Risky Business #765 — The Kaspersky Switcheroo
Released on September 25, 2024
Host: Patrick Gray
Guests: Adam Boileau, Rob Joyce
Sponsor Interview: Mike Wiresek, Founder of Stairwell

1. Introduction and Weekly Security News Overview

Patrick Gray kicks off the episode with a personal anecdote about successfully potty-training his three-year-old, drawing a parallel to corporate entities yielding under external pressure. He then transitions to the week's security news with guest co-hosts Adam Boileau and Rob Joyce, a former US Presidential Cybersecurity Advisor and NSA Cybersecurity Director.

Notable Quote:
“At the end of the day, you have to pick your trusted partners.” — Rob Joyce [19:12]

2. Elon Musk's X (Twitter) in Brazil

Patrick discusses Elon Musk's recent concession in Brazil regarding X's compliance with Supreme Court directives. Despite initial resistance against censoring accounts, the platform "folded like cheap lawn furniture" after weeks of pressure.

Notable Quote:
“It’s just kind of a different kettle of fish. Not everywhere is the U.S.” — Adam Boileau [02:49]

Rob Joyce emphasizes the business decision behind Musk's compliance, highlighting the balance between free speech and sustaining operations in foreign markets.

3. Telegram's Cooperation with Authorities

The conversation shifts to Telegram's update of its privacy policy, agreeing to share user information with law enforcement. Adam critiques Pavel Durov's compliance, suggesting it's a strategic retreat to maintain operational viability.

Notable Quote:
“They're willing to share these identifiers with law enforcement as part of legitimate investigations.” — Adam Boileau [05:08]

Rob points out Telegram's history with the Russian government, asserting that cooperation with Russian authorities likely influenced their stance with Western governments.

4. TikTok Bans RT Accounts

Patrick highlights TikTok's removal of RT accounts following similar moves by Meta, positioning it as an attempt to appear responsible amid concerns over misinformation. The discussion touches on ByteDance's forthcoming divestiture from TikTok in the US.

Notable Quote:
“TikTok is trying to put up a bit of a fig leaf here.” — Adam Boileau [11:33]

Rob Joyce speculates on the Biden administration's consistent pressure on Chinese tech firms, hinting that TikTok’s actions are preemptive moves to retain operability in the US market.

5. Biden Administration's Automotive Software Ban

The Biden administration proposes a rule banning Chinese and Russian automotive software from US cars starting model year 2027, raising concerns about economic and technological repercussions.

Notable Quote:
“The regret factor is going to be super high if you let the Chinese run through the infrastructure we use for self-driving cars.” — Rob Joyce [14:38]

Patrick expresses apprehension about potential declines in automotive quality, given China's dominance in the sector.

6. Kaspersky's Withdrawal from the US Market

Kaspersky has ceased operations in the US, automatically replacing installations with Ultra AV, an American-owned antivirus solution. While some criticize the abrupt switch, both Patrick and Rob view it as a responsible move to ensure continued protection for users.

Notable Quote:
“Many didn't realize how much control the antivirus software has.” — Rob Joyce [19:12]

Rob further critiques Kaspersky's execution, noting poor communication and the inadvertent education of users about the vulnerabilities of untrusted AV software.

7. Australian Cybercrime Arrests

The Australian Federal Police successfully dismantled Ghost, a crime phone network, arresting its Australian founder. The operation showcased effective law enforcement tactics, including infiltrating update servers to collect intelligence.

Notable Quote:
“They became the bright, shiny object for law enforcement to target.” — Rob Joyce [26:51]

Adam underscores the importance of threat modeling and jurisdictional considerations for cybercriminals.

8. Israeli Operation Against Hezbollah

Patrick examines a possible Israeli mission involving the insertion of explosives into Hezbollah’s communication devices. He references a blog post by Bunny Studios detailing how such an operation might be technically feasible.

Notable Quote:
“These actions achieved the objective of severely injuring fighters and undermining command and control.” — Rob Joyce [30:00]

The discussion delves into the effectiveness and ethical implications of using booby-trapped devices in military operations, with Patrick addressing backlash and clarifying the legitimacy of the operation based on expert sources.

9. Iranian Interference in US Elections

Rob and Patrick discuss recent attempts by Iran to influence the US election by stealing and disseminating documents. While acknowledging these tactics as expected state-sponsored interference, they note the increased public awareness and resilient response mechanisms in place.

Notable Quote:
“We just want to make sure it’s our politicians and our electorate that are influencing and being influenced.” — Rob Joyce [39:01]

The segment touches on House Republicans' demands for FBI investigations, with Rob emphasizing the importance of safeguarding electoral integrity against foreign manipulation.

10. Timing Attacks on Ricochet Messaging Tool

A technical discussion unfolds around German authorities executing timing attacks on Ricochet, a metadata-resistant instant messaging tool. Patrick reflects on his past involvement and expresses regret over its misuse by malicious actors.

Notable Quote:
“Law enforcement have got to the point where they can and do use these capabilities.” — Adam Boileau [41:14]

Rob explains the limitations and necessary adaptations for anonymity tools in the face of advancing surveillance techniques.

11. Crypto Theft Case

Patrick briefly covers a DOJ case involving young hackers stealing $230 million in cryptocurrency from an investor in Washington D.C., highlighting both the audacity and technical sophistication of the operation.

Notable Quote:
“It probably does work enough. So like, my hat is off to them for just the sheer brazenness of it.” — Adam Boileau [44:08]

12. iPhone Mirroring Feature in macOS

Adam shares insights on the latest macOS feature enabling iPhone mirroring, noting Apple’s efforts to minimize security risks. While recognizing its practicality for average users, Patrick remains cautious about using it to prevent potential compromises.

Notable Quote:
“Rob Joyce: ... Apple can do a pretty good job with security. And it looks like there's some new attack surface in any new feature, but I think they're putting a lot of effort into protecting it.” — Rob Joyce [47:34]

13. Sponsor Interview: Stairwell and Malware Evasion

In the sponsored segment, Mike Wiresek discusses Stairwell, a platform designed to analyze organizational files to detect and track malware variants. He explains how advanced adversaries avoid platforms like VirusTotal by maintaining their own testing environments, emphasizing the need for continuous retroactive analysis to counter sophisticated evasion tactics.

Notable Quote:
“We're connecting security operations, threat analysis, and incident response into one platform.” — Mike Wiresek [58:07]

Wiresek highlights Stairwell’s ability to provide comprehensive threat intelligence and facilitate effective incident response, positioning it as a critical tool for modern cybersecurity defenses.

Conclusion

Patrick wraps up the episode, thanking guests Adam Boileau and Rob Joyce for their insights and previewing upcoming editions. He reiterates the importance of understanding and adapting to the evolving cybersecurity landscape, emphasizing continual vigilance and the adoption of advanced protective measures.

Key Takeaways:

• Compliance vs. Principles: High-profile platforms like X and Telegram often balance operational viability with adherence to local laws, sometimes compromising on initial principles.

• Geopolitical Tech Pressures: US regulations targeting Chinese and Russian tech firms reflect ongoing geopolitical tensions, with significant implications for global markets.

• Cybersecurity Tool Vulnerabilities: Advanced adversaries employ sophisticated tactics to evade detection, necessitating robust and adaptive security solutions like Stairwell.

• Law Enforcement Effectiveness: Coordinated efforts by agencies globally are increasingly successful in dismantling cybercrime operations, underscoring the importance of threat modeling and jurisdictional awareness.

Notable Guest Insights:

• Rob Joyce: Emphasizes the importance of trusted partnerships in cybersecurity and critiques the execution of corporate compliance movements.

• Adam Boileau: Highlights the evolving capabilities of law enforcement in countering cyber threats and the necessity for continuous security advancements.

• Mike Wiresek: Discusses the challenges of malware evasion and the critical role of comprehensive analysis platforms in modern cybersecurity strategies.

For more insights and updates on information security, subscribe to Risky Business and stay informed on the latest in the cybersecurity landscape.