Podcast Summary: Risky Business News - "Srsly Risky Biz: Why hack and leak is still a big deal"
Release Date: December 5, 2024
Host: Adam Boileau
Guest: Tom Uren
Introduction
In this episode of Seriously Risky Business, host Adam Boileau is joined by his colleague Tom Uren to discuss the enduring impact of hack and leak operations. They explore recent developments in corporate espionage, historical parallels, and the evolving landscape of criminal communication networks.
1. Corporate Hack and Leak Operations: The Exxon Mobil Case
Tom Uren opens the discussion by highlighting a significant Reuters report investigating Exxon Mobil’s involvement with DCI Group, a public relations consultancy implicated in hack for hire operations.
Tom Uren [01:29]: "The sources told them that the FBI is investigating the links between Exxon Mobil, a consultancy group called DCI Group, and hack for Hire operations."
The investigation reveals that private investigators acted as intermediaries between U.S. corporate interests and Indian hack for hire firms. These operations involved stealing materials from environmental activist groups to undermine lawsuits against Exxon Mobil, drawing a parallel to the historical legal battles faced by the U.S. cigarette industry.
Tom Uren [01:29]: "These hack and leak operations undermined those lawsuits against the energy sector and had a profound influence."
Adam reflects on the societal desensitization to such activities, noting that while the 2009 ClimateGate incident was initially dismissed, today’s investigative journalism brings more scrutiny and understanding.
Tom Uren [04:04]: "Nowadays things are better. We've got investigative journalists pursuing these kinds of stories."
2. Historical Context: The 2009 ClimateGate Incident
Adam reminisces about the 2009 ClimateGate hack, comparing it to contemporary hack and leak operations. He emphasizes how the lack of attribution at the time limited the perceived impact of the breach.
Adam Boileau [04:07]: "It was never attributed to anyone. People think maybe it was the Russian state... or US energy interests like Exxon."
Tom adds that the ClimateGate incident was a pivotal moment in the climate change debate, much like the Exxon case today, highlighting the strategic use of cyberattacks to influence public opinion and legal outcomes.
Tom Uren [04:07]: "Someone arranged this, they organized it, they timed it... hack and leak was the way they did it."
3. Impact on Victims and Accountability Issues
The hosts discuss the devastating effects of hack and leak operations on targeted organizations and individuals. Tom underscores the misrepresentation of leaked data and the lack of accountability beyond the middlemen.
Tom Uren [09:17]: "It was quite devastating because their work was basically misrepresented for a purpose they didn't agree with."
Adam points out the systemic issue where private investigators and intermediaries face the brunt of legal consequences, leaving the orchestrators unaccounted for.
Adam Boileau [10:52]: "Almost never anyone is held responsible other than the poor PIs who are the fall guys in this case."
4. The Crime Phone Ecosystem and Law Enforcement Crackdowns
Transitioning to criminal communication networks, Tom discusses recent law enforcement actions against "crime phones," encrypted messaging applications used by criminals.
Tom Uren [12:28]: "Police were able to intercept and decipher messages for months and then they took it down."
He explains how these apps, despite their claims of enhanced security, often have exploitable vulnerabilities due to their reliance on key individuals and centralized control.
Tom Uren [16:11]: "There's always someone in charge, and police have figured out... either get hold of the infrastructure or the key person."
Adam contrasts this with legitimate state-run secure communications, highlighting the extensive measures and reviews involved in maintaining such systems.
Adam Boileau [16:59]: "In the criminal world, we haven't really got that north star of capitalism that kind of guides things in a predictable way."
5. Challenges in Securing Criminal Communications
Tom delves deeper into the inherent challenges faced by criminals in maintaining secure communication networks. He cites the example of Mexican cartels attempting to create their own encrypted systems, which ultimately failed due to internal security lapses.
Tom Uren [18:18]: "They built an encrypted messaging service with an interception system, which the police exploited."
Adam humorously suggests that even with increased budgets, the fundamental human factors and operational complexities undermine the security of these illicit networks.
Adam Boileau [20:05]: "We can't even secure our own telcos in the free world... criminals have a tough time there."
6. The Future of Hack and Leak Operations
The conversation concludes with reflections on the future trajectory of hack and leak operations. The speakers emphasize the relentless cat-and-mouse game between cybercriminals and law enforcement, noting that as security measures evolve, so do the tactics of those attempting to circumvent them.
Tom Uren [20:44]: "It's a lot of work, and it seems unreasonable to expect a crime cartel to do that amount of work in a robust way."
Adam encapsulates the ongoing struggle, highlighting that while significant progress has been made, the battle to secure information and maintain accountability continues to evolve.
Adam Boileau [21:22]: "Good luck to you sir."
Conclusion
In this episode, Adam Boileau and Tom Uren provide a comprehensive analysis of the enduring significance of hack and leak operations in both corporate and criminal contexts. Through detailed case studies and historical comparisons, they underscore the complex interplay between cyber threats, legal frameworks, and the relentless pursuit of accountability.
Listeners are encouraged to stay informed by following the Seriously Risky Business newsletter and accessing further resources on Risky.biz.
For more detailed discussions and insights, subscribe to the Seriously Risky Business newsletter and explore additional content on Risky.biz.