In our interview, Elsa Kania and Sam Bendett explain what China and Russia have learned from the American way of warfighting – and from Russia’s success in Syria. The short answer: everything. But instead of leaving us smug, I argue it ought to leave us worried about surprise. Elsa and Sam both try to predict where the surprises might come from. Yogi Berra makes an appearance.
Our interview is with two men who overcame careers as lawyers and journalists to become serial entrepreneurs now trying to solve the “fake news” problem. Gordon Crovitz and Steve Brill co-founded NewsGuard to rate news sites on nine journalistic criteria. Using, of all things, real people instead of algorithms. By the end of the interview, I’ve confessed myself a reluctant convert to the effort. This is despite NewsGuard’s treatment of Instapundit, which Gordon Crovitz and I both read regularly but which has not received a green check.
We interview Dmitri Alperovitch of CrowdStrike on the company’s 2019 Global Threat Report, which features a ranking of Western cyber adversaries based on how long it takes each of them to turn a modest foothold into code execution on a compromised network. The Russians put up truly frightening numbers – from foothold to execution in less than twenty minutes – but the real surprise is the North Koreans, who clock in at 2:20. The Chinese take the bronze at just over 4 hours. Dmitri also gives props to a newcomer – South Korea – whose skills are substantial.
The backlash against Big Tech dominates the episode, with new regulatory initiatives in the US, EU, Israel, Russia, and China. The misbegotten link tax and upload filter provisions of the EU copyright directive have survived the convoluted EU legislative gantlet. My prediction: the link tax will fail because Google wants it to fail, but the upload filter will succeed because Google wants YouTube’s competitors to fail.
If you get SMS messages on your phone and think you have two-factor authentication, you’re kidding yourself. That’s the message Nick Weaver and David Kris extract from two stories we cover in this week’s episode of The Cyberlaw Podcast – DOJ’s indictment of a couple of kids whose hacker chops are modest but whose social engineering skillz are remarkable. They used those skills to bribe or bamboozle phone companies into changing the phone numbers of their victims, allowing them to intercept all the two-factor authentication they needed to steal boatloads of cryptocurrency. For those with better hacking chops than social skills, there’s always exploitation of SS7 vulnerabilities, which allow interception of text messages without all the muss and fuss of changing SIM cards.
Our blockchain colleagues recently published an article on the rapidly evolving landscape where blockchain intersects with data security and privacy. If you’ve ever wondered how blockchains can be considered secure even though hacks of cryptocurrency exchanges routinely make headlines, or whether distributing a permanent ledger to every participant in a network might run afoul of privacy laws and regulations then be sure to check out “Cybersecurity Tech Basics: Blockchain Technology Cyber Risks and Issues” and learn more about these issues.”
If the surgeon about to operate on you has been disciplined for neglecting patients, wouldn’t you like to know? Well, the mandarins of the European Union privacy lobby beg to differ. Google has been told by a Dutch court not to index that story, and there seems to have been a six-month lag in disclosing even the court ruling. That’s part of this week’s News Roundup. Gus Hurwitz and I are appalled. I tout my long-standing view that in the end, privacy law just protects the privileged. Gus agrees.
The interview is with John Carlin, author of Dawn of the Code War. It’s a great inside story of how we came to indict China’s hacker-spies for attacking US companies.
So says the remarkable Jeff Jonas, CEO of Senzing. And he’s got a claim to be doing just that. A data scientist before data science was cool, Jeff has used his technical skills and an intuitive grasp of complex data problems to stop card counters in Las Vegas and terrorists targeting the US, and then to launch an initiative making voter registration more accurate and widespread. Most recently, in the course of an effort to improve maritime security around Singapore, he also found a key to identifying asteroids that are about to collide with each other and head off on a new course (one that might intersect with, well, ours).