Risky Business Podcast

January 15, 2019

Risky Business #526 -- Huawei arrest in Poland, DPRK SWIFT hack conviction, more from the El Chapo trial

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

This week’s podcast features Patrick and Adam talking about the week’s security news, including:

  • Huawei staffer arrested for spying in Poland
  • Conviction in DPRK SWIFT hack against Bangladesh central bank
  • El Chapo used Flexispy to spy on mistresses and staff
  • NSO group on charm offensive
  • Iran hijacking DNS entries, conducting PITM with DV certs
  • Kaspersky tipped NSA on Hal Martin
  • US government certificates expire amid shutdown
  • Idiot sentenced to 10 years prison for DDoSing children’s hospital

This week’s show is brought to you by Trail of Bits! Trail of Bits is a security engineering firm and consultancy based in New York. They aren’t a typical pen-testing firm, they build as well as break.

In this week’s sponsor interview JP Smith from Trail of Bits joins us to talk about the work he put in to CSAW. Not the Centre for Sustainable Architecture with Wood, which is a thing, but the Cyber Security Awareness Worldwide CTF.

JP is a sick man. He’s sick. You’ll hear about the mind-bending CTF challenges he put together for CSAW. Remarkably, some teams were actually able to solve his problems, some of which featured complex numbers mapped to a four dimensional unit sphere being used to drive the rotation of a virtual IBM Selectric typewriter golfball in Second Life. As I say, he’s a sick, sick man.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Risky Business #526 -- Huawei arrest in Poland, DPRK SWIFT hack conviction, more from the El Chapo trial
0:00 / 52:48

Show notes

Poland spy arrest: China telecoms firm Huawei sacks employee - BBC News

Ex-RCBC manager guilty in $81-M heist | The Manila Times Online

Alan Feuer on Twitter: "Chapo would play a little game. He would call people who had the “special” phones and chat with them a while then hang up, secretly activate the mic and listen to what they said about him."

Chapo’s I.T. Guy: Working for a Kingpin Can Cause a Nervous Breakdown - The New York Times

Exclusive: How Mexican drug baron El Chapo was brought down by technology made in Israel

A Worldwide Hacking Spree Uses DNS Trickery to Nab Data | WIRED

Global DNS Hijacking Campaign: DNS Record Manipulation at Scale « Global DNS Hijacking Campaign: DNS Record Manipulation at Scale | FireEye Inc

Exclusive: How a Russian firm helped catch an alleged NSA data thief - POLITICO

.gov security falters during U.S. shutdown | Netcraft

Senators Call on FCC To Investigate T-Mobile, AT&T, and Sprint Selling Location Data to Bounty Hunters - Motherboard

Google Demanded That T-Mobile, Sprint Not Sell Google Fi Customers' Location Data - Motherboard

AT&T to Stop Selling Location Data to Third Parties After Motherboard Investigation - Motherboard

Feds Can't Force You To Unlock Your iPhone With Finger Or Face, Judge Rules

Ryuk ransomware gang probably Russian, not North Korean | ZDNet

Man gets 10 years for cyberattack on Boston Children's Hospital | Boston.com

Hacker 'BestBuy' sentenced to prison for operating Mirai DDoS botnet | ZDNet

Police get report of a shooting only to find out it was a prank - Palo Alto Daily Post

Scooter startup Bird tried to silence a journalist. It did not go well. | TechCrunch

Yet another Qld cop charged with hacking - Security - iTnews

Some of the biggest web hosting sites were vulnerable to simple account takeover hacks | TechCrunch

$900,000 On Offer For Anyone Who Can Hack A Tesla Model 3

SCP implementations impacted by 36-years-old security flaws | ZDNet

Google Chrome's built-in ad blocker to roll out worldwide on July 9 | ZDNet

Gaining access to Uber's user data through AMPScript evaluation – Assetnote

Rahul Sridhar on Twitter: "Here's a short story about cryptography in 2018 in five tweets:"