A

Hey, everyone, and welcome along to Seriously Risky Biz. This is, of course, our podcast, all about cybersecurity policy and intelligence. My name's Amberly Jack, and in just a moment I'll bring in Tom Uren, who is our policy and intelligence editor, and we'll chat all about the Seriously Risky Business newsletter that he's put together this week. First, though, I'd like to thank the William and Flora Hewlett foundation for supporting Tom's work here, and also Lawfare, who syndicate his newsletter and publish it on the Lawfare Media website. And also this week's episode is sponsored by Tynes, so you can find them at t I N-E-S.com Big thank you to them for that. G', Day, Tom. Thank you so much for joining me.

B

G', day, Amberly. How are you?

A

Yeah, pretty good, thanks. And I want to jump straight into your first piece here because AI orchestrated cyber espionage campaigns, Tom, it seems I've moved past the theoretical and into the real world. And from what you're sort of writing here, it's. It seems like the AI espionage gods, I guess, are kind of smiling down on China here. I guess if we go right back to the beginning, this all came out in a report from Anthropic last week. So do you just want to quickly give me a rundown on that report, what was in it and what you found interesting there?

B

Yeah. So Anthropic said they had found an AI orchestrated campaign. It had been used to attack about 30 different organizations and it had had success in some of them, so not a great success rate. What it really described was the whoever was responsible, and they believed that it was a Chinese group with the supporting the interests of the Chinese Ministry of State Security. So Chinese intelligence service, they created a framework where Claude was orchestrating a whole lot of different actions. So part of the difficulty is that you can't just tell Claude to go and hack things because it's got safeguards. And so what they did is they broke up the entire attack lifecycle into very discreet tasks that it could then say, or the those responsible could then say, this is security testing, or it's, you know, part of a legit job. Because I'm a security researcher testing out these things. And by breaking it up and then bringing it back together, assessing the results and then making a decision on what to do next. They said Anthropic said that the actors could get something like 80 to 90% automation. And so the operators would basically give that framework that Claude powered. Framework tasking Claude would go and do a whole lot of stuff and it would come back and say, here's what I found. Do you want me to do the next step? And what was interesting to me is that those decision points were really what I would call management decision points. So if it was a real human operator, they would go away, do all this work, come back and say to the manager, here's what I found. Do you want me to take the next step? And that might mean accepting additional risk because then you're going active on the target beyond actually compromising the target beyond reconnaissance, or you're making a decision about what actual, what the most important pieces of intelligence are. So Claude was actually gathering information. It could compromise devices, it would do lateral movement and collect stuff and it would actually try and assess what the most valuable intelligence was. So it was doing a whole lot of stuff. And it struck me as interesting is that they were very much management decisions. It wasn't assessing the technical rights or wrongs of whatever. And so like I thought that was very interesting. It seemed like it's an ability to do more stuff. So it seemed like you could, there's kind of different ways you could cut it. One advantage could be, I want my fleet of operators to all behave in the same way, use the same standard operating procedures and the same techniques, because we know they work and this is the way that we are prepared to operate. And it seemed like a framework like this could actually standardize your operations across potentially, you know, hundreds or even thousands, I guess, of operators who are not super skilled. And the problem with super skilled operators is they all have their favorite way of doing things. So you don't get that standardization, I mean, I guess if there's a value in standardization, but. And so one way to view this is it could just allow you to take a whole lot of mid tier operators and get them to the exact same level. Now it also, one of the striking things is that Claude just at times makes up stuff. So sometimes it would like make up credentials that didn't exist. And so if it seems that for actors, threat actors that have a high risk appetite because they just don't care about this particular target, this actually is fine. In a report where the Director of Threat Intelligence Anthropic spoke to, I think it was cyberscoop, he said that we think he basically said he thinks it's a tenfold, you know, multiplication. So one person can now run 10 operations and they're just making that management decisions at particular points. You know, yes, no, go back and think about that again, because it looks like you've made a mistake. And if you're running 10 operations at once and Claude screws up three of them, but you don't care in particular about those three targets. Like, so if you're a ransomware operator, I don't care if it's this target or that target or that target. What I care is that I've got a target who might pay me. And so it's a numbers game. So for those kind of numbers game threat actors where there's plenty of other opportunistic targets, it doesn't matter If Claude makes three mistakes or even four or five out of 10, you're potentially just getting many more opportunities. That also seemed to me to be the case for the Chinese state for some of the hacking that it does. You know, if it's looking for intellectual property, tipping off the target probably doesn't make much difference. And there's lots of targets. So scaling out your operations vastly, like tenfold, that seems like a good deal.

A

And then the Western governments, by contrast are less, all about the volume. And it doesn't matter if we get it wrong and hack the planet. It's not quite the way they go.

B

Yeah, so I think there's, as a generalization that's true, that Western governments tend to be much more focused on particular targets where it does matter. And what you want is a meticulous, well thought out operation. Having Claude just yolo, it doesn't seem like a good deal because there's not 10 other high priority, Vladimir Putin's or Xi Jinping's. Like if, if you don't want to stuff those operations up, you want to get them right perfectly. And, but, but it is generalization. I think that China has some targets where an AI multiplication does not make sense. Like if they're trying to hack well, like President Trump, for example. There's only one President Trump. You want to give it your best shot. You don't want to just YOLO it with, you know, a claw brain scheme. And, but I think in general there's some actors have a variety of targets that they're prosecuting. So I think North Korea is also the same for a lot of it's the North Korean IT worker scheme. I think this really shows that you can build a framework that can do a whole lot of things where AI can help you and you can get better answers than just trying to get AI to do the whole thing. So this totally makes sense because that's what vulnerability research using AI is doing. It's Breaking tasks into a whole lot of big jobs, into a whole lot of smaller discrete tasks, getting AI to do those particular narrow jobs. And AI can be very good at doing narrow jobs where the task is very defined and then putting it all together and aggregating it. And so if it's working for bug discovery, there's absolutely no reason to think it won't work for it. Worker schemes or hacking, they're complex jobs that you can break into a whole lot of discrete tasks. And so I think North Korea will also make hay out of this kind of approach as well.

A

I want to jump back a little bit, Tom. When you were first sort of talking about the report and you said they targeted, I think, something like 30 organizations and these were really typical organizations for kind of espionage attacks. But you think this was kind of a research project. It wasn't.

B

It feels to me like this is. I would be entirely unsurprised to learn that it was a Chinese university that was doing it. So, you know, an Australian university would never go around hacking organizations in another country, but there's quite a close integration between some Chinese universities and hacking schools for the state. And it felt to me like this is a research project. This doesn't come out of nowhere, like you've got to start somewhere. And one of the key indications to me was that they were just using open source tooling, like standard tools. And so if you've got a research project, you wouldn't say, well let's use a super secret special tools and immediately put them into this AI powered Frankenstein, which like, we don't know what it's going to do, we don't know how it's going to work. You would say, well, let's put low equity tools into it and just see how we go. And the innovation is in the framework rather than the tools that you use. So if we can string together a whole lot of open source tools and get some wins, that seems like a, like a really good start. So I think that, yeah, it felt like a research project to me. It'd be interesting to know what those 30 targets actually were because you kind of pick targets that are interesting but not amazing, like not your highest priority targets, just standard run of the mill. If we get access, that's fine, if we don't, whatever. And it describes a range of different organizations. Can't really tell from the report though, what sort of tier of target they were.

A

This may have been research, but you can see this kind of ramping up and becoming a thing for the kind of, I Don't know YOLO actors.

B

I think it makes sense. Like, there's two approaches, I think, where it works. One is the one I spoke about where it kind of standardizes your procedures. And if you know that a tactic is working right now, you can put it in the framework and then all of a sudden every operator is using it. And what's good is that if that tactic stops working, you can just change the framework, give whatever AI you use different in, you know, different tactical instructions. Instead of using this command, use this command. And then that means that all of a sudden your hundreds or thousands of operators are moving in sync to the latest tactics that actually work. And so they're not super amazing tactics, but they're effective and they work, and you can roll out changes very, very quickly at scale. The other thought is that you can get your best operators to oversee, you know, more operations and you can raise the level of those operations. I'm a bit more skeptical about that, because if you're a really capable person, looking after an intern is actually more work than just doing it yourself.

A

Yes.

B

And it feels like here you would have someone super capable, and all of a sudden you give them 10 interns that are a bit YOLO. I'm not sure if that actually is as useful a way of doing it, but I.

A

Nothing against interns here. You're doing great jobs and we appreciate you.

B

So. And I guess that's why you would run a research project on this, like to try and figure out where it's actually useful. Yeah, yeah. Rather than just sort of speculating about it.

A

Now your. Your second piece today, Tom. I have to admit, when I first saw the story come up, I kind of raised my eyebrows at it a little bit. Google sort of taking a stand and filing a lawsuit against Lighthouse. And this is a Chinese operation, a lawsuit targeting 25 people. They, from what I read, didn't know the identities of. And my thought was kind of, well, what are they hoping to achieve here being a US lawsuit? But it turns out they achieved a bit. Tom, tell me a bit more about this.

B

Yeah, so Lighthouse is a phishing as a service operation. And so Brian Krebs at Krebs on Security has some reporting about how there's those text messages that you get and I get, and I'm pretty sure everyone gets, which is something along the lines of, you've missed this parcel. You know, go here and it'll ask you to fill in details. And basically what they've been doing recently is connecting your credit card to their mobile wallet. So for things like Apple Pay and Google Wallet, there's a process to load your card onto it and it is, you know, card details plus two factor authentication. And so they come up with some reason that you need to enter an SMS that they get. But what they're actually doing is behind the scenes loading your card into their wallet. And so this has made them lots of money, whoever is behind the service. And so that's why we get lots of those kinds of spam messages. And like yourself, when I first saw the Google lawsuit story I thought, well, these actors are overseas. What's going on, going to happen? Probably nothing. But it turns out that they actually did have some impact. Now surprisingly, one of the impacts is that that group uses Telegram, a telegram channel to communicate. And it turns out that the legal action was enough to get Telegram to kick them off the service, which like I've actually written about Telegram a couple of times and how they used to never respond to legal request. And so there's like a history behind that. So that's interesting. But it also appears that domains have been taken down and that there's been other disruptions. So this like maybe in September I wrote about Google saying that it had decided to start a disruption operation. Now it's not clear that this is related to that. They haven't explicitly said that, but I'm optimistic. This is like the start of a campaign where they're trying to disrupt bad actors. And now Google's reason for getting involved is because of the Android wallets. And Android is one of the like people who use Android are one of the targets of these kinds of operations. And so apparently the lawsuit is like not an end in itself but they spoke to Wired about this, but it's really a building block. So if they have success in the lawsuit, it enables all sorts of other companies to go to infrastructure providers and say and to draw a straight line between what's occurring and this particular infrastructure and the lawsuit and therefore get takedowns. And so it's an optimistic story in that Google has said we've started a disruption unit. Here's a legal method that surprisingly actually seems to be working. And because it's a building block as well, there should hopefully be flow on effects that last beyond the first week or so because I'm sure those operators will come back. You know, there'll be different domains, there'll be different Telegram channels, but it's, there is no like killer blow that will get rid of them. This is the start of Whack a Mole, but at Least you're playing whack a mole instead of like just not whacking them all. Yeah, like whatever the alternative to playing whack a mole is.

A

Yeah. As you said, this, this isn't going to be the end of Lighthouse. And we're done. And Dust didn't walk away, but nice work.

B

It's a promising start.

A

Making a start. Yeah. I feel like we're very optimistic with the news. That's why, Tom, very quickly, we are going to run out of time shortly, but tell me why the memory safe for us language in Android is a good thing.

B

Yeah, so I've written about this a couple of times, so this piece was really just continuing the story. Google again adopted Rust over C and C several years ago. Maybe not adopted is too strong a word, but they encouraged the adoption. And the idea is that memory safety vulnerabilities, where you can corrupt memory, really bad vulnerabilities, and so they often end up being really powerful, they're hard to get rid of. And so some languages just by default, almost never have those vulnerabilities. And Rust is one of them. And so every couple of years they basically give an update on how that's going. And by all accounts, it's going great. Like more and more code is being written in Rust. The number of memory safe vulnerabilities has just dropped drastically, which is good because they're the worst vulnerabilities again. But this time they actually talk about how it's easier and faster basically to keep pushing out code in Rust. So they have a couple of metrics. One is how long it takes to review the code. So when you write there's, you know, you write it, then someone reviews it, check it, think about it, ponder the state of the universe. And it's just quicker to do that. So it's easier to basically review. And it turns out you're also less likely to make a bad mistake. So there's this measure of bad mistakes called rollback rate, which is you push something out and then you go, oh crap, that's really bad, we've got to roll it back. And that rollback is really disruptive. And they find that there's just far fewer rollbacks if you're writing in Rust than C or C. So all that adds to the evidence that memory safe languages are a good choice or a better choice. And that's, you know, if you're writing something that needs the performance of something like C or C, Rust or maybe even Go is a better equivalent.

A

It doesn't feel like often we end the show on what feels like a genuinely good note. So I think that's a good place to call it, Tom. But thank you so much for joining me. And you can of course read Tom's full analysis of on the Seriously Risky Business newsletter over at our website, Risky Biz, and you can subscribe to it there as well. But Tom, have a great week. Thank you so much for joining me. And we'll catch you the same time next week.

B

Thanks, Emily.