hacking

Subscribe to hacking

Our interview is with Bruce Schneier, who has coauthored a paper about how to push security back up the Internet-of-things supply chain: The reverse cascade: Enforcing security on the global IoT supply chain.  His solution is hard on IOT affordability and hard on big retailers and other middlemen, who will face new

In the News Roundup, Dave Aitel (@daveaitel), Mark MacCarthy (@Mark_MacCarthy), and Nick Weaver (@ncweaver) and I discuss how French and Dutch investigators pulled off the coup of the year this April, when they totally pwned a shady “secure phone” system used by massive numbers of European criminals. Nick Weaver explains that hacking the phones

This episode is a wide-ranging interview with Andy Greenberg, author of Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin’s Most Dangerous Hackers. The book contains plenty of original reporting, served up with journalistic flair. It digs deep into some of the most startling and destructive cyberattacks of recent years, from two dangerous attacks on Ukraine’s power grid, to the multibillion-dollar NotPetya, and then to a sophisticated but largely failed effort to bring down the Seoul Olympics and pin the blame on North Korea. Apart from sophisticated coding and irresponsibly indiscriminate targeting, all these episodes have one thing in common. They are all the work of Russia’s GRU.

Andy persuasively sets out the attribution and then asks what kind of corporate culture supports such adventurism – and whether there is a strategic vision behind the GRU’s attacks. The interview convinced me at least that the GRU is pursuing a strategy of muscular nihilism – “our system doesn’t work, but yours too is based on fragile illusions.” It’s a kind of global cyber intifada, with all the dangers and all the self-defeating tactics of the original intifadas. Don’t disagree until you’ve listened!


Continue Reading Episode 286: Sandworm and the GRU’s global intifada

Today’s episode opens with a truly disturbing bit of neocolonial judicial lawmaking from the Court of Justice of the European Union. The CJEU ruled that an Austrian court can order Facebook to take down statements about an Austrian politician. Called an “oaf” and a “fascist,” the politician more or less proved the truth of the accusations by suing to keep that and similar statements off Facebook worldwide. Trying to find allies for my proposal to adopt blocking legislation to protect the First Amendment from foreign government interference, I argue that President Trump should support such a law. After all, if he were ever to insult a European politician on Twitter, this ruling could lead to litigation that takes his Twitter account off the air. True, he could criticize the judges responsible for the judgment as “French” or “German” without upsetting CNN, but that would be cold comfort. At last, a legislative and international agenda for the Age of Trump!


Continue Reading Episode 281: Can the European Union order Twitter to silence President Trump?

Our blockchain colleagues recently published an article on the rapidly evolving landscape where blockchain intersects with data security and privacy. If you’ve ever wondered how blockchains can be considered secure even though hacks of cryptocurrency exchanges routinely make headlines, or whether distributing a permanent ledger to every participant in a network might run afoul of