Risky Bulletin: Episode Summary – "Srsly Risky Biz: Governments are losing the crypto wars"

Release Date: February 13, 2025
Host: risky.biz
Guests: Patrick Gray, Tom Uren

Introduction

In this episode of Risky Bulletin, Patrick Gray and policy and intelligence editor Tom Uren delve into the ongoing challenges governments face in the "crypto wars"—the struggle to regulate and access encrypted data—and examine the current state of ransomware activities. The discussion highlights recent developments, government strategies, technological defenses, and the evolving landscape of cybercrime.

Governments Struggle in the Crypto Wars

UK’s Technical Capability Notice (TCN) vs. Apple’s Encryption

The conversation opens with the UK government's attempt to compel Apple to unlock encrypted iCloud accounts through a Technical Capability Notice (TCN). Patrick Gray references Apple's refusal, framing it as a significant setback for governmental efforts to access encrypted data.

• Patrick Gray [00:15]: “Yes, it's the crypto wars. Yes, they are still going on, but you've written a pretty compelling piece arguing that governments are losing the crypto wars.”

Tom Uren points out the significance of the Washington Post reporting on the matter, despite TCNs typically being non-disclosable. He references Alexander Martin’s analysis, which suggests that the framing of the issue may favor privacy advocates over governmental interests.

• Tom Uren [02:13]: “I don't really think it's right to frame it as a backdoor. What they want is what they've got now and so they just want to hold on to something.”

Public Perception and Political Will

Tom discusses Kieran Martin’s perspective, emphasizing that public and political support currently leans towards maintaining strong encryption rather than lawful access. This lack of political will hampers governmental efforts to enforce access to encrypted data.

• Tom Uren [04:18]: “Governments have just lost these wars, they've always lost them, they're going to continue to lose them.”

Patrick Gray counters by suggesting that robust spyware could still allow governments to access necessary data, arguing that both sides may be misrepresenting their capabilities and intentions.

• Patrick Gray [04:52]: “Apple can't cough up that data. They would need to make a change to the platform.”

Future Implications

The discussion moves towards the potential for political shifts to reignite governmental efforts, drawing parallels to the increased political will post-9/11.

• Patrick Gray [07:33]: “If there is a substantial enough intelligence failure that can be attributed to government's lack of visibility into these sorts of devices, you will see that political will enthusiastically manifest.”

Tom expresses a hope that governments will continue to fail in imposing their will on encryption, acknowledging the grim possibilities if they succeed.

• Tom Uren [07:50]: “I'm kind of hoping that, you know, governments just continue to fail at crypto imposing their will on crypto.”

Ransomware Recession and Government Actions

Decline in Ransomware Operations

Patrick shifts the conversation to the state of ransomware, noting a significant downturn in ransomware activities, which he attributes to effective governmental interventions. He references Coveware’s report indicating the disappearance of major ransomware-as-a-service (RaaS) operators like Black Cat and Lockbit.

• Patrick Gray [10:14]: “Ransomware last year really receded. The market is slowing, the ecosystem has really changed.”

Tom elaborates on Coveware’s findings, highlighting the rise of "commodity ransomware" targeting small to medium enterprises (SMEs) and the emergence of lone wolf operators. He sees this fragmentation as a governmental success in disrupting large-scale operations.

• Tom Uren [12:54]: “The most prolific ransomware is actually what I call commodity ransomware… They are big, but they're not extremely damaging.”

Emergence of Smaller, Independent Operators

Patrick and Tom discuss the shift towards smaller groups developing and deploying their own ransomware, a trend they anticipated as a result of effective government crackdowns on larger organizations.

• Patrick Gray [13:27]: “This is what we would see. We would see the dismantling of these large organizations and the emergence of smaller crews using bespoke ransomware.”

Tom notes that these lone wolf operations represent a fraction of overall ransomware attacks but indicate progress in limiting large-scale cybercrime.

• Tom Uren [13:57]: “8% of ransomware attacks were these lone wolves… that's still a win.”

Financial Disruptions and Chain Analysis Insights

The discussion touches on Chainalysis’s report, which shows a decline in illicit cryptocurrency flows, partly due to reduced use of tumblers and mixers. Many cybercriminals are now hesitant to convert cryptocurrencies into fiat, fearing law enforcement action.

• Patrick Gray [15:11]: “Cybercriminals are just parking their cryptocurrencies because they don't know how to launder.”

Tom references Chainalysis’s characterization of government actions as “decisive and unpredictable,” underscoring the effectiveness of current strategies in curbing illicit financial flows.

• Tom Uren [15:11]: “Chain Analysis used this phrase of the sort of lawful action against cryptocurrency laundering and they called it decisive and unpredictable.”

The Ongoing Battle: Suppression vs. Elimination

Continuous Effort Required

Patrick draws parallels between the fight against ransomware and the war on drugs, emphasizing that continuous suppression efforts are necessary to keep cybercriminal activities in check. He argues against the notion that eradication is impossible, highlighting the importance of sustained governmental actions.

• Patrick Gray [16:27]: “This is a crime type that requires constant suppression… people are going to take their place.”

Tom agrees, noting that without persistent efforts, cybercriminal activities will resurface.

• Tom Uren [16:27]: “There's a range of problems that they've got, and strong encryption is just one of them.”

Uncertainty Under Changing Administrations

The conversation addresses potential shifts in governmental priorities with new administrations, specifically referencing the Trump administration’s unclear stance on cybercrime priorities.

• Tom Uren [17:17]: “So it's unclear what the Trump administration's attitude to all this would be.”

Patrick concludes by acknowledging the uncertainty but reinforces the importance of ongoing vigilance.

• Patrick Gray [17:44]: “Well, we'll have to wait and see to see if the operators who are currently doing that work are given other priorities.”

Conclusion

In this episode, Patrick Gray and Tom Uren provide an insightful analysis of the current state of the crypto wars and ransomware threats. They highlight significant government setbacks in accessing encrypted data, the effective disruption of major ransomware operations, and the continual need for adaptive strategies to suppress cybercrime. The discussion underscores the delicate balance between privacy, security, and governmental authority in the digital age, emphasizing that while progress has been made, the battle is far from over.

Notable Quotes:

• Patrick Gray [00:15]: “Yes, it's the crypto wars. Yes, they are still going on, but you've written a pretty compelling piece arguing that governments are losing the crypto wars.”

• Tom Uren [02:13]: “I don't really think it's right to frame it as a backdoor. What they want is what they've got now and so they just want to hold on to something.”

• Patrick Gray [04:52]: “Apple can't cough up that data. They would need to make a change to the platform.”

• Tom Uren [07:50]: “I'm kind of hoping that, you know, governments just continue to fail at crypto imposing their will on crypto.”

• Patrick Gray [13:27]: “This is what we would see. We would see the dismantling of these large organizations and the emergence of smaller crews using bespoke ransomware.”

• Tom Uren [15:11]: “Chain Analysis used this phrase of the sort of lawful action against cryptocurrency laundering and they called it decisive and unpredictable.”

For more insights and detailed analyses, subscribe to the Risky Bulletin podcast on Risky Biz and stay updated with the latest in cybersecurity news.