CyberWire Daily – "Who turned out the lights?"

Date: January 16, 2026
Host: Dave Bittner (N2K Networks)
Special Guest: Prof. Zach Kassas, Ohio State University

Overview

This episode focuses on major cybersecurity incidents, industry updates, and innovations in navigation technology. It spotlights a headline-making U.S. cyber operation in Venezuela, the European Space Agency data breach, law enforcement targeting malware infrastructure, and OT security guidance. The show also features an in-depth interview with Prof. Zach Kassas on leveraging commercial satellite mega-constellations (like Starlink) as alternatives to GPS for resilient navigation, alongside a story about retro tech nostalgia and the security risks of vintage smartphones.

Key News & Discussion Points

1. Cyber Operation: 'Who Turned Out the Lights in Venezuela?'

[00:58]

• On January 3rd, a U.S. cyber operation temporarily cut power across Caracas and disrupted Venezuelan radar. This enabled American helicopters to enter the country and capture President Nicolás Maduro, who now faces U.S. drug charges.
• The mission, "Operation Absolute Resolve," showcased advanced offensive cyber capabilities, such as rapid electric grid restoration and minimized collateral damage, with only minor disruptions to civilians and hospitals.
• U.S. Cyber Command officially acknowledged the operation, which came up during Senate hearings for Joshua M. Rudd.
• Quote:
  • "President Trump alluded to the cyber attack, calling it dark and deadly, while Venezuela has a long history of blaming US cyber interference for past blackouts without evidence." [02:05]

2. European Space Agency (ESA) Breach

[03:00]

• ESA confirmed multiple cyber attacks started in December, exposing staff credentials and sensitive data online, including alleged 200GB of data—source code, tokens, and config files.
• Attackers infiltrated external servers used for unclassified collaborative work and remained undetected for a week.
• ESA isolated affected systems and is collaborating with law enforcement.
• Clement Poure (ETH Zurich) warned the leaked credentials could be re-used for further attacks, heightening sector-wide concerns.

3. Dutch Police Arrest AvCheck Malware Testing Service Operator

[04:30]

• Dutch authorities, with FBI and Finnish partners, arrested a 33-year-old returning from the UAE, alleged operator of AvCheck—a service allowing criminals to refine malware against antivirus products.
• This is part of "Operation Endgame," targeting large botnet infrastructure since AvCheck went offline in mid-2025.

4. OT Security: International Guidance

[06:00]

• U.S., UK, CISA, and Five Eyes partners warned about insecure connectivity in Operational Technology (OT) environments.
• New guidance urges organizations to treat each new connection as a business risk, default to inbound denial, use brokered gateways, and resolve issues with legacy/flat networks.
• Quote:
  • "The agencies said growing links between OT IT networks, cloud platforms and third parties have expanded opportunities for cyber intrusions to cause physical disruption." [06:30]

5. HPE OneView Exploitation and Rondo Docs Botnet

[07:21]

• Check Point reported widespread automated exploitation of a critical (max severity) remote code execution flaw in HPE’s OneView platform.
• The flaw is now linked to the global Rondo Docs botnet, with tens of thousands of attacks observed after CISA flagged it.

6. Malvertising Campaign: "Tampered Chef"

[08:39]

• Sophos research detailed a European malvertising campaign delivering backdoor and infostealer malware via trojanized PDFs, often through fake downloads targeting technical users.
• The operation uses staged payloads, code signing abuse, and a 56-day dormancy for evasion.
• Recommended mitigations: avoid ad-based downloads, restrict sources, enforce MFA.

7. Bluetooth Fast Pair Vulnerability

[10:15]

• Academic researchers found "Whisper Pair," a critical flaw in Google Fast Pair, letting attackers within 14 meters connect/access audio devices, even record or track via Google’s Find My Device.
• Google patched Pixel devices, but users need manufacturer updates for full mitigation.

8. Cisco AsyncOS Zero-Day Patched

[10:56]

• Cisco patched a root-remotable AsyncOS flaw in Secure Email Gateway appliances, exploited since November by a China-linked group (UAT 9686) using it for persistent backdoor/tunnel deployment.
• CISA urges urgent patching and compromise checks.

9. Jen Easterly Appointed CEO of RSA Conference

[11:36]

• Former CISA Director and public-private partnership leader, Easterly, will direct global RSA programming as RSAC prepares for the March 2026 conference in San Francisco.

Feature Interview: Prof. Zach Kassas on GPS Alternatives

[11:53–23:58]

Background

Zach Kassas (Ohio State University), IEEE award-winning researcher, discusses pioneering work on using commercial LEO satellite constellations (notably, Starlink) as passive, robust alternatives to GPS for positioning and navigation.

Key Insights:

• Origins of the Research:

  • Research launched in 2017, anticipating LEO "mega constellations" (like Starlink >10,000 satellites) could support broadband—and potentially, navigation.
  • Early experiments used Orbcom and Iridium before focusing on Starlink; by 2021, successfully pinpointed locations to ~10m accuracy using only Starlink signals.
  • Quote:
    • “We were the first to demonstrate in the world that, hey, you can actually pinpoint your location to within about 10 meters or so with Starlink satellites alone.” – Zach Kassas [14:34]

• Demonstrations:

  • Navigation to meter-level accuracy proven for ground vehicles, UAVs, high-altitude balloons (up to 80,000 ft), across diverse geographies—including the Arctic, where GPS coverage lags.
  • Notably, Starlink signals in the Arctic were “more beautiful” (cleaner signal, less multipath or interference).
  • Quote:
    • “We took it to the Arctic… are their signals useful for exploitation for navigating a vessel? And to our surprise, they were not only useful, they were actually more beautiful… than many places where we tested this.” – Zach Kassas [17:20]

• How It Works:

  • Uses Starlink’s communication frame signals via passive listening (“sniffing”), without Starlink’s cooperation or interfering with user data.
  • Biggest technical challenge: determining exact satellite locations (ephemeris problem), solved via independent research and reverse engineering, since unlike GPS, Starlink doesn’t broadcast precise satellite positions for navigation.
  • Quote:
    • “You don’t know precisely where [the Starlinks] are in space. GPS tells you… but here, you have to reverse engineer without their help.” – Zach Kassas [19:18]

• Comparison with Traditional GPS and Resilience Value:

  • GPS is aging (from 1978), over-delivered, but increasingly vulnerable to jamming/spoofing.
  • LEO-based systems offer different failure modes, frequency diversity, and could augment/replace GPS for national security and safety-critical systems.
  • Quote:
    • “If you want to look at LEO… putting more GPS satellites in medium Earth orbit—that’s not going to solve the problem. You’re solving the problem that got us into the issues… with the same thinking that got us into that problem.” [21:22]

• Industry Reaction:

  • Some operators have reached out, and even learned about their systems from the research team.
  • Signals used are only “synchronization sequences”; no user data is accessed or desired.

• Looking Ahead:

  • Potential for rapid uptake if manufacturers and governments buy in; engineering barriers exist, but potential for widespread alternative navigation resilience is real.
  • Quote:
    • “The future of navigation is going to be fascinating to see... this honestly sounds like an opportunity for a lot of these providers as well.” – Maria Vermazes [23:30]

Final Segment: Vintage Phones & Security Risks

[24:10]

• Surge in interest for the “retro-chic” iPhone 4 (2010 release), driven by nostalgia for simpler tech eras.

• Security practitioners warn: these devices are highly vulnerable—no updates since 2014, no modern patches, no manufacturer support.

• Suggested safe use: “digital minimalism”—no apps, no browsing, ideally no signal.

  • Quote:
    • “Apple considers such hardware obsolete, meaning no fixes, no parts, and no mercy. For purists… extreme digital minimalism… maybe no signal at all.” [25:12]

• The trend reflects emotional longing for simplicity, not function.

Notable Quotes (with Timestamps and Attribution)

• On the U.S. cyber operation:
  • "[Operation] demonstrated precise offensive capabilities, including the ability to quickly restore electricity and limit collateral damage." – Dave Bittner [01:33]
• On Starlink-based navigation:
  • “We eavesdrop on the satellite. Starlink doesn’t know that we are sniffing its signal and using it to navigate.” – Zach Kassas [19:04]
  • “Whereas if you know something [a satellite's position] to within a few kilometers, you cannot expect to know where you are to within a few meters. So we also solved what you call the ephemeris problem…” – Zach Kassas [19:45]
• On retro tech nostalgia:
  • “The iPhone 4 revival is less about technical superiority and more about longing for a simpler, more tangible era.” – Dave Bittner [25:45]
  • “Security experts warn that using a 16-year-old smartphone is less retro chic and more assume breach.” – Dave Bittner [25:00]

Timestamps for Important Segments

• Lights Out in Venezuela (Op. Absolute Resolve): 00:58–02:40
• ESA Cyber Attacks: 03:00–04:20
• Dutch Police AvCheck Arrest: 04:30–06:00
• OT Security Guidance: 06:00–07:21
• HPE OneView Flaw: 07:21–08:39
• Tampered Chef Malvertising: 08:39–10:15
• Bluetooth/Fast Pair Attacks: 10:15–10:56
• Cisco Zero-Day: 10:56–11:36
• Jen Easterly at RSA: 11:36–11:53
• Interview: GPS Alternatives (Prof. Zach Kassas): 11:53–23:58
• Vintage iPhone 4 Security: 24:10–26:00

Tone & Style

Concise, informative, and slightly wry—focused on actionable intelligence for security professionals and industry leaders. The special interview brings enthusiasm for technical discovery, balancing academic precision with accessibility.

Summary Takeaways

• Cyber attacks on critical infrastructure are evolving in scope, scale, and sophistication. U.S. capabilities demonstrated in Venezuela signal a future of cyber-enabled military operations.
• Major organizations like ESA remain vulnerable to persistent threats, as illustrated by credential leaks and prolonged intrusions.
• International cooperation and guidance are increasingly necessary to secure OT environments—threat actors exploit IT/OT convergence for real-world impact.
• Emerging research on leveraging commercial satellite mega-constellations for navigation lays groundwork for GPS alternatives, vital for national security resilience.
• Nostalgia-fueled retro tech usage carries hidden cyber risk—“assume breach” applies doubly to unsupported vintage phones.

For deeper dives: An extended interview with Prof. Zach Kassas is available on the T Minus Space Daily podcast.