Federal agencies in power struggle crossfire. - CyberWire Daily

Summary8 min read

CyberWire Daily: Federal Agencies in Power Struggle Crossfire Release Date: February 3, 2025

Host: Dave Bittner
Guest: Tim Starks, Senior Reporter at Cyberscoop

1. Federal Agencies in Turmoil

The episode opens with a deep dive into the escalating power struggle within U.S. federal agencies. Elon Musk’s task force has initiated a controversial takeover of critical government operations, sparking chaos and uncertainty. The U.S. Agency for International Development (USAID) is at the center of this upheaval as President Trump pushes to significantly reduce foreign aid and restructure federal agencies.

Leadership Shakeup: Two top security officials at USAID, John Voorhees and Brian McGill, were placed on administrative leave after denying Elon Musk’s team access to classified systems. Additionally, USAID's Chief of Staff, Matt Hopson, resigned amidst the turmoil.
Musk’s Criticism: Elon Musk, leading the Department of Government Efficiency (referred to as "Doge"), has publicly labeled USAID a "criminal organization" and advocated for its shutdown. His influence extends to the Office of Personnel Management (OPM), where his appointees have restricted access for career civil servants to essential databases containing sensitive employee data.
Worker Protests and Cybersecurity Concerns: Federal employees have protested outside OPM offices, accusing Musk’s team of orchestrating a hostile takeover. Concurrently, an unsecured email system at OPM was exploited in a massive spam attack, highlighting the vulnerabilities exposed by the abrupt transition.
Implications for National Security: The restructuring has national security ramifications, particularly with agencies like the Cybersecurity and Infrastructure Security Agency (CISA) being excluded from buyout offers. This exclusion raises alarms about the future security landscape under Musk’s reorganization.

Notable Quote:

"[14:50] Tim Starks: ... his influence extends to the Office of Personnel Management, where his appointees have locked out career civil servants from critical personnel databases containing sensitive government employee data."

2. Evolution of XeGroup: From Skimming to Zero-Day Exploitation

XeGroup, a notorious cybercriminal organization, has transitioned its operations from traditional credit card skimming to exploiting zero-day vulnerabilities, posing significant threats to global supply chains.

Operational Shift: Initially targeting e-commerce platforms, XeGroup has expanded its focus to infiltrate manufacturing and distribution sectors. By 2024, they exploited vulnerabilities in Veracor, a supply chain management software, through an upload validation flaw and an SQL injection vulnerability. These exploits allowed for data exfiltration and persistent access.
Sophistication in Attacks: The group has demonstrated strategic patience by reactivating a web shell planted in 2020, utilizing customized web shells and PowerShell-based payloads to automate long-term infiltration efforts.
Attribution: While researchers suspect XeGroup operates from Vietnam, the minimal operational security measures suggest they are unlikely state-sponsored.

3. WhatsApp Disrupts Zero-Click Spyware Attack

WhatsApp has successfully identified and disrupted a zero-click spyware attack linked to the Israeli firm Paragon, targeting nearly 100 journalists, activists, and civil society members globally.

Mechanism of Attack: The spyware required no user interaction, making it exceptionally dangerous. It had capabilities to access messages, activate microphones, and steal passwords.
Collaborative Response: Upon detection, WhatsApp collaborated with Citizen Lab to analyze the breach and alert affected users. Victims, including Italian journalist Francesco Cancellato, are currently investigating the extent of their data exposure.
Paragon’s Position: Despite marketing itself as an ethical alternative to the NSO Group, Paragon faced increased scrutiny and national security concerns, halting its expansion into the U.S. market.

Impact: This incident underscores the urgent need for stronger regulations on commercial spyware and government surveillance tools.

4. Texas Expands Ban on Chinese AI and Social Media Apps

Governor Greg Abbott has broadened Texas's ban on Chinese-backed AI and social media applications, adding six more platforms—including Deep Seek, Lemon 8, and RedNote—to the prohibited list for government-issued devices.

Rationale: The expansion aims to prevent data harvesting and potential espionage by the Chinese Communist Party, following previous bans on TikTok in 2022 and further restrictions in 2023.
Context: This move responds to growing concerns over the influence of Chinese technology within the United States, particularly as platforms like RedNote gain traction among U.S. users.

5. Major Data Breaches Expose Over a Million Personal and Medical Records

Three significant data breaches have compromised the personal and medical information of more than one million individuals:

Asheville Eye Associates, North Carolina: A cyberattack impacted over 193,000 patients, exposing medical treatment details and insurance information. The Dragon Force Ransomware Group claimed responsibility for the breach in December.
Delta County Memorial Hospital: In May 2024, a breach affected 148,000 individuals, exposing Social Security numbers, medical data, and financial records. The hospital has offered free identity theft protection to victims.
Globe Life Insurance: A data theft incident notified 850,000 individuals, compromising insurance policy details and personal identifiers. While no business operations were disrupted, GlobeLife is collaborating with regulators and providing credit monitoring services to affected customers.

6. Nvidia and ARM Address Critical Security Vulnerabilities

Nvidia:

Vulnerabilities: Nvidia has released patches for multiple critical vulnerabilities in its GPU display drivers and virtual GPU software across Windows and Linux platforms. These flaws could lead to information disclosure, denial of service, data tampering, or code execution.
Affected Products: GeForce, Nvidia RTX, Quadro, NVS, and Tesla GPUs are impacted. Users are urged to update immediately via Nvidia’s Driver Downloads page to mitigate risks.

ARM:

Vulnerabilities: ARM disclosed critical security flaws in its MALI GPU kernel drivers and firmware, affecting Bifrost, Valhall, and 5th generation GPU architectures. One active exploit allows local attackers to access freed memory, risking further system compromises. Nine additional vulnerabilities could cause system crashes, privilege escalation, or data leaks.
Affected Devices: Primarily smartphones and tablets. Users should promptly update drivers and firmware to safeguard their devices.

7. UK Government Sets Global AI Security Standard

The UK government has introduced a new AI code of practice, developed in collaboration with the European Telecommunications Standards Institute, the National Cybersecurity Center, and industry stakeholders. This voluntary code aims to establish a global benchmark for securing AI through 13 principles covering secure AI design, deployment, and maintenance.

Key Principles: Include threat modeling, secure infrastructure, software, supply chain security, and regular updates. The code is applicable to AI vendors and organizations utilizing AI, excluding vendors selling AI models without deployment.
Ambition: The UK seeks to lead globally in AI safety, enhancing AI resilience and protecting digital ecosystems from security threats. This initiative follows previous efforts to criminalize deepfake creation and aims to fortify AI security while promoting innovation.

Notable Quote:

"[0029] UK government aims to set the global standard for securing AI through the European Telecommunications Standards Institute... The code outlines 13 principles covering secure AI design, deployment and maintenance."

8. Interview with Tim Starks: Senate Confirmation Hearings and USAID Crypto Jacking

Senate Confirmation Hearings: Tim Starks discusses the Senate confirmation hearings for Kash Patel, the nominee for the FBI. Despite minimal questioning on cybersecurity, the hearings revealed significant concerns from lawmakers about Patel’s views on digital surveillance laws.

Section 702 Debate: Patel opposed adding a warrant requirement to Section 702, a law allowing warrantless collection of communications targeting foreign individuals. He viewed the addition as detrimental to investigations. This stance placed him on the hawkish side of the debate, emphasizing national security over privacy concerns.

Notable Quote:

"[14:50] Tim Starks: ...the most significant policy thing they discussed that was cyber related was his view on section 702... Patel's view was that's not something that's good that would actually harm investigation."

USAID Crypto Jacking Incident: Starks elaborates on a rare cyberattack where USAID fell victim to cryptojacking, costing the agency half a million dollars. The attack involved unauthorized cryptocurrency mining, diverting significant resources.

Financial Impact: The half a million-dollar loss equates to essential services, such as notifying children of tuberculosis, underscoring the tangible repercussions of the breach.
Attack Motivation: The rationale behind targeting a federal agency like USAID remains unclear. It might have been a case of targeting opportunity rather than a strategic attack, as cryptojacking typically targets the private sector for higher financial rewards.
Agency Response: USAID implemented additional defenses, including multi-factor authentication, to prevent future incidents. However, detailed responses from USAID or CISA were not provided, leaving questions about the extent of the agency's mitigation efforts.

Notable Quote:

"[18:12] Tim Starks: ...cryptojacking is a real threat, but it's a lower level threat than say, ransomware... it could have been worse because these cryptojackers, cryptojacking is a real threat, but it's a lower level threat than say, ransomware."

9. National Cryptologic Museum Diversity Incident

Larry Pfeiffer, former CIA Chief of Staff and current Director of the Hayden Center, highlighted a troubling action at the National Cryptologic Museum at NSA in response to President Trump’s anti-diversity directive. Images of notable figures from the Women in American Cryptology Hall of Honor and the People of Color in Cryptologic History were obscured with brown paper.

Implications: This act has ignited discussions about the administration's stance on diversity and its impact on recognizing the contributions of marginalized groups in national security history.
Museum’s Response: The museum stated a commitment to presenting historically accurate exhibits and corrected the mistake by uncovering the obscured images. However, the incident reflects broader fears and uncertainties among government employees regarding diversity initiatives under the Trump administration.
Concerns: The decision to obscure these images, whether intentional or cautious, signifies potential self-censorship and the erasure of important historical contributions due to political pressures. It signals how ideology-driven policies can hinder truthful storytelling in public institutions.

Notable Quote:

"[24:50] Dave Bittner: ...Larry Pfeiffer... highlighted a concerning action taken in response to President Trump's anti diversity directive... the decision to obscure the images... reflects the deep fear and uncertainty gripping government employees under the Trump administration's crackdown on diversity initiatives."

Conclusion

This episode of CyberWire Daily sheds light on the intricate power struggles within federal agencies, the evolving landscape of cyber threats posed by sophisticated groups like XeGroup, and significant security breaches affecting both public and private sectors. Additionally, it highlights proactive measures by governments to secure AI technologies and the ongoing debates surrounding digital surveillance laws. The discussions underscore the critical importance of robust cybersecurity measures and the implications of political influences on national security and diversity initiatives.

Notable Quotes Overview:

Tim Starks on Federal Agencies:

"[14:50] Tim Starks: ...his influence extends to the Office of Personnel Management...".
Tim Starks on Kash Patel’s Views:

"[14:50] Tim Starks: ...Section 702... Patel's view was that's not something that's good that would actually harm investigation."
Tim Starks on Crypto Jacking:

"[18:12] Tim Starks: ...cryptojacking is a real threat, but it's a lower level threat than say, ransomware."
Dave Bittner on Museum Incident:

"[24:50] Dave Bittner: ...Larry Pfeiffer... highlighted a concerning action... reflects the deep fear and uncertainty..."

For those keen on staying ahead in the rapidly evolving world of cybersecurity, this episode offers critical insights and thorough analysis of current events shaping the industry.

Loading summary

Transcript31 lines

[00:02]
Dave Bittner
You're listening to the Cyberwire network, powered by N2K. Hey everybody, Dave here. Have you ever wondered where your personal information is lurking online? Like many of you, I was concerned about my data being sold by data brokers, so I decided to try Deleteme. I have to say, DeleteMe is a game changer. Within days of signing up, they started removing my personal information from hundreds of data brokers. I finally have peace of mind knowing my data Privacy is protected. DeleteMe's team does all the work for you with detailed reports so you know.
[00:45]
Tim Starks
Exactly what's been done.
[00:47]
Dave Bittner
Take control of your data and keep your private life private by signing up for Deleteme now at a special discount for our listeners today. Get 20% off your delete me plan when you go to JoinDeleteMe.com N2K and use promo code N2K at checkout. The only way to get 20% off is to go to JoinDeleteMe.comN2K and enter code N2K at checkout. That's JoinDeleteMe.com N2k code N2K federal agencies become battlegrounds in an unprecedented power struggle. XE Group evolves from credit card skimming to exploiting zero days. WhatsApp uncovers a zero click spyware attack linked to an Israeli firm. Texas expands its ban on Chinese backed AI and social media apps. Data breaches expose the personal and medical information of over a million people. Nvidia patches multiple critical vulnerabilities. ARM discloses critical vulnerabilities affecting its MALI GPU kernel drivers and firmware. The UK government aims to set the global standard for securing AI. Tim Starks from cyberscoop has the latest from Senate confirmation hearings and the National Cryptologic Museum rights a wrong.
[02:26]
Tim Starks
Foreign.
[02:30]
Dave Bittner
February 3, 2025 I'm Dave Bittner and this is your Cyberwire intel briefing. Thank you all for joining us here today. Great to have you with us as always. This past weekend, chaos erupted within federal agencies as Elon Musk's task force moved swiftly to seize control of critical government operations. The U.S. agency for International Development is facing deep uncertainty as President Trump continues his push to slash foreign aid and restructure federal agencies. The agency's independence is at risk and sweeping layoffs are expected. Two top security officials, John voorhees and Brian McGill, were placed on administrative leave after denying access to representatives from Elon Musk's team who sought entry into classified systems. USAID's chief of staff, Matt Hopson, has also resigned. Musk, appointed to lead a controversial government restructuring initiative, has publicly criticized usaid, calling it a criminal organization and pushing for its shutdown. His influence extends to the Office of Personnel Management, where his appointees have locked out career civil servants from critical personnel databases containing sensitive government employee data. Federal workers have raised cybersecurity concerns, noting that Musk's team now controls systems without oversight. The situation has sparked protests outside opm, where government employees accuse Musk's team of orchestrating a hostile takeover. Meanwhile, an unsecured email system at OPM led to a massive spam attack targeting federal employees, highlighting the vulnerabilities of the rushed transition. Amid the turmoil, Musk's self named Department of Government Efficiency Doge is overseeing a dramatic downsizing of the federal workforce, offering employees buyouts to resign. Agencies like CISA have been excluded from these offers, raising further concerns about the restructuring's national security implications. The events reflect a broader shift in Trump's second term governance, with Musk playing a central role in reshaping federal institutions. Xegroup, a cybercriminal organization active for over a decade, has evolved from credit card skimming to exploiting zero day vulnerabilities, posing significant threats to global supply chains. Originally known for targeting e commerce platforms, the group has shifted to infiltrating manufacturing and distribution sectors. By 2024, XeGroup exploited two vulnerabilities in Veracor, a supply chain management software, using an upload validation flaw and an SQL injection vulnerability to exfiltrate data and maintain persistent access. The group demonstrated patience reactivating a web shell planted in 2020. Using customized web shells and PowerShell based payloads, XeGroup has automated its attacks, focusing on long term infiltration. Researchers believe the group operates from Vietnam but is likely not state sponsored due to minimal operational security measures. WhatsApp has uncovered a zero click spyware attack linked to Israeli firm paragon, targeting nearly 100 journalists, activists and civil society members worldwide. The spyware required no user interaction, making it especially dangerous. WhatsApp disrupted the attack, alerted affected users and collaborated with Citizen Lab, which helped analyze the breach. Victims including Italian journalist Francesco Cancellato, are investigating the extent of data exposure. The spyware could access messages, activate microphones and steal passwords, raising major privacy concerns. Paragon, which markets itself as an ethical alternative to NSO Group, had been seeking entry into the US Market. However, recent scrutiny and national security concerns have paused key contracts. This incident underscores the urgent need for stronger regulations on commercial spyware and government surveillance tools. Texas governor Greg Abbott has expanded the state's ban on Chinese backed AI and social media apps, prohibiting six additional platforms, including Deep Seek, Lemon 8 and RedNote, on government issued devices. The order aims to prevent data harvesting and potential espionage by the Chinese Communist Party. This follows Abbott's 2022 ban on TikTok and a 2023 law granting him authority to block apps posing security risks. The move comes amid heightened concerns over Chinese technology influence, especially as platforms like Rednote gain popularity among U.S. users. Three separate data breaches have exposed the personal and medical information of over a million people. Asheville Eye Associates in North Carolina confirmed a CyberAttack affecting over 193,000 patients. Stolen data includes medical treatment details and insurance information, but not Social Security or financial data. The Dragon Force Ransomware Group claimed responsibility last December. Delta County Memorial hospital reported a May 2024 breach affecting over 148,000 individuals. Hackers accessed Social Security numbers, medical data and financial records. Victims will receive free identity theft protection. Globe Life Insurance is notifying 850,000 individuals of a data theft incident linked to an extortion attempt. The compromised data includes insurance policy details and personal identifiers, though the company states no business operations were disrupted. GlobeLife is working with regulators and offering credit monitoring services to affected customers. Nvidia has released critical security updates to patch multiple vulnerabilities in its GPU display driver and virtual GPU software. These flaws, affecting both Windows and Linux platforms, could lead to information disclosure, denial of service, data tampering or code execution. Key issues include a buffer overflow and a memory corruption flaw in VGPU. Affected products include GeForce, Nvidia, RTX, Quadro NVS and Tesla GPUs. Nvidia urges users to update immediately via the Driver Downloads page to mitigate security risks. ARM has disclosed critical security vulnerabilities affecting its MALI GPU kernel drivers and firmware impacting Bifrost, Valhall and 5th gen GPU architectures. One flaw has been actively exploited, allowing local attackers to access freed memory, potentially leading to further system compromise. Nine Additional vulnerabilities could cause system crashes, privilege escalation or data leaks. Affected users, especially those on smartphones and tablets, are urged to immediately update drivers and firmware to mitigate risks. The UK government has introduced a new AI code of practice aiming to set a global standard for securing AI through the European Telecommunications Standards Institute. Developed with the National Cybersecurity center and industry stakeholders, the voluntary code outlines 13 principles covering secure AI design, deployment and maintenance. The code applies to AI vendors and organizations using AI, but excludes vendors selling AI models without deploying them. These will be governed by separate cybersecurity regulations. Key principles include threat modeling, secure infrastructure, software, supply chain security, and regular updates. NCSC CTO Ali Whitehouse emphasized its role in fortifying UK AI security while promoting innovation. The UK aims to lead globally in AI safety. Following recent efforts to criminalize deepfake creation, the government hopes this framework will enhance AI resilience and protect digital ecosystems from security threats. Coming up after the break, Tim Starks from cyberscoop has the latest from the Senate confirmation hearings and the National Cryptologic Museum Rights are wrong Stay with us.
[12:06]
Nerds Gummy Clusters
This episode is brought to you by Nerds Gummy Clusters, the sweet treat that always elevates the vibe with a sweet gummy surrounded with tangy, crunchy nerds. Every bite of Nerds Gummy Clusters brings you a a whole new world of flavor. Whether it's game night, on the way to a concert or kicking back with your crew, unleash your senses with Nerds. Gummy Clusters.
[12:30]
Dave Bittner
Cyber threats are evolving every second, and staying ahead is more than just a challenge, it's a necessity. That's why we're thrilled to partner with Threat Locker, the cybersecurity solution trusted by businesses worldwide. ThreatLocker is a full suite of solutions designed to give you total control, stopping unauthorized applications, securing sensitive data, and ensuring your organization runs smoothly and securely. Visit threatlocker.com today to see how a default deny approach can keep your company safe and compliant. Do you know the status of your compliance controls right now? Like right now, we know that real time visibility is critical for security, but when it comes to our GRC programs, we rely on point in time checks. But get this, more than 8,000 companies like Atlassian and Quora have continuous visibility into their controls with Vanta. Here's the Vanta brings automation to evidence collection across 30 frameworks like SoC2 and ISO 27001. They also centralize key workflows like policies, access reviews and reporting, and helps you get security questionnaires done five times faster with AI. Now that's a new way to GRC. Get $1,000 off Vanta when you go to vanta.com cyber that's vanta.com cyber for $1,000 off. Joining me once again is Tim Starks. He is a senior reporter at cyberscoop. Tim, great to have you back.
[14:29]
Tim Starks
Wonderful as always. It's like it's a real high of my week.
[14:33]
Dave Bittner
Well, I appreciate that. A couple stories that you did over for cyberscoop that I want to touch on today. Let's start off with your Story about Kash Patel, nominee for the FBI, of course, and the degree to which he was questioned about cybersecurity.
[14:51]
Tim Starks
Yeah, it was a minor amount, but it was not insignificant, or else we wouldn't have written a story. Of course, you know, he's a nominee who has a lot of things that lawmakers were concerned about. Democrats, of course, not Republicans. But there was an interesting thing that happened. We wrote the story, and then CNN published some details that were related to it. Not. Not because of my story, but. But it was interesting that the way that happened, timing wise. Senator Klobuchar, you know, said, hey, look, you're talking about closing down the FBI headquarters. This is the place where, you know, people who run our cybercrime investigations work. And there was a little bit of jousting over that. And, you know, she didn't get a real answer to the question, you know, about his previous remarks about having said this, that turning it into a museum of the deep state. On day one. There was a couple other things that came up. One was Ross Ulbricht, the pardon of the man who operated the Silk Road Marketplace, sold drugs, and he was charged with computer hacking. He was pardoned. They asked Kash Patel, what do you think of that? He's like, not my place to win on the pardons. I think probably maybe the most significant policy thing they discussed that was cyber related was his view on section 702, which, of course is the law that is warrantless vacuuming up of communications targeting foreigners. But if you just so happen to have been a US Citizen talking to that person, there is a way for the FBI to seek that data about you. And there was a big debate in the last couple years, you'll recall, and it's actually a pretty long running one at this point. But. But before they reauthorized it, there was a big debate. Should we add a warrant requirement? Do you need to get a warrant requirement to go in and get information about U.S. citizens?
[16:34]
Dave Bittner
Right.
[16:35]
Tim Starks
And cash. Patel's view was that's. That's not something that's good that would actually harm investigation. It was a pretty traditional view of the hawkish side of that debate, as opposed to the side of the debate that was really focused on privacy and Fourth Amendment and those kinds of concerns.
[16:51]
Dave Bittner
Yeah. Tulsi Gabbard also made an appearance in front of the senators here. What came of that?
[16:56]
Tim Starks
Yeah, she got asked about a similar thing. She got asked about. My colleague Derek Johnson wrote about the hearing. She got asked about whether Edward Snowden was a traitor, which was something that she didn't seem eager to answer all that directly. You know, she, she's had some changes on her position on section 702. That was something that, that the, the committee hearing delved into. You know, obviously that's something she's gonna, if she's gonna be the Director of National Intelligence, that's gonna be something where her agency is gonna have a lot of oversight about that kind of activity. And she had once upon a time called this section 702 an overreach. But she has turned around and said actually it's a very direct, quote, vital national security tool. And that's something that, depending on where you were at, where you were at on the debate when it was happening, whether you were happy that she said that or unhappy that she said that.
[18:00]
Dave Bittner
I want to switch gears and touch on another article that I believe you co wrote here. And this was about the government falling victim to some crypto jacking.
[18:12]
Tim Starks
Very rare when that happens. We did find several instances beforehand of it happening, but the, you know, the cyber pros we talked to just were like, no, this is something really, really we haven't really heard of. So it's exceedingly rare that the government is crypto jacked. And it just so happens that USAID was in the fall and me and my colleague Rebecca over at FedScoop broke this story and explained, you know, it cost the company, it cost the agency half a million dollars to fix to deal with this. Basically, they, the cryptojackers just come in, they use up your electricity to mine crypto, and then they leave. And that seems to be what happened. What has happened here? I think I was looking at the numbers to get a sense of like, what is a half a million dollars to usaid? It may not sound like that much money if you're talking about a multibillion dollar agency, but that is the amount equivalent to how much they spent in 2023 on notifying children of tuberculosis. So we're talking about real money that could make a difference and that essentially was lost as a result of this hacking. And it could have been worse because these cryptojackers, cryptojacking is a real threat, but it's a lower level threat than say, ransomware.
[19:31]
Dave Bittner
Right.
[19:31]
Tim Starks
You know, there's not just monetary damage. There could be other damage as well. So these hackers could have used this access to do something much worse than they actually did. And what they did was pretty bad already.
[19:40]
Dave Bittner
Yeah, I have to say I was sort of scratching my head over this one as to whether or not Crypto jacking the federal government is poking the bear.
[19:51]
Tim Starks
Yeah, I mean, one of the things that I can't remember if we included this in the story, but certainly one of the things that I talked about, people is like, why would you do this? Like, what's, why would you crypto jack up the federal government? What do you, what do you, you know, there's so many, there's so many people you could target. And they, they do target lots. They target the private sector. The private sector loses tens of millions of dollars to this every year according to people he's talked to. So there's a chance that it was that they just didn't know who they were targeting, that they just were, you know, searching the web for, for vulnerable targets and found this, found this, found usa, usaid. The other thing though was that, and this is the part that I started to say this is a relatively low amount of money such that this isn't going to be like cooling a pipeline where the federal government is suddenly going to be coming for you because you shut down Eastern Seaboard's. You didn't really shut it down, but it caused a panic and suddenly people are having trouble buying gasoline. So it's a relatively low amount of money that it probably wasn't going to. It's low risk and it's low reward. But, but it does.
[20:54]
Dave Bittner
It did.
[20:55]
Tim Starks
It did strike us as very odd because why would you want to. Why a federal agency? And we didn't entirely get to the bottom of it, but it's entirely possible that they just didn't know who they were going at. They eventually figured it out. They would have had to have known something about who they were cryptojacking, you know, after they started doing it. But, but when they found them, they may, this may have just been very much a target of opportunity.
[21:20]
Dave Bittner
Did you get any response from any of the agencies involved here as to either how this happened or what they planned to do in the future to prevent it?
[21:29]
Tim Starks
No, we did not get that response. I would have loved. At least we were hit by a sophisticated attack. You always want that one, right?
[21:39]
Dave Bittner
At this point, it's a given.
[21:40]
Tim Starks
The good news is that we didn't need them to say that much about it because of the internal documents we had where they said, we've seen this, we responded. We're implementing these additional defenses. Multi factor authentication is key for this kind of thing. So we know how they responded or were going to respond. What we don't know is how much of what they said they were going to do. They actually ended up doing. I mean, we're talking about something that happened in November. It's possible that they haven't finished implementing all the defenses that they talked about doing. So that's the one thing that would have been nice to hear from them on. All jokes aside about the sophisticated campaign, it would have been nice to know if they have fixed these things instead of just here's what we say we're going to fix. That would have been something that would have been nice to know for the story, frankly. And cisa, which would certainly have been involved in some way, shape or form in evaluating what happened here, did not comment. They referred us back to usaid and USAID didn't want to say anything more. So that's where we were left.
[22:36]
Dave Bittner
Yeah. All right, well, Tim Starks is senior reporter at cyberscoop. Tim, thanks so much for taking the time for us.
[22:43]
Tim Starks
Yeah, thanks for having me.
[22:57]
And now a message from our sponsor Zscaler, the leader in cloud security Enterprises have spent billions of dollars on firewalls and VPNs, yet breaches continue to rise by an 18% year over year increase in ransomware attacks and a $75 million record payout in 2024. These traditional security tools expand your attack surface with public facing IPs that are exploited by bad actors more easily than ever with AI tools. It's time to rethink your security Zscaler Zero Trust plus AI stops attackers by hiding your attack surface, making apps and IPs invisible, eliminating lateral movement Connecting users only to specific apps, not the entire network Continuously verifying every request based on identity and context Simplifying security management with AI powered automation and detecting threats using AI to analyze over 500 billion daily transactions. Hackers can't attack what they can't see. Protect your organization with Zscaler Zero Trust and AI. Learn more@Zscaler.com Security.
[24:14]
Indeed
This episode is brought to you by Indeed. When your computer breaks, you don't wait for it to magically start working again. You fix the problem. So why wait to hire the people your company desperately needs? Use indeed sponsored jobs to hire top talent fast and even better. You only pay for results. There's no need to wait. Speed up your hiring with a $75 sponsored job credit@ Indeed.com podcast. Terms and conditions apply.
[24:50]
Dave Bittner
And finally, in a recent Blue sky post, Larry Pfeiffer, former CIA Chief of Staff and current Director of the Hayden center, highlighted a concerning action taken in response to President Trump's anti diversity directive. He noted that at the National Cryptologic Museum at nsa. Images of notable figures such as Elizabeth Friedman and Anne Cara Christie from the Women in American Cryptology hall of Honor, as well as Wash Wong and Ralph Adams from the People of Color In Cryptologic History, honorees were covered over with brown paper. This act has sparked discussions about the implications of the administration's stance on diversity and its impact on recognizing the contributions of marginalized groups in national security history. The museum responded to an inquiry from Mr. Pfeiffer stating, we are dedicated to presenting the public with historically accurate exhibits, and we have corrected a mistake that covered an exhibit. We look forward to visitors exploring the museum and its rich history. The decision to obscure the images of trailblazing cryptologists at the museum, whether intentional or out of misplaced caution, reflects the deep fear and uncertainty gripping government employees under the Trump administration's crackdown on diversity initiatives. This act, seemingly preemptive, underscores how agencies are scrambling to avoid political backlash, even at the cost of erasing historical contributions. It's a troubling sign of how policies rooted in ideology rather than merit can lead to self censorship and a chilling effect on truthful storytelling in public institutions. And that's the Cyberwire. We'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to cyberwire2n2k's senior producer is Alice Carruth. Our Cyberwire producer is Liz Stokes. We're mixed by Elliot Peltzman and Trey Hester. Our executive producer is Jennifer Ibin. Peter Kilpe is our publisher and I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow.