Tim Starks (13:38)

It's my treat as well.

Host/Interviewer (13:40)

So a couple stories that you have published here recently. In fact, this one is we touched on earlier today in today's Cyberwire News brief. And this is about some comments that a senior Secret Service official made yesterday about some holes in security that has caught his eye. What's going on here, Tim?

Tim Starks (14:04)

Yeah, he talked about a couple, but one that was pretty interesting. He said we don't talk about this in polite company. So that's always appealing if you're a reporter.

Host/Interviewer (14:12)

Right?

Tim Starks (14:13)

Lean in you go. Oh, what's this?

Host/Interviewer (14:20)

Right.

Tim Starks (14:21)

Anyway, he talked about something that I don't hear discussed that much. Certainly I hear it discussed, but I don't hear it discussed that often and not at this level of alarm. Essentially he's saying that the way domains are registered is a very big vulnerability. If you look at the number of phishing attacks that rely on fake URLs. He says, We've got a, this process is not working. You might recall this was something that used to be under pretty much exclusive United States authority, assigned numbers authority, or iana. And it's been about a decade since we handed it off. But interestingly, Matt with the Secret Service had made the point that US tech companies could do something about this.

Host/Interviewer (15:06)

Well, he pointed out the issue. Did he offer up solutions?

Tim Starks (15:12)

He basically said, tech companies, you can fix this. Certainly right now one of the things that happens is there are tech companies that are doing something about it, but it's more on the back end. Uses words. You've seen things like Google and Microsoft going to the courts and getting takedowns of domains, which is more of a setback for the organizations. And maybe sometimes it's a bad setback, but it doesn't stop the practice. To use his exact words, I'm just reading what he said. The major Internet players in the US they could change the nature of the Internet and change the governance of that, to clean that up when there's a heavy concentration of abuse and fraud. But he didn't go into any further detail about how they could do that.

Host/Interviewer (15:57)

Do you feel like. Well, let me rephrase that and say that I feel that there is a sense of resignation when it comes to this sort of thing that, that we've been operating this way for so long that it'd be hard to turn this battleship.

Tim Starks (16:11)

Yeah, it's one of the, you know, it goes back to the, to the thing that you hear said in cybersecurity a lot, which is the Internet wasn't built for security. There may be things that could be done about this, but we're talking about Internet governance, you know, we're talking about how the Internet works even so. So maybe it's not such a simple solution. One of the things he also brought up, I'll mention, because he brought it up as well, but business email compromise, which is subject, dialogue, covering because it's just billions and billions of dollars every year, it's a massive amount of Internet enabled fraud that's happening out there. Another situation where it's just the setup. He said we're too set up to trust emails that we get. That leads to this kind of implicit trust that you have and the system isn't designed to handle that. So he is talking about some big picture things that would probably be hard to fix.

Host/Interviewer (17:00)

Yeah, I wonder too. It strikes me that at this exact moment Our global influence, I think it's fair to say, is waning when it comes to setting policy for the rest of the world. And whether or not that's a valley that may rise up on the other side, or if this is the shape of things to come for the foreseeable future, who knows? But it sort of ties into another story that you published about the US Looking to be the leader when it comes to global policy for AI.

Tim Starks (17:37)

Yeah, that's a really interesting contrast you draw because if you look at some other things we've written about in recent weeks, we've seen the administration pull out of a number of international organizations on cyber, or that at least have some amount of cyber involved in what they're doing. So it's interesting that on one hand you have a top secret service official saying that Internet governance isn't working, and then on the other hand, you have an official from the office of the National Cyber Director, Alexander Seymour, saying, we need to launch a diplomatic effort essentially to make it so that AI standards on cybersecurity that the rest of the world are using are version. And there has been some work to that extent during this administration. Despite how much the Trump administration is pulling back internationally, it's definitely interesting that they're saying on this we want to see the US Be more of a leader. I think what maybe is the difference is that it's part of, if you listen to her remarks in full, it's part of a talk about the US AI tech stack, if you will. The phrase that I think is, it's a little jargony that I don't like using, but I'm quoting her, just essentially trying to push American AI. This administration clearly thinks that it's an economic inroad for the United States to have some more sustained dominance. So I think that might be the difference. Use our standards on this. We're pulling out of all these other cyber things, but use our standards on this because, by the way, we might make a little money on it if we do that.

Host/Interviewer (19:12)

Well, again, looking back to today's rundown of our cyberwar news, we had a story about France dialing back their use of US Video conferencing technology. They're bringing it in house. And, and I think we're seeing, day after day, we're seeing these reports where governments around the world are saying, we don't want to be so reliant on the US These days.

Tim Starks (19:35)

Exactly. And, you know, you. We talk about intelligence sharing between allied nations, even about them being about other countries being more Reluctant to share intelligence with us. And in cyberspace, that's huge. If countries start pulling back from sharing intelligence with the United States on cyber issues, that's a big, I guess, force multiplier would be the opposite, a force divider. It would reduce the amount of capabilities we have to defend against cyber attacks.

Host/Interviewer (20:04)

If not us, who? In other words, if the rest of the world says we can't rely on the United States for the leadership that we've always provided when it comes to tech and cyber, does that put China in the driver's seat? What do you think?

Tim Starks (20:19)

That's always the risk, certainly. Especially when it comes to cyberspace issues. I think there have been some efforts. We're just sticking with the subject of AI. Last spring, there was an EU oriented AI action plan. So I think that we might see a more fractured, regionalized kind of way to approach cybersecurity and cybersecurity issues. But when there's a power void and there's one country that is bigger than all the others, literally in every way, why wouldn't they see that as an opportunity? I think the issue for China, of course, is that there's a big body of evidence, and I'm not saying that the United States has been perfect prior to this administration either, but there's a big body of evidence that. That China has been a very bad actor in cyberspace. So there's a chance that they won't be able to make the kind of inroads that they would otherwise be able to make. But, you know, during the times of 5G and Huawei and all those, you know, go back just even a couple years, there was a big effort to make America a dominant force in all these areas. But other countries were tempted to enlist with Huawei and China because of prices and because of costs and because of intelligence risks. It might seem like an act of desperation if countries were to turn to China, but it's happened before, and I don't see why it couldn't potentially happen again.

Host/Interviewer (21:41)

Yeah. All right, well, time will tell, right?

Tim Starks (21:45)

You love that saying. Yes, time will definitely tell.

Host/Interviewer (21:51)

All right, Tim Starks, senior reporter at cyberscoop. Tim, thanks so much for joining us.

Dave Bittner (22:08)

This episode is brought to you by indeed. Stop waiting around for the perfect candidate. Instead, use INDEED sponsored jobs to find the right people with the right skills fast. It's a simple way to make sure your listing is the first candidate seen. According to INDEED data, sponsored jobs have four times more applicants than non sponsored jobs. So go build your dream team today with Indeed. Get a $75 sponsored job credit at Indeed.com podcast terms and conditions apply.

Tim Starks (22:36)

Are you a forward thinker? Then you need an HR and finance platform that thinks like you do. Workday is the AI platform that helps propel your organization, your workforce and your industry into the future. Workday moving business forever forward.

Host/Interviewer (22:57)

And finally, the Norwegian Nobel Institute says a cyber intrusion is the most likely culprit behind last year's premature leak of Peace Prize winner Maria Corinha Makedo. Investigators, assisted by Norwegian security authorities, concluded someone likely hacked their systems conveniently just hours before betting markets lit up on Polymarket. An internal leak the institute insists was thoroughly examined and politely ruled out. The episode drew extra attention to an already politicized prize, thanks in part to Donald Trump, who publicly argued he deserved the honor and later accepted Mikado's medal anyway, a plot twist few had on their bingo card. The institute declined to pursue a police case, citing a lack of clear theory, while delicately noting its cybersecurity routines could, like many laureates speeches, use some tightening. And that's the cyber Wire. For links to all of today's stories, check out our daily briefing@thecyberwire.com be sure to check out this weekend's Research Saturday and my conversation with University of New Mexico security researcher Mohammed Dhanish about the push for frictionless user experiences and how that's led many services to rely on SMS delivered single click URLs. That's Research Saturday. Check it out. We'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to cyberwire2k.com N2K senior producer is Alice Carouse. Our Cyberwire producer is Liz Stokes. We're mixed by Trey Hester with original music by Elliot Helxman. Our executive producer is Jennifer Ibin. Peter Kilpe is our publisher and I'm Dave Pifner. Thanks for listening. We'll see you back here next week. If you only attend one cybersecurity conference this year, make it RSAC 2026. It's happening March 23rd through the 26th in San Francisco, bringing together the global security community from four days of expert insights, hands on learning and real innovation. I'll say this plainly, I never miss this conference. The ideas and conversations stay with me all year. Join thousands of practitioners and leaders tackling today's toughest challenges and shaping what comes next. Register today@rsaconference.com cyberwire26 I'll see you in San Francisco.

Tim Starks (26:24)

Well, the holidays have come and gone once again. But if you've forgotten to get that special someone in your life a gift, well, Mint Mobile is extending their holiday offer of half off unlimited wireless. So here's the idea. You get it now. You call it an early present for next year. What do you have to lose? Give it a try@mintmobile.com Switch limited time.

Dave Bittner (26:44)

50% off regular price for new customers. Upfront payment required $45 for 3 months, $90 for 6 months or $180 for 12 month plan taxes and fees. Extra speeds may slow after 50 gigabytes per month when network is busy. See terms.