Are Russian hacker-spies a bunch of lethargic government drones more interested in smash-and-grabs than stealth? That’s one of the questions we pose to Mikko Hypponen in episode 86 (right after we ask about how to pronounce his name; turns out, that’s harder than you think). Mikko is the Chief Research Officer at F-Secure and a long-time expert in computer security who has spoken and consulted around the world for over 20 years. His company recently published a lengthy paper on Russian government cyberspies, which F-Secure calls “the Dukes.” Mikko describes the Dukes’ targets and tactics, including a remarkably indiscriminate attack on a Tor exit node. I press him on whether attribution is really getting better, and on whether F-Secure’s paper eases or heightens concerns about Kaspersky’s ties to Russian intelligence.
Mikko also joins us for the news roundup, where we do a damage assessment from the ECJ’s Safe Harbor demolition and I critique Brad Smith’s implausible solution to the transatlantic data rift. We explain why Israel has decided to cut off data transfers to the US (hint: it’s not concerns about aggressive counterterror surveillance).
And I wonder whether the House of Representatives passage of the Judicial Redress Act makes Jim Sensenbrenner the abused spouse of the European Commission (“I was going to give you this nice cause of action for your citizens when you slapped me upside the head with the Safe Harbor ruling. So, uh, here it is anyway. Now do you love me?”).
CISA comes to the floor at last. I scope the pending amendments. Two of them would greatly increase the “privacy tax” on information sharing; the only good thing about Sens. Wyden and Heller’s proposals is how much business it will create for lawyers. Sen. Franken has an amendment that strips the mask from the privacy lobby. The privacy groups that support the Franken amendment aren’t just pro-privacy, they’re anti-security. The amendment would prevent companies from sharing information that might disclose a security risk and require instead an individualized determination that the signature makes a compromise “reasonably likely.” The fight over the Cotton amendment to allow sharing with the FBI or Secret Service rather than DHS, meanwhile, looks like a turf fight disguised as a privacy issue.
In other news, we absolve CIA director Brennan of accusations of bad security in his email hack. And in the back of the paper, where the dog-bites-man stories go, CrowdStrike finds that Chinese cyberspies haven’t yet stopped stealing commercial secrets.
As always, the Cyberlaw Podcast welcomes feedback. Send an e-mail to CyberlawPodcast@steptoe.com or leave a message at +1 202 862 5785.