Cracked and Nulled taken down. - CyberWire Daily

Summary6 min read

CyberWire Daily: “Cracked and Nulled Taken Down” – Episode Summary

Release Date: January 30, 2025
Host: Dave Bittner
Guest: Ellen Chang, Vice President of Ventures at BMNT and Head of H4X Labs

Major Law Enforcement Action Against Hacking Forums

The episode opens with significant news on the crackdown of two of the largest hacking forums, Cracked and Nulled. Authorities, led by Europol and the FBI, orchestrated a coordinated takedown across multiple countries, seizing 17 servers and arresting two suspects. These forums, boasting over 10 million users, were pivotal hubs for cybercriminal activities, including the distribution of stolen credentials, hacking tools, and cybercrime-as-a-service offerings. Europol highlighted their role as "entry points into cybercrime," facilitating operations like credential stuffing using tools such as OpenBullet and hosting advanced AI-based hacking utilities.

Key Details:

Domains Seized: 12, including cracked, nulled, stark, RDP, and celix.
Assets Confiscated: Over 50 electronic devices and approximately $312,000 in cash and cryptocurrency.
Impact: The FBI replaced the forums' name servers with FBI-controlled addresses, intending to leverage seized data for future investigations.

Vulnerability Found in Deepseek's Database

Cybersecurity firm Wiz uncovered a critical security lapse in Deepseek, an emerging AI startup known for its DeepSeek R1 reasoning model—a competitor to OpenAI's offerings. The research team discovered an open Clickhouse database exposed without any authentication barriers, granting full administrative access. This breach exposed over one million logs, including sensitive chat histories, API keys, and backend operations data.

Notable Quote:
Wiz emphasized the incident’s gravity, stating, “AI companies must prioritize security, just as cloud providers do, or risk exposing their users, their data, and their reputation.” (Timestamp: [05:30])

ChatGPT Jailbreaks Exploit Safety Filters

AI researcher David Kuzmar revealed a new jailbreak method named Time Bandit, which allows users to bypass ChatGPT’s safety mechanisms. This exploit manipulates the model’s temporal understanding, misleading it into believing it is operating in a different time frame to access restricted content related to weapons, malware, and nuclear topics. Despite reporting the vulnerability to OpenAI and multiple government agencies, Kuzmar faced delays in receiving a response. OpenAI has implemented partial fixes, but the exploit remains partially functional.

Notable Quote:
Kuzmar expressed frustration, saying, “My anxiety grew as the weeks passed,” highlighting the challenges in communicating critical security issues to large organizations. (Timestamp: [07:15])

Ransomware Attack Disrupts New York Blood Center

One of the largest US blood centers, New York Blood Center (NYBC), fell victim to a ransomware attack on January 26. The breach forced NYBC to shut down essential systems, disrupting blood donation processing and hospital supply chains during a critical blood shortage. The attackers remain unidentified, and it is unclear whether patient data was compromised. NYBC is actively working to restore operations without a definitive timeline.

South African Weather Service Hit by Cyberattack

A cyberattack disabled the South African Weather Service, impacting airlines, farmers, and neighboring countries like Mozambique and Zambia. The attack disrupted the agency’s website, email, and aviation and marine services, compelling the agency to provide updates via social media. This incident marks the second attempted attack within two days, with no ransomware group claiming responsibility. South Africa has been grappling with similar attacks on public institutions, including the Defense Department’s pension system and National Lab Services.

New Browser Sync Jacking Technique Unveiled

Researchers at SquareX disclosed a sophisticated attack method dubbed Browser Sync Jacking. This three-stage attack transforms a seemingly benign browser extension into a potent cyber weapon. The process involves:

Malicious Extension Installation: Authenticates the user into an attacker-controlled Google Workspace profile, disabling security settings.
Browser Takeover: Swaps legitimate downloads with malicious files, registering the browser as attacker-managed.
Device Hijacking: Grants attackers full control to record screens, capture audio, activate cameras, and install malware undetected.

Notable Quote:
SquareX warns, “Unless organizations start monitoring what extensions their employees install, this kind of attack could become a huge problem.” (Timestamp: [09:45])

TeamViewer Patches Critical Vulnerability

TeamViewer addressed a high-severity privilege escalation flaw that could allow local attackers to gain elevated privileges on Windows systems. The vulnerability affects multiple versions and has been patched in the latest updates. Although there is no evidence of active exploitation, TeamViewer urges immediate updating due to the tool’s frequent targeting by threat actors for malware deployment.

Advocacy for a National Data Privacy Law

Over three dozen industry groups have collectively urged the US Congress to enact a comprehensive national data privacy law, aiming to supersede existing state regulations. In their letter to the House and Senate Commerce Committee leaders, these groups argue that a unified standard would streamline business operations and reduce consumer costs. Key proposals include transparency requirements, consumer opt-out rights, and limitations on data collection, while exempting small businesses. Critics, however, contend that the proposed law may mirror weaker state protections and potentially diminish consumer safeguards.

Uncertain Future for CISA

The Cybersecurity and Infrastructure Security Agency (CISA), instrumental in safeguarding US election systems, now faces an uncertain future amidst political turmoil. Accusations from former President Donald Trump and his allies allege that CISA has been involved in censoring conservatives and meddling in the 2020 election, claims which CISA has denied. With Trump’s return to office, discussions are underway about restructuring or diminishing CISA’s role, including proposals to move it under the Transportation Department and limit its involvement in elections.

In-Depth Interview with Ellen Chang of BMNT

Brandon Karp engages in a comprehensive discussion with Ellen Chang, Vice President of Ventures at BMNT and Head of H4X Labs, focusing on the role of deep tech in national security and cybersecurity.

Key Insights:

Definition of Deep Tech: Chang differentiates deep tech from general AI, emphasizing hardware-oriented technologies and material sciences as critical components contributing to national security.
Supporting Startups: BMNT assists government-funded startups in transitioning their research into commercial products. Chang highlights the challenges inventors face in adopting entrepreneurial skills to scale their technologies effectively.
Supply Chain Innovations: Chang expressed enthusiasm about the ongoing efforts to reinvigorate US manufacturing and supply chains, positioning it as a cornerstone of national security. She noted, “We’re re-industrializing, we’re regrowing our capability to manufacture...” (Timestamp: [26:39])
Venture Capital Dynamics: The conversation touched on the evolving landscape of venture capital, with some funds extending their investment horizons beyond the typical 10-year cycle to better support long-term deep tech projects.

Notable Quote from Chang:
“Venture capitalists don't want their companies to become a project-based company.” (Timestamp: [21:37])

OpenAI’s Controversial Stance on Deepseek

The episode concludes with a critical analysis of OpenAI's recent complaints against Deepseek, alleging that Deepseek improperly utilized OpenAI’s models to train its AI systems. Jason Kobler of 404 Media highlights the irony in OpenAI’s stance, considering the company’s reliance on scraping vast amounts of data without explicit permissions—practices Deepseek similarly employs.

Notable Quote:
Kobler remarks, “If that's not the pot calling the kettle black, I don't know what is.” (Timestamp: [30:45])

Conclusion

This episode of CyberWire Daily provides a comprehensive overview of significant cybersecurity developments, from major law enforcement actions against cybercriminal forums to vulnerabilities in prominent AI startups. The in-depth interview with Ellen Chang sheds light on the symbiotic relationship between deep tech innovation and national security, while the closing segment critiques the contentious dynamics within the AI industry. Listeners are left with a robust understanding of the current cybersecurity landscape and the intricate challenges it faces.

For more detailed analyses and updates, visit The Cyberwire Daily Briefing or subscribe to the CyberWire Daily podcast.

Loading summary

Transcript33 lines

[00:02]
Dave Bittner
You're listening to the Cyberwire Network, powered by N2K.
[00:12]
Brandon Karp
Your business needs AI solutions that are not only ambitious, but also practical and adaptable. That's where Domo's AI and data products platform comes in. With Domo, you can channel AI and data into innovative uses that deliver measurable impact. Secure AI agents connect. Prepare and automate your data workflows, helping you gain insights, receive alerts, and act with ease through guided apps tailored to your role. Data is hard. Domo is easy. Learn more@AI.domo.com that's AI.domo.com International law enforcement takes down a pair of notorious hacking forums Wiz discovers an open Deepseek database Time bandit jailbreaks chatgpt ransomware hits one of the largest US Blood centers. A cyber attack takes the South African weather service offline. Researchers describe a new browser sync jacking attack. TeamViewer patches a high severity privilege escalation flaw. Over three dozen industry groups urge Congress to pass a national data privacy law. CISA faces an uncertain future. N2K's Brandon Karf speaks with Ellen Chang, vice president of ventures at BMNT and head of H4X Labs and OpenAI cries foul after getting a taste of its own medicine. It's Thursday, January 30th, 2020. I'm Dave Buettner and this is your Cyberwire Intel Briefing. Happy Thursday and thank you for joining us here today. It is great as always to have you with us. Authorities have dismantled two of the largest hacking forums, Cracked and Nulled in operation talent, seizing 17 servers and arresting two suspects. With over 10 million users, these forums served as hubs for cybercriminal activity, offering stolen credentials, hacking tools, and cybercrime as a service. Europol described them as entry points into cybercrime, providing configs for credential stuffing tools like OpenBullet and hosting AI based hacking tools. In a coordinated effort across multiple countries, authorities seized 12 domains, including cracked, Nulled, Stark, RDP and celix, the latter two being integral to the forum's operations. Law enforcement searched seven properties, confiscating over 50 electronic devices and $312,000 in cash and cryptocurrency. The FBI took over the domains, replacing their name servers with FBI controlled addresses. The seized data, including email and IP addresses, will aid future investigations. While forum staff acknowledged the takedown, law enforcement emphasized its impact on disrupting cybercriminal infrastructure. It started with a routine scan. The Wiz research team was mapping deepseaq's external attack surface. Nothing unusual for cybersecurity researchers. Deepseek, after all, was making waves with its DeepSeek R1 reasoning model, a rival to OpenAI's best. But quickly the team stumbled upon something alarming an open Clickhouse database, completely exposed, no passwords, no authentication, just sitting there waiting to be accessed with a simple query. The researchers found themselves staring at over 1 million logs filled with chat history, API keys, backend operations, and other sensitive data. Worse, the database allowed full administrative control, meaning an attacker could not just read but potentially alter or escalate privileges within deepsea's systems. Realizing the gravity of the situation, the Wiz team immediately reported the issue. Deepseek responded swiftly, locking down the exposure. But the incident highlighted a growing AI startups are scaling fast, often without proper security measures. While the world worries about AI's long term risks, the real dangers are often much accidental data leaks like this one. AI companies must prioritize security, just as cloud providers do, or risk exposing their users, their data, and their reputation. AI researcher David Kuzmar made a chilling Time Bandit, a jailbreak that lets users bypass ChatGPT's safety filters to access dangerous instructions on weapons, malware, and even nuclear topics. The flaw exploits ChatGPT's temporal confusion, tricking it into thinking it's in the past while using modern knowledge. Realizing the severity, Kuzmar frantically tried to alert OpenAI, but struggled to find a direct contact. Even after reaching out to cisa, the FBI and government agencies, he was met with silence. He says his anxiety grew as the weeks passed. Eventually through CERT Coordination Center, OpenAI was contacted, confirming the exploit. While OpenAI has implemented partial fixes, the jailbreak still works in some cases. The New York Blood center nybc, one of the largest US Blood centers, has suffered a ransomware attack, causing service disruptions detected on January 26, the breach forced NYBC to take systems offline, affecting blood donation processing and hospital supply chains. The attack comes amid a blood emergency with supplies at dangerously low levels. NYBC is working to restore systems but has no clear timeline. It's unknown who's behind the attack or if patient data was compromised. A cyberattack has taken the South African Weather Service offline, disrupting critical weather services for airlines, farmers and regional allies like Mozambique and Zambia. The attack, which began Sunday evening, took down the weather service's website, email systems and aviation and marine services, forcing the agency to share updates via social media. This marks the second attempted attack in two days with no ransomware group claiming responsibility. South Africa has faced numerous cyber attacks on public institutions, including its Defense Department pension system and National Lab Services. The Weather Service is working with ICT service providers to restore systems, but has no timeline for full recovery. Imagine installing what seems like an innocent browser extension only to unknowingly hand over full control of your browser data and even your device to an attacker. That's exactly what researchers at squarex have uncovered in a new technique they're calling browser sync jacking. It's a three stage attack that turns a simple extension into a full scale cyber weapon. First, a user, maybe an employee, installs a malicious extension. That extension silently authenticates them into an attacker controlled Google workspace profile, allowing hackers to disable security settings and make changes to the browser. Next, they take over the entire browser. The extension waits for a normal download, then swaps it out for a malicious file. That file registers the victim's Chrome browser as managed by the attacker, giving them full control and finally, device hijacking. The attacker can now use the compromised browser to record screens, capture audio, turn on cameras, and even install malware without the user even knowing. The researchers say there's no easy way to track or stop it. Traditional security tools like EDR and secure Web Gateways simply don't catch these kinds of browser based attacks. SquareX is calling this a massive blind spot in enterprise security, and unless organizations start monitoring what extensions their employees install, this kind of attack could become a huge problem. TeamViewer has patched a high severity privilege escalation flaw that could allow local attackers to gain elevated privileges on Windows systems. The vulnerability affects multiple versions and has been fixed in the latest updates, although there's no evidence of exploitation in the wild. TeamViewer urges users to update immediately as threat actors have previously abused TeamViewer for malware deployment. The flaw was reported via Trend Micro's Zero Day Initiative. Security experts warn that remote Access tools like TeamViewer can increase the attack surface, especially in industrial and operational technology environments, making regular updates crucial. Over three dozen industry groups are urging Congress to pass a national data privacy law that would override state regulations. In a letter to House and Senate Commerce Committee leaders, they argue that a unified standard would help businesses operate more efficiently and lower consumer costs. Despite bipartisan interest. Past privacy bills have failed due to disagreements over preempting state laws and allowing individuals to sue over violations. If enacted, federal law could replace strong state protections such as California's privacy law and Illinois's biometric data rules. The letter, backed by big tech and automotive groups, does not mention data brokers. It proposes transparency requirements, consumer opt out rights and limits on data collection, but exempts small businesses. Critics warn the proposal mirrors weaker state laws and could reduce consumer protections rather than strengthen them. The cybersecurity and infrastructure security agency has played a major role in protecting election systems across the US but now its future is uncertain. Since its creation in 2018, CISA has worked with state officials to strengthen voting security. But President Donald Trump and his allies have criticized the agency, accusing it of censoring conservatives and interfering in the 2020 election. CISA denies these claims. Now, with Trump back in office, there's no clear leader for the agency. His Homeland Security secretary, Kristi Noem, has suggested reining in CISA's authority, and a Republican policy plan, Project 2025, proposes moving CISA to the Transportation Department and limiting its role in elections. Many state officials say CISA has been critical in improving election security. But as political battles continue, the question will CISA's mission change before the next? Coming up after the break, N2K's Brandon Karp speaks with Ellen Chang, vice president of ventures at VMNT and head of H4X Labs. And OpenAI cries foul after getting a taste of its own medicine. Stay with us.
[12:42]
Ellen Chang
This episode is brought to you by Nerds Gummy Clusters the sweet treat that always elevates the vibe with a sweet gummy surrounded with tangy, crunchy nerds. Every bite of Nerds Gummy Clusters brings.
[12:53]
Brandon Karp
You a whole new world of flavor.
[12:55]
Ellen Chang
Whether it's game night, on the way to a concert or kicking back with your crew, unleash your senses with Nerds Gummy Clusters.
[13:05]
Brandon Karp
And now a message from our sponsor Zscaler, the leader in cloud security. Enterprises have spent billions of dollars on firewalls and VPNs, yet breaches continue to rise by an 18% year over year increase in ransomware attacks and a $75 million record payout in 2024. These traditional security tools expand your attack surface with public facing IPs that are exploited by bad actors more easily than ever with AI tools. It's time to rethink your security Zscaler 0Trust AI stops attackers by hiding your attack surface making apps and IPs invisible eliminating lateral movement Connecting users only to specific apps, not the entire network. Continuously verifying every request based on identity and context Simplifying security management with AI powered automation and detecting threats using AI to analyze over 500 billion daily transactions. Hackers can't attack what they can't see. Protect your organization with Zscaler Zero Trust and AI. Learn more@Zscaler.com Security hey everybody, Dave here. Have you ever wondered where your personal information is lurking online. Like many of you, I was concerned about my data being sold by data brokers, so I decided to try Deleteme. I have to say, DeleteMe is a game changer. Within days of signing up, they started removing my personal information from hundreds of data brokers. I finally have peace of mind knowing my data privacy is protected. Deleteme's team does all the work for you with detailed reports so you know exactly what's been done. Take control of your data and keep your private life private by signing up for Deleteme now at a special discount for our listeners today. Get 20% off your DeleteMe plan when you go to JoinDeleteMe.com n2k and use promo code n2k at checkout. The only way to get 20% off is to go to JoinDeleteMe.com N2K and enter code N2K at checkout. That's JoinDeleteMe.com N2k code N2K. N2K's Brandon Karp recently sat down with Ellen Chang, vice president of ventures at BMNT and head of H4XLabs. Here's their conversation.
[15:54]
Ellen Chang
I am joined today by Ellen Chang, vice president of ventures at bmnt. Ellen, thank you so much for joining us on the Cyberwire.
[16:02]
Dave Bittner
It is my pleasure.
[16:03]
Ellen Chang
Ratnu so looking at your background, your experiences in technology in the military, in the Navy, and also in investing, there's a theme that keeps emerging in your background, which is this theme of deep tech. So just fundamentals, can you kind of give us a sense of what is deep tech? How does it relate to national security and even cybersecurity?
[16:26]
Dave Bittner
Deep tech, that's such a potent word because people can make it what they want to. AI is deep tech, and for a while they're a R is deep tech. But let me go back to kind of the founding person. There's a person who used to run mit, Angel Swati. And I can't pronounce her last name, so I'm not going to. But she actually kind of defined it for the MIT angels in that they were. It's really these, these startups that have some science and technical risk around it. And, and so that's just my background, given a lot of the work I've been doing. And I used to work at Northrop Grumman and I have a systems engineering background, so I tended to gravitate to these types of companies. Deep tech as a term really kind of came to the scene, I would say six seven years ago and people grabbed it and use it how they need to use it. I think right now, how I like to use it since AI, a lot of folks put AI into deep tech is I differentiate by saying, hey, I really like to look at hardware, hard tech, hardware oriented types of technologies and maybe material sciences related technologies because I think there's a renaissance in material science these days that are kind of being leveraged across many different domains.
[17:48]
Ellen Chang
You know, thinking about then your work at BMT and curious kind of leading ventures for bmnt. How do you kind of. You're looking at these companies, you're evaluating the impact they might have. Can you share how you go through that process, what that looks like?
[18:03]
Dave Bittner
Sure. Let me kind of provide a little bit of a backdrop on bmnt. It is a government contractor, so most of the ventures work that we do is not a specific fund, but it's based on, based on programs that different government agencies award us for. So we work very closely with the Navy, work closely with the spaceworks and also NASA. So there's a little bit of space and a blue theme. And what we're doing with them is helping them with the companies they've funded. Some of them are startups and some of them are small businesses. I make a differentiation here with those two terms because the government often provides R and D grants to companies and often these companies may or may not want to scale those technologies. They basically are doing research projects for the government and so they become these small businesses that are. And the government's really buying research. We have a program that helps these companies take, understand the technologies that they have and work with the team to help them make a decision as to which technologies to use to actually commercialize. It can be actually a challenge for some of these founders because they're inventors, they're not entrepreneurs is what I like to say. Inventors are not entrepreneurs and they have to learn that entrepreneurial piece. And all of a sudden when you turned an entrepreneur, you might have to pick one. You can't be like work on a plethora of science projects, which a lot of the inventors love to do. So there's a little bit of a culture and adjustment, but we've been successful at helping them think through which technology might be most relevant that they're most passionate about. Perhaps think through the market opportunity analysis. So we do some ideation and okay, where can this technology go? So it's a technology looking for a market in general and then we help them kind of move forward with that. Sometimes they find other government grants to reduce the tech because you're actually taking technology and productizing it. And until it's productized you're not really able to commercialize. I do want to say we are commercially focused and mission aware, meaning we help the companies go commercial and then potentially sell back to the government. Because we believe that having a larger commercial market that moves faster is better for companies kind of longevity. So we think through that over the last three years we started to get quite a bit more involved in defense tech startups. The theme that you brought up, which is there are several like especially in Palo Alto where our company is based and where Ventures is the most of our team is at. There's a new interest by all the Silicon Valley VCs on funding companies that can re industrialize America or really understand and help with national security. And what we help with them is help them understand the government structure. Most of these companies get some sort of sbir, especially with SpaceWorks or NASA and then they're chartered, they're competing with their brothers and sisters, the other companies that are in a cohort and they're looking to find other ways to do business. Government, business development. We help them understand that government side, but we also keep them balanced with the commercial side. Because what I'd like to say to some of the companies that tend to be venture backed is venture capitalists don't want their companies to become a project based company.
[21:30]
Ellen Chang
Are these companies finding you or are you finding them? What does this pipeline look like in order to accomplish that connection?
[21:38]
Dave Bittner
Both because we're working with the government. The government has a portfolio that come to us. But because of that the word gets out that we're working with this batch of companies. So literally we talk like, I was literally talking to like four or five companies this week and they're coming to us and they kind of want to get on the bandwagon and I'm trying to work with them. It's like this is how you can get on the bandwagon. How can we help you? Yeah, we're working on that right now.
[22:03]
Ellen Chang
I mean bridging that gap between.
[22:07]
Brandon Karp
The.
[22:07]
Ellen Chang
Initial research and then the research to an applied technology, the applied technology to a product, the product to a market, the market to a viable business model. That life cycle, I mean we said it quickly but incredibly complex, fraught with landmines and barriers. And my gut would say that would take a very long time and a lot of effort to create that circle. Now, a little bit of a longer question, but venture Especially early stage funds work on shorter timescales. 10 year typical fund life. Is that the right place for venture to be focusing?
[22:56]
Dave Bittner
That's a very good question. I would say sometimes no. But you're starting to see some venture funds actually on the thesis raise longer term venture funds. So Instead of the 10 year, there's a couple 15 year popping out. Some might argue 15 years is not good enough either, depending on the life cycle. So these different investors are pretty astute looking at probably the maturity of the company in order to understand where that technical risk is. And if the TRL is too low or the, the market is too far off, they're hesitant. Right. In the meantime though, venture capitalists also do kind of act in a herd. So once one goes in like one of the kind of the known entities goes in, others also hover and go in. It's often said that it's better to be on a good deal. Not necessarily. It's more about deals and getting in on a good deal.
[23:57]
Ellen Chang
Venture capital we do tend to look at whole platforms like a whole space domain awareness program or a whole, you know, ISAM system. Whereas in the Navy we might need some materials innovation around the main reduction gear of a, of an engineering plant or you know, smaller sub components of a highly complex system that still require innovation and development. There's probably more opportunity there than, than is realized.
[24:26]
Dave Bittner
It's quieter. Right. It's like, it's kind of like who are some of the billionaires in the world? Well, you know, the guy who actually made the, made the standardized the wheel for the shopping carts, literally that guy is like. Right. And so it's like this quiet back water type stuff that actually is pretty profitable. And so what I do know is the Navy's fairly successful at transitioning a lot of their SBIR awards and research projects. I think it's, their strategy is different. Right. Whereas the space force is literally trying to create a new market. They have to, I don't think the space force called space and war fighting domain until this year and they're adjusting to that. But here you have the Navy which is flying the program a little bit.
[25:15]
Ellen Chang
Differently and innovation happening more at the edge potentially than at the headquarter element. You know, there's innovation happening in deployed units and ships. I've seen it myself, you know, on the ship that I was a member of, you know, sailors doing creative things to solve their problems in real time while deployed.
[25:36]
Dave Bittner
Yes, yes. And 100%. I mean commercial technologies are there that, you know, the sailors, the end users can use and adjust. And I think, I think we should encourage that. How that, how you make that a program of record for a single company, that's the harder concept. I haven't been able to figure that piece out. But oftentimes we at BMNT think through those business models like, well, what kind of business model innovation really needs to happen to enable some of these innovations to actually land. And maybe it's not a 20 year program record because if you think about it, I don't really know what a system might look like in 20 years. Your iPhone, what in 20 years, what does that look like? You don't know? Things are changing so quickly. Yeah.
[26:20]
Ellen Chang
Where we stand today and the work you do, what, what has you absolutely fired up, what's getting you out of bed in the morning, what's getting you really excited to do the work that you do, to work with the companies and then the government, the government partners that you have.
[26:39]
Dave Bittner
You know what, especially when I work with what I call the get to yes people, the people like are trying to get to yes. I find a lot of potential in moving forward. Not innovations from the US perspective, but just the fact that over the last year or so, the fact that we're re industrializing, we're regrowing our capability to manufacture and that our international partners are on board, we're helping each other globally. And one might call it, if you want to call China, the main threat that we're working against. I call this the reverse belt and road strategy. Right. The belt and road is about to kind of go out and spawn China. Well now we just like we commandeer the supply chains and we become the best customer. All of a sudden Chinese are squeezed out. Right. So I like to think about working on that even as I work with the startups who are needing the help. Because a lot of the startups we work with, they prototype using Chinese parts because they need to, it's inexpensive and then they have to become NDA compliant. Where do they go? And some of these innovations and the challenge, the supply chain challenges is being worked right now.
[27:47]
Ellen Chang
So that's the supply chain. I gotta say, I probably wasn't expecting you to say supply chain is what you're excited about. But it makes sense though, the way you described it. That is a critical part of our national security strategy. Then what do you need help from in terms of this community?
[28:06]
Brandon Karp
Right.
[28:06]
Ellen Chang
Right now, people who are listening, a number of them are government civilians, a number military. Many work in cybersecurity as senior executives in technology in the private sector and public sector. What, what help do you need to help move national security forward through technology?
[28:24]
Dave Bittner
I would say think through, think through the business model innovations that are required. I think we in the government, we at dod, we have ample technologies. We're almost overloaded with that. But we can't seem to really think about finding lower, lower costs, lower overhead ways to get at that.
[28:46]
Brandon Karp
Great.
[28:47]
Ellen Chang
Well Ellen, thank you so much for joining us.
[28:50]
Brandon Karp
That's N2K's Brandon Karp speaking with Ellen Chang, vice President of Ventures at BMNT and head of H4XLabs. Do you know the status of your compliance controls right now? Like right now? We know that real time visibility is critical for security, but when it comes to our GRC programs, we rely on point in time checks. But get this, more than 8,000 companies like Atlassian and Quora have continuous visibility into their controls with Vanta. Here's the gist. Vanta brings automation to evidence collection across 30 frameworks like SoC2 and ISO 27001. They also centralize key workflows like policies, access reviews and reporting, and helps you get security questionnaires done five times faster with AI. Now that's a new way to GRC. Get $1,000 off Vanta when you go to vanta.com cyber that's vanta.com cyber for $1,000 off.
[30:18]
Ellen Chang
This episode is brought to you by Indeed. When your computer breaks, you don't wait for it to magically start working again. You fix the problem. So why wait to hire the people your company desperately needs? Use Indeed sponsored jobs to hire top talent fast and even better, you only pay for results. There's no need to wait. Speed up your hiring with a $75 sponsored job credit@ Indeed.com podcast terms and.
[30:46]
Brandon Karp
Conditions appreciate and finally, in a biting razor sharp article for 404 Media, Jason Kobler describes how OpenAI and Microsoft are now complaining that Deepseek may have used OpenAI's own models to train its AI. The same OpenAI that's currently being sued by the New York Times for hoovering up its articles without permission. Oh, the irony. The claim is that Deepseek engaged in something called distillation, a standard AI technique where a smaller model learns from a bigger one by asking a ton of questions. It's a widely accepted model, even backed by AI legend Jeffrey Hinton, and has been used for years to make AI models more efficient. But now that OpenAI is on the receiving end, suddenly it's unfair, kobler maintains. This whole thing is hilarious because OpenAI's entire business model is built on scraping vast amounts of data from the Internet, mostly without permission, while arguing that it's totally fine under fair use. But now, when someone else does it, suddenly OpenAI is clutching its pearls and running to the government for protection. President Trump's new AI czar, venture capitalist David Sachs, is jumping in, claiming there's substantial evidence that Deepseek siphoned knowledge from OpenAI. Meanwhile, Sam Altman took a passive aggressive swipe at Deepseek on Twitter, basically saying copying is easy, real innovation is hard. But let's not forget OpenAI did not invent AI. It's built on research from Google, academia and open source communities, the same way Deepseek and every other AI company does. That's how science works. So now OpenAI is complaining to the government about protecting US technology while trying to gatekeep an industry it dominated by using the exact same tactics. If that's not the pot calling the kettle machine learned, I don't know what and that's the Cyber Wire. For links to all of today's stories, check out our daily briefing@thecyberwire.com we'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to cyberwire2k.com this episode was produced by Liz Stokes. Our mixer is Trey Hester, with original music and sound design by Elliot Peltzman. Our executive producer is Jennifer Ibin. Our executive editor is Brandon Karp, Simone Petrella is our president, Peter Kilpe is our publisher, and I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow. Cyber threats are evolving every second, and staying ahead is more than just a challenge, it's a necessity. That's why we're thrilled to partner with Threat Locker, the cybersecurity solution trusted by businesses worldwide. ThreatLocker is a full suite of solutions designed to give you total control, stopping unauthorized applications, securing sensitive data, and ensuring your organization runs smoothly and securely. Visit threatlocker.com today to see how a default deny approach can keep your company safe and compliant.