Risky Business #481 -- Inside the Anthem breach with someone who was there

Sobering listening on the last show for 2017...
13 Dec 2017 » Risky Business

This is the last show for the year, Risky Business will return on January 10th 2018.

In this week’s feature Stephen Moore joins us. He was formerly the Staff Vice President of Cyber Security Analytics at Anthem, the healthcare company that was spectacularly owned by a Chinese APT crew in 2015.

Instead of us all just saying “lol they got owned, they’re idiots,” I thought it would be a good idea to actually talk to someone who was there. As you’ll hear, Anthem’s team knew they were being targeted by an APT crew, did its best to fend off the attackers, but sadly they lost anyway.

It’s sobering listening.

This week’s sponsor interview is also just great. We’ll check in with Casey Ellis of Bugcrowd. He’ll be along to talk about this whole Uber mess. A lot of the reporting around the so-called Uber data breach seemed to fixate a bit on the fact that the attacker was paid via the HackerOne bug bounty platform. The coverage has conflated extortion with bug bounty programs, much to Casey’s dismay. He’ll be along later to share his views on what the Uber snafu means, as well as to share his thoughts on DJI’s disastrous bug bounty program.

Adam Boileau, as usual, stops by to discuss the week’s security news, and also to wrap up the 2017 season.

Links to everything are below, and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

1.4 Billion Clear Text Credentials Discovered in a Single Database
APT 34 Is an Iran-Linked Hacking Group That Probes Critical Infrastructure | WIRED
This country's hacking efforts have become too big to ignore
Popular Destinations rerouted to Russia | BGPmon
Italian Prosecutor Makes Request to Close Hacking Team Investigation - Motherboard
Jailed Russian hacker: I hacked Democrats 'under the command' of Russian intelligence agents | Business Insider
Australia Seeks New Gag Laws That Could See Journalists And Whistleblowers Jailed for 20 Years
Mark Di Stefano 🤙🏻 on Twitter: "Twitter says it's removing 3.2 million accounts every single week. A staggering number."
Phishers Are Upping Their Game. So Should You. — Krebs on Security
It's easy to fake Extended Validation certificates, research shows - Cyberscoop
On the value of EV - Google Groups
Nope, this isn’t the HTTPS-validated Stripe website you think it is | Ars Technica
Hackers hit key ATM network in crime spree that clears $10 million | Ars Technica
Want to Launder Bitcoins? How Crooks Are Hacking iTunes and Getting Paid by Apple
Google Releases Tool To Help iPhone Hackers - Motherboard
Android Flaw Allows Attackers to Poison Signed Apps with Malicious Code | Threatpost | The first stop for security news
Tim Watts MP on Twitter: "Hey @riskybusiness - can the Australian political figure single tweet hacker be this week's skateboarding dog?"
Ambassador Joe Hockey's account 'likes' tweet calling Malcolm Turnbull a 'cranky prick'
Mike Arpaia on Twitter: "@dinodaizovi @riskybusiness Even if you're blocking and doing the analysis on the host, that takes cycles for you to make your decision. Nothing is"real time", it's all… https://t.co/qRMSpiY3KN"
Airlock Digital - News