Risky Business #503 -- North Korean tech in the global supply chain

Nonproliferation expert Andrea Berger on DPRK's surprisingly global IT industry...
13 Jun 2018 » Risky Business

You might have noticed North Korea’s been in the news over the last couple of days. Well, we’re sticking with the theme – we’ve got a great feature interview for you this week with Andrea Berger. She’s a senior research associate at the US-based James Martin Centre for Nonproliferation Studies and the co-host of the Arms Control Wonk podcast. This week she speaks with Risky Business contributor Hilary Louise about a report the centre did into North Korea’s IT industry.

Yep, they have one, and you’ll be surprised by its scope and reach. That’s this week’s feature interview.

This week’s sponsor interview is with Signal Sciences co-founder and CEO Andrew Peterson. Andrew was at a Gartner event in DC last week, and I grabbed some time with him to talk about what’s new in DevSecOps, how people are applying various DevSecOps tools, and what the general awareness of good DevSecOps practices is out there. Andrew’s prior career was in development, not security. He and Zane Lackey worked together at Etsy and Signal Sciences was very much inspired by the work they both did there. Andrew says analysts are starting to understand that web application security isn’t something you drop on to a network in an appliance and things are actually changing.

Mark “Pipes” Piper is this week’s news guest. All the show links are below and you can follow Patrick, Pipes or Hilary, if that floats your boat.

Show notes

Founder of Cybersecurity Company Says His Firm Was Sanctioned Because He was Born in Russia - Motherboard
Treasury Sanctions Russian Federal Security Service Enablers | U.S. Department of the Treasury
Republican senators move to block Trump’s deal to revive ZTE | Ars Technica
WannaCry Hero Marcus Hutchins' New Legal Woes Spell Trouble for White Hat Hackers | WIRED
Cisco's Talos Intelligence Group Blog: VPNFilter Update - VPNFilter exploits endpoints, targets new devices
Top U.S. counterintelligence official: Kaspersky's move to Switzerland doesn't matter
Chinese hackers stole sensitive U.S. Navy submarine plans from contractor
China ramps up hacking of U.S. high-tech companies | McClatchy Washington Bureau
Flash zero-day shows up in Qatar amid geopolitical struggles
NDAA pushes U.S. Cyber Command to be more aggressive
Senator hopes to draw red line discouraging election cyberattacks
Congress wants to prevent states from weakening encryption
FBI announces arrest of 74 email fraudsters on three continents
For almost 11 years, hackers could easily bypass 3rd-party macOS signature checks | Ars Technica
I can be Apple, and so can you | Okta
This app in Google Play wants to use phone mics to enforce copyrights | Ars Technica
In a blow to e-voting critics, Brazil suspends use of all paper ballots | Ars Technica
Some Signal Disappearing Messages Are Not Disappearing - Motherboard
US Government Probes Airplane Vulnerabilities, Says Airline Hack Is ‘Only a Matter of Time’ - Motherboard
Hackers Crashed a Bank’s Computers While Attempting a SWIFT Hack
Apple just banned cryptocurrency mining on iOS devices | Ars Technica
Ethereum "Giveaway" Scammers Have Tricked People Out of $4.3 Million
Around 5% of All Monero Currently in Circulation Has Been Mined Using Malware
Trik Spam Botnet Leaks 43 Million Email Addresses
DPRK's Shadow Sector report