The masterminds behind a $1.5 billion heist. - CyberWire Daily

Summary8 min read

CyberWire Daily: Episode Summary – "The Masterminds Behind a $1.5 Billion Heist"

Release Date: February 27, 2025
Host: Maria Varmazes
Produced by: N2K Networks

Introduction

In this episode of CyberWire Daily, host Maria Varmazes delivers a comprehensive briefing on the latest developments in cybersecurity. The episode delves into significant cyber incidents, including a monumental $1.5 billion heist, and features an in-depth interview with Adam Murray, the Chief Information Security Officer (CISO) at Arctic Wolf and a former FBI Special Agent. Murray discusses the complexities of banning TikTok and the urgent need for enhanced regulations for social media companies. This summary encapsulates the key points, discussions, insights, and conclusions presented throughout the episode.

1. The Bybit $1.5 Billion Heist

Timestamp: [01:32]

The U.S. Federal Bureau of Investigation (FBI) has officially attributed the recent $1.5 billion Ethereum theft from the Bybit cryptocurrency exchange to North Korean hackers operating under the activity cluster known as Traitor Traitor, linked to Pyongyang's notorious Lazarus Group.

Details of the Attack:
- The FBI released a list of 51 Ethereum addresses associated with the stolen assets.
- They urged various private sector entities—including RPC node operators, exchanges, DeFi services, and blockchain firms—to block transactions linked to these addresses.
- The stolen funds are being laundered through these identified Trader Trader actors.
Investigation Findings:
- Bybit CEO Ben Joe revealed insights from two investigations:
  - Signia's Investigation: Identified malicious code originating from Safe Wallet's infrastructure as the root cause.
  - Vericain's Research: Determined that the attack involved injecting malicious JavaScript into App Safe Global, which compromised Bybit's signers. The payload was engineered to activate under specific conditions, evading detection by regular users.
- Conclusion: The likely compromise of AWS S3 or Cloudfront account API keys from Safe Global facilitated the largest heist in history, surpassing previous records such as Saddam Hussein's $1 billion theft from Iraq's Central Bank in 2003.

Notable Quote:

"The hack currently stands as the largest heist of any kind in history, surpassing Saddam Hussein's theft of $1 billion from the Central Bank of Iraq in 2003."
— Dave Buettner [01:45]

2. Cellebrite Suspends Services in Serbia

Timestamp: [05:10]

Cellebrite, an Israeli firm specializing in cell phone data extraction, has ceased operations with the Serbian government amid allegations of misuse of their tools.

Allegations:
- Amnesty International's Report (December 2024): Claims Serbian police employed Cellebrite’s software alongside Android-focused spyware to hack journalists' and activists' phones during detentions or interviews.
Cellebrite's Response:
- The company emphasized their commitment to ethical use, stating, "We take seriously all allegations of a customer's potential misuse of our technology..." and proceeded to terminate services with the implicated Serbian authorities.

3. Belgian Spy Agency Hacked

Timestamp: [07:25]

Belgium has launched a judicial investigation into a sophisticated cyber espionage operation targeting its State Security Service (VSSE) from 2021 to 2023.

Attack Details:
- Chinese state-sponsored hackers exploited a vulnerability in Barracuda Networks' email security product.
- Deployed malware strains, including Saltwater, CSPY, and Seaside, to establish backdoors while keeping internal communications secure.
Impact:
- Approximately 10% of VSSE's email traffic was compromised.
- Personal data of nearly half of the VSSE staff and past applicants may have been exposed.
Belgian Official Statement:
- Officials declined to provide specifics, citing the ongoing investigation.

4. Surge in China's Cyber Espionage Activities

Timestamp: [09:30]

According to CrowdStrike, China intensified its cyber espionage efforts in 2024, marking a 150% increase in nation-state-backed intrusions compared to the previous year.

Targeted Sectors:
- Financial services
- Media
- Manufacturing
- Industrials and engineering
New Threat Groups:
- Liminal Panda
- Locksmith Panda
- Operator Panda (Salt Typhoon)
These groups exhibit specialized skills targeting telecommunications, logistics, and critical infrastructure.
Advanced Tactics:
- Utilization of Operational Relay Box (ORB) networks—botnets of compromised edge devices—for activity obfuscation and persistent access.

Notable Quote:

"These groups have adopted advanced tactics including the use of operational Relay Box or ORB networks, which are botnets of compromised edge devices, in order to obfuscate their activities and maintain persistent access."
— Dave Buettner [09:45]

5. Resurgence of the Sticky Werewolf APT Group

Timestamp: [10:50]

Kaspersky's Secure List reported the comeback of the Angry Lyco Advanced Persistent Threat Group, also known as Sticky Werewolf, in early 2025.

Target Regions:
- Russia
- Belarus
Attack Methods:
- Highly targeted spear-phishing emails containing malicious RAR archives with harmful shortcut files.
- Deployment of the lumastealer malware to exfiltrate sensitive information, including system details, login credentials, banking information, and cryptocurrency wallet contents.

6. US Review of UK’s iCloud Backdoor Request

Timestamp: [11:55]

Tulsi Gabbard, the U.S. Director of National Intelligence, has initiated a legal review concerning the UK government's secret demand for Apple to create a backdoor to access users’ iCloud data.

Apple’s Stance:
- Apple decided to discontinue its Advanced Data Protection (ADP) feature in the UK rather than comply with the backdoor request.
Gabbard's Concerns:
- Privacy and Civil Liberties: She emphasized the grave implications of such demands, stating, "This would be a clear and egregious violation of Americans' privacy and civil liberties."
- Legal Limitations: The Bilateral Cloud Act Agreement restricts the UK from issuing data demands for U.S. citizens or those within the United States, and vice versa.

Notable Quote:

"This would be a clear and egregious violation of Americans' privacy and civil liberties and open up a serious vulnerability for cyber exploitation by adversarial actors."
— Tulsi Gabbard [16:00]

7. DOGE's Access to HUD’s Sensitive Data

Timestamp: [12:45]

The Department of Government Efficiency (DOGE), led by Elon Musk, has secured access to the Department of Housing and Urban Development's (HUD) Enforcement Management System.

Data Accessed:
- Confidential records, including medical histories, financial documents, Social Security numbers, and addresses of individuals alleging housing discrimination.
Privacy Concerns:
- Unlike other agencies resisting DOGE's data access attempts, HUD granted them access, sparking significant privacy debates.
DOGE’s Mission and Challenges:
- Aims to modernize government technology and reduce improper spending.
- Faces opposition, including legal challenges and resignations over potential privacy violations.

8. Cleveland Municipal Court Cyber Incident

Timestamp: [13:45]

The Cleveland Municipal Court has been closed for the fourth consecutive day due to a cyber incident, suspected to be a ransomware attack.

Court’s Response:
- All affected systems and software platforms have been shut down as a precaution.
- The Ohio National Guard and Ohio Cyber Reserve are assisting in the response and recovery efforts.
Expert Insight:
- While the court has not disclosed specifics, experts indicate ransomware is the likely culprit.

9. Interview with Adam Murray on Banning TikTok and Social Media Regulation

Timestamp: [15:22 – 24:28]

In this segment, Adam Murray, CISO at Arctic Wolf and former FBI Special Agent, engages in a critical discussion with host Dave Buettner about the complexities surrounding the potential ban of TikTok and the broader need for regulating social media companies.

Key Discussion Points:

False Dichotomy of Free Speech vs. National Security:
- Adam Murray argues that framing the TikTok ban as a choice between free speech and national security is misleading. Instead, he highlights the underlying issue: the lack of comprehensive regulation for technology and social media companies.
Inadequacy of Bans:
- Banning TikTok is likened to using a "sledgehammer" when a "scalpel" is needed.
- Adam Murray emphasizes that individual app bans merely push users to alternative platforms, often owned by similar foreign entities, without addressing the systemic vulnerabilities.

Notable Quotes:

"There is a complete lack of regulation on technology companies and social media in particular, which leaves us with few options to address real concerns like the national security implications of TikTok."
— Adam Murray [15:31]

"We really need a comprehensive framework, data privacy laws, content transparency, algorithmic accountability, and restriction on foreign ownership for this critical digital infrastructure."
— Adam Murray [21:36]

Proposed Solutions by Adam Murray:

Comprehensive Regulatory Framework:
- Implementing data privacy laws.
- Ensuring content transparency.
- Enforcing algorithmic accountability.
Restriction on Foreign Ownership:
- Limiting foreign entities' control over critical digital infrastructure to mitigate national security risks.
Revamping Section 230:
- Revising legislation to hold social media companies accountable for the content their algorithms promote, ensuring responsibility beyond individual posts.
Algorithmic Transparency:
- Mandating transparency in how algorithms function and deliver content to users, preventing manipulation by foreign adversaries.

Conclusion of the Interview: Adam Murray underscores the necessity for elected officials to develop and implement robust regulatory measures. Without these, responses like banning TikTok will remain temporary and ineffective solutions to deep-rooted security challenges.

10. Case Study: US Army Soldier Cameron Wagenius

Timestamp: [25:23]

The episode concludes with a report on Cameron Wagenius, a U.S. Army soldier implicated in leaking confidential phone records and attempting to extort AT&T for $500,000.

Criminal Activities:
- Part of a hacker group responsible for stealing data from Snowflake, a cloud storage service.
- Accessed records from major companies, including AT&T, Ticketmaster, and LendingTree.
Impact:
- AT&T experienced data breaches affecting 110 million customers, resulting in a $370,000 payment to hackers to prevent further leaks.
Legal Proceedings:
- Operating under the alias Kyber Phantom, Wagenius pleaded guilty to data leaks.
- Evidence indicates attempts to defect to non-extradition countries and soliciting legal defense via Google searches.
- Authorities discovered attempts to sell stolen information to a foreign military intelligence service and possession of over 17,000 stolen identity documents.
Current Status:
- Prosecutors label him a flight risk and seek to keep him in custody awaiting sentencing, which could result in up to 20 years in prison.

Notable Quote:

"He had searched for ways to defect to non extradition countries and even asked Google, 'can hacking be treason?'"
— Dave Buettner [25:23]

Conclusion

This episode of CyberWire Daily offers a deep dive into some of the most pressing cybersecurity issues of early 2025. From unprecedented financial heists orchestrated by state-sponsored actors to the intricate debates surrounding social media regulation, the episode underscores the evolving landscape of cyber threats and the imperative for robust, comprehensive defenses and policies. The interview with Adam Murray provides valuable perspectives on the intersection of technology, security, and legislation, highlighting the critical need for strategic regulatory frameworks to safeguard national security and individual privacy in an increasingly digital world.

For further insights and detailed discussions, listeners are encouraged to visit CyberWire's daily briefing and follow their email newsletter.

Loading summary

Transcript16 lines

[00:02]
Maria Varmazes
You're listening to the Cyberwire network, powered by N2K.
[00:13]
Dave Buettner
Hey everybody, Dave here. Have you ever wondered where your personal information is lurking online? Like many of you, I was concerned about my data being sold by data brokers, so I decided to try Deleteme. I have to say, Deleteme is a game changer. Within days of signing up, they started removing my personal information from hundreds of data brokers. I finally have peace of mind knowing my data privacy is protected. Deleteme's team does all the work for you with detailed reports so you know exactly what's been done. Take control of your data and keep your private life private by signing up for Deleteme now at a special discount for our listeners today. Get 20% off your delete me plan when you go to JoinDeleteMe.com N2K and use promo code N2K at checkout. The only way to get 20% off is to go to JoinDeleteMe.comN2K and enter code N2K at checkout. That's JoinDeleteMe.com N2k code N2K.
[01:32]
Maria Varmazes
FBI attributes $1.5 billion Bybit hack to DPRK hackers Cellebrite suspends services in Serbia following allegations of misuse A Belgian spy agency is hacked New groups, bigger attacks Sticky Werewolf strikes again USDNI orders legal review of UK's request for iCloud backdoor a cybersecurity veter takes CISA's lead doge accesses sensitive HUD data Cleveland Municipal Court remains closed following cyber incident Arctic Wolf's CISO and former FBI Special Agent Adam Murray joins Dave Buettner to discuss banning TikTok and increasing regulations for social media companies and Can Hacking be treason? Today is February 27, 2025. I'm Maria Varmazes, host of the T Minus Space Daily podcast on the mic for Dave Buettner and this is your Cyberwire intel briefing. The U.S. federal Bureau of Investigation has confirmed that North Korean hackers were behind last week's theft of one and a half billion dollars worth of Ethereum from the Bybit cryptocurrency exchange. The FBI attributes the hack to an activity cluster tracked as Traitor Traitor, which is tied to Pyongyang's Lazarus Group. The Bureau provided A list of 51 Ethereum addresses holding assets from the theft, stating that the FBI encourages private sector entities including RPC node operators, exchanges, bridges, blockchain and Linux firms, Defi services and other virtual asset service providers to block transactions with or derived from addresses. Trader Trader actors are using to launder the stolen assets. Bleeping Computer reports that Bybit CEO Ben Joe has shared the results of two investigations into the hack. First, investigators from Signia concluded that the root cause of the attack is malicious code originating from Safe Wallet's infrastructure. Second, researchers at Vericain added that the attack specifically targeted Bybit by injecting malicious JavaScript into App Safe Global, which was accessed by Bybit's signers. The payload was designed to activate only when certain conditions were met. This selective execution ensured that the backdoor remained undetected by regular users while compromising high value targets. Based on the investigation results from the machines of Bybit's signers and the cached malicious JavaScript payload found on the Wayback Archive, we strongly conclude that AWS S3 or Cloudfront account API key of Safe Global was likely leaked or compromised. The hack currently stands as the largest heist of any kind in history, surpassing Saddam Hussein's theft of $1 billion from the Central bank of Iraq in 2003. Israeli cell phone data extraction firm Cellebrite has dropped the Serbian government as a customer following a report that the Serbian police had used the company's tools to hack the phones of a journalist and an activist. According to a report from TechCrunch, Amnesty International published a report in December 2024 asserting that Serbian authorities used Cellebrite's hacking software in combination with an Android focused spyware tool to covertly infect individuals devices during periods of detention or police interviews, cellebrite said in a statement. We take seriously all allegations of a customer's potential misuse of our technology in ways that would run counter to both explicit and implied conditions outlined in our end User Agreement. After a review of the allegations brought forth by the December 2024Amnesty International report, Cellebrite took precise steps to investigate each claim. In accordance with our ethics and integrity policies, we found it appropriate to stop the use of our products by the relevant customers at this time. Belgium has initiated a judicial investigation into an alleged Chinese cyber espionage operation that compromised the email system of its State security service, or VSSE, between 2021 and 2023, unidentified Chinese state sponsored hackers reportedly siphoned off 10% of the agency's incoming and outgoing emails. The attackers exploited a vulnerability in an email security product from Barracuda Networks, deploying malware strains Saltwater, CSPY and Seaside in order to establish backdoors into compromised systems while classified internal communications remained secure. The breach affected an external server handling communications with government ministries and law enforcement, potentially exposing personal data of nearly half of the VSSE staff and past applicants. Belgian officials have refrained from commenting on the specifics, citing the ongoing nature of the investigation. In 2024, China significantly advanced its cyber espionage capabilities with a 150% increase in nation state backed intrusions across all sectors compared to 2023. As reported by CrowdStrike, industries such as financial services, media, manufacturing, industrials and engineering experienced triple or quadruple the number of China related intrusions. Notably, CrowdStrike identified seven new China linked threat groups, five of which demonstrated specialized skills targeting specific sectors. Groups like Liminal Panda, Locksmith Panda and Operator Panda, also known as Salt Typhoon focused on telecommunications networks, with Operator Panda linked to attacks on US and global telecom providers. These groups have adopted advanced tactics including the use of operational Relay Box or ORB networks, which are botnets of compromised edge devices, in order to obfuscate their activities and maintain persistent access. This evolution reflects China's long term investment in cultivating a highly skilled technical workforce, enhancing its offensive cyber capabilities to rival other global users. While primarily focused on intelligence gathering, the sophistication and specialization of these groups pose significant threats to global critical infrastructure. For instance, Volt typhoon, tracked by CrowdStrike as Vanguard Panda, has targeted logistics networks related to maritime operations, air transportation and international travel, underscoring the pressing need for robust cybersecurity measures to counteract China's expanding cyber espionage activities. In early 2025, cybersecurity researchers at Kaspersky's Secure List reported the resurgence of the Angry Lyco Advanced Persistent Threat Group, also known as Sticky Werewolf, targeting organizations in Russia and Belarus. Active since 2023, angry Lyco apt has been linked to cyber attacks on government agencies and large corporate contractors within these regions. The group's modus operandi involves highly targeted spear phishing emails directed at employees of major organizations, including governmental bodies and their contractors. These emails contain malicious RAR archives, embedding harmful shortcut files alongside seemingly benign documents. Once the archive is opened, a sophisticated infection chain is initiated, culminating in the deployment of the lumastealer malware. This malware is engineered to exfiltrate sensitive information such as system details, installed software, data, browser cookies, login credentials, banking information and cryptocurrency wallet contents. US Director of National Intelligence Tulsi Gabbard has ordered a legal review of the UK government's secret demand for Apple to provide a backdoor to access users icloud data. According to the Record, Apple recently said it would stop offering its Advanced Data Protection or ADP feature in the UK rather than comply with the demand, gabbard said in a response to a letter from Senator Ron Wyden, Democrat of Oregon, and Representative Andy Biggs, Republican of Arizona. I share your grave concern about the serious implications of the United Kingdom or any foreign country requiring Apple or any company to create a backdoor that would allow access to Americans personal encrypted data. This would be a clear and egregious violation of Americans privacy and civil liberties and open up a serious vulnerability for cyber exploitation by adversarial actors. Gabbard also added, my lawyers are working to provide a legal opinion on the implications of the reported UK Demands against Apple on the Bilateral Cloud Act Agreement. Upon initial review of the US And UK Bilateral Cloud Act Agreement, the United Kingdom may not issue demands for data of U.S. citizens, nationals or lawful permanent residents, nor is it authorized to demand the data of persons located inside the United States. The same is true for the United States. It may not use the Cloud Act Agreement to demand data of any person located in the United Kingdom. The Department of Government Efficiency, or doge, led by Elon Musk, has obtained access to the Department of Housing and Urban Developments, or HUDS Enforcement Management System, which contains sensitive personal data on individuals alleging housing discrimination, including domestic violence survivors. This system holds unredacted records such as medical histories, financial documents, Social Security numbers and confidential addresses. While other agencies have resisted doge's attempts to access confidential information, HUD granted access, raising significant privacy concerns. Doge's mission to modernize government technology and reduce improper spending has faced opposition, including legal challenges and resignations due to potential privacy violations. The Cleveland Municipal Court is closed for the fourth day in a row following a cyber incident earlier this week. The court hasn't disclosed the nature of the incident, but News 5 Cleveland cites an expert as saying that ransomware is the most likely cause, the court said in a Facebook post. As a precautionary measure, the court has shut down the affected systems while we focus on securing and restoring services safely. These systems will remain offline until we have a better understanding of the situation. All internal systems and software platforms will be shut down until further notice. The Ohio National Guard and Ohio Cyber Reserve are assisting in the response. Arctic Wolf's CISO and former FBI Special Agent Adam Murray joins Dave Buettner to discuss banning TikTok and increasing regulations for social media companies. And a soldier who Googles can hacking be treason? Well finds out the hard way. We'll be right back.
[12:45]
Dave Buettner
We've all been there. You realize your business needs to hire someone yesterday. How can you find amazing candidates Fast. Well, it's easy. Just use Indeed when it comes to hiring, Indeed is all you need. Stop struggling to get your job post noticed. Indeed Sponsored Jobs helps you stand out and hire fast. Your post jumps to the top of search results so the right candidates see it first and it works. Sponsored Jobs on indeed get 45% more applications than non sponsored ones. One of the things I love about Indeed is how fast it makes hiring. And yes, we do actually use Indeed for hiring here at N2K CyberWire. Many of my colleagues here came to us through Indeed. Plus we with Sponsored Jobs. There are no subscriptions, no long term contracts. You only pay for results. How fast is Indeed? Oh, in the minute or so that I've been Talking to you, 23 hires were made on Indeed according to Indeed Data Worldwide. There's no need to wait any longer. Speed up your hiring right now with Indeed and listeners to this show will get a $75 sponsored job credit. To get your jobs more visibility at indeed.com cyberwire just go to indeed.com cyberwire right now and support our show by saying you heard about Indeed on this podcast. Indeed.com cyberwire terms and conditions apply. Hiring Indeed is all you need. Cyber threats are more sophisticated than ever. Passwords. They're outdated and can be cracked in a minute. Cybercriminals are intercepting SMS codes and bypassing authentication apps. While businesses invest in network security, they often overlook the front door, the login. Yubico believes the future is passwordless. Yubikeys offer unparalleled protection against phishing for individuals, SMBs and enterprises. They deliver a fast, frictionless experience that users love. Yubico is offering N2K followers a limited buy one, get one offer. Visit yubico.com N2K to unlock this deal. That's Yubico. Say no to modern cyber threats. Upgrade your security today.
[15:22]
Maria Varmazes
Today, Dave Buettner sits down with Adam Murray from Arctic Wolf to discuss banning TikTok and increasing regulations for social media companies.
[15:32]
Adam Murray
Right now we've been presented with what I think is a false choice or the wrong choice, and that is with TikTok. You know this went before the Supreme Court as a choice between free speech and national security, which there are implications and concerns for both. But the reason that we're at this point is a failure of leadership and a failure of Congress, our elected officials, to deal with the real issue, which is right now there is a complete lack of regulation on technology companies and social media in particular, which leaves us with few options to address real concerns like the national security implications of TikTok. And so now we're using a ban like a sledgehammer instead of a scalpel to deal with this problem.
[16:27]
Dave Buettner
Do you think either of those arguments are legit here, the free speech argument, the national security argument, or is, as you say, that not really getting to the real issue?
[16:39]
Adam Murray
Well, those are real concerns and they both have something to do with TikTok. There is a real value here we have in the United States of free speech. And in many court rulings, the Supreme Court has upheld the right of US Citizens to have access to information, even if propaganda from another country, and even if it's to hear speech from organizations that originate in a foreign nation, even an adversary. So US Citizens do have a right, and there are free speech concerns there. However, there are also real national security issues here that have come to bear because you have an app. And to call it just a social media app is, I believe, to not really do it justice at what it actually is. But it is a app that is owned by a foreign nation and an adversary in many ways in this case. And so its ability to affect life in the United States, to threaten our national security is very realistic. And if you want, I can dive into that security concern. So TikTok isn't just a fun video app. It's great at that. And its algorithm is one of the best, but it is just that. It's a highly sophisticated algorithm that is a content delivery system and it is controlled by a foreign adversary with no oversight and no transparency within the United States. And if you don't think that matters, imagine if a Chinese owned company controlled the front page of the New York Times or what appeared on Fox News or cnn. I think many of us would have concerns with that. More than half of Americans get at least some, if not most of their news from social media. So it's not just an app. It's really the equivalent of a broadcast network inside the United states with no U.S. editorial oversight, no accountability, and with an owner that is beholden to some degree, or maybe in a great degree to the ccp. We regulate many things in the United States. We regulate who can own TV stations, we regulate who can own radio networks, banks. And many of this is many of the reason we do this is for national security concerns to a large degree. Yet we've let foreign entities own the most powerful attention shaping tools in history, social media platforms, without any meaningful oversight. So that's really what the concern is with, with national security and why TikTok in particular is different than the others. But it's also the same in many ways.
[19:13]
Dave Buettner
You know, I've seen people say that it wasn't supposed to get to this point, that the whole idea of the ban being the big hammer was really to get us to the point of someone else buying it. And it's the fact that that didn't happen that has got us to the kind of, you know, call your bluff, ban it or don't point here. If TikTok divested from their Chinese owners, does that get us where we need to be, or do we still have the bigger problem of social media in general?
[19:45]
Adam Murray
Well, that's the thing again, I'd like to go before, we were trying to use the ban as kind of this, again, sledgehammer to deal with this problem. And so we're like, hey, we're going to do a game of chicken here and say we're going to ban you or you divest. And what that even looks like is still murky to this day, even with this extension on the deadline. But no, it does not address the real issue. What we really need is a comprehensive framework, data privacy laws, content transparency, algorithmic accountability, and restriction on foreign ownership for this critical digital infrastructure. The piecemeal whack, a mole approach just isn't going to work. Individual bans aren't going to work. And if you want proof of that, look at what happened when the ban sort of temporarily went into place over the weekend. That weekend where it was, you know, the ban was going to go into place and it stopped appearing on, you know, in the App Store and people's access to it was cut. What did they do? They immediately went to another app. And of course, this one was also owned by China in, in many cases. And so it's really not going to solve the problem to just do it for one app. Now, TikTok is amazing. It's a leviathan. It's huge. It's so popular, it works really well. And so it would have an effect, but it would just push people to another app. So we really need a comprehensive set of tools to deal with this through regulation. And right now we just have an absolute dereliction of duty of our elected officials, both sides of the aisle, for decades to set up anything meaningful to allow us to deal with this problem. We just don't have the tools we need and so we use a ban and it's just not working well.
[21:32]
Dave Buettner
What sort of regulations do you think could be effective here?
[21:36]
Adam Murray
Well, one to really think about. Well, first of all, I've mentioned one which is foreign ownership of broadcast networks. We just need to have a conceptualization of these social media apps that doesn't just treat them like an online bulletin board, which is essentially what we're doing right now, or even like a newspaper. Many of the national security arguments that were presented to the Supreme Court were based on analogies to, you know, mail order propaganda or newspapers. And I just don't think any of those analogies. They're apt in some ways, but they fail to capture how social media apps and how the Internet is different, especially with these algorithms. So we should capture in a different way legally what these entities are and then control their ownership to a way that satisfies national security concerns and will give us a better way to deal with it. So that's one. Another one is, you know, Section 230 and that's really, you know, legislation passed back in the 90s that allows these online applications to be free of any kind of responsibility for the things that are posted on their sites. And it was very important to pass at the time. But we are way, we're decades beyond the need for that, especially when it comes to these social media apps. So one thing that's been suggested I think is a very interesting thing that would give us another tool is making companies, social media companies accountable for what their algorithms serve up people. So they may not, they may not be accountable for individual posts, but they would be accountable for what an algorithm serves them up. So that would help us have additional controls. And then in addition to that, you could have transparency on what the algorithm's doing and how it works. And if anyone is putting their thumb on the scale one way or the other of what the algorithm is, serving up these kinds of laws, or at least exploring them or working on them, would give us more tools so that we could, it wouldn't just be ban TikTok because we think they might be serving up propaganda or making all these young people who are online feel just that much worse about America and just that much more positive about other things. We would know if they were doing that if there was transparency laws passed in how these algorithms work. But not only would it help us with TikTok, it would help us with all the US based companies like Facebook, Instagram, X, all of these. We would have the same set of tools that could help us with that problem and would also address, you know, foreign owned apps like this one.
[24:04]
Maria Varmazes
You can hear Adam and Dave's full discussion on today's Caveat episode following the interview on Caveat, Dave and co host Ben Yellen discussed the issue.
[24:28]
Dave Buettner
Do you know the status of your compliance controls right now? Like right now? We know that real time visibility is critical for security, but when it comes to our GRC programs, we rely on point in time checks. But get this, more than 8,000 companies like Atlassian and Quora have continuous visibility into their controls with Vanta. Here's the gist. Vanta brings automation to evidence collection across 30 frameworks like SoC2 and ISO 27001. They also centralize key workflows like policies, access reviews and reporting, and helps you get security questionnaires done five times faster with AI. Now that's a new way to GRC. Get $1,000 off Vanta when you go to vanta.com cyber that's vanta.com cyber for.
[25:23]
Maria Varmazes
$1,000 a US army soldier, Cameron Wagenius, was recently caught leaking confidential phone records and attempting to extort AT and T for $500,000. Prosecutors say he was part of a group of hackers that stole data from Snowflake, a cloud storage service accessing records from companies like AT&T, Ticketmaster and LendingTree. AT&T alone had data from 110 million customers stolen and reportedly paid hackers $370,000 to prevent further leaks. Bogenius, who operated online under the alias Kyber Phantom, pleaded guilty to leaking data, but had also searched for ways to defect to non extradition countries and even asked Google, can hacking be treason? Because nothing says criminal mastermind like crowdsourcing your legal defense from a search engine. Authorities found evidence that he attempted to sell stolen information to a foreign military intelligence service and had a cache of over 17,000 stolen identity documents. Prosecutors argue that he is a flight risk and the government is pushing to keep him in custody while he awaits sentencing, where he could face up to 20 years in prison. And that's the Cyberwire. For links to all of today's stories, check out our daily briefing@thecyberwire.com we'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Also, please fill out the survey in the show notes or send an email to cyberwire2k.com we're privileged that N2K Cyberwire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world's preeminent intelligence and law enforcement agencies. N2K makes it easy for companies to optimize your biggest investment your people. We make you smarter about your teams while making your team smarter. Learn how@n2k.com this episode was produced by Liz Stokes. Our mixer is Trey Hester with original music and sound design by Elliot Peltzman. Our executive producer is Jennifer Ibin. Peter Kilpe is our publisher and I'm your host Maria Varmazes in for Dave Bittner. Thanks for listening. We'll see you tomorrow.
[28:35]
Dave Buettner
And now a message from our sponsor. Zscaler, the leader in cloud security enterprises have spent billions of dollars on firewalls and VPNs. Yet breaches continue to rise by an 18% year over year increase in ransomware attacks and a $75 million record payout in 2024. These traditional security tools expand your attack surface with public facing IPs that are exploited by bad actors more easily than ever With AI tools, it's time to rethink your security. Zscaler Zero Trust plus AI stops attackers by hiding your attack surface making apps and IPs invisible eliminating lateral movement connecting users only to specific apps, not the entire network continuously verifying every request based on identity and context simplifying security management with AI powered automation and detecting threats using AI to analyze over 500 billion daily transactions. Hackers can't attack what they can't see. Protect your organization with Zscaler zero Trust and AI. Learn more@Zscaler.com Security.