If your podcast feed has suddenly become a steady diet of more or less the same COVID-19 stories, here’s a chance to listen to cyber experts talk about what they know about – cyberlaw. Our interview is with Elsa Kania, adjunct senior fellow at the Center for a New American Security and one of the most prolific students of China, technology, and national security. We talk about the relative strengths and weaknesses of the artificial intelligence ecosystems in the two countries.


Continue Reading

If you get SMS messages on your phone and think you have two-factor authentication, you’re kidding yourself. That’s the message Nick Weaver and David Kris extract from two stories we cover in this week’s episode of The Cyberlaw Podcast – DOJ’s indictment of a couple of kids whose hacker chops are modest but whose social engineering skillz are remarkable. They used those skills to bribe or bamboozle phone companies into changing the phone numbers of their victims, allowing them to intercept all the two-factor authentication they needed to steal boatloads of cryptocurrency. For those with better hacking chops than social skills, there’s always exploitation of SS7 vulnerabilities, which allow interception of text messages without all the muss and fuss of changing SIM cards.


Continue Reading

The White House today announced a pilot program to be led by the Financial Services Information Sharing and Analysis Center in which ISPs will share data about botnets with financial institutions. ISPs also announced a set of principles for fighting botnets.

This is a positive announcement. You shouldn’t be engaged in online banking if your

I wonder whether this strategy will really be all that effective. Apparently “Microsoft does not believe the operators of the facilities it raided on Friday, which rent space to clients on computers connected to the Internet, are in league with the people behind the botnets. And those operators said they had no idea that equipment