Podcasts

Risky Business #452 – Are Wikileaks charges a threat to press freedom? Brookings fellow and former NSA attorney Susan Hennessey joins the show…

Over the last week or so there’s been mounting speculation that the US government is getting serious about preparing charges against Wikileaks founder Julian Assange. The question is, could these charges threaten press freedom?

Joining us to discuss that this week is Lawfare’s managing editor Susan Hennessey.

This week’s show is brought to you by Senetas. Senetas makes layer two encryption equipment, but today they’re joining us to talk about some work it’s doing with ADVA Optical Networks in marrying its tech with some SDN stuff done at the telco level.

Links to items discussed in this week’s show have moved – they’re now included in this post, below.

Oh, and do add Patrick, or Adam on Twitter if that’s your thing.

NOTE: We had to re-post this. Originally we linked to the wrong mp3 (soapbox1 instead of snakeoilers1). It was rectified within about five minutes, but caches gonna cache, so we’ve reposted it. Sorry if you downloaded it twice!

This is the first ever Snake Oilers podcast from Risky.biz. It’s a wholly sponsored podcast in which vendors pop in and take 10 minutes each to pitch the audience on their stuff. The idea behind this whole thing is so that infosec buyers can actually hear a bunch of ten minute pitches without having to go to lunch with a salesperson with giant shiny teeth who doesn’t really understand what they’re selling.

These are product pitches from people who actually get the technology. And you know what? Even if you’re not a technology buyer, you’ll probably still find a lot of this interesting – it’s good to know how vendors are slicing and dicing some of the challenges we all face in security.

In this edition:

• Exabeam says it can save you buttloads of cash compared to other SIEM solutions like Splunk or ArcSight.
• Senetas urges you not to use babby’s first encryptor cards and opt for its 100gbps full line rate layer 2 encryptor instead
• Kolide pitches its osquery-based EDR solution. If it’s good enough for Facebook, it’s good enough for you!
• Senrio pitches its impressive IoT network sensor and developer tools.

Links below!

On this week’s show we talk about the latest Shadowbrokers shenanigans with Adam, as well as all the other major security news of the last couple of weeks.

After that we’ll be chatting with Adam’s colleague at Insomnia Security, Pipes, about the interesting aspects to the dump – what did it teach us about how NSA rolls? Well quite a lot, as it turns out. And yeah, the N0day bugs aren’t the interesting bit.

This week’s show is sponsored by Tenable Network Security. This week Tenable’s VP of federal, Darron Makrokanis, will be along to talk about how to speed up federal government adoption of new tech – what’s the best way for that to happen? That’s this week’s sponsor interview!

Links to items discussed in this week’s show have moved – they’re now included in this post, below.

Oh, and do add Patrick, or Adam on Twitter if that’s your thing.

This week’s show is a fun one! We’ll be chatting with Josh Corman, the Atlantic Council’s Director of Cyber Statecraft. We’ll be speaking with him about an exercise he did recently with a whole bunch of students. Basically the whole thing was a simulation where students walked through various scenarios and had to respond. Unfortunately, Josh discovered that most students had a predisposition to escalating things unnecessarily. From Mirai to mushroom clouds, that’s this week’s feature interview.

This week’s sponsor interview is also an absolute corker. Rapid7 is this week’s sponsor. In addition to making enterprise security software and running a pentest practice, Rapid7 also spends a considerable amount of time and money on developing Metasploit.

Rapid7 research director Tod Beardsley and director of transportation security Craig Smith join the show this week to talk about some recent changes to Metasploit that I’m amazed haven’t made a bigger splash. You can now run Metasploit against a CAN bus and they’ve built an RF module as well. That is absolutely awesome stuff, coming up in this week’s sponsor interview, with special thanks to Rapid7!

Adam Boileau, as always, joins us to talk about the week’s security news.

Links to items discussed in this week’s show have moved – they’re now included in this post, below.

Oh, and do add Patrick, or Adam on Twitter if that’s your thing.

Soap Box is back! This time we’re chatting with Stephen Ridley and Jamison Utter about the tech Stephen has launched: Senrio Insight and Senrio Trace!

This is a fully sponsored blabfest about IoT security. Specifically, we drill into two different problems Senrio is trying to solve. The first is how the hell you deal with monitoring IoT on your network, especially when you can’t do DPI because of HIPAA. If you’re a CISO from a hospital, you will be very interested in this part of the podcast.

Then we talk about IoT security approaches for developers. Not only has Senrio developed a boring old network sensor to remedy the dumb but profitable-to-solve problem, they’ve also created a developer toolkit for manufacturers of IoT devices who need to be able to monitor them in the field.

Stephen Ridley is a bona fide expert on IoT. So much so, he used to actually train NSA staff on hacking IoT devices. Personally I think when you’re training NSA on how to own stuff, that makes you a genuine expert.

Jamison Utter, Senrio’s VP of Field Operations, also joins us for this podcast. I hope you enjoy it!

To book a demo with Senrio, click here.

On this week’s show I’ll be playing part two of my interview with In-Q-Tel’s chief security officer Dan Geer. That’s all about machine learning in infosec. Is it actually going to turn into something? Or is it just another infosec thought bubble?

This week’s sponsor interview is with Dan Guido of Trail of Bits.

Trail of Bits is a New York-based security engineering and testing company that does very interesting work. They don’t just break apps, they actually work on securing them. With that in mind, Dan’s team has been looking at implementing control flow integrity protections to various software projects. So we speak to him about the llvm versus Microsoft control flow guard approach, which is achievable. We also speak to him about mcsema, a tool they developed for reversing binaries into an intermediate language.

Adam Boileau, as always, joins us to talk about the week’s security news.

Links to items discussed in this week’s show have moved – they’re now included in this post, below.

Oh, and do add Patrick, or Adam on Twitter if that’s your thing.

We’ve got a great show for you this week. In-Q-Tel CSO Dan Geer will be along for a very interesting conversation about the major cloud providers. Are they too big to fail the same way some banks are? Does the efficiency of highly concentrated ownership of a large chunk of the world’s Internet service capacity make it less resilient? We talk about that and more in this week’s feature interview.

This week’s sponsor interview is also an absolute cracker. We’re speaking with Mike Hanley of Duo Security. Mike is the senior director of security at Duo, and he’s along this week to talk about Google’s BeyondCorp initiative.

BeyondCorp is Google’s vision for the next generation of enterprise environments and it has a lot to do with deperimiterisation. Mike is along this week to talk about that concept and how solid authentication is basically the first step in moving towards that vision. It’s really, really solid stuff, so do stick around for that one.

Adam Boileau, as always, joins us to talk about the week’s security news.

Links to items discussed in this week’s show have moved – they’re now included in this post, below.

Oh, and do add Patrick, or Adam on Twitter if that’s your thing.

On this week’s show Patrick and Adam have a look at the surprisingly great report about 0day prepared by RAND Corporation, as well as the other security news of the week. How ‘bout dat Struts bug, eh?

Dr. Vanessa Teague of the University of Melbourne also joins the show to talk about the latest developments around computerised voting. Vanessa is an expert on e-voting and she’s been in the space for a long time – she’ll be joining us this week to talk about how European authorities have been responding to the risks posed to their elections by outside parties, and we take a look at some voting security ideas for America.

This week’s show is brought to you by Netsparker. Netsparker is a black-box web application testing tool that aims to speed up webapp tests through automation. Netsparker’s creator Ferruh Mavituna is this week’s sponsor guest. He’s joining us to basically talk about what you can actually automate in webapp testing, but also about what you can’t automate. That’s a really interesting chat, one that the pentesters will love I’m sure.

Links to items discussed in this week’s show have moved – they’re now included in this post, below.

Oh, and do add Patrick, or Adam on Twitter if that’s your thing.

A couple of days ago I suggested the “Vault 7” material posted by Wikileaks may have in fact been obtained from Hal Martin’s unauthorised exploit stash.

Now I think we’re dealing with something a little more, ahem, “comprehensive”.

For those who are unfamiliar, Hal Martin was an intelligence contractor working for Booz Allen Hamilton who, as it turned out, was also performing “unauthorised offsite backups” of some of NSA’s most sensitive material. He was arrested by the FBI last August.

The thinking is the data he took home included the Tailored Access Operations (TAO) implants and exploits disclosed by a group called “Shadow Brokers”, who were likely a front for Russian intelligence.

Martin’s “backups” were discovered when Shadow Brokers started auctioning the NSA implants on the Internet. The assumption we’re working under here is investigators took a look at some logs pertaining to the Shadow Brokers files and saw Martin had accessed the lot. From there, they no doubt would have done a full audit of his network activities.

Cue arrest.

He’d hoarded an incredible volume of material relating to CNE over his 23 years of intelligence contracting. Thanks to a recent court appearance, we also know that he had access to CIA files as well as NSA files. (Also NRO, DoD etc etc.)

Was Hal Martin the source of the Shadow Brokers files? Well, maybe, but he’s been charged with mishandling information, not working in cahoots with a foreign intelligence service.

That leads us to a tantalising theory: Hal Martin hoarded all these documents, and at some point an enterprising Russian CNE type took a poke around his home network and found them there. After all, he held a top clearance and did work for Tailored Access Operations as a contractor. That’s a home network I’d take a look at if I worked for an FIS, that’s for sure.

Flash forward to this week, and it’s the Wikileaks Vault 7 dump that has everyone talking. Again, everyone’s talking about contractors. In a media release, Wikileaks says the CIA “lost control” of the material, and it was being circulated among “contractors” who then provided the material to Assange and his buddies.

There are more than a couple of curiosities in all of this: CIA insiders have been quoted in recent reports as saying they already knew this material was “out there,” yet other reports claim the FBI is investigating the leak. But these two narratives bump into each other. How could CIA know, months in advance, about the specifics of what was leaked, but not know who leaked them? Have they and their NSA cousins been popping a few shells on a laptop at a certain Latin American embassy? Could they see the material arrive, but not tell where it came from?

Or does it mean that the FBI found this stuff on Hal Martin’s network when they kicked his door in and worked under the assumption that it was in Russian hands? But, if Martin was the source, why investigate?

So there’s obviously a piece missing, and I think I might have it. What if this is bigger than just Hal Martin?

It’s not widely known, but Russia has been collecting the personal information of “cyber” contractors with high clearances – like Martin – via human intelligence operations for at least several years. Counterintelligence officers know about this.

So let’s run another theory up the flagpole, that being:

1. Russian intelligence services have realised intelligence contractors aren’t required to take their opsec and counter-intelligence training as seriously as their “on staff” counterparts.

2. They have collected as much information on these contractors as possible via passive and active campaigns.

3. They have then used that information to either directly compromise the contractors, or, more likely, their home networks. People have been taking stuff home they shouldn’t have.

4. For whatever reason, Russia decided to burn its own campaign last year. That led to the Shadow Brokers fiasco.

5. After weathering some opsec disasters related to the DNC and Podesta hacks, they decided to just dump the rest of the material on Wikileaks, knowing that Assange would do his job and launder the documents for them.

So it’s all just a theory, but it’s one worth floating: Russian intelligence services have owned the home networks of as many cleared contractors as possible, waiting for them to bring material home that they shouldn’t. If that’s what they’ve done you’ve got to hand it to them, it’s definitely lateral thinking. What a pipeline of information!

If we see some leaked memos from the likes of Booz and Raytheon in coming weeks suggesting that hey, really, taking your work home with you is a really fucking bad idea, we’ll know there’s something to this.

It’s just a theory, but let’s see.

On this week’s news we put Wikileaks’ latest dumps under the microscope and offer a few theories on what’s really going on.

We also have a chat with Mike Arpaia, the creator of osquery. osquery is host-based instrumentation software put together by Mike and his team when they worked at Facebook. It’s open source these days and now Mike is trying to get it adopted.

This week’s show is brought to you by Cyberark! And we’ll be chatting with Cyberark’s Chief Architect Gerrit Lansing. Cyberark makes software that manages privileged accounts, and we’ll be talking to Gerrit about privileged account management automation in this week’s sponsor interview.

Adam Boileau is along to discuss the week’s news.

Links to items discussed in this week’s show have moved – they’re now included in this post, below.

Oh, and do add Patrick, or Adam on Twitter if that’s your thing.