CyberWire Daily – August 22, 2025
Episode Title: "A Free Speech Showdown"
Main Theme
This episode of CyberWire Daily explores the collision between global online safety regulations and American free speech law, highlights major trends in cyber threats and law enforcement responses, and features a first-person account from Brandon Karp on detecting North Korean job applicant scams targeting startups. The episode also ends with a discussion of the rise of English speakers in the cybercrime underworld.
Key Discussion Points & Insights
1. FTC Warns US Tech Firms on Foreign Censorship Compliance
[02:10 - 05:00]
- The Federal Trade Commission (FTC) warns US tech companies that following foreign content moderation laws (notably the EU Digital Services Act and UK Online Safety Act) could breach American law, specifically Section 5 of the FTC Act, which prohibits unfair or deceptive practices.
- FTC Chairman Andrew Ferguson cautions that “Americans do not expect platforms to restrict speech to satisfy foreign governments” and warns against any moves to weaken encryption.
- Example cited: British attempts to access Apple iCloud data.
- Ferguson invites tech leaders to discuss balancing global regulatory pressures with obligations to US consumers.
“Americans do not expect platforms to restrict speech to satisfy foreign governments, and any weakening of encryption would be a serious concern.”
— Andrew Ferguson, FTC Chairman [03:30]
2. Bipartisan Bill Aims to Modernize Federal Cybersecurity Hiring
[05:01 - 06:30]
- The Cybersecurity Hiring Modernization Act is introduced by Representatives Nancy Mace (R-SC) and Chantel Brown (D-OH).
- Goal: Reduce hiring barriers by prioritizing skills over degrees, expanding the federal workforce during a rise in cyber threats.
- The bill requires tracking changes to education requirements and collecting background data on new hires but allows degree requirements where mandated or relevant.
- Notable commentary:
- Mace: “The bill would cut red tape and allow skilled applicants without four year diplomas to serve.”
- Brown: “Expanding the workforce is imperative for secure systems.”
3. Murky Panda: China-Linked Espionage Group’s Advanced Tactics
[06:31 - 08:30]
- CrowdStrike tracks Murky Panda, a cloud-focused, China-linked threat actor.
- Targets: Government, tech, academic, legal, and professional services, particularly in North America.
- Methods: Exploits “end-day” and zero-day flaws (including Citrix and Commvault), uses custom cloud malware, compromises SaaS providers to move laterally, and removes logs/timestamps to evade detection.
- Assessed motivation: Espionage and intelligence collection.
- Cloud-heavy organizations are especially vulnerable.
4. Hardware Security: MITRE’s Updated Weakness List
[08:31 - 09:30]
- MITRE releases 2025 update to its Most Important Hardware Weaknesses list.
- Focus: 11 key flaws, including 6 new ones; persistent issues with memory protection and improper debug access remain.
- Top problem: Sensitive information left in resources that aren’t removed before reuse (CWE226).
- Hardware weaknesses are difficult to mitigate at the software level.
5. Record Number of Device Searches at US Borders
[09:31 - 11:00]
- Customs and Border Protection (CBP) conducted nearly 15,000 electronic device searches in three months—up 16.7% from the previous record.
- No warrant is needed for searches; methods include basic checks and advanced forensic extraction.
- Civil liberties groups warn of chilling effects on sensitive travelers.
- Device searches rose from 8,500 in 2015 to over 46,000 in 2024.
6. Cybersecurity Community Fooled by Telegram Hoax
[11:01 - 12:20]
- A Telegram account impersonating Europol claimed a fake $50,000 ransomware reward, which was initially picked up and reported by several researchers and journalists before being debunked.
- The hoax aimed to expose poor verification and fact-checking practices within the cybersecurity community.
- Takeaway: Stronger verification and closer law enforcement-researcher collaboration are required to counter misinformation.
“The incident shows how easily misinformation can spread...and the risks of relying on unverified sources.”
— Host Dave Bittner [12:10]
7. Insider Threat: Houston Man Sentenced for Sabotage
[12:21 - 13:00]
- Davis Liu, a 55-year-old Houston man, is sentenced to four years for sabotaging Eaton Corporation computer systems after a job demotion.
- Actions included deleting coworker profiles, causing system crashes, and deploying a "kill switch" under his own name, resulting in substantial damages.
- Faces up to 10 years; plans to appeal.
8. Sleep Apnea Equipment Provider Data Breach
[13:01 - 13:30]
- CPAP Medical Supplies and Services (Florida) suffered a breach impacting over 90,000, including US military families.
- Hackers accessed systems and possibly stole Social Security numbers and health info.
- Breach lasted a week in December 2024; company reports to authorities, says no evidence of misuse.
9. Interpol Busts Pan-African Cybercrime Network
[13:31 - 15:00]
- Operation Serengeti 2.0: Over 1,200 arrests, $97 million seized, 11,000+ malicious infrastructures taken down across Africa (June–August 2025).
- 88,000 victims, $485 million lost (ransomware, scams, BEC).
- Successes: Illegal crypto mining in Angola, a $300 million scam in Zambia, and inheritance fraud in Côte d’Ivoire.
- Collaboration between 18 African countries, UK, private sector, NGOs.
Feature Interview – Brandon Karp on Fake North Korean IT Worker Scams
[15:25 - 29:17]
The Experience:
- Brandon Karp describes discovering not one, but two suspected North Korean IT worker scams during a brief hiring window for his small startup.
- Despite a relatively small pool (200 applicants, 10 interviews), two made it to the top interview stage before being flagged.
Red Flags:
- Perfect, generic resumes: Every skill required was boldly listed, little detail beyond keywords—likely AI-optimized for applicant tracking systems.
- Anglicized first names and Hispanic last names: E.g., “Frank Garcia,” not matching interviewee appearance.
- Deleted/absent LinkedIn profiles: Appeared online in search but gone when clicked.
- Video interviews:
- Candidate appeared of Asian descent, not matching claimed identity.
- Minimal personal background revealed; refused to show real video background.
- Claimed prior residences in LA, NY, and San Antonio but couldn’t discuss any local details.
- Strong accent identified as likely Korean (drawing on Karp's personal experience).
“The resume was perfect. It was exactly what we were looking for... That should have been our first clue.”
— Brandon Karp [17:36]
“Ask specifics. What was your favorite thing to do in those cities? … This person couldn’t offer any specifics.”
— Brandon Karp [22:00]
- Timing: Applications arrived almost immediately after job postings; likely automated.
- Technical competence: Answers to technical questions were strong, possibly getting answers fed in real time or genuinely skilled.
Dealing with Uncertainty:
- After the full hour-long interview, Karp and a colleague second-guessed themselves but, reviewing the evidence, concluded it was indeed a scam.
- After a similar experience with a second candidate, they double-checked references—none of the listed employers recognized the applicants.
“When you look at the sum total of the evidence...how few specifics there were about their experiences in America… I did follow up with a couple of the companies, and none of them had ever heard of them.”
— Brandon Karp [26:52]
Recommendations for Employers:
- High-touch processes: Conduct video interviews, probe for personal/local details, and look for overly perfect resumes.
- Trust your gut: Accumulation of red flags is meaningful, even if no single item is definitive.
- Applicant tracking caution: AI-generated, laser-targeted resumes are now common. “If you’re getting a resume that is absolutely perfect… what are the chances of that?” [28:45]
- Universal advice: Getting personal in interviews not only exposes scams but also improves hiring overall.
Notable Quote Highlights
-
“Americans do not expect platforms to restrict speech to satisfy foreign governments.”
— FTC Chairman Andrew Ferguson [03:30] -
“Ask specifics. What was your favorite thing to do in those cities?... This person couldn’t offer any specifics.”
— Brandon Karp [22:00] -
“If you’re getting a resume that is absolutely perfect, everything you want—what are the chances of that?”
— Brandon Karp [28:59]
Final Segment: The Rise of Social Engineers for Hire
[31:00 - End]
- Demand for English-speaking social engineers in cybercrime has skyrocketed.
- “Impersonation-as-a-service” now offers scripts, coaching, and technical support to cybercriminals.
- Gangs like Scattered Spider and Shiny Hunters leverage these skills to trick major brands into giving up credentials.
- Phishing calls are “far beyond prank territory”—“this is workday, can I have your password?”—with more people falling victim than ever.
Timestamps for Key Segments
- FTC on Foreign Censorship & US Law – [02:10-05:00]
- Federal Cyber Hiring Modernization Act – [05:01-06:30]
- Murky Panda APT Group Profile – [06:31-08:30]
- MITRE Hardware Weaknesses Update – [08:31-09:30]
- CBP Border Device Searches Surge – [09:31-11:00]
- Telegram Hoax & Cybersecurity Verification – [11:01-12:20]
- Insider Sabotage Case (Houston) – [12:21-13:00]
- CPAP Medical Supplies Data Breach – [13:01-13:30]
- INTERPOL Serengeti 2.0 Operation – [13:31-15:00]
- Feature: Brandon Karp – North Korean IT Worker Scam – [15:25-29:17]
- Social Engineering Skills for Hire – [31:00-end]
Memorable Moments
- The high hit-rate for foreign IT worker scams targeting even small startups.
- How “perfect” resumes and deleted LinkedIn profiles can signal sophisticated fraud.
- Karp’s practical advice: ask for location-based personal details in interviews.
- Increasing professionalization of cybercrime: smooth-talking English speakers are now recruited as a specialized criminal workforce.
This summary captures the episode’s content, advice, and notable soundbites—preparing listeners and cybersecurity professionals for the evolving threat landscape and personnel challenges of 2025.