Risky Business #491 -- The biggest infosec news week we've ever seen

We can barely believe all that's happened in the last seven days...
21 Mar 2018 » Risky Business

What a week, huh? As you’ll soon hear it’s been an absolute monster week for infosec news. Top of the list is the Cambridge Analytica scandal. For those who haven’t had time to catch up on this one, a former staffer from the data analytics firm has given some interviews in which he says the company scraped 50 million Facebook profiles and used that data to target US voters with political messages on behalf of Donald Trump’s campaign. Obviously this has made people feel quite uncomfortable, everyone is mad at Facebook and it’s news everywhere.

It also looks like Facebook CSO Alex Stamos is on his way out due to events entirely unrelated to this.

Also in this week’s show we’ve got:

  • Iranians trying to blow up Saudi Arabian chemical plants
  • Americans blaming Russia for attacks on its energy grid
  • Kaspersky blowing LIVE SOCOM ops against Al Qaeda and the remnants of Islamic State
  • The UK vowing to exact revenge on Russia via “cyber” retaliation over the Skripal affair

There is no feature interview in this week’s show, we’re going long on news, but this week’s sponsor interview is absolutely fantastic. It’s with Haroon Meer, head honcho over at Thinkst Canary.

He’s not here to talk about anything really related to products this week, instead we’re going to talk about CISO stuff. He’ll be thoughtlording the absolute sh*t out of you all this week.

Haroon thinks breached organisations are getting off too lightly in the current infosec climate because people are scared to victim shame. As you’ll hear, he thinks there’s just no excuses for how some high profile data breaches have occurred and says more CSOs should be prepared to die on the right hills to stop their companies engaging in straight up suicidal behaviour. It’s great for security to be an enabler, but that doesn’t mean signing off on whatever anyone wants to do.

The show notes/links are below, and you can follow Adam or Patrick on Twitter if that’s your thing.

Show notes

How Trump Consultants Exploited the Facebook Data of Millions - The New York Times
Ron Wyden en Twitter: "I wrote a letter to Mark Zuckerberg asking @facebook to detail the extent of misuse of its users’ private information:… https://t.co/9n121CCCtO"
Revealed: Trump’s election consultants filmed saying they use bribes and sex workers to entrap politicians – Channel 4 News
Facebook told to pull auditors from Cambridge Analytica’s offices
Cambridge Analytica CEO Alexander Nix Suspended Amid Scandals | WIRED
Facebook Exit Hints at Dissent on Handling of Russian Trolls - The New York Times
Nicole Perlroth on Twitter: "Full story publishing soon. Despite this PR-approved tweet, Stamos told hire ups he plans to leave FB in August. For the next few months, his role has been relegated to managing a small red team in SF, transitioning his group over to Guy Rosen and Pedro Canahuati, and tweeting.… https://t.co/XTbFHxRLRs"
Facebook security chief Alex Stamos leaked audiotape
A Cyberattack in Saudi Arabia Had a Deadly Goal. Experts Fear Another Try. - The New York Times
In a first, U.S. blames Russia for cyber attacks on energy grid
Russian spy attack: how likely is a British cyber offensive against Putin's regime?
Adrian Lamo, ‘Homeless Hacker’ Who Turned in Chelsea Manning, Dead at 37 — Krebs on Security
Kaspersky's 'Slingshot' report burned an ISIS-focused intelligence operation
Telegram loses appeal over encryption keys in Russia
Communications network of choice for Australian criminals shut down
Child abuse imagery found within bitcoin's blockchain | Technology | The Guardian
FBI raids home of suspected spy agency leaker - CNN
Svitzer employee details stolen in data breach affecting almost half of its Australian employees - ABC News (Australian Broadcasting Corporation)
Safari, Microsoft Edge exploits earn hackers $162k at Pwn2Own
China Bans People With Low "Social Credit" From Planes and Trains