Risky Business Podcast
December 13, 2017
Risky Business #481 -- Inside the Anthem breach with someone who was there
Presented by
CEO and Publisher
Technology Editor
This is the last show for the year, Risky Business will return on January 10th 2018.
In this week’s feature Stephen Moore joins us. He was formerly the Staff Vice President of Cyber Security Analytics at Anthem, the healthcare company that was spectacularly owned by a Chinese APT crew in 2015.
Instead of us all just saying “lol they got owned, they’re idiots,” I thought it would be a good idea to actually talk to someone who was there. As you’ll hear, Anthem’s team knew they were being targeted by an APT crew, did its best to fend off the attackers, but sadly they lost anyway.
It’s sobering listening.
This week’s sponsor interview is also just great. We’ll check in with Casey Ellis of Bugcrowd. He’ll be along to talk about this whole Uber mess. A lot of the reporting around the so-called Uber data breach seemed to fixate a bit on the fact that the attacker was paid via the HackerOne bug bounty platform. The coverage has conflated extortion with bug bounty programs, much to Casey’s dismay. He’ll be along later to share his views on what the Uber snafu means, as well as to share his thoughts on DJI’s disastrous bug bounty program.
Adam Boileau, as usual, stops by to discuss the week’s security news, and also to wrap up the 2017 season.
Links to everything are below, and you can follow Patrick or Adam on Twitter if that’s your thing.
Brought to you by Bugcrowd
#1 Crowdsourced Cybersecurity Platform
Show notes
1.4 Billion Clear Text Credentials Discovered in a Single Database
APT 34 Is an Iran-Linked Hacking Group That Probes Critical Infrastructure | WIRED
This country's hacking efforts have become too big to ignore
Popular Destinations rerouted to Russia | BGPmon
Italian Prosecutor Makes Request to Close Hacking Team Investigation - Motherboard
Australia Seeks New Gag Laws That Could See Journalists And Whistleblowers Jailed for 20 Years
Phishers Are Upping Their Game. So Should You. — Krebs on Security
It's easy to fake Extended Validation certificates, research shows - Cyberscoop
On the value of EV - Google Groups
Nope, this isn’t the HTTPS-validated Stripe website you think it is | Ars Technica
Hackers hit key ATM network in crime spree that clears $10 million | Ars Technica
Want to Launder Bitcoins? How Crooks Are Hacking iTunes and Getting Paid by Apple
Google Releases Tool To Help iPhone Hackers - Motherboard
Ambassador Joe Hockey's account 'likes' tweet calling Malcolm Turnbull a 'cranky prick'