
PLUS: Microsoft's chart crimes...
Loading summary
Patrick Gray
Hey everyone, and welcome back to Risky Business. My name's Patrick Gray. I, of course just took a couple of weeks off for the school holidays here in New South Wales, Australia, and forgot to tell you all I was taking a break, which led to a few emails saying did you just retire or what's going on? But no, we are back on deck and we've got a great show for you today to catch up on all of the news of the last few weeks. This week's edition of the show is brought to you by panther. And in this week's sponsor interview, I'm joined by panther's Casey Hill. And we're going to be talking about the future of SIEM. Really, because you know, SIEMs are not really about firewall logs these days. You know, we're talking high volume log sources and things like that. You know, huge volumes of data. The seams of the future are going to have to deal with that. So Casey's joining us to talk through all of that. But first up, of course, it's time for a check of the week's news with Adam Boileau. Hello, Adam.
Adam Boileau
Hello, Pat. It is nice to have you back.
Patrick Gray
It's good to be back, but I must say I had a wonderful break. Took the family to Brisbane, which is a terrific city. Did some camping as well, out in the wilderness, swimming in beautiful rivers and.
Adam Boileau
Yeah, it was very good, but not thinking about computers.
Patrick Gray
That's. I managed it. I actually managed it. But it is good to be back and we do have, of course, after any break we've got a pile of stuff to get through. Let's start with this salt typhoon story. It looks like some Chinese apt actors managed to gain access into at least some components of some American telco like KIA interception rigs. The reaction on social media seems to be, well, oh, they must have been using this stuff to do wiretaps on Americans. But if you actually parse the reporting carefully, it looks like the chief concern here is that they would have been able to identify who like the, the FBI might have been wiretapping. So from a sort of counterintelligence perspective, you know, that that's what the Chinese might have been up to as opposed to trying to, you know, task wiretaps on people. Is that your reading as well?
Adam Boileau
Yeah, that, that seems to make sense. The, like the early Reporting talked about three telcos, I think was AT&T, Verizon and Lumen. But subsequent reporting has talked about, you know, like 10 to 12 and you know, if you're going to break in if you're going to task lawful intercept, then, you know, you kind of need more access and those systems are going to be different between the different telcos. So, like, doing that across a dozen telcos is a lot of work. Like, you know, two or three, I can imagine would make sense. But the way it's being described, you know, the idea that they had access to a system that could see who was being intercepted or who was being monitored, like, that's more believable because some of those could be shared. They could be, you know, that's kind of a lesser degree of access. So I think your theory makes sense with, you know, as a slightly closer reading of the reporting so far. But, you know, either way, access to lawful intercept, you know, is a thing that a very powerful B. A traditional target of intelligence agencies. You know, we've seen these be targeted by Western intelligence agencies, you know, going back quite a long way.
Patrick Gray
Well, and by China previously in like Operation Aurora all the way back in whenever that was, 2008, 2009.
Adam Boileau
Yeah, yeah, it's going back to like, you know, these are long, you know, sort of traditional targets of intelligence people. And it kind of makes sense that they're a little bit, you know, the government in the US is a little bit worried about it. But yeah, some of the rhetoric around this on social media has been a little bit dolly, in my opinion.
Patrick Gray
Well, yeah, I mean, people are saying, like, look, these are the risks of legal interception and whatever. And it's like, okay, it is a risk. Right, but are we going to argue seriously that the FBI shouldn't be able to tap phones with a, with a warrant? Like, is that your argument? Yeah, which just. Which seems a bit silly. And my question is, if they weren't tasking wiretaps with these systems, why not? You know, is it that they were scared they were going to get caught because there's solid auditing in place, or did they just not have that level of access? I'm really curious or whether or not that just wasn't the brief. Right. But, but I'm, I'm hungry for more details on this one. Let's put it that way.
Adam Boileau
Yeah, yeah, exactly. Like, I had exactly that exact reaction. I want to see the meaty details of what they were doing, how they were doing it, in what systems. Because getting to the point where you can see lawful intercept tasking or selectors or whatever else, that's kind of one thing. But getting to the point where you can make your own requests or get the data out of existing Requests is a bit more involved. And if you get to the point where you've got, you know, route or admin or, you know, sort of maintenance level gear, access to the gear that's doing it, then obviously, you know, the kind of the world is your oyster. But there are a whole like any other IT system, right. There are a whole other level of, you know, systems involved in places where the data gets put out too, and web portals for putting in the requests in and authorization by legal and, you know, there's a bunch of places where you could get into these systems and they're all interesting and I'm nosy about all of it.
Patrick Gray
Well, I feel like maybe they got access to the portals where people submit the paperwork, the warrants. Right. Like that's what this feels like based on the reporting. But ultimately we don't know. I should also point out too that it's not just American telcos. No other countries have come forward to sort of acknowledge that their telcos had these problems, but they have said it's not just America, but they're the ones talking about it right now, which is a positive. You know, this does raise questions about sort of lawful intercept against other technologies. Say WhatsApp were to provide some sort sort of, you know, Calea like, you know, intercept capability to intelligence and law enforcement. You know, we could see attacks against that sort of infrastructure. But again, is the argument that we shouldn't do any level of targeted surveillance because this might happen? I don't think that's necessarily an argument that stacks up if I'm honest. But perhaps we do need to consider what sort of scale these interceptions should run out, but run out because the larger the scale, the more potential for this sort of thing happening and being very bad is.
Adam Boileau
Yeah, the bigger the collection, the more kind of collateral damage there can be. And I think, you know, you're right to say, you know, this is not just telcos anymore. Like this particular case might be. We don't know. But, you know, there are so many other communications mechanisms and there's so many problems in how we provision that access and all of the things we have, the challenges we have in regular computers like identity and authorization, all those sorts of things matter. A while ago you had like a sponsor interview or a Snake Oilers or something with a guy that was running authentication for lawful intercept requests as a.
Patrick Gray
Service business that was just for all sorts of requests, not just interception. So that was for dealing with. Yeah, for dealing with law enforcement. So if you're a company that has to manage law Enforcement requests. They kind of. It's sort of like bug bounties, but for that. So they deal with them for you. And yeah, can tell you, well, yeah, this person is legit, or this person. We've never seen them before. And then they can go out and verify. Can't remember the name of the company. Sorry, sorry. Yeah, but that was very interesting.
Adam Boileau
Yeah, yeah, yeah, exactly. And that's the sort of, you know, those sort of problems exist in this infrastructure. And that's kind of a. Regardless of how we, you know, position lawful intercept as a thing that is good for society or not, like, those problems are still going to exist regardless of how we try and solve that. Those trade offs.
Patrick Gray
Yeah.
Adam Boileau
And then the other kind of part of this argument against it is like, if we're talking about national intelligence agencies here, the Chinese going after Americans or whoever else, the idea that not having this infrastructure would make them decide not to then go and use it. Like, if you can break into the gear underneath, it doesn't matter if there's lawful intercept or not.
Patrick Gray
You just do your own intercept.
Adam Boileau
Do your own intercept.
Patrick Gray
Just a few more hops. Right. I just, I just looked it up, by the way, and the company's name is Codex. But at this point, Adam, we're going to have to move on from this quickly. But I did want to ask you to share with the class because one of my favorite war stories from your days as a penetration tester was when you actually did some testing on a. On an interception system, which was very well set up and you still got it in the end. And I want you to tell the class how you got it, because this is a story that back then, when it was more recent, had to be told quietly. Usually after we had you at a conference and filled enough beer into you. Right. Like I could poke you and get you to tell the story, because it's a great one. But if you would share with the class, I sure would appreciate it because it's been long enough now.
Adam Boileau
It's been a long time. So I was tasked with lawful interceptions. Well, actually, to be fair, I was tasked with breaking into important bits of some telco infrastructure. And I. Lawful intercept seemed like the right thing to go for, so I went for lawful intercept. Got there without too much drama, wrote it up in the report, shipped it off, turned out that I had got the test lawful intercept system, which I thought was production. And I was embarrassed. And they all were like, you didn't get what you said you did, son. Blah, blah, blah. Talk down to me. A little bit. And so I had a bee in my bonnet about getting to production lawful intercept the next time against that same target. And this involved me breaking into the camera systems for all their data centers so I could see inside the physical data centers, try and find the racks, try and find the actual equipment that I wanted to get to because this stuff was behind biometric auth in dedicated rooms with like really robust controls. And eventually, after I had compromised all the desktops of the system, of the people that loaded up the warrants, et cetera, et cetera, I learned, I found all their process documents, I figured out how they did it, and it involved like getting a laptop out of a safe and signing out the crypto keys and two man rule and all sorts of like in a secured room, you know, they had really done that well. And so I was, you know, I was frustrated. Eventually I got there by finding like the data center design documentation and I found the documentation for how they did the physical install of the gear in the racks. And it included top of rack management with serial consoles. And it turned out that as a standard rule, they plugged in the serial consoles to these top of rack management units. And I went and looked at the cameras and I could see the cables.
Patrick Gray
So you basically wound up jumping an air gap over serial.
Adam Boileau
I jumped the air gap via a serial connection using creds that I had stolen from the desktops of the people that used the gear but didn't have access without going through all these hoops. And I got there in the end on the console root access to production lawful intercept. And at that point, and it took me a long time.
Patrick Gray
Yeah, but it was a matter of like you having a bee in your bonnet and something to prove.
Adam Boileau
Well, exactly. It may be a character flaw, but proving someone that I can do it was the thing that motivated me for like whatever it was, nine, ten weeks of fairly robust hacking. To be honest, I got there in the end.
Patrick Gray
Probably went a little bit overboard on that one. But yeah, just such a, such a good story that I'm happy you can, you can now share with class.
Adam Boileau
So that's good.
Patrick Gray
All right, we should move on to other stories because we've got a lot to get through. This week the Internet Archive had a data breach impacting some 30 million plus users. And then they're getting ddosed. It looks like it's a group of Russians who are claiming to be motivated by the Palestinian cause. And you know my first question, because I did drop into Slack briefly when this was going on and I'M like, what are you going to do with this? With this data? I can't imagine that it's that sensitive. And you pointed out, well, it's just a really good corpus of passwords. But aren't they like bcrypted?
Adam Boileau
Yeah, yeah, they're pretty well hashed. So it probably isn't the world's most useful password gcc, but 31 million, like you're still going to get enough that fall out even at bcrypt speeds to be useful for something.
Patrick Gray
But what are bcrypt speeds these days? Because it used to be just non viable, like not that long ago.
Adam Boileau
Like dictionary is viable, but like not huge dictionary, but like so like in the thousands a second I think. But you know, there's a bunch of settings depending on how you configure your bigger. But like it's viable for dictionary words but not much beyond that. And you know, this has been loaded up into have so a bunch of people have got notifications. But you know, overall I just, you know, I feel like Internet going after the Internet Archive is. It's just puppy kicking. It's rude.
Patrick Gray
Yeah. Eddie's like, what? You know, but they're like, it's American and the Americans support the Israelis, so down with the Internet Archive. It's like, okay, right. You know, this seems like one of those reverse engineer justifications after they found Shell. Right?
Adam Boileau
Yeah, it does, it does. And just you know, because the Internet Archive does so much, so much really good work and I feel bad for them having to deal with this kind of bs, but hey, that's the Internet that we live in.
Patrick Gray
That's just how it be, right? And also just a funny note, the BBC, in just one paragraph in like a news brief accidentally reported that the hackers were called have I been pwned? And were published. Like it was just so funny. So Troy's like, bad man. Do I know anyone at BBC who can take care of this? I'm sure it's sorted out like by now or very much on the way to being sorted out. The other thing that I wanted to talk. Another thing I wanted to talk about today is Microsoft's latest big threat report. You know, huge document, 100 plus pages, some interesting stuff in it. There's always interesting stuff in these big Microsoft reports. One of the most interesting things, and that's what Catalan really zeroed in on for his coverage with us, was the fact that China and Russia are increasingly relying on criminal tools and criminals themselves to get stuff done. So I do think that's a very Interesting trend because, I mean, that wasn't always clear and it didn't really look like it was happening, I don't know necessarily all that much. But it's becoming clearer and clearer that this is becoming strategy, which is interesting because, you know, we're used to it going the other way, right? Which is early sort of cyber capabilities are cobbled together from, from odds and ends, including criminals and whatever. China, this did this famously with their nationalist hackers 20 years ago, but now it looks like they're sort of moving back in that direction. So that's interesting. The other thing though, now this is really weird because they've done a terrible job on their ransomware section. Terrible. So what they've done is they've argued that successful encryption in ransomware attacks is down, but ransomware encounters are up by like, you know, 2.75x. But you know, the fact the ones that actually successfully deploy encryption, very, very low. Now the problem I've got is they've said that there's been a three fold decrease in ransom attacks reaching encryption stage. How do you decrease something by threefold? Does that mean it starts at 100 and then winds up at minus 200? A ransomware act is going around and unransoming people. How does this work? Right, and then they've got a chart crime in here where one axis, you know, one Y axis is the absolute number of organizations having these ransomware account encounters. And the right hand Y axis is the percentage of organizations ransomed. The highest record, it goes from 0 to 100. But the highest level looks like it's about 3%. So you can't really tell anything from that chart. Like, it's a mess. And you know, aj, Vice ends, by the way, congratulations to him because he's moving on from cyberscoop and he's got a job at Reuters. And I know AJ and he's a great journo and that's fantastic news, mate, well done. But you know, he had to write in his deck for Cybersecurity CyberScript's coverage on this that they're down by 300%. Like, what does that mean?
Adam Boileau
Tell me. It's. That's a very good question. And like, I started reading the doc because, you know, you posted that graph in Slack and I was curious as well and like, it's a great doc, but it's so, so dense, right? There's so many things to read in there and trying to figure out exactly what they, they mean by. Because they've got a call out for three fold Decrease, but trying to get to the bottom of what that actually means.
Patrick Gray
What they're trying to say is that in absolute numbers, is that in percentages and what is three fold mean?
Adam Boileau
Yes.
Patrick Gray
Does it mean it's reduced by two thirds or by minus 300%, which is what. I'm just so confused at it. You'd expect a bit better, wouldn't you?
Adam Boileau
I mean you would, you would. But I mean overall, like they've done really great work. There's lots of great stuff on here and good insights and good data and so on. But yeah, it's. That was definitely.
Patrick Gray
But the thing that I'm left with here is has the success, has the successful number of encryptions, has the absolute number gone down by a significant margin or just the rate? Because we know that there's been an increase in encounters. So I don't know, I'm just frustrated by this because I'm left not really understanding what they're trying to say, you know.
Adam Boileau
Yeah, no, I share your frustration there. And you know, we have a long history in this industry of bad stats and bad numbers and bad decision making and you know, you can just make up anything and, and put it on the slide and it'll be fine.
Patrick Gray
Well, I'm sure it's rooted in something, they just haven't expressed it. Well, you know, among our customers, Microsoft observed a 2.75x increase year over year in human operated ransomware. LinkedIn counters defined as having at least one device targeted for a ransomware attack in a network. Meanwhile, the percentage of attacks reaching actual encryption phase has decreased over the past two years by threefold. So that's the percentage decrease. Threefold. What? Anyway, but they do say automatic attack disruption contributed to this positive trend. And they also pointed out that unmanaged devices are the ones that get ransomware. So I'm going to chalk that up to being a win for edr, basically.
Adam Boileau
Yeah, no, I think so. Overall, the trends in this are actually pretty reassuring in a way. Like the fact that it is, you know, weird outlier, unmanaged stuff and human driven, like all the automated stuff really hasn't survived the last few years improvements. So I mean we are making progress slowly. But is it enough? Probably not.
Patrick Gray
Now we got some reporting from Darina Antonik over at the Record and also Antoniok over at the Record and also from our very own colleague Catalyn Kimpanu looking at an attack by Ukrainians against Russia's court system that actually looks pretty devastating.
Adam Boileau
Yes, it looked like the BO team, which is some kind of, you know, hacktivist crew that seems to cooperate with Ukrainian intelligence services, hacked the computers of the justice system over there that runs the courts and so on, deleted all their servers and appeared to have deleted all their backups, according to some reporting from Catalan. And, yeah, they are dead in the water for a little bit. They're saying they're going to build out a new system to run their courts. And, you know, that may happen at some point later this month. But, yeah, I mean, Ukraine's definitely been whacking Russia pretty hard with, with some of this, you know, kind of hacktivist sort of stuff.
Patrick Gray
Yeah, it couldn't have happened to a nicer bunch of people. Right. Basically. So, you know, that one looks like it will really gum up the works and just make things tough. Obviously, none of this stuff really moves the needle in a war like this, but it is a level of harassment that people are going to feel staying in Ukraine as well. Ilya Vichyuk, who has been on this show, he ran cyber for sbu. There were some corruption allegations made against him earlier this year. He wound up being sent to the front, and then I think he was fired from his post by the president. The anti corruption organization in Ukraine has essentially cleared him of having more wealth than he should. They found no discrepancies between the value of the property owned by Vichuk and his family and the legitimate income. That could indicate an unjustified acquisition of assets. So it looks like, I mean, I'm guessing he's going to be cycled back into a senior intelligence position.
Adam Boileau
Yeah, I would imagine so. And, you know, it seems like he's been pretty effective in the roles that he's done so far. And, you know, I. I guess if he's been cleared, then, then good for him. And, you know, it'd be nice to be back in an office instead of out in a trench or wherever it was that he got posted to.
Patrick Gray
Yeah, I mean, no word on. There were other allegations made that he'd attempted to have the journalists who were looking at him, like, mobilized to the front. There's been no update on that. But, you know, I think it. It certainly looks like, you know, he's. He's in the clear by the looks of things. So we'll just have to see what, you know, what. Where he pops up again. So. Yeah, good one to circle back on. Let's see the Trump campaign. This is interesting, actually. Donald Trump's election campaign is using some specialized secure phones from a company based in California called Greenhill Software, and they've been around a while and it looks like really what they're using is an ultra slimmed down, an ultra slimmed down sort of Android, you know, ultra slimmed down Android devices, which seems to be the approach when you want this sort of specialized hardware. I just thought this was interesting that, you know, election campaigns have kind of learned the lesson, especially with all of the heat Trump in particular is facing from the Iranians. It makes sense that they'd do this.
Adam Boileau
Yeah, it does. And you know, the sort of bigger questions for, you know, like is this a thing that governments should provide for political parties more generally? Like should, is this kind of, should this be table stakes for being a major political party? Like that you get some kind of technical support or you have to go fund it yourself and buy this off the shelf and is that appropriate? But the Green Hill software make a bunch of embedded real time operating systems for military aircraft and ships and equipment like that. So they are pretty mature in that kind of very robust computing space, whether they're Android. You know, it's kind of up to that level. Like it's hard to build a mobile phone that lets you truth social at the same time as being robust. Right. But they have some things where like groups of users that use these phones can only communicate with each other. So presumably there's some kind of network level controls to try and make it not more generally reachable from the Internet. So I'm sure there are a bunch of really smart things you can do. But on the other hand, political campaigns do got to get out there and communicate with people and you know, there are humans in the loop too. So you know, hopefully it makes things better for them.
Patrick Gray
But yeah, yeah, I mean we don't.
Adam Boileau
Need hard problem to solve.
Patrick Gray
Nobody needs like even non Americans. We don't need interference in the US election. You know what I mean? The United States is an important country. So I think it's good if this helps the Trump campaign lock stuff down. That's good for everybody, even people who don't support him.
Adam Boileau
Yep, agree.
Patrick Gray
Now onto one of my favorite stories this week. I got two favorites. This is definitely one of them. And surprised it didn't get more attention, to be honest. But the FBI, I ran a sting in the crypto space that is just so funny. They actually set up their own crypto token and it's called what is it Next Fund AI. Right. So this was a sting operation. So they set up this token and posed as people who'd created this token and went out to all of these sort of consultants and crypto companies and said, what can you do to help our token succeed? And the answer among all of these companies universally was crimes. We can do crimes for you. Let's do some crimes. Pay us here and here are the crimes we're going to commit for you. And yeah, they committed the crimes and like did a bunch of wash trading, market manipulation on these, on these FBI crypto tokens and now they've all been indicted. It's just, it's so funny that it's.
Adam Boileau
A beautiful thing and the, the United States like DOJ put out the, you know, details of the indictment or whatever and there's like meme pictures of Pepe pumping, you know, pumping it up in there from their internal chat from some of the companies that were doing these pump and dumps. So, you know, it's very hard to look at a thing like this and not feel like the entire crypto ecosystem is just one big crime scam. Like if, you know, you are struggling at this point to find a legitimate use for cryptocurrency anywhere, I think and the fact that anyone who provides any services around it in the end is just going to be doing crimes, you know, I'm happy for some people to get their comeuppance.
Patrick Gray
It is hard to find good job. It is hard to find legitimate uses. Like it really is ones that matter, you know, I mean even for international remittance, like that's so easy these days. I mean, you know, we're an Australia based company that has US based customers with employees in Australia, New Zealand and Romania and it's not a problem. Right. It would cost me more to send this money via crypto than it does through, you know, normal Fiat services. So yeah, anyway, that's just how it is. Okay, now we're into the enterprise crapware part of the discussion. Talk to me about the criticals in Fortinet products that are everywhere. The criticals in Palo Alto, the comedy bugs in a Palo Alto product called Expedition, and also what's going on with Ivanti. Let's just combine this into one globule of horror.
Adam Boileau
Horrific fail. Yes. So there are I think four bugs in Fortinet products that are on the scissor kev list. Now as of the most recent update to that, some of the bugs are funny. Of course, one of them is like a straight up format string in the management service, which is a beautiful, just, you know, like what year is it that there are exploitable format string bugs? So that's a good time. There's a Write up. We've linked through to from Watchtowers, Watchtower Labs, which is a like very sassy write up of them reverse engineering one of these bugs so that they can implement detection for it in their products. And they talk through all of the. Just deep comedy involved in looking in the governance of Fortinet products. The Palo Alto one though, like I had missed this one and you linked it to me after you got back. You were meant to be on holiday and not looking at computers, but anyway you linked.
Patrick Gray
I can't believe you missed this one, man. Because it was so funny. It was just like. What was it? It was. Yeah, like you can whack a cron job into a get request and just fire.
Adam Boileau
And it does. So this is a set of bugs in a product called Palo Alto Expedition, which no one has ever heard of, which is their tool for migrating other vendors firewalls to Palo Alto. So like you, it's a like web app that you install on some like Linux VM or whatever and then you log into it, give it creds for all of your old devices and your new palos and it migrates configs across for you. And if you were silly enough to put this on the Internet, which some people are, then it just, it was comedy bugs all the way down. There was a thing where you could like unorth, reset the password to Palo Alto and then from there bootstrap your way up with a cron job for command exec and some SQL injection and steel creds and cleartext passwords for the devices that you are going to migrate. So if you have this thing on the Internet and you've used it, people can just compromise all of your other devices. And according to Shodan, at least 23 people have put this thing on the Internet. So bad news bears for them.
Patrick Gray
Yeah, I mean you say on the Internet, sure, but I mean even internally.
Adam Boileau
Oh yeah.
Patrick Gray
I mean you want some persistence.
Adam Boileau
I mean you want some lawful intercept access. Yeah, I mean, yeah, like any. If someone can see one of these things, then yes, you are definitely going to have a bad time. And it's just like, come on Palo, really? And this thing is all written in php, which is one of the reasons that some of these bugs are just terrible. Because this bad SQL query construction and making cron jobs with no auth. And. And it's just. Yeah, dumb. So bad, bad Palo. No biscuit.
Patrick Gray
Yeah. And more Ivanti drama as well.
Adam Boileau
And yet more Avanti dramas. So yeah, a bit. Actually I think maybe Avanti was one that had four entries on Sisak rather than Fortinet. But either way, bad times if you have that on the outside of your network. But by this point, like if you have an Ivanti Cloud service, whatever it's called, Cloud Service Manager, like you must be used to either patching it or doing incident response by now. And either way you must be pretty polished at both. So that's a glass full.
Patrick Gray
I mean, think about what Ivanti is doing for the state of the art in incident response. You know, think about that plus the.
Adam Boileau
State of the wallets of all of the incident responders. So, yeah, good job. Thanks, Ivanti. All my incident response pals chuckling it up all the way to the bank.
Patrick Gray
Now, I mentioned that I had two favorite stories this week. This is my other favorite where this person's written it up. He claims to be a guy called Daniel who's 15 years old. Obviously I haven't reached out to confirm this, but we'll just take it on faith that this is a 15 year old bug hunter, you know, does a bit of bug hunting in his spare time. And he found this bug in Zendesk which would allow you to sort of extract tickets, right? And because they weren't doing validation, the correct amount of email validation, whatnot, right? So he reports it to them and they're like, yeah, go away, this is out of scope, we don't care. So then he figures out how to turn this bug into like access to a company's Slack and then starts reporting it to those end users of Zendesk and he makes like 50 grand in bounties. And at this point, that's when Zendesk threw HackerOne circle back. And they're like, well, hey, maybe you just want to stop, you know, talking about this and stop doing these things. And eventually they patched it. They didn't give him a bounty because he took it. Like he violated HackerOne's confidentiality, even though they weren't going to patch it in the first place anyway, the whole thing, just as a story, is hilarious. End result though is this kid gets 50k. Zendesk look like idiots because they kind of blew him off when they shouldn't have. And you know, if I'm those customers who had to pay up bounties on this for a bug that was already reported to them by the same person, I'm thinking I'm going to ask Zendesk for, you know, my money back basically at this point. Like, what did you think of all of this?
Adam Boileau
I mean, I always love a great disclosure Drama that's, you know, a bug reporting drama. That's always fun. And this, you know, my experience of reporting bugs kind of mirrors this. You end up with, you know, a bug being triaged, you know, to the letter of the lore of the bug bounty program. In this case, like, the bug basically involves spoofing email and Zendesk's bug Bounty program with HackerOne excluded, like DKIM and SPF and other email issues. And that's because there are so many people who spam every bug bounty program in the world with bogus SPF and DKIM reports that are pointless and add no value. So they just put that on the, like out of scope. But in this case, you should have looked at this bug and triaged it a little more sensibly, in my opinion. So, you know, in that respect.
Patrick Gray
Well, my favorite part is where the HackerOne people came back and they're like, but you didn't tell us you could use it to do, you know, for like Slack takeover. It's like, well, you know, use your imaginations.
Adam Boileau
Yeah. And I mean, that's kind of what you're paying HackerOne for is to be able to make sensible triage choices. And I have a lot of sympathy with people who do bug bounty triage for hackone and other places like that.
Patrick Gray
It's hard to do at scale. Right. Which is why that whole industry exists in the first place. So, I mean, you know, I'm not going to sit here and say, oh, that person doing triage was terrible and whatever, you know, because it happens like, as you, as you point out, but still, like this, we can still chalk this one up as a miss.
Adam Boileau
Yes. Yeah, exactly. And, you know, I think maybe they could have given the kid a little bit more money rather than just saying $0.
Patrick Gray
Yeah, they took their bat and ball and went home in a huff basically, which, yeah, not exactly classy, but, you know, if you're one of the Zendesk customers who paid a bounty to this kid, I'd be, I'd be asking for some free licensing in the, in the equivalent value to what you paid out on this, because that's, you know, Come on.
Adam Boileau
Yeah, agreed.
Patrick Gray
Now, I don't know if this is disclosure drama, just some stuff that got mixed up, lost in translation or whatever. There was a bunch of reporting that a recently patched Firefox O Day was being exploited in the wild against Tor browser users. And that's how the reporting went. Grok even had a good joke about it, which is like, well, if you got Oday And Firefox, who else are you going to use it against? Right, so that was good. But you know, and I think this came from the Tor project itself saying that, you know, this bug could be used in that way. I don't know where the miscommunication started, but that's what all the reporting was. And in the end Tors come out and said, oh, we've got actually no evidence that it was reported in the wild. And Mozilla's come out and said no. So it looks like that was all a big nothing burger.
Adam Boileau
Yeah, like Mozilla said they had seen it being exploited in the wild, but not specifically against Tor browser. And then at some point wires got crossed and that got, you know, kind of claimed that it was against Tor browser after all, I think maybe by the tails people which are part of Tor project these days. So yeah, in the end I think Gruk really has the point here, which is that it may not be confirmed that it was being used against Tor browser, but I mean, what else are you going to use it for? So either way, you know, if you rely on Tor browser, you should definitely patch a Firefox frequently.
Patrick Gray
Yep, indeed. Now we got a report here from Dan Gooden at Ars about some malware that looks like it's designed to hop air gaps. It's being attributed to Russia.
Adam Boileau
Yeah, this was for some research from eset, following up on a piece of malware that was, I think originally written by Kaspersky. And this was, you know, an intelligence crew that was doing air gap jumping, collecting data and exfiling it back out through USB keys. And this particular actor has been doing this with I think, a whole, you know, kind of basically two separate tool chains over a number of years. And ESET wrote it up having found it in a South Asian embassy in Belarus. And you know, the malware itself, you know, the actual air gap jumping part of it, like the USB infection is if, you know, it's one of those, it's not dumb if it works, but it's kind of dumb. But the rest of the tooling all is pretty polished for doing what it needs to do. And it's always interesting to see a good write up of these, but I don't know, we haven't really seen it in widespread. Like it's not a thing that most people need to worry about because most people aren't worried about USB air gap jumping malware, but still legit. Interesting to read the details.
Patrick Gray
Yeah, yeah. And one more we got here from Krebs on security. Brian Krebs has. This is an interesting report actually because it, you know, you and I have been talking about this before we got recording and it's just proof that people will always find a way to monetize vulnerable systems. Right. And he's, he's got this report here where attackers are essentially reselling access to large language models. So they're taking over like, you know, commercial LLMs and then reselling that access to people so they can have like AI girlfriends that are like children and like. But yeah, you know, the, the interesting part for the purposes of our discussion here are that, yeah, I mean if you, if, if they can breach it, they'll monetize it, right. It reminds me of like back in the day when people would get illicit access to telcos and then they, they'd, they'd plug that access into like a calling card system and they'd sell calling cards. So, you know, you'd sell someone, you know, 100 minutes for 20 bucks or whatever and they would use it until you got evicted and then what are they going to do? Get their money back? But this is how you would get, you know, discounted calling back in the day. So this is interesting, isn't it, that, that people are stealing access to LLMs. You know, we see people steal compute for things like crypto mining and now they're selling access to, you know, compromised LLMs and they're taking some of the safeguards off them to allow them to be used for this purpose. And you know, that, that's a whole new criminal cottage industry.
Adam Boileau
Yeah, yeah, it is. It's the, you know, so much of what we report on follows the ability to monetize. And you know, that's where ransomware was, you know, so innovative was it was a way to monetize access to computer systems where previously CPU crypto mining or you know, end user kind of consumer ransomwaring, which didn't make particularly much money. So anywhere where we see innovation in extracting value from hacking is going to push, you know, the trends in the crime world. And I just thought this was really interesting because. Exactly that stealing access to LLMs or anything else where, you know, a bunch of AI resource, be it at runtime or building model time, can be stolen and monetized. Then, you know, we'll see new crime types. So, you know, in this case it was like Amazon. People who used Amazon's things were having their compute stolen. I think researchers from Permiso leak on purpose leaked their tokens on GitHub or wherever to wait and See what would happen. And then they watched. And that's how they kind of tracked down who was stealing their, you know, was losing their Amazon account and where it was ending up being used to run, you know, sex chatbots or whatever else. But, you know, probably higher value than CPU crypto mining. So, yeah, innovative. Good job.
Patrick Gray
Well, you can't crypto mine with an LLM really. Like they can't even do basic multiplication as it turns out. It's funny actually, Permisso were just in our last round of Snake Oilers. The last, the last batch. And yeah, they're X fireeye people. They're pretty smart. Smart folks.
Adam Boileau
You got that impression.
Patrick Gray
Yeah, yeah, yeah. So, I mean, it's all. It's just bizarre. It's just. What a world. Before we go though, there's a. There's a long read that you wanted to talk about. It's a report from the Washington Post called the Cyber Sleuth and looks at an IRS investigator who does blockchain stuff. And you say this one's a really good, long read.
Adam Boileau
Yeah, it's a very long read. And it's actually written by a fiction author. It's a non fiction story, but written by a fictional author. It's quite a nice piece of prose. And if you have friends or acquaintances or whatever, and you're trying to explain what it is you do if you're a blockchain investigator or crypto criminals or whatever else worth sharing to them. But it's the story of this guy that's an IRS investigator also ties in with a bunch of other people. Like that guy that's currently being held in Zimbabwe or wherever it was. Nigeria. The guy was being held in Nigeria that used to be an IRS investigator and then being held political prisoner there. There's just a bunch of interesting bits that touch on things we've talked about. So if you want a lunchtime read, I would definitely recommend giving it a go.
Patrick Gray
All right, well, I'll whack a link in this week's show notes, but Adam Boilor, that is it for this week's news. We've managed to keep it pretty tight considering we've been on break for a while. But we were very brutal in organizing this week's run sheet and it's paid dividends because the show's not an hour and a half. So that's great, mate. But yeah, we'll wrap it up there and I'll look forward to speaking to you again next week.
Adam Boileau
Yeah, thanks very much, Pat. I will talk to you then.
Patrick Gray
That was Adam Boileau there with a check of the week's security news. It is time for this week's sponsor interview now with Casey Hill, who is a product manager at Panther. And Panther makes one of these sort of more new fangled, you know, detection as code based seams, more cutting edge than the stuff we're seeing out of the likes of Google and Microsoft who are kind of doing cloud splunk, if you want to, you know, describe it really. Panther is much more about doing high volume logs and whatnot. And this conversation with Casey is an interesting one. It's really about how, you know, there are new models coming out for siem. Basically over the last few years we've seen people, you know, various companies encourage people to set up data lakes and just put all your logs in a data lake and then what do you do from there? What, query it with SQL? Like that hasn't worked out so well. So Panther's sort of somewhere in the middle of those approaches where they can help you set up those data lakes and then really help you to query them and build detections and things like that. But Casey joined me for this conversation really about those same trends and what the seam of the future is going to look like. I hope you enjoy this interview.
Casey Hill
Two years ago, we were pretty early in the space, so there were a lot of homegrown solutions where people were starting to look at how they could play with some of the new data storage mechanisms like data lakes and push all their data there and then leverage things like SQL to search through it. But what we've seen is more and more folks are starting to transition in this way and it's not just homegrown solutions anymore. So we've seen other competitors start to really emulate a lot of things that we're doing around some of the infrastructure as well as leveraging things like Python so that you can run real time streaming detections.
Patrick Gray
I mean, I found I remember the whole data lake thing, right? And everyone was like, it reminds me of that old joke, right? Like step one, stick everything in a data lake. Step two, question marks, step three, stop attackers, right? Like it always seemed like that whole thing was more being driven by your sort of elastics and snowflakes of the world, which as a way to sell their product, right? Which is just throw all of your logs in here and figure out what to do with them, what to do with them later. I mean, is that, is that approach just throw them, throw everything into a data lake and like think of something later. Is that, is that dead and buried yet.
Casey Hill
I would say that is not fully dead and buried, but it is on its way. I think one of the things that we've actually seen is some competitors even look at things as, oh, either you can, we can throw it in the data lake for you, or if it's already in your data lake, that's fine, we'll just sit on top of it. But that's actually a huge challenge is if you don't actually have the data structured in a way that makes sense and is actually useful for you to then analyze, then you're just spending time elsewhere in terms of cleaning that data up and making sure that you have good data hygiene.
Patrick Gray
But Casey, the pamphlet told me that I didn't need to structure the data. That's the whole point of having a data lake.
Casey Hill
Exactly right. It's just supposed to magically work itself into the shape that you need it and patterns across it for you.
Patrick Gray
Yeah, yeah, exactly. So, so, okay, you mentioned that, you know, you were early to this party. Others are they taking a similar sort of approach now, which is it's, it's about, yeah. Getting things into some sort of sensible form when they're stored so that you can like run some standard queries and detections on it. I mean, I guess what I'm asking is, is there a bit of a consensus for what, you know, future SIEM should look like? Because for the last few years it's kind of looked like, you know, backstory from Google and Sentinel from Microsoft. But I guess at least with those, you know, those major platforms, they've got the option to move in this direction as well in the future. But yeah, I'm just really trying to get a sense for where the innovation's going here.
Casey Hill
Yeah, so we've seen obviously platform play has become extremely important across both just security vendors, but then obviously the cloud providers, as it's an easy tack on, we're looking at security leaders are often looking for how do I consolidate different things, especially if I have a number of different point solutions. But one of the things that we consistently see where customers are coming to us or prospects are coming to us and they're having frustrations with some of those is usually it's a little bit clunky. So one is just the ability to actually set up, the ability to ultimately get that data in the structure that you need it, and then the ability to ingest data that's not within that particular cloud environment. It's another. And so ultimately, ownership has become a really important thing for a number of Our customers is they want to have more flexibility about not just what data they're ingesting, but ultimately how it gets stored and you know, where they can actually take that data with them after, you know, either they've decided they need it only for compliance purposes after the fact, or they might want to be able to have some sort of flexibility with ultimately the, the data store.
Patrick Gray
So do you actually have customers who are using you to take like application logs and whatever, you know, whip them into something sensible and then pump that onwards into those, into those platforms that I mentioned? Is that, is that a use case?
Casey Hill
So we see some customers will do. They'll basically bifurcate certain data. So they'll say, okay, I want to keep all my security data continuing to go into Snowflake, for example, with Panther. And then I also want to duplicate data into say like S3 so that I can keep it there for compliance purposes. So for example, I might say, okay, this is for PCI compliance. I need to go ahead and store this, but I'm not regularly accessing this and so I just want to dump this into.
Patrick Gray
You need to check, check the box. So, so when the auditor comes around and says, where is this data? You say there it is in that bucket over there. And they say yes and they tick the form.
Casey Hill
Yep, exactly. You know how that goes.
Patrick Gray
Yeah, I do. I guess what I was asking though is more whether or not people are using stuff like Panther as a sort of hop point right between the application and some of these newer cloud seams from the likes of Google and Microsoft.
Casey Hill
So we'll see not as much in terms of like if you're saying downstream consumption into like a Google Chronicle or a Microsoft set, we don't see that as much. We actually see more like questions around, especially with some GCP customers recently of okay, how can I either run CAN within GCP so that I can actually use up some of the credits that I've already purchased there or how can I use it as a sort of side by side so that things that I need either high volume or I need really quick response, those will be different workloads that they'll actually transfer over sometimes from like a Chronicle into Pinter so that they have more of the real time analysis and they can also do so in a more cost effective manner.
Patrick Gray
Yeah, I mean that's why I asked, right? Because as I said like it looked for a while like, oh, you know, we'd worked out what the future of SIEM was going to be and it was basically going to Be like cloud splunk. Right. Which was, you know, a bit of a, bit of a disappointment really when you look at the, you know, the next iteration of a seam is like. Well it's like the same thing but it's in the cloud now. So yeah, that's why I was wondering, you know, just where that fits among the type of customers who are, you know, using your stuff. And really, you know, a company like yours, increasingly you're ticking off what are going to be the requirements of, you know, the enterprise of the future. Right. Which is more high volume logs, more custom applications, you know. Yeah, more custom logging. Right. So like you pointed out like very early on, before we got, before we even got recording, it's not a case of storing and looking at firewall and router logs anymore and enriched with a bit of coralite data. That's not what SIEM is about in the future.
Casey Hill
Yeah, you're absolutely right there. And one of the things we've seen too is we've seen a gradual shift towards more security engineering and more technical chops in some of the Personas. But it's not a full on migration, everyone immediately picking up Python or SQL. And so that's something that we've observed and why that's important is when you think about the makeup of certain security teams, the sort of security team of the future or some of the enterprises of the future that you mentioned, that's something that we're starting to see evolve. So we'll see a lot of our customers that jump in and they really start to do well are oftentimes those that are cloud native, they're doing a bunch of terabytes of data per month, sometimes even per day. And they have a sort of more, I would say even keeled approach in terms of security analysts and security engineers. It's more of a balanced team than you might see in a little bit older companies. And so that ultimately makes it so that they're looking for, okay, how can I have a SIM that allows me to do things that are a little bit more high leverage with my security engineers? So think about like how can I deploy things like infrastructure as code type workflows for when I'm setting up different log sources? How can I make sure that I also have resilience that can also ultimately be built into more of like a CI CD8 pipeline?
Patrick Gray
It's interesting that you're talking about basically terraforming a network to handle your logs. I mean you're talking about a lot of logs here, right? Once you start Needing to terraform something. Terraform stuff to make that work.
Casey Hill
Absolutely. We're talking about a significant number of logs and we're talking about a lot of different custom logs as well as something that we've started to see a lot of different customers have, which is one of the things that actually, it sounds very, maybe nuanced or niche, but it's actually really important when you're thinking about how do I get up and running and I'm not just sitting there and mapping exercises to make sure that I have everything formatted the way that I need. And so that's an area that we actually do a pretty good job of getting folks up and running using things like inferring the schemas from the data, that sort of thing.
Patrick Gray
Yeah, but I mean, that's the thing, isn't it? I mean, it really is that data lake approach, but instead of just saying throw it all in a data lake and then, I don't know, write some queries, that's up to you. The idea is this is more of a toolset, isn't it, that can help people through that process of storing things sensibly. And then, I mean, in terms of detections, when you've got people using custom logs from custom applications, I imagine it's a little bit difficult for you as a SIEM vendor to have pre canned detections that they can run against those, you know, data stores. So how does that work? Do you have like detection builders or are there pre canned ones that once you've stuffed their stuff into the, you know, inferred the schema, there are still some pre canned detections that'll work like, you know, give us a indication of where the effort is there.
Casey Hill
Yeah, so we, we see a lot of folks who use our auditorium out of the box detection content for sort of a jumping off point. So they'll look at that as almost like, okay, here's a boilerplate of what it might look like to view a failed login or look at when possibly there's data exfiltration in terms of just how would I actually look at and do a quick comparison? And so oftentimes they'll use our out of the box content to then jump into things that they want to do on their custom log sources. One of the nice things is we've started to simplify just how you can actually get your hands on and look at that data within the console so that you can start to look through examples really easily. And then one of the things that we've actually started to roll out is a new Python library that ultimately supports the way that we do detections. And that's really, really helpful when you think about, okay, I want to actually take something that Panther produced and then I want to inherit from that certain conditional logic, but then I might want to adapt it. And so that can work in certain instances. Like for example, if you're extending maybe different AWS rules that maybe we already produced, like an AWS ALB rule, for example.
Patrick Gray
Now, I'd imagine too we're going to wrap it up shortly because we are running out of time. But I'd imagine that among your customer base would certainly be some of the Silicon Valley type of companies. Right. Because everything that you're describing just makes me think of like the intro montage to the Silicon Valley TV show with all of those logos. Right, because they're the, they're the orgs that are going to use that. Is that about right for now or are you seeing a lot of traditional enterprise as well?
Casey Hill
That is right. In terms of a lot of the folks that onboarded with us early are still with us. And a lot of what we've seen in terms of growth is with that type of cohort. They're much more familiar with just kind of the actual infrastructure. And oftentimes they've actually gone down the route of we tried a homegrown solution and we realized it's a lot harder than maybe we thought in order to sit there and maintain that level of data ingestion, let alone build out a bunch of different connectors. And then that's not even taken into account all the downstream, which, you know, then you're looking at a lot of. Okay, I need to both write my detections, but then I also want to make sure that we actually have the time and capacity to think about how do we quicken the pace of being able to resolve alerts once they happen. And so that's where we have seen a lot of success with those type of kind of more forward thinking high tech companies.
Patrick Gray
Yeah. All right, well, Casey Hill, thanks a lot for joining us to walk us through a bunch of that. It's really interesting stuff. Yeah, I do find Panther really interesting. I think it's like one of those. Yeah. One of those tools where the people who need it, they really do need it, which is always a good thing. But yeah, thanks a lot for joining us to walk us through all of that. Appreciate it.
Casey Hill
Thanks, Patrick. Appreciate the time.
Patrick Gray
That was Casey Hill there from Panther. Big thanks to him for that. Big thanks to Panther for being this week's Risky Business sponsor, and you could find them@Pantherio and that is it for this week's show. I do hope you enjoyed it. I'll be back on deck next week with Adam to do more Risky Business. But until then, I've been Patrick Gray. Thanks for listening.
Risky Business #766 – China Hacks America's Lawful Intercept Systems
Release Date: October 16, 2024
Hosts: Patrick Gray and Adam Boileau
Patrick Gray welcomes listeners back to "Risky Business" after a short hiatus, sharing anecdotes from his time off in New South Wales, Australia. He introduces this episode's sponsor, Panther, and previews an upcoming discussion on the future of Security Information and Event Management (SIEM).
[00:04 - 05:12]
Patrick Gray opens the episode by addressing inquiries from listeners about his unexpected break. He then transitions into the week's main story, where Chinese Advanced Persistent Threat (APT) actors have reportedly breached components of American telecommunications lawful intercept systems, such as those used by AT&T, Verizon, and Lumen. The primary concern is not the potential for direct wiretapping, but rather the ability to identify targets of FBI surveillance.
Notable Quotes:
Patrick Gray [04:19]:
“Are we going to argue seriously that the FBI shouldn't be able to tap phones with a warrant?”
Adam Boileau [03:19]:
“Access to lawful intercept is a thing that a very powerful B. A traditional target of intelligence agencies.”
Discussion Highlights:
China's Objectives:
Both hosts agree that the breach likely serves counterintelligence purposes, allowing China to identify who is being monitored by U.S. authorities rather than conducting their own wiretaps.
Historical Context:
Adam references past operations like Operation Aurora (2008-2009) to illustrate the longstanding nature of such intelligence activities.
Complexity of the Breach:
They discuss the technical challenges of breaching multiple telcos and the sophistication required to access and manipulate lawful intercept systems.
Adam's Penetration Testing Story [07:21 - 11:24]:
Adam shares a personal anecdote about attempting to breach a lawful intercept system during his tenure as a penetration tester. Despite robust security measures, he eventually gained root access through a serial connection, highlighting the persistent vulnerabilities in such critical systems.
[07:40 - 12:42]
The Internet Archive experienced a significant data breach affecting over 30 million users, followed by a DDoS attack purportedly from a Russian group motivated by the Palestinian cause. While the compromised passwords were bcrypt hashed, Adam notes that the sheer volume still poses a threat:
[12:42 - 17:17]
Patrick critiques Microsoft's comprehensive threat report, focusing on confusing statistics related to ransomware. He questions the assertion of a "threefold decrease in ransomware attacks reaching the encryption stage," expressing frustration over ambiguous metrics.
[17:17 - 20:37]
An attack by Ukrainian-affiliated hackers, likely in collaboration with Ukrainian intelligence, targeted Russian court systems, resulting in server and backup deletions. Patrick remarks on the ongoing cyber harassment amid the geopolitical conflict.
[20:37 - 23:07]
Donald Trump's election campaign is utilizing specialized secure phones from Greenhill Software to safeguard communications against potential foreign interference. The discussion touches on broader implications for political cybersecurity and the potential need for government support in securing political entities.
[23:07 - 24:45]
The FBI orchestrated a sting operation by creating a crypto token named "Next Fund AI," enticing cybercriminals to engage in illicit activities. This operation successfully led to multiple indictments, highlighting the pervasive criminality within the crypto ecosystem.
[24:45 - 28:43]
Adam discusses critical vulnerabilities found in Fortinet and Palo Alto products, including exploitable format string bugs and insecure web application configurations. These flaws underscore significant security oversights in widely-used enterprise security tools.
[28:43 - 32:29]
A purported 15-year-old bug hunter named Daniel discovered a vulnerability in Zendesk that allowed access to company Slack accounts. After initial dismissal from Zendesk's bug bounty program, Daniel exploited the flaw to earn substantial bounties, exposing weaknesses in bug triaging processes.
Notable Quote:
[32:29 - 33:48]
A recently patched Firefox zero-day was inaccurately reported as being exploited against Tor Browser users. Both Tor and Mozilla clarified the misinformation, revealing that the exploitation claims were unfounded.
[33:48 - 35:05]
ESET reports on sophisticated malware attributed to Russia, designed to bypass air-gapped systems via USB keys. This malware targets high-security environments like embassies but remains a niche threat.
[35:05 - 37:48]
Brian Krebs highlights how attackers are hijacking access to large language models (LLMs) and reselling it for illicit purposes, such as creating AI-driven chatbots. This innovation marks a new trend in cybercriminal monetization strategies.
Notable Quote:
[38:04 - 39:10]
Patrick recommends a Washington Post feature about an IRS investigator involved in blockchain investigations, offering insights into the complexities of blockchain forensics and crypto-related criminal activities.
[40:47 - 53:29]
Patrick Gray conducts an in-depth interview with Casey Hill, Product Manager at Panther, focusing on the evolution and future of SIEM solutions.
Key Discussion Points:
Shift Beyond Data Lakes:
Historically, organizations relied on data lakes to store vast amounts of logs with minimal structure, which often led to inefficiencies. Casey explains that while data lakes are not entirely obsolete, there's a growing need for structured data formats to facilitate meaningful analysis.
Panther’s Innovative Approach:
Panther emphasizes organizing data effectively for real-time analysis and detection, moving away from the traditional "throw it all into a data lake" methodology. They assist customers in structuring and querying high-volume, custom logs efficiently.
Future SIEM Trends:
The future of SIEM lies in enhanced security engineering and technical proficiency within security teams. Panther supports this by providing flexible data ingestion, infrastructure as code workflows, and real-time detection capabilities.
Customer Use Cases:
Panther caters primarily to cloud-native, high-tech companies dealing with terabytes of data monthly. These organizations benefit from Panther's ability to manage extensive log data and integrate seamlessly with existing cloud infrastructure.
Notable Quote:
Patrick Gray wraps up the episode by thanking Adam Boileau for his insightful news segment and expressing gratitude to Panther for their sponsorship. He highlights the episode's efficient structure and previews next week's show, promising more in-depth security discussions.
Notable Quote:
Final Thoughts
In this episode, Patrick Gray and Adam Boileau provide a comprehensive overview of significant cybersecurity threats and developments, with a particular focus on China's infiltration of American lawful intercept systems. The discussion is enriched by personal anecdotes, critical analysis of industry reports, and an expert interview with Panther's Casey Hill, offering listeners valuable insights into the evolving landscape of information security.