Srsly Risky Biz: DeepSeek a boon for Chinese APTs - Risky Bulletin

Summary7 min read

Risky Bulletin Podcast Summary

Title: Srsly Risky Biz: DeepSeek a Boon for Chinese APTs
Host: Patrick from Risky Business
Guest: Tom Uren, Colleague at Risky Business
Release Date: February 6, 2025

1. Introduction to the Episode

In this episode of Risky Bulletin, Patrick and Tom delve into critical cybersecurity topics, focusing on government policies, regulation, and significant trends shaping the cybersecurity landscape. Skipping over the usual advertisements and intros, the conversation kicks off promptly with insights from Tom’s latest newsletter.

2. NCSC’s Guidance on Forgivable Vulnerabilities

Overview: Patrick introduces the discussion by highlighting the UK's National Cyber Security Centre (NCSC) publication on distinguishing between forgivable and unforgivable vulnerabilities. This framework aims to evaluate software bugs not just by their severity (as measured by CVSS scores) but by their origins and the developer’s adherence to secure development practices.

Key Points:

Definition of Forgivable vs. Unforgivable Vulnerabilities: Tom explains that unforgivable vulnerabilities are those that should not exist due to a blatant disregard for secure development practices. The NCSC references a 2007 description by Steve Christie from Mitre, emphasizing that such bugs indicate a failure in secure programming methodologies.

Tom [02:26]: “If a bug's unforgivable, it means basically that the vendor totally disregarded secure development practices. They just shouldn't exist. No excuses.”
Methodology: The framework introduces a matrix that scores the ease of implementing mitigations for different types of vulnerabilities. For instance, input validation is considered easy to implement (score of 3), categorizing related vulnerabilities as unforgivable.

Tom [03:49]: “Input validation, they've scored it as a three because it's widely understood, it's cheap to implement and the complexity is very low.”
Practical Application: A worked example in the NCSC report demonstrates a real-world vulnerability that could have been eliminated with proper input validation, deeming it unforgivable.

Tom [04:49]: “They provided this worked example at the end which is a real-world but anonymized, very serious bug... the overall assessment is this vulnerability should not have existed and is unforgivable.”
Critique and Future Implications: While Tom appreciates the framework, he notes the absence of publicly anonymized real-world vulnerabilities in the report. He suggests that incorporating such examples could enhance transparency and acceptance.

Patrick [06:15]: “It's a nice compromise where other people can take this criteria, work through the Kev list and then publish a report on it, you know, according to the NCSC's framework.”

Impact on Policy and Regulation: The discussion transitions to the potential influence of this framework on future government guidance and regulations. Patrick contemplates whether this initiative could lead to new laws or procurement standards that penalize vendors for unforgivable bugs.

Patrick [07:11]: “Do you think this will help policymakers to issue guidance, regulation, draft new laws, things like that?”

Tom concurs, viewing the framework as a step towards incentivizing secure development practices and potentially influencing government procurement policies.

Tom [07:52]: “This is like kind of a complimentary approach to all the other procurement side things that you...”

3. DeepSeek AI: Enhancing Chinese APT Capabilities

Introduction: Patrick shifts the conversation to the emergence of DeepSeek, a Chinese large language model (LLM), and its implications for Advanced Persistent Threats (APTs) originating from China.

Key Points:

Perception vs. Reality: While many are concerned about DeepSeek’s privacy policies, Tom emphasizes that the greater threat lies in how Chinese APTs can leverage such AI tools for malicious activities without detection in Western threat reports.

Patrick [08:55]: “...people can check out more detail in the newsletter. Another thing that you've written about, like everybody's talking about Deep Seq...”
Visibility and Countermeasures: Tom contrasts DeepSeek with Western models like those from OpenAI and Google, which generate threat reports that aid in developing countermeasures. DeepSeek, being a smaller entity, lacks the resources to provide similar visibility, potentially increasing the effectiveness of Chinese APTs.

Tom [10:21]: “DeepSeek, it doesn't seem like they're malicious at all in any way, but they're just a very much smaller company... that scale of effort just doesn't seem plausible.”
Operational Advantages: The reduced visibility means that Chinese APT activities may go undetected longer, providing them with a strategic advantage.

Tom [12:21]: “It just makes it easier for those crews when they don't have to worry about working their way or jailbreaking, I guess companies that definitely view them as adversaries.”
Quality and Capability: DeepSeek is noted for its superior capabilities compared to existing open-source models, enhancing its utility for malicious purposes.

Patrick [13:05]: “It's more capable than the open source stuff that they could access already. But it's not like they didn't have any sort of ability to run a ring fenced LLM previously.”

Implications: The hosts discuss the potential long-term impact of DeepSeek on cybersecurity, emphasizing the need for improved Western AI threat intelligence to counteract the invisible enhancements to Chinese APT operations.

Tom [13:48]: “I think this is a thing that will happen. There'll be a loss of visibility for Google. So I think that's a kind of more...”

4. EU Sanctions Against Russian APT Unit 29155

Overview: Patrick and Tom explore recent EU sanctions targeting a Russian APT group, identified as Unit 29155 of the GRU, notorious for activities ranging from sabotage to the rumored Havana syndrome incidents.

Key Points:

Background and Significance: The sanctions are based on cyber activities that date back several years, marking a significant move as it is the first formal attribution of Unit 29155 to malicious cyber operations.

Patrick [13:48]: “Now the final thing that we're going to talk about today are some sanctions, some EU sanctions against a Russian APT...”
Effectiveness and Timing: Tom reflects on whether sanctioning past activities is meaningful, pondering the delayed response since the incidents occurred five years prior.

Tom [15:27]: “It's a slap on the wrist for something that they did find.”
Political Will and Policy: The hosts discuss the challenges in enforcing sanctions due to geopolitical dependencies, such as Europe’s reliance on cheap Russian gas, which often hampers swift punitive actions.

Tom [16:32]: “When these incidents originally happened, there just wasn't the political will in to do anything about them because. Exactly. Like five years ago.”
Institutional Response: The EU’s move is seen as both a sign of bureaucratic momentum and a necessary step in holding rogue state actors accountable, albeit belatedly.

Tom [17:02]: “Yeah, I mean, the problem you're really trying to tackle is that Russia is just gangster state...”

Expert Insight: Consulting insights from Stefan Susanto of ETH Zurich, the discussion highlights the historical inaction due to geopolitical complexities and the eventual need for decisive measures.

Tom [16:32]: “I spoke to Stefan Susanto, who's at ETH Zurich, and his view was that when these incidents originally happened, there just wasn't the political will in to do anything about them because.”

Conclusion on Sanctions: While the sanctions may seem delayed and limited in immediate impact, the hosts agree that they represent a critical acknowledgment of past cyber aggressions and a step towards more robust future responses.

Patrick [17:17]: “Yes. Yeah. I mean, the problem you're really trying to tackle is that Russia is just gangster state.”

5. Closing Remarks

Patrick wraps up the episode by encouraging listeners to subscribe to Tom’s newsletter and stay updated with Risky Business’ offerings.

Patrick [17:31]: “And that, you know, better late to learn than never, right? Tom Uren, that is it for this edition of the podcast...”

Key Takeaways:

Forgivable vs. Unforgivable Vulnerabilities: The NCSC’s framework introduces a method to assess software bugs based on their preventability and the ease of mitigation, aiming to standardize accountability in software development.
DeepSeek’s Impact on APTs: The emergence of DeepSeek enhances the operational capabilities of Chinese APTs by providing advanced AI tools without the corresponding threat intelligence and countermeasure development found in Western counterparts.
EU Sanctions on Russian APTs: The EU’s sanctions against Russia’s Unit 29155 signify a formal stance against state-sponsored cyber aggression, albeit with challenges related to geopolitical dependencies and delayed responses.

Notable Quotes:

Tom [02:26]: “If a bug's unforgivable, it means basically that the vendor totally disregarded secure development practices. They just shouldn't exist. No excuses.”
Tom [07:52]: “This is like kind of a complimentary approach to all the other procurement side things that you...”
Tom [10:21]: “DeepSeek, it doesn't seem like they're malicious at all in any way, but they're just a very much smaller company... that scale of effort just doesn't seem plausible.”
Tom [17:02]: “Yeah, I mean, the problem you're really trying to tackle is that Russia is just gangster state...”

For More Information: Listeners are encouraged to visit RiskyBiz to subscribe to newsletters and access additional podcast episodes for comprehensive cybersecurity insights.

This summary encapsulates the essential discussions from the February 6, 2025 episode of Risky Bulletin, providing a comprehensive overview for those who have yet to listen.

Loading summary

Transcript35 lines

[00:00]
A
Foreign and welcome to another edition of Seriously Risky Business, the podcast we do here at Risky Business, which focuses on big picture stuff, government policy, regulation, and just, you know, the mega trends in cyber security. And of course, this podcast is based off the work of my colleague Tom Uren, who joins me now. G'day, Tom.
[00:25]
B
G'day, Patrick. How are you?
[00:26]
A
Good. Good. And yeah. This edition of Seriously Risky Business is brought to you by thinkst. So thingst Canary is a terrific product. It's like a honeypot that you could put on your network that alerts when people touch it when they shouldn't. And people love it, right? So it's definitely wins on the customer satisfaction thing. Also quite affordable and heartily endorsed by all of us here at Risky Biz hq. So, Tom, we've just finished the edit of your newsletter for the week and we're going to walk through that now. And you've covered a few things. I actually want to start with your second item, and I previewed this in yesterday's show with Adam Boileau. But the NCSC in the United Kingdom has published some guidance on what is and what is not a, like, comedy bug. What is a forgivable vulnerability? What is not a forgivable vulnerability. And I think this is, you know, terrific work because it's about time someone defined what is and what is not forgivable, because you've got a CVSS score for bugs, which tells you how serious they are, but you don't have a shame score. And that's, that's really what this is trying to. Trying to quantify. So walk us through this, if you will.
[01:38]
B
Yeah, so the idea is that what it's really trying to get at is what are the bugs that shouldn't be there in the first place. And the paper References A 2007 description by this bloke called Steve Christie of Mitre, the sort of think tank. And it says that if a bug's unforgivable, it means basically that the vendor totally disregarded secure development practices. They just shouldn't exist. No excuses. So that's what they're trying to quantify. And I guess the idea of quantifying it is that that means that you can sort of step back and, you know, it's not me saying that you're terrible, it's methodology.
[02:26]
A
It's this framework, it's this matrix. It's not just vibes.
[02:30]
B
Yeah, yeah. So it gets away from the government saying, you people are all terrible. It's saying our methodology finds that the bugs in your software are unforgivable and so basically they look at, you know, what are the common causes of bugs, like how do they occur and what are the mitigations. And then they try and score how easy it is to implement those mitigations. And this is starting from the point of view of we're developing a new product from scratch. And so things like input validation, they reckon that's easy to implement, everyone should be doing it. And they go through this process and they come up with different numbers for all the different mitigations. So like I said, input validation, they've scored it as a three because it's widely understood, it's cheap to implement and the complexity is very low. And so that falls into the easy bucket. So if you've got a bug that could be fixed by input validation, there's no excuses, you should have done that and that would be unforgivable. On the other end of the spectrum, language selection. So if you could have removed a bug by changing the language you use, they actually rate that as pretty hard.
[03:49]
A
Well, re implementing an entire application in a MEMSAFE language. Yeah, that's a pretty tricky mitigation.
[03:55]
B
Yeah. So they step through a whole lot of different mitigations, give them all scores and then they provide this worked example at the end which is here's this real world but anonymized, very serious bug. There was a number of different root causes, but the whole bug could have been eliminated if they'd just done input validation. So, you know, in the report, while the exploitable vulnerability was difficult to find, one of the root causes was deemed easy to implement mitigations for anti rated medium. So the overall assessment is this vulnerability should not have existed and is unforgivable. Now this is where for me the paper falls a bit short. I would have loved to have seen like a number of real world vulnerabilities not anonymized in the report as you.
[04:50]
A
Would have liked to have. And I agree with you, they should have gone through the Kev list and said, which one of these are forgivable and which one of them, which one of these aren't? I can imagine there would have been meetings about this, right, at ncsc. And I think what, Ollie Whitehouse put this together, didn't he? He's the technical director at NCSC and.
[05:05]
B
I came across it because of his weekly newsletter.
[05:08]
A
Yeah, right.
[05:09]
B
And he, he actually in the newsletter he suggests that perhaps, what is it? The CVSS system should have a binary field for forgivable unforgivable. Of.
[05:19]
A
I mean, I Prefer, I prefer a shame scale, to be honest. It should be sort of like CVSS between 1 and 10 to say how ashamed they should be of these sort of, sort of bugs. But I mean, I can imagine that there would have been meetings about this and it would have been pretty hard to convince the bosses that, you know, attacking multi, you know, companies worth tens of billions of dollars and saying that their software is junk, you know, I mean, it probably, you know, and again, it wouldn't be them saying it, but their framework saying it. So I think this is a nice compromise where other people can take this criteria, work through the Kev list and then publish a report on it, you know, according to the NCSC's framework. And it's not really clear from the post, they just looked. It's not really clear if this was, you know, I don't think it was solely Ollie's work, obviously.
[06:12]
B
But yeah, as you said, I don't think his names. Yeah, I'd have to look. I don't.
[06:16]
A
Yeah, no, I just had a look. I couldn't see. I couldn't see names on it. But it's a good idea. And so here's my question, right? Do you think this lays the groundwork for future guidance and regulation from governments? Because I feel like we, the metrics that we use to describe vulnerabilities, you know, like CVSS is a great example. I mean, I think there's a little bit of implied shame in a CVSS that's over 9. Right. But not always. Sometimes there's just these really weird subtle bugs that pop up that once people find them, it turns out they're very easy to exploit and it's just a sort of freak occurrence. But, you know, I don't think policymakers and regulators necessarily, I mean, some will, but a lot won't, understand that seriousness is not an indication of forgivability. Right. And do you think this will help policymakers to issue guidance, regulation, draft new laws, things like that?
[07:12]
B
I think it's an attempt to try and provide incentives to do secure development. And so even though I'm disappointed they didn't name and shame to me, it makes sense that you publish this paper, you get feedback to say, how does the methodology do people. Do people buy into it? And if at this point people don't buy into it, then it's, I think you can say, well, we've suggested this. What would be a methodology that would make sense? And then, you know, this feels like a very long process, but it would be okay. Everyone agrees that this Makes sense. Let's start implementing it into, you know.
[07:53]
A
And then from there you can look at like incorporating that into like government procurement. Right. Where if you've had, you know, shameful bugs in your software over the last 12 months and not taken steps to address the root causes, well, we're not going to buy your stuff.
[08:08]
B
Yeah, well, I think that's going on in parallel. So this is like trying to burn, this is a terrible analogy, burn both ends of the candle. So you've got the supply side. You must do these things to end up in, to be what, by government. And this is the, if you haven't done these things, we're going to in effect kind of punish you by having your bugs described in a way that makes you less, your products less saleable. So I think, you know, there's no one thing that you can do that will fix bugs being in software. So I think it's, this is like kind of to me a complimentary approach to all the other procurement side things that you.
[08:56]
A
No, I get it. It's like we're going to slap a mark of shame on, you know, we're going to provide a framework that can put a mark of shame on your, on your products. And I think that is, I think for a long time people have expected the market to just sort of rely on vulnerability data to do that, but without some sort of indication as to whether or not, you know, how shameful it is that they're there in the first place, it's of limited effectiveness. So, yeah, very interesting. People can check out more detail in the newsletter. Another thing that you've written about, like everybody's talking about Deep Seq, which is this Chinese large language model, that Chinese generative AI thing that's come out. You know, you've approached this from a bit of a different angle. I agree with you that people freaking out about the privacy policy, which just strikes us all as just, well, it's upfront, it's honest. Yes, your data is going to go into China and be used because it's a Chinese AI company. It's, you know, the terms of service are broadly in line with what you would expect out of an American AI company. But I think that your, your point is that Chinese apt crews and disinformation crews and whatever, they now have a, you know, homegrown tool that they can use to do to, you know, use AI to do a lot of bad stuff to us. And it's not going to show up in Google's threat reports anymore or open AI's threat reports anymore because they've got their own capability. And that's, you know, for you, that's the. That's the takeaway here.
[10:21]
B
Yeah, I think there's a lot of reasons that it's a big deal, but that many of the things that Deepseek has done actually kind of mitigate the economic and geopolitical implications, the fact that they've released the way that they did it. So you can expect that Western AI companies will basically copy the same recipe, but in terms of providing visibility into what threat actors are doing. I always find the OpenAI and Google reports quite interesting. And they get some insight into how other APT Crews are using LLMs. And they can. Well, they get that insight. They can actually try and develop countermeasures, but it also informs the rest of their threat intelligence work. You know, these are the things that people are trying to do here are the techniques that might pop up and they can. They are the sort of companies where the, I guess the political imperative means that they devote some resources to trying to tamp down on that. Now, Deepseek, it doesn't seem like they're malicious at all in any way, but they're just a very much smaller company. So I think the figure I heard was 200 people. So you can imagine that there might be in somewhere like Google maybe, you know, tens of people working on their kind of Gemini threat intelligence type stuff potentially. And that scale of effort just doesn't seem plausible.
[11:52]
A
Well, I mean, you would remember that yesterday Adam and I spoke about some research that Wiz did where they found like so much of the company's data just lying around basically on the Internet. And it's. Anytime you see a startup go viral like this, you're gonna, you know, you take a look and it's. It's a mess. Right. So it's gonna take them a while. I eventually expect that they will be doing their own threat reports, but being a Chinese company, I'd suggest that possibly they're just being submitted to the MSS and not to the public. Right.
[12:21]
B
So that's right. Yeah. So I think there's a lot of. It just makes it easier for those crews when they don't have to worry about working their way or jailbreaking, I guess companies that definitely view them as adversaries. So there's. It's sort of black and white. If you're working for Google, Chinese APT crews are adversaries and you're working to counter them. I imagine that that's not true for Deep Seq. And Chinese apts maybe, maybe not, but I think it'll just be easier. They won't worry about turning up in a Google threat report. It's a very capable model they've released.
[13:05]
A
It's more capable than the open source stuff that they could access already. But it's not like they didn't have any sort of ability to run a ring fenced LLM previously. But I think what's freaked everyone out about Deepseek is that it's actually quite good.
[13:20]
B
Yeah, yeah. And so I mean the fact that they were using Gemini means that those crews thought that there was some benefit to those particular types of models that were better than the open source ones. So I don't think it's not going to supercharge APT crews, they're not going to suddenly get 10 times better. But I think this is a thing that will happen. There'll be a loss of visibility for Google. So I think that's a kind of more.
[13:49]
A
Now the final thing that we're going to talk about today are some sanctions, some EU sanctions against a Russian apt, which are interesting for two reasons. First of all, the activity dates back a long time and second of all they are it's cyber activity tied to a unit of GRU, which is unit 29155, which has been linked to stuff like sabotage, assassinations, even this Havana syndrome stuff where the thinking is they were using like directed energy weapons to fry CIA people in their hotel rooms or whatever. Sorry, I didn't mean for that to sound so flippant but you know, these are, you know, seriously nasty people and you know, I think this is the first we've seen of them being linked to malicious cyber activity, which makes all of this very interesting.
[14:40]
B
Yeah, so the reason I started to investigate this is I was just trying to make up my mind is this good news or bad news? Like it's sanctions of five year old cyber activities targeting Estonia. So that seems like, well, what's the point? It's so long ago. If you treat a country misbehaving like a toddler, you want the sort of response to be rapid, clear and directly tackling what the problem is. And it seems to me that the problem with unit 29155 is, is basically the problem with Russia that they're being extremely aggressive doing things that are just beyond the pale. So is a slap on the wrist for something that they did find.
[15:27]
A
Well, does it make sense not to do it? I think it's a counter argument and of course it sort of makes sense to do it even if it's not going to achieve all that much.
[15:33]
B
I mean, what can you do with.
[15:34]
A
A gangster state that does this sort of stuff? Like your options. Your hands are really tight.
[15:41]
B
Yeah, yeah. And so I've got this sort of dual opinion now that, yes, it's good news, and it's good news because the EU is flexing its sanction muscles. So the Estonia only formally attributed those actions to the. To that unit late last year, like in September. And so that was tied to some of what the U.S. department of justice did. They also outed some of those members and sanctioned more of them, not just. I think it was three or. Yeah. And so that's good that the EU is getting its ducks in a row and it's, I guess, greasing the wheels of the bureaucracy to be able to convert an attribution into something real, actual.
[16:32]
A
I mean, you sort of get the impression they could have done this a long time ago, but they just love their. They loved their cheap gas before the, you know, invasion of Ukraine. You just.
[16:43]
B
Yeah, yeah. So I spoke to Stefan Susanto, who's at ETH Zurich, and his view was that when these incidents originally happened, there just wasn't the political will in to do anything about them because. Exactly. Like five years ago.
[17:03]
A
Well, and then I just. I mean, I was getting it. And so now that there's been inactivity from the larger countries, the EU block as well, because, hey, everybody loves cheap energy. And it's like, I think everybody needs to sit in the corner and do some reflection. Tom. Yeah.
[17:18]
B
Yes. Yeah. Yeah. I mean, the problem you're really trying to tackle is that Russia is just gangster state. You said it was an outlaw state. It's just doing stuff that people is totally unhappy with. And if you want to tackle that, you have to tackle it.
[17:32]
A
I mean, it was doing that before, not just sanctions as well. Uh, it's been at this for a long time. The things it's been doing to, through its intelligence services, to State Department officials, for example, you know, well and truly predates the Ukraine war, but, you know, better late to learn than never, right? Tom Uren, that is it for this edition of the podcast. Thank you so much for joining me. And we'll do it all again next week. And don't forget, everyone, you can go to Risk Biz and subscribe to Tom's newsletter and also all of our. All of our newsletters and podcasts over there at Risky Biz. Cheers.