Risky Business #788: Trump Targets Chris Krebs, SentinelOne Release Date: April 16, 2025 Host: Patrick Gray

In this episode of Risky Business, host Patrick Gray is joined by guest Rob Joyce, former cybersecurity director of the NSA, to delve into pressing issues in the information security landscape. The episode, titled "Trump Targets Chris Krebs, SentinelOne," covers a range of topics from political interference in cybersecurity to advancements and challenges in the spyware arena.

1. Presidential Memorandum Against Chris Krebs and SentinelOne

The episode opens with a discussion about recent developments involving former CISA Director Chris Krebs. President Donald Trump signed a presidential memorandum instructing the Department of Justice to investigate Krebs, marking a significant political maneuver against a key figure in cybersecurity.

• Revocation of Security Clearances

  • Rob Joyce (00:56): “President Trump signed executive orders aimed at revoking the security clearances of his former cybersecurity head, Chris Krebs.”
  • Patrick Gray (03:26): Highlights that the memorandum not only targets Krebs personally but also his employer, SentinelOne, affecting approximately ten employees with security clearances. This action is seen as an attempt to blacklist Krebs and pressure SentinelOne, akin to previous actions taken against law firms.

• Implications for SentinelOne and the Cybersecurity Industry

  • Rob Joyce (03:26): “Chris is an awesome person. I was around during those election times. He had nothing but the best intentions and organized an amazing response to be able to help secure those elections.”
  • The discussion underscores the unprecedented nature of the White House targeting both an individual and his employer, potentially jeopardizing government contracts and creating a chilling effect within the cybersecurity sector.

• Patrick Gray’s Analysis (05:00):

  • Predicts that SentinelOne may need to part ways with Krebs, citing corporate obligations to shareholders and staff. The political entanglement blurs the lines between cybersecurity and politics, thereby reducing overall security efficacy.

2. Formation of a New Intelligence Task Force by Tulsi Gabbard

Patrick shifts the conversation to a new task force constituted by Tulsi Gabbard, the Director of National Intelligence in the U.S.

• Patrick Gray (05:49): “Tulsi Gabbard is constituting a new task force designed to restore transparency and accountability to the intelligence community.”

• Rob Joyce’s Perspective (12:37):

  • Acknowledges the bipartisan concern over spyware proliferation and supports efforts to prevent a cyber arms race. Emphasizes the need for accountability in the use and sale of spyware technologies.

3. Senator Ron Wyden’s Block on Trump’s CISA Nominee

The duo discusses Senator Ron Wyden's efforts to block Trump's nominee for Director of CISA until the Department of Homeland Security releases a 2022 report on telco security.

• Patrick Gray (11:48): Raises concerns that DHS may withhold the report to avoid scrutiny over telco vulnerabilities, particularly regarding SS7 and Diameter protocols.

• Rob Joyce’s Insights (12:37):

  • Explains the technical aspects of SS7 and Diameter, highlighting their inherent vulnerabilities and the challenges in securing telecommunications infrastructure.

4. The Pall Mall Pact and Spyware Regulation

The conversation shifts to international efforts to regulate spyware through the Pall Mall Pact, a non-binding agreement aimed at preventing spyware proliferation.

• Positive Developments (15:08 - 16:22):

  • Rob Joyce (16:22): “This is a big deal. There’s bipartisan consensus in the US that spyware for higher industry is a problem if it’s not done correctly.”
  • The pact is lauded as a step forward in establishing global norms around spyware usage, despite being non-binding. There is cautious optimism about its effectiveness in curbing the cyber arms race.

• NSO Group’s Lobbying Efforts (19:14 - 20:07):

  • Patrick Gray (19:39): Discusses how NSO Group is pivoting its lobbying strategies towards Republican lawmakers amid increasing regulatory pressures.
  • Rob Joyce (19:37): Expresses skepticism about NSO’s ability to rehabilitate its image, citing past controversies like the Khashoggi killings.

5. Targeted Spyware Against Ethnic Groups

The episode highlights a report from the UK’s NCSC on Chinese spyware targeting Uyghur, Tibetan, and Taiwanese communities through specialized applications.

• Patrick Gray (20:07): “They’ve created apps that people from those groups would like to use. There’s an audio Quran, there’s an app called Tibet1.”

• Rob Joyce’s Commentary (21:14):

  • Acknowledges the sophistication of such targeted attacks, noting that these tactics are extensions of longstanding Chinese cyber espionage strategies.

6. MITRE’s CVE Program Funding Challenges

MITRE, the organization responsible for administering the Common Vulnerabilities and Exposures (CVE) program, faces the expiration of its funding contract with the U.S. government.

• Patrick Gray (27:03): Wonders about the potential disruptions in the CVE ecosystem due to funding cuts.

• Rob Joyce’s Concerns (29:02):

  • Rob Joyce: “This is a self-induced crisis that is eroding our cybersecurity capabilities writ large. Another self-induced crisis.”
  • Highlights the importance of industry collaboration to maintain the effectiveness of the CVE program despite financial uncertainties.

7. Malicious Chrome Extensions with Millions of Installs

A significant security concern addressed in the episode involves Chrome extensions garnering over 4 million installs while remaining hidden from the public store.

• Patrick Gray (31:16): Points out the risks associated with browser extensions being exploited for data theft and espionage.

• Rob Joyce’s Analysis (32:40):

  • Emphasizes the power and potential risks of browser extensions, noting that the extensions in question could monitor user activities without overt malicious actions like stealing passwords.

8. NSO Group’s Legal Troubles and Lobbying Shifts

The lawsuit against NSO Group reveals targeting of over a million WhatsApp users across 51 countries, escalating scrutiny on the company.

• Patrick Gray (37:12): Observes NSO’s shift in lobbying efforts from Democrat-aligned firms to Republican lawmakers.

• Rob Joyce’s Outlook (39:40):

  • Doubts NSO’s ability to recover reputationally, referencing unsuccessful lobbying attempts by similar companies like Huawei and ZTE.

9. Other Notable Cybersecurity News

The episode also covers:

• Reduction in SSL Certificate Validity:

  • The CA Browser Forum has voted to reduce SSL certificate lifespans from 398 days to 47 days by 2029, pushing the industry towards more secure, programmatic certificate management.

• Dutch Research on Ransomware Payments:

  • Findings indicate that 95% of organizations paying ransoms avoided bankruptcy, while those with cyber insurance paid three times the ransom amounts, highlighting the complex dynamics of ransomware economics.

• Intrusion at 4chan:

  • Reports of ongoing conflicts and cyber intrusions within 4chan, reflecting the perpetual volatility of online communities.

10. Sponsor Interview: Authentic’s Fletcher Heisler on Identity Management

The episode transitions to a sponsored segment featuring Fletcher Heisler from Authentic, an open-source Identity Provider (IDP).

• Authentic’s Approach to a Crowded Identity Space (43:40 - 49:49):

  • Fletcher Heisler: “Identity is a very crowded space lately... we’re trying to be as vendor agnostic as possible.”
  • Discusses Authentic’s strategy to integrate diverse identity and access management tools, allowing for greater flexibility and customization compared to incumbents like Okta or Ping.
  • Highlights features such as device health checks during authentication flows and the development of community-driven integration blueprints.

• Integration with Other Services (50:18 - 52:35):

  • Fletcher Heisler: “You can integrate Knock Knock and Authentic and make custom scripts...”
  • Emphasizes the importance of API-driven integrations and infrastructure as code to enhance security and operational efficiency.
  • Mentions Authentic’s participation in industry events like RSA and BSides SF, underscoring their commitment to community engagement.

Conclusion

Patrick Gray wraps up the episode by reiterating the significance of the discussions, particularly the political interference in cybersecurity and the evolving landscape of spyware and identity management. He extends gratitude to Rob Joyce for his insightful contributions and previews the upcoming episodes, promising continued in-depth analysis of critical information security issues.

Notable Quotes:

• Donald Trump (01:55): “This guy's a wise guy. He said, we've been proved this is the most secure election in the history of our country. Now, this was a disaster.”

• Rob Joyce (05:00): “I don't know where it goes, but this clash really blurs politics and cybersecurity. So that, to me, makes all of us less safe.”

• Fletcher Heisler (44:09): “We’re not looking to be a device management company. We want you to be able to embed signals from any tool you’re using.”

• Rob Joyce (29:02): “Another self-induced crisis that's eroding our cybersecurity capabilities writ large.”

This comprehensive summary encapsulates the key discussions and insights from Risky Business #788, offering listeners a thorough understanding of the episode's content without needing to tune in.