For the first time in twenty years, the Justice Department is finally free to campaign for the encryption access bill it has always wanted.  Sens. Lindsey Graham (R-S.C.), Tom Cotton (R-Ark.), and Marsha Blackburn (R-Tenn.) introduced the Lawful Access To Encrypted Data Act. (Ars Technica, Press Release) As Nick

This episode is a wide-ranging interview with Andy Greenberg, author of Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin’s Most Dangerous Hackers. The book contains plenty of original reporting, served up with journalistic flair. It digs deep into some of the most startling and destructive cyberattacks of recent years, from two dangerous attacks on Ukraine’s power grid, to the multibillion-dollar NotPetya, and then to a sophisticated but largely failed effort to bring down the Seoul Olympics and pin the blame on North Korea. Apart from sophisticated coding and irresponsibly indiscriminate targeting, all these episodes have one thing in common. They are all the work of Russia’s GRU.

Andy persuasively sets out the attribution and then asks what kind of corporate culture supports such adventurism – and whether there is a strategic vision behind the GRU’s attacks. The interview convinced me at least that the GRU is pursuing a strategy of muscular nihilism – “our system doesn’t work, but yours too is based on fragile illusions.” It’s a kind of global cyber intifada, with all the dangers and all the self-defeating tactics of the original intifadas. Don’t disagree until you’ve listened!


Continue Reading Episode 286: Sandworm and the GRU’s global intifada

We are fully back from our August hiatus, and leading off a series of great interviews, I talk with Bruce Schneier about his new book, Click Here to Kill Everybody: Security and Survival in a Hyper-Connected World. Bruce is an internationally renowned technologist, privacy and security commentator, and someone I respect a lot more than I agree with. But his latest book opens new common ground between us, and we both foresee a darker future for a world that has digitally connected things that can kill people without figuring out a way to secure them. Breaking with Silicon Valley consensus, we see security regulation in the Valley’s future, despite all the well-known downsides that regulation will bring. We also find plenty of room for disagreement on topics like encryption policy and attribution.

Bruce Schneier and Stewart Baker
Bruce Schneier and Stewart Baker


Continue Reading Episode 230: Click Here to Kill Everybody