Scam operations disrupted across Asia. - CyberWire Daily

Summary8 min read

CyberWire Daily: Scam Operations Disrupted Across Asia Release Date: June 12, 2025 | Host: N2K Networks

Overview

In today's episode of CyberWire Daily, host Dave Bittner delves into significant cybersecurity developments focusing on major disruptions of scam operations across Asia. The episode covers a spectrum of topics including international law enforcement collaborations, advanced cyber threats, critical vulnerabilities in popular platforms, and insightful analysis on U.S. antitrust policies affecting the tech industry. Notable insights are provided by N2K's lead analyst, Ethan Cook, offering listeners a comprehensive understanding of the current cybersecurity landscape.

1. Interpol's Operation Secure Dismantles Major Cybercrime Network in Asia

Timestamp: [00:02]

Interpol, in collaboration with 25 other nations across Asia and the South Pacific, has successfully executed Operation Secure, targeting a vast cybercrime network. Key achievements of this operation include:

Removal of 20,000 malicious IP addresses and domains associated with InfoStealer malware.
Seizure of 41 servers and over 100 gigabytes of data.
Identification of 117 command and control servers utilized for phishing, fraud, and data theft, encompassing sensitive information such as passwords and cryptocurrency wallet details.

Notable Quote:

"Interpol worked with cybersecurity firms like Group IB and Kaspersky to share intel, highlighting the value of international collaboration in combating global cyber threats." – Dave Bittner [02:45]

Impact:

216,000 individuals were alerted to potential security risks.
32 arrests were made across countries including Vietnam, Sri Lanka, and Nauru.

2. Singapore Leads Operation Frontier Plus Against Scam Syndicates

Timestamp: [08:15]

Singapore spearheaded Operation Frontier Plus, a month-long multinational initiative aimed at dismantling scam syndicates responsible for approximately $225 million in fraud. Key actions and outcomes include:

Coordination with law enforcement from Hong Kong, South Korea, Malaysia, the Maldives, Thailand, and Macau.
Investigation of nearly 34,000 suspects linked to over 9,200 scams, ranging from fake investments to romance and job scams.
1,800 arrests made, 32,000 bank accounts frozen, and $20 million seized.
Singapore alone arrested 106 suspects tied to $30 million in fraud, recovering $8 million.

Notable Quote:

"Officials stress the growing sophistication of these scams and the need for a global response." – Dave Bittner [09:30]

3. GitLab Addresses Critical Vulnerabilities in DevSecOps Platform

Timestamp: [12:50]

GitLab has released urgent security updates to patch multiple vulnerabilities within its DevSecOps platform. These flaws present significant risks, including:

Account takeover vulnerabilities.
The ability for attackers to inject malicious jobs into CI/CD pipelines.

Key Vulnerabilities Addressed:

HTML injection
Missing authorization
Cross-site scripting (XSS)
Denial of Service (DoS) flaws

Action Required:

GitLab.com has already been patched.
Users of self-managed instances are urged to upgrade immediately to prevent potential exploits.

4. Researchers Uncover Smart Attack: Data Exfiltration via Smartwatches

Timestamp: [17:05]

Israeli researchers have unveiled a sophisticated method dubbed Smart Attack, which enables data exfiltration from air-gapped systems using smartwatches. The attack methodology involves:

Malware on a secure, isolated computer emits ultrasonic signals through built-in speakers.
These inaudible tones, modulated to carry data, are captured by a nearby smartwatch's microphone.
The smartwatch then transmits the data via Wi-Fi, Bluetooth, or cellular networks.

Implications:

Demonstrates how insider threats can bypass physical isolation measures.
Highlights the potential risks of wearable technology in secure environments.

Mitigation Strategies:

Banning smartwatches in sensitive areas.
Disabling speakers on secure systems to prevent signal emission.

5. Microsoft Copilot's 'Echo Leak' Vulnerability Exploited for Data Exfiltration

Timestamp: [21:30]

Microsoft has disclosed a critical vulnerability in its 365 Copilot AI assistant, identified as the first known zero-click attack on an AI agent, termed Echo Leak. The exploit allows attackers to:

Exfiltrate sensitive data by exploiting a new LLM scope violation.
Send emails containing hidden prompt injections disguised as legitimate business content.
Upon user interaction with Copilot-related queries, the AI retrieves malicious emails as context, embedding stolen data into links that automatically send requests to attacker-controlled servers without any user clicks.

Key Details:

Discovered by AIM Security in January 2025.
Patched by Microsoft in May 2025 with server-side updates.
No evidence of exploitation in the wild; no immediate action required by customers.

6. Paragon's Graphite Spyware Targets Journalists in Italy and Europe

Timestamp: [25:10]

Citizen Lab has confirmed the first known infections of Paragon's Graphite Spyware, targeting Italian journalist Ciro Pellegrino and an unnamed European journalist. Key points include:

Zero-click iMessage exploit used to compromise devices without user interaction.
Associated with Italian intelligence agencies, although Italy denies involvement.
Additional victims include journalists and migrant aid workers, suggesting a broader targeting scope.

Impact:

Government Response: Despite denials, the spyware scandal has intensified with increased scrutiny.
Withdrawal of Ties: Israel's Paragon ended its relationship with Italy following the government's refusal to investigate.

Notable Quote:

"Despite Italy's denials, the spyware scandal has widened with other victims, including journalists and migrant aid workers." – Dave Bittner [26:45]

7. France's CNIL Proposes Regulations on Email Tracking Pixels

Timestamp: [29:20]

France's data watchdog, CNIL, has launched a public consultation on a draft recommendation aimed at regulating the use of tracking pixels in emails. These invisible one-by-one-pixel images are often used to monitor email open rates, raising significant privacy concerns.

Key Aspects of the Proposal:

Clarification of consent requirements for email tracking.
Ensuring compliance with privacy standards amid rising complaints about email tracking.
Applicable to all organizations and their service providers utilizing email tracking technologies.

Consultation Details:

Duration: Open until July 24, 2025.
Additional Focus: CNIL is seeking input on the economic impact of the proposed regulations.

8. FOG Ransomware Operators Utilize Unusual Toolkit to Evade Detection

Timestamp: [33:50]

FOG Ransomware operators have been observed deploying an atypical mix of tools, combining open-source utilities with legitimate software to bypass standard detection mechanisms. Notable elements of their toolkit include:

Siteca and employee monitoring software: Used to capture credentials.
GC2: A rare backdoor leveraging platforms like Google Sheets or SharePoint for command and control (C2).
Stowaway: Facilitates stealthy delivery of malware.
SMB Exec and PSEXEC: Employed for lateral movement within networks.
Adapt 2xC2: Utilized for post-exploitation activities.
7zip, MegaSync, and free file sync: Used for data exfiltration.

Implications:

The combination of Sciteca and GC2 signals an evolving strategy that challenges traditional ransomware detection techniques.

Notable Quote:

"The attackers also used 7zip, MegaSync and free file sync for data exfiltration." – Dave Bittner [34:30]

9. Skeleton Spider Shifts Tactics to Target Recruiters via LinkedIn

Timestamp: [38:10]

The cybercriminal group Fin6, also known as Skeleton Spider, is adopting new strategies to infiltrate organizations by posing as job seekers on LinkedIn. Key tactics include:

Phishing Emails: Convincing messages without clickable links, prompting recipients to manually enter URLs.
Fake Resume Websites: Hosted on trusted platforms like AWS, utilizing Captcha and traffic filters to evade security tools.
Malware Delivery: Redirects to More Eggs Backdoor, a malware-as-a-service tool designed to steal credentials and facilitate ransomware attacks.

Evolution:

Historically focused on stealing payment card data from POS systems, Fin6 is now expanding to broader enterprise targets through sophisticated social engineering techniques.

Notable Quote:

"The use of professional messaging and cloud hosting allows them to evade detection, signaling a more sophisticated approach to targeting organizations through social engineering." – Dave Bittner [39:50]

10. Cyber Attack Causes Ongoing Outages for Erie Insurance

Timestamp: [42:20]

On June 7, 2025, Erie Insurance and Erie Indemnity Company experienced a significant cyber attack resulting in:

Ongoing outages affecting customer access to portals.
Inability to file claims or receive documents.
Activation of the Incident Response Plan, with collaboration alongside law enforcement and cybersecurity experts.

Current Status:

Nature and Impact: Remain unclear; no confirmation if ransomware or data theft is involved.
Customer Assurance: Erie Insurance emphasized that they won't request payments via email or phone during the outage.

11. In-Depth Analysis: Trump's Aggressive Antitrust Policies

Timestamp: [15:54]

In a segment from the Caveat podcast, N2K's lead analyst, Ethan Cook, engages in a detailed discussion about the Trump administration's stance on antitrust policies, particularly in relation to Big Tech. Key points include:

Aggressive Approach: The Trump administration is arguably the most proactive in two decades against Big Tech's monopolistic practices, challenging ongoing cases initially propelled by the Biden administration.
Unexpected Firmness: Contrary to expectations that Trump would favor Silicon Valley due to his 2024 supporter base, the administration has continued to vigorously pursue antitrust cases, including ongoing actions against Google.
Lina Khan's Influence: While the FTC under Lina Khan—a noted antitrust hawk—led many initiatives, elements within Trump's administration, such as Vice President JD Vance, have shown admiration for Khan's work, potentially influencing policy directions.

Notable Quotes:

"I think this is a really interesting surprise that his administration has been so tough, particularly because a lot of the Trump presidency has been undoing the work of the previous administration." – Ethan Cook [16:45]

"There's that rift between him and social media companies, him and big tech companies...they have kept their foot on the gas pedal." – Ethan Cook [17:10]

Discussion Highlights:

Coalition Dynamics: Despite strong initial alliances with Silicon Valley figures like Bezos, Musk, and Zuckerberg during Trump's inauguration, underlying tensions and conflicting interests have persisted.
Policy Continuity and Change: The administration's relentless pursuit of antitrust actions suggests a complex interplay between political loyalty, economic strategies, and regulatory priorities.

Conclusion: Ethan Cook underscores the unexpected tenacity of Trump's administration in addressing antitrust issues, highlighting a shift from perceived alliances to a more regulatory stance against major technology firms.

Conclusion

Today's episode of CyberWire Daily underscores the dynamic and evolving nature of cyber threats and the global efforts to combat them. From international law enforcement collaborations disrupting vast cybercrime networks to sophisticated malware attacks exploiting everyday devices, the cybersecurity landscape remains highly volatile. Additionally, the in-depth analysis of U.S. antitrust policies provides valuable insights into how political dynamics can influence regulatory approaches towards big tech. As cyber threats continue to advance in complexity, the importance of international cooperation, proactive security measures, and informed policy-making becomes ever more critical.

Notable Sponsor Mentions:

Indeed: Highlighted their effectiveness in hiring, with a special $75 sponsored job credit for listeners.
Vanta: Promoted their trust management platform for governance, risk, and compliance.
SpyCloud: Offered solutions for identity threat protection.

Please note that sponsor messages and advertisements have been excluded from this summary to focus solely on the content-rich discussions and analyses.

Loading summary

Transcript13 lines

[00:02]
Dave Bittner
You're listening to the Cyberwire Network powered by N2K. We've all been there. You realize your business needs to hire someone yesterday. How can you find amazing candidates fast? Well, it's easy. Just use Indeed when it comes to hiring, Indeed is all you need. Stop struggling to get your job post noticed Indeed Sponsored Jobs helps you stand out and hire Fast. Your post jumps to the top of search results so the right candidates see it first. And it works. Sponsored Jobs on indeed get 45% more applications than non sponsored ones. One of the things I love about Indeed is how fast it makes hiring. And yes, we do actually use Indeed for hiring here at N2K CyberWire. Many of my colleagues here came to us through Indeed. Plus with Sponsored Jobs. There are no subscriptions, no long term contracts. You only pay for results. How fast is Indeed? Oh, in the minute or so that I've been Talking to you, 23 hires were made on Indeed according to Indeed Data worldwide. There's no need to wait any longer. Speed up your hiring right now with Indeed and listeners to this show will get a $75 sponsored job credit. To get your jobs more visibility at indeed.com cyberwire just go to indee indeed.com cyberwire right now and support our show by saying you heard about Indeed on this podcast. Indeed.com cyberwire terms and conditions apply. Hiring Indeed is all you need. Interpol's Operations Secure dismantles a major cybercrime network and Singapore takes down scam centers. GitLab patches multiple vulnerabilities in its DevSecOps platform. Researchers unveil a covert method for exfiltrating data using smartwatches. Echo Leak allows for data exfiltration from Microsoft Copilot journalists are confirmed targets of Paragon's graphite spyware. France calls for comments on tracking Pixels Fog Ransomware operators deploy an unusual mix of tools. Skeleton Spider targets recruiters by post posing as job seekers on LinkedIn. And indeed Erie Insurance suffers ongoing outages following a cyber attack. Our N2K lead analyst Ethan Cook shares insights on Trump's antitrust policies and DNS neglect leads to AI sub domain exploits. It's Thursday, June 12, 2025. I'm Dave Bittner and this is your CyberW Wire Intel Briefing. Thanks for joining us here today. It's great to have you with us. Interpol's Operation Secure, a joint effort by 26 countries across Asia and the South Pacific, has dismantled a major cybercrime network. The operation removed 20,000 malicious IP addresses and domains tied to InfoStealer malware authorities seized 41 servers and over 100 gigabytes of data, identifying 117 command and control servers used for phishing fraud and stealing sensitive data like passwords and crypto wallet information. Hong Kong police played a key role in the analysis. Over 216,000 individuals were alerted to potential risks. The crackdown also led to 32 arrests, including suspects in Vietnam, Sri Lanka and Nauru. Interpol worked with cybersecurity firms like Group IB and Kaspersky to share intel, highlighting the value of international collaboration in combating global cyber threats. Meanwhile, Singapore led a month long multinational crackdown called Operation Frontier plus, targeting scam syndicates responsible for roughly $225 million in fraud. Coordinating with police from Hong Kong, South Korea, Malaysia, the Maldives, Thailand and Macau, Authorities investigated nearly 34,000 suspects tied to over 9,200 scams. These ranged from fake investments to romance and job scams. Over 1800 arrests were made, 32,000 bank accounts frozen and $20 million seized. Singapore alone arrested 106 suspects linked to $30 million in fraud, recovering $8 million. Charges include hacking and identity theft. The operation, which began in April, relied on rapid cross border collaboration to trace and freeze stol. Officials stress the growing sophistication of these scams and the need for a global response. They say similar efforts are underway in the U.S. india and Japan. GitLab has issued urgent security updates to patch multiple vulnerabilities in its DevSecOps platform. The flaws include account takeover risks and the ability for attackers to inject malicious jobs into CI CD pipelines. The fixes are included in GitLab updates. Critical issues addressed include HTML injection, missing authorization, cross site scripting and a denial of service flaw. GitLab.com is already patched and users of self managed instances are urged to upgrade immediately. Researchers in Israel have unveiled Smart Attack, a covert method for exfiltrating data from air gapped systems via smartwatch. The attack involves malware on a secure, isolated computer emitting ultrasonic signals via built in speakers. These inaudible tones, modulated to carry data, are picked up by a smartwatch microphone worn nearby. The watch then transmits the data via Wi Fi, Bluetooth or cellular networks. Though challenging and theoretical, the attack shows how insider threats can bypass physical isolation. Experts recommend banning smartwatches and disabling speakers in sensitive areas to mitigate risk. Microsoft has disclosed a critical vulnerability in its 365 copilot AI assistant, marking the first known zero click attack on an AI agent dubbed Echo Leak. The flaw allowed attackers to exfiltrate sensitive data by exploiting a new LLM scope violation. Attackers send emails with hidden prompt injections disguised as business content. When users later asked Copilot related questions, its rag engine retrieved the malicious emails as context. The AI then embedded stolen data into links that triggered automatic requests to an attacker controlled server, bypassing content security policies. No user clicks were needed, just a crafted email and a relevant query discovered by AIM Security in January of this year. Microsoft patched the issue in May with server side updates. There's no sign it was exploited in the wild and no action is needed by customers. Citizen Lab has confirmed the first known infections by Paragon's graphite spyware targeting Italian journalist Ciro Pellegrino and an unnamed European journalist. Both were Compromised through a zero click iMessage exploit allowing surveillance without user interaction. Paragon spyware linked to Italian intelligence agencies was reportedly active during the hacks. Despite Italy's denials, the spyware scandal has widened with other victims, including journalists and migrant aid workers. Pellegrino, unaware he was a target, criticized the lack of support from Italy's government. A recent parliamentary report claimed no journalists were targeted, but Citizen Lab's forensic evidence challenges that narrative. Israel's Paragon ended its ties with Italy after the government refused to investigate. Citizen Lab continues examining additional cases as the spyware's full reach and intent remain unclear. France's data watchdog CNIL has launched a public consultation on its draft recommendation for regulating tracking pixels in emails. These invisible one by one pixel images are used to monitor when emails are opened, raising privacy concerns. The proposal aims to clarify consent requirements and ensure compliance, especially as complaints about email tracking increase. The draft applies to all organizations using email tracking and their service providers. The consultation runs until July 24, and CNIL is also collecting input on the economic impact of regulation. FOG ransomware operators are deploying an unusual mix of tools blending open source utilities with legitimate software to evade detection. First observed in May 2024, the group initially used stolen VPN credentials pass the hash attacks and exploited known flaws in Veeam and SonicWall systems in a recent attack on an Asian financial institution. Symantec uncovered a novel tool set that included Siteca and employee monitoring software used to capture credentials and GC2, a rare backdoor using Google Sheets or SharePoint for command and control. Other tools included Stowaway for stealthy delivery, SMB exec and PSEXEC for lateral movement and adapt 2xC2 for post exploitation. The attackers also used 7zip, MegaSync and free file sync for data exfiltration. Symantec notes the atypical toolkit, especially Sciteca and GC2, signals an evolving strategy that challenges standard ransomware detection methods. Cybercriminal group Fin6, also known as Skeleton Spider, is using a new tactic to infect recruiters with malware by posing as job seekers on LinkedIn. And indeed, according to Domain Tools, the group sends convincing phishing emails with no clickable links, requiring recipients to manually enter URLs, leading to fake resume websites hosted on trusted platforms like aws. These sites use Captcha and traffic filters to bypass security tools and deliver the more eggs Backdoor, a malware as a service tool used to steal credentials and enable ransomware attacks. Fin6, historically known for stealing payment card data from point of sale systems, is now shifting toward broader enterprise threats. The use of professional messaging and cloud hosting allows them to evade detection, signaling a more sophisticated approach to targeting organizations through social engineering. Erie Insurance and Erie Indemnity Company confirmed a cyber attack on June 7, causing ongoing outages and business disruptions. Customers have been unable to access the portal, file claims or receive documents. The company activated its Incident Response Plan and is working with law enforcement and cybersecurity experts to investigate. While the nature and impact of the attack are still unclear, Erie emphasized it won't request payments via email or phone during the outage. There's no confirmation yet if ransomware or data theft is involved. Coming up after the break, our N2K lead analyst Ethan Cook shares insights on Trump's antitrust policies and DNS neglect leads to AI subdomain exploits. Stick around. Hey everybody, Dave here. I've talked about Deleteme before and I'm still using it because it still works. It's been a few months now and I'm just as impressed today as I was when I signed up. Deleteme keeps finding and removing my personal information from data broker sites, and they keep me updated with detailed reports so I know exactly what's been taken down. I'm genuinely relieved. Knowing my privacy isn't something I have to worry about every day. The Delete Me team handles everything. It's the set it and forget it peace of mind. And it's not just for individuals. Deleteme also offers solutions for businesses helping companies protect their employees personal information and reduce exposure to social engineering and phishing threats. And right now, our listeners get a special deal 20% off your delete me plan. Just go to JoinDeleteMe.com N2K and use promo code N2K at checkout. That's JoinDeleteMe.com N2k code N2K. And now a word from our sponsor, ThreatLocker. Keeping your system secure shouldn't mean constantly reacting to threats. ThreatLocker helps you take a different approach by giving you full control over what software can run in your environment. If it's not approved, it doesn't run. Simple as that. It's a way to stop ransomware and other attacks before they start without adding extra complexity to your day. See how ThreatLocker can help you lock down your environment at www.threatlocker.com. we are sharing a selection from today's Caveat podcast where my co host Ben Yellen and I are joined by N2K's lead analyst, Ethan Cook. We take a policy deep dive into the Trump administration's antitrust stance. Let's just start off with some high level stuff. I mean, when we're talking about antitrust and the Trump administration, what's the high level approach that they seem to be taking here?
[15:55]
Ben Yellen
Ethan I think the best way I can surmise it is aggressive, specifically against Big Tech. I would go as far to say that this is probably the most aggressive administration regarding antitrust policy in about two decades. Biden's a close contender, but they certainly are pushing for some pretty aggressive policies.
[16:18]
Dave Bittner
Ben I'd say this in a way surprises me. I'm thinking back to President Trump's inauguration and who was standing by his side.
[16:28]
Ethan Cook
Yeah, the second row there was Bezos and Musk and Zuckerberg. I think this is a really interesting surprise, at least from my perspective. There were a lot of, as Ethan writes about antitrust cases in progress, initiated by, in many cases, the Biden administration ftc, which was run by an antitrust hawk, Lina Khan. And there were hints that some of Trump's people were on board this antitrust agenda, including JD Vance, the vice president, who said that he admired a lot of Lina Khan's work. But I certainly didn't think that they'd go at it as strongly as they have, largely because Trump seemed to have made peace with Big Tech and with Silicon Valley prior to the election. And a lot of his new base of support in 2024 that he didn't have in 2016 and 2020 was Silicon Valley types, VCs, people who are in the industry who are very forward looking and were frustrated by democratic economic policy, social and cultural policy. And so this became a big part of his coalition. And you'd think that President Trump would come in and as a payback to getting the votes of this community, he would be lighter on antitrust matters. And it's just a really interesting surprise that his administration has been so tough, particularly because a lot of the Trump presidency has been undoing the work of the previous administration. So I feel like we could have seen that here, and we haven't. They've continued to vigorously argue the case in these two Google cases that we've talked about. Now there's a meta case that's coming up, and they have kept their foot on the gas pedal. So it's definitely something that's noteworthy and surprising.
[18:25]
Dave Bittner
Ethan, what's the why here? I mean, why do we think antitrust has become such a focal point of this administration's tech policy agenda?
[18:34]
Ben Yellen
Yeah, it's an interesting one. It's kind of a. It's a question that I've been grappling with, especially considering how, you know, to Ben's point, during the campaign trail, it appeared that Trump was not only willing to take their money, but was willing to give them access. And then to turn around and kind of slap in the face and say, yeah, thank you for all your support, I'm now going to break up all your companies was kind of shocking to me. I think part of it, when I try and think back is, you know, to Ben's point, some of these cases were started by the Biden administration, but some of these cases date back to Trump's first administration, where at the end, in 2020, he was launching some of these cases. And it felt like, you know, this, there was that rift between him and social media companies, him and big tech companies. So I think some of this is that inherent gap that has been there for years now, and he's just kind of playing that through. And I think part of the other side is, and I didn't write about this, but I, you know, it's maybe a little speculation on my behalf, but, you know, Trump is more aligned with more traditional big tech or big media companies. If he reinstituted net neutrality or net neutrality died, which net neutrality is something that these big tech companies were pretty much in favor of and companies that provide Internet were not in favor of. And the killing of net neutrality was something that I thought was a. And Trump's reiterated attempts to kill net neutrality was something that kind of aligned to me saying, okay, maybe he's more in line with these traditional companies that we consider like a Verizon, AT&T, whatever it may be for Internet providers then compared to a Google or a meta.
[20:17]
Ethan Cook
It's an interesting theory, but then, like, why is the second row at his inauguration the heads of all these companies.
[20:24]
Ben Yellen
Yeah, I don't. It's, it's weird to me because it's this dynamic where they, obviously, that was a huge political stunt and got the media talking for days that they were there. But at the same time, it, there appears to be no love lost between the two of them. I mean, outside of these lawsuits. I mean, you know, Trump and Elon's relationship has pretty much fallen apart. And I mean, I, I don't think anyone was particularly shocked by that. But I, you know, I, I kind of saw that one coming a little bit. But I think maybe there, you know, one thing that they're. He's, you know, he's going to go after these cases, but maybe relax on the merger and acquisition front. I don't know. It's kind of a dynamic where it's a head scratcher.
[21:08]
Dave Bittner
Could it be as simple as loyalty flows in one direction when it comes to Donald Trump. I mean, he expects these tech companies to bend their knees and make their contributions, but that does not in any way guarantee that he's obligated to anything.
[21:27]
Ethan Cook
I mean, that's been the pattern of his presidencies and really going back to his career in business, that he expects loyalty from others. But like, and everybody kind of sidles up to him thinking that they can buy his loyalty with their political support or with money. But he does not always fulfill those promises, which is why he's had falling outs with people like Elon Musk. And just going back through his political career and business career, people who've tried to cozy up to him to get what they want frequently don't end up getting what they want, even if they've spent a decade cozying up to him. So, you know, I always think of Lindsey Graham, who I think made the senator from South Carolina, who's a big traditional pro defense Republican, was very anti Trump during the 2016 campaign, kind of famously wrote a tweet saying, if we nominate this guy, we're going to get killed, and we deserve to. Of course he won the election. And I think Lindsey Graham made a calculated decision at that point to say, let me get on this guy's good side and maybe I can help shape his foreign policy to be more a traditional Republican interventionist foreign policy. Maybe I can make him more of a defense hawk. And he's kept up the praise and the cozying up to Trump. They're golf buddies, and maybe on some matters he's gotten his way on foreign policy, but on things like Ukraine and Russia and certainly on Iran, he has not. So I think there is that kind of pattern here of people think that he doesn't have fixed political beliefs and they take from that that he's malleable and that if you flatter him, you might get what you want. And I think he loves that people think that because people come to him and they flatter him. But it's just, I think it doesn't always end up accruing to the benefit of the flatterers, if that makes sense.
[23:27]
Dave Bittner
Yeah, I think, Ethan, you sort of alluded to an interesting point here, which is, and I guess Ben, chime in on this, I can't help thinking how many things loop back to the 2020 election. Right. And so President Trump's animosity towards these big companies, as Ethan alluded to, you can trace back to what Trump and his allies consider misinformation, mainly that President Trump lost the 2020 election. Right. The refusal to acknowledge that. How much of this keeps looping back to that?
[24:15]
Ben Yellen
Yeah, and I think this is this interesting dynamic because I don't even think it was just the loss. I think it was throughout the four years under Biden, them continuing to go after this misinformation and follow Biden's statement, even though Biden was actively pursuing these lawsuits, they all in the meanwhile using as a convenient, hey, these were already started for me, might as well see it through. And I think to an extent this feels a little bit like a targeted you went after me and my claims for four years. I am, you know, thank you for helping me get elected. I am now going to pay it back.
[24:56]
Dave Bittner
Our thanks to Ethan Cook for joining Ben and I on Caveat. We hope you'll check out the entire episode of Caveat. You can find that right here on the N2K CyberWire network or wherever you get your favorite podcasts. Compliance regulations, third party risk, and customer security demands are all growing and changing fast. Is your manual GRC program actually slowing you down? If you've ever found yourself drowning in spreadsheets, chasing down screenshots or wrangling manual processes just to keep your GRC program on track, you're not alone. But let's be clear, there is a better way. Vanta's trust management platform takes the headache out of governance, risk and compliance. It automates the essentials from internal and third party risk to consumer trust, making your security posture stronger. Yes, even helping to drive revenue. And this isn't just nice to have. According to a Recent analysis from IDC teams using Vanta saw a 129% boost in productivity. That's not a typo, that's real impact. So if you're ready to trade in chaos for clarity, check out Vanta and bring some serious efficiency to your GRC game. Vanta GRC how much easier trust can be? Get started@vanta.com cyber and finally, our It's Always DNS desk takes us on a scenic stroll through the Internet's lesser maintained cul de sacs where technical debt and laziness collide in a wonderfully absurd mess. First 404 Media visits the wow Lazy Empire, a junkyard of AI generated nonsense squatting on once pristine subdomains from the likes of npr, Stanford and Nvidia. Thanks to poor subdomain hygiene, spammers found abandoned plots and moved in posting content like gay furry porn. These AI sploited subdomains don't just confuse search engines, they make your brand look like its moonlighting is a bizarre fanfic site. Much of this is the result of the elegant disaster of dangling DNS records. This is when you point a subdomain to a service and later stop using that service, but forget to delete the DNS pointer. You've left the digital backdoor wide open. Hackers can swoop in, claim that service, and hijack your subdomain to host phishing sites, malware, or more furry content. Not that there's anything inherently wrong with furry content. The Fix Scrub your DNS like it's a crime scene. And that's the Cyberwire. We'd love to hear from you. We're conducting our annual survey to learn more about our listeners. We're collecting your insights through the end of summer. There's a link in the show Notes. Please do check it out. N2K's senior producer is Alice Carruth. Our Cyberwire producer is Liz Stokes. We're mixed by Trey Hester with original music and sound design by Elliot Peltzman. Our executive producer is Jennifer Ivan. Peter Kilpe is our publisher and I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow. And now a word from our sponsor. Spy Cloud Identity is the new battleground and attackers are exploiting stolen identities to infiltrate your organization. Traditional defenses can't keep up. Spy Cloud's Holistic Identity Threat Protection helps security teams uncover and automatically remediate hidden exposures across your users from breaches, malware and phishing to neutralize identity based threats like account takeover, fraud and ransomware. Don't let invisible threats compromise your business. Get your free corporate darknet exposure. Report at spycloud.com cyberwire and see what attackers already know. That's spycloud.com cyberwire.