But we do the love doing this like it's like one of one of our favorite things. We're big fans of like, you know, when when these kind of bans did stuff like this like, you know, when you'll house Rachel did like Mojave three like a hobby three was like one of my favorite bands. But yeah, I mean, this has been a thing that I've always wanted to do to you know, the other side of this making this loud, massive music, and then. And then being able to do like a calm down version of it. Right. And when it comes back to a lot of what nothing is about is the lyrics that go in to these very powerful songs. Tell us a little bit about the carpenter's, son. Well. Are you the carpenter's son? I believe I the carbon son. I am. My I mean, my father was a was a in the labor union for twenty five years here in Philly. He built liberty one liberty to he was he took me up there when I was eight years old when it was just a shell liberty one. And it's at the time that was the tallest building built in Philadelphia was. Yeah, he brought me up. There was no windows in the thing. Very unsafe like myself. He he brought me to the top. It's the first time I've ever seen the city like that. I mean must've been eighty eighty seven eighty eight. And you know, the songs songs about him. But it's also about. Losing someone. In an untimely fashion and things to be, you know, death is very unexpected. As everyone knows, but I've experienced it quite a bit in my life. And you know to me the song kind of serves as a reminder to recognize the people that are around who as much as possible. When there's when there's things, you know, trivial things in front or standing in between you and that person to just kind of try to remember how things how fast things are. And how short everything is. Kind of about that. There's quite a few levels, the carpenter's son is obviously, you know, that had some problems growing up, you know, when he was younger he had a bit of a problem with alcohol and drugs, and you know. Got things got abusive in my family household. You know, was just a typical problem. You know, a lot of these guys came home from via tours Vietnam, and nobody really even PTSD thought back, then you know, what these guys said the were just deal with it. Yeah. And people dealt with with drugs, and and took their out on the kids, and their wives and stuff. So he dropped that that the that kind of thing, and then kind of became a boarding Christian and kind of change. My perceptive perception religion force me into these weird scenarios with like. You know, people speaking in tongues, and wow, crazy things like that. And literally just pushed me away from religion pushed me into a life of crime and made me kind of have this this clarity that that a kid my age shouldn't have and what this world really has. So I mean, the song kind of about he's a lot. But and the title itself, which is an allegory to Christianity as well. And and she's in Joseph, and yeah, man, this is well, I really appreciate that. You guys are sharing this with us in this cool unplugged addition, let's take a listen to nothing live here on the world. Cafe it's the carpenter's, son..