Talkin' About [Infosec] News, Powered by Black Hills Information Security
Episode: 2024-12-16 - ChickenSec News Part 3
Release Date: December 18, 2024
Hosts: Black Hills Information Security Team (John, Jerry, Ryan, Tim, Kelly, Joff, Bronwyn, Corey, Alex)

1. Introduction and Awards Recognition

The episode kicks off with a light-hearted banter among the hosts, quickly transitioning to celebratory news. The team proudly announces their victory at the 2024 Sans Difference Maker Awards, securing the Podcast of the Year title.

Ryan (13:28): "We were able to narrowly pull it off. My wife was there. Ryan and Ralph were in the audience. We spent some time together and definitely appreciate it."

Jerry humorously refers to Ryan as "the key master," adding to the camaraderie.

Jerry (14:13): "Are you the key master?"

2. Major News Stories

a. $50 Million Radiant Heist Blamed on North Korean Hackers

The team delves into a significant cyber heist attributed to North Korean actors, highlighting the evolving sophistication of nation-state cyber threats.

Kelly (14:48): "So the next story that I want to talk about, if it's okay, is, and I hate this going into politics, but I think that there's a lot to talk about. But Trump administration wants to go on cyber offensive against China."

The discussion touches on the complexities of attributing cyberattacks to state actors, considering the possibility of North Korean operations being conducted from Russia or in collaboration with other cybercrime syndicates.

John (16:30): "The North Korea thing, I was, it always, it amazes me because it's, it traditionally skipping them. But your nation state actor and your, your cybercrime actor have very different goals."

b. Ohio's Boneless Chicken Wings Lawsuit

A quirky yet impactful story revolves around a lawsuit in Ohio where a court ruled that boneless chicken wings could contain actual bones, a decision upheld by the Supreme Court in a narrow 4-3 vote.

Jerry (00:55): "A while ago, a court in Ohio actually ruled that boneless chicken wings don't have to be boneless. And now their Supreme Court just upheld that in a 4, 3 vote."

The hosts humorously speculate on future legal battles over mislabeling meat products.

John (01:25): "I also want to know if the boneless chicken wings do not have to contain. If the whole thing is just. They're all just suggestion."

c. BlackBerry's Acquisition of Silence and Arctic Wolf's Purchase

A significant discussion about BlackBerry selling its cybersecurity division, Silence, to Arctic Wolf for a fraction of its original value. The hosts analyze the implications of this acquisition on the cybersecurity market and service offerings.

Ryan (48:56): "BlackBerry bought Silence in 2019 for $1.4 billion. So somebody is absolutely taking a bath on this. I mean, like five years ago they spent 1.4 billion, and now it's on like the front lawn at a yard sale and they're like, ah, what do you. 160. You'll take it."

The conversation also touches on Arctic Wolf's strategy to strengthen their position in the market by integrating Silence's technologies.

d. Europol's Takedown of a Major DDoS-for-Hire Network

Celebrating a positive stride in cybersecurity, the team discusses Europol's successful shutdown of the RideX cybercrime marketplace, which catered to 300 users across 15 countries.

Corey (52:28): "DDoS, I will say, has become kind of like the default way of getting hacked. It seems like if anyone stuff goes down, they just assume it's a DDoS."

The collaboration between international law enforcement agencies is commended as a model for future operations.

Ryan (53:09): "I love the cross collaboration because I don't know if you guys have ever read or listened to the audiobook of Andy Greenberg's Tracers in the Dark, where he talks about cryptocurrency. It's a phenomenal book."

3. Financial Impacts of Data Breaches

A deep dive into how data breaches affect companies differently based on their size and resources. The discussion highlights that while large corporations might recover swiftly from incidents, small and medium-sized businesses often face existential threats.

Bronwyn (40:48): "Small and medium sized companies that have any type of an incident, especially a breach, 60 something percent of them go under, usually within a year."

The team reflects on incident fatigue in the industry, noting the normalization of breaches and the varying degrees of financial repercussions.

Ryan (37:00): "It's like a bitcoin. It looks like one year. It was like their all time high. Today they're at 388. So yeah, we're like, seriously, you know, Jerry, if you were, if you were playing that game of selling them like right at the bottom, you would have made out like a freaking bandit."

4. Intelligence Sharing and Cyber Offensives

Kelly and Tim engage in a critical discussion about the United States' stance on cyber offensives, particularly against China. They examine the bureaucratic challenges within the U.S. intelligence community that hinder effective information sharing and proactive cyber strategies.

Kelly (21:34): "One of the problems with Chinese, whenever we're talking about Chinese hackers is a lot of the different regions, political factions within China have their own hacking groups."

Tim elaborates on the internal silos within U.S. intelligence agencies, which impede the dissemination and utilization of critical cyber intelligence.

Tim (23:02): "What end up with is you end up with all of these different hacking operations that are going in the NSA and the CIA in particular, and they're doing all of this stuff, but the data doesn't ever get shared, it never gets acted upon."

The conversation underscores the importance of inter-agency collaboration to bolster national cybersecurity defenses.

5. Light-Hearted Segments and Community Engagement

Amidst the serious discussions, the episode features jovial interactions, including jokes about cyber-related merchandise, the introduction of a new card game, and playful debates about data breach impacts.

Corey (36:42): "It's a normal engineering issue. Solar winds, maybe I'm cherry picking a black swan event, but Solar Winds never fully recovered their value and they were penetrated super deep."

The hosts encourage community participation by promoting their cybersecurity-themed card game, Backdoors and Breaches, and welcoming listeners to join future events like the upcoming Board Game Geek Conference.

Kelly (67:16): "We should give out awards. So if we have BHIS breach of the year award, that would be kind."

6. Closing Remarks and Future Outlook

As the episode wraps up, Kelly extends heartfelt holiday wishes to the listeners, emphasizing the importance of community and education in improving cybersecurity practices.

Kelly (69:08): "One of the things I, I, like I said I won on my tombstone, is his competitors were his best friends. And when I'm looking at Jerry and, you know, you, you've got your own podcast that's been wildly successful. I'm looking at Tim and Red Siege and just everything that you guys do. I think it's an absolute honor to be able to hang out with people like you and of course, other people that we work with all the time and collaborate with."

The hosts sign off with plans to return in 2025, setting the stage for future discussions and initiatives.

Notable Quotes

• Jerry (14:13): "Are you the key master?"
• John (16:30): "The North Korea thing, I was, it always, it amazes me because it's, it traditionally skipping them. But your nation state actor and your, your cybercrime actor have very different goals."
• Kelly (14:48): "So the next story that I want to talk about, if it's okay, is, and I hate this going into politics, but I think that there's a lot to talk about. But Trump administration wants to go on cyber offensive against China."
• Corey (52:28): "DDoS, I will say, has become kind of like the default way of getting hacked. It seems like if anyone stuff goes down, they just assume it's a DDoS."
• Bronwyn (40:48): "Small and medium sized companies that have any type of an incident, especially a breach, 60 something percent of them go under, usually within a year."
• Kelly (67:16): "We should give out awards. So if we have BHIS breach of the year award, that would be kind."

This episode of Talkin' About [Infosec] News navigates through a blend of serious cybersecurity discussions and light-hearted interactions, delivering insightful analysis on major cyber events of 2024 while fostering a sense of community among listeners. From high-profile cyber heists to the nuances of intelligence sharing, the hosts provide a comprehensive overview of the current infosec landscape, underscored by their characteristic humor and camaraderie.