WEBVTT 1 00:00:00.000 --> 00:00:02.910 Anna Delaney: Hi, welcome to the ISMG Editors' Panel. I'm Anna 2 00:00:02.910 --> 00:00:05.910 Delaney, and this is a weekly discussion among members of the 3 00:00:05.910 --> 00:00:09.660 editorial team, where we reflect and analyze the week's top 4 00:00:09.690 --> 00:00:13.230 cybersecurity stories. The fantastic colleagues joining me 5 00:00:13.230 --> 00:00:16.020 this week include Mathew Schwartz, executive editor of 6 00:00:16.050 --> 00:00:19.230 DataBreachToday and Europe; Suparna Goswami, associate 7 00:00:19.230 --> 00:00:23.610 editor at ISMG Asia; and Tony Morbin, executive news editor of 8 00:00:23.610 --> 00:00:25.560 the EU. Wonderful to see you all. 9 00:00:26.880 --> 00:00:28.680 Mathew Schwartz: It's great to be here. Thanks for having us. 10 00:00:30.420 --> 00:00:33.570 Anna Delaney: Suparna, we are sporting blue skies today. Where 11 00:00:33.570 --> 00:00:33.990 are you? 12 00:00:35.130 --> 00:00:36.750 Suparna Goswami: So, Anna, if you remember, in my previous 13 00:00:36.750 --> 00:00:39.300 Editors' Panel with you in December, I had promised to get 14 00:00:39.300 --> 00:00:42.690 a better picture of Sri Lanka once I visit the island nation 15 00:00:42.690 --> 00:00:45.660 during my holidays. So what a beautiful country it is! This 16 00:00:45.660 --> 00:00:50.160 picture is of Lake Nuwara Eliya , and it is a hill station which 17 00:00:50.160 --> 00:00:53.040 is known for producing tea. 18 00:00:54.180 --> 00:00:56.130 Anna Delaney: Absolutely gorgeous production. Have you 19 00:00:56.130 --> 00:00:57.270 been there before spawn? 20 00:00:58.140 --> 00:00:59.940 Suparna Goswami: I have been coming to the country before so 21 00:00:59.940 --> 00:01:03.720 I thought this time and take my son along. I find the country 22 00:01:03.720 --> 00:01:04.560 very, very beautiful. 23 00:01:06.420 --> 00:01:11.790 Anna Delaney: One day I'll make it there, I hope! Tony, lots of 24 00:01:11.790 --> 00:01:12.690 action behind you. 25 00:01:14.340 --> 00:01:23.520 Tony Morbin: because it's the fallout from the Ukraine-Russia 26 00:01:23.520 --> 00:01:27.600 war and China is the beneficiary. 27 00:01:28.560 --> 00:01:31.560 Anna Delaney: To be continued. And Mathew? 28 00:01:32.490 --> 00:01:34.350 Mathew Schwartz: I'm just keeping those fires burning on 29 00:01:34.350 --> 00:01:38.940 the home front. This is Dundee with a view of the road bridge 30 00:01:38.970 --> 00:01:43.290 leading up to the V&A museum that we have here in Dundee. So 31 00:01:43.290 --> 00:01:46.260 there's the one in London there's the one in Dundee. It 32 00:01:46.260 --> 00:01:50.040 has helped revitalize the waterfront here. And it makes 33 00:01:50.040 --> 00:01:52.410 for some fun photographs as well. 34 00:01:52.840 --> 00:01:56.800 Anna Delaney: Yes, wonderful. One waterfront to another I 35 00:01:56.800 --> 00:02:00.220 thought as it's a rather chilly day in London. I wanted a 36 00:02:00.220 --> 00:02:04.570 reminder of the Californian sun and sea and sand. So I hope to 37 00:02:04.570 --> 00:02:08.050 see the effects that will warm me up. But speaking of heating 38 00:02:08.050 --> 00:02:13.000 up, Matt, moving to cybercrime trends. So last year, the DOJ 39 00:02:13.030 --> 00:02:16.090 announced that the world's biggest darknet marketplace, the 40 00:02:16.120 --> 00:02:19.480 Russia-linked Hydra market was seized and shut down. And we 41 00:02:19.480 --> 00:02:22.870 know that criminals will always find other ways to operate. So 42 00:02:23.230 --> 00:02:26.320 what's the latest when it comes to darknet markets and criminal 43 00:02:26.320 --> 00:02:30.460 innovation since actually Hydra was shut down? 44 00:02:31.080 --> 00:02:33.300 Mathew Schwartz: Right. So as you know, Hydra was shut down 45 00:02:33.330 --> 00:02:36.720 last April, that was a German law enforcement-led but 46 00:02:36.720 --> 00:02:40.560 international police operation. And that followed the closure of 47 00:02:40.590 --> 00:02:47.130 dark market in January 2022. So not a great year for darknet 48 00:02:47.130 --> 00:02:51.000 market operations. Occasionally, you'll see the administrators 49 00:02:51.000 --> 00:02:54.360 get arrested. Occasionally, you'll see police get their 50 00:02:54.360 --> 00:03:00.060 hands on lists of buyers, sellers. Here in the U.K., 51 00:03:00.120 --> 00:03:03.180 they'll sometimes knock on doors and say, "look, we know you've 52 00:03:03.180 --> 00:03:07.980 been using narco forums to procure your recreational drugs, 53 00:03:08.070 --> 00:03:11.310 cut it out, the next time we're going to arrest you," that sort 54 00:03:11.310 --> 00:03:17.490 of thing. But we keep seeing dark net markets persist. Why is 55 00:03:17.490 --> 00:03:21.960 that? Well, supply and demand. There is demand for such things 56 00:03:21.990 --> 00:03:25.920 as illicit narcotics, or recreational chemicals, as 57 00:03:25.920 --> 00:03:29.460 they're often referred to on these darknet markets. There's 58 00:03:29.460 --> 00:03:35.610 also a market for stolen data, malware, fraudster tools, even 59 00:03:35.610 --> 00:03:40.320 such things as fake ID firearms. Just as the world has embraced 60 00:03:40.470 --> 00:03:45.870 online shopping, so do criminals continue to rely on these sorts 61 00:03:45.870 --> 00:03:51.420 of markets to connect buyers and sellers. And we see many 62 00:03:51.420 --> 00:03:55.950 different flavors. We see constant takedowns, despite the 63 00:03:55.950 --> 00:04:00.780 takedowns and the threats, we see buyers and sellers coming 64 00:04:00.780 --> 00:04:03.840 back for more. So what's been happening lately? One of the 65 00:04:03.840 --> 00:04:08.970 interesting innovations that is being tracked by multiple threat 66 00:04:08.970 --> 00:04:12.870 intelligence and security firms, has been the use of Android 67 00:04:12.870 --> 00:04:16.200 apps. So as I said, you have a lot of different kinds of 68 00:04:16.200 --> 00:04:20.370 forums. Some of them are more exclusively focused on drugs, 69 00:04:20.430 --> 00:04:23.490 some do everything, some avoid drugs, because they think that 70 00:04:23.490 --> 00:04:26.460 makes them more of a target for law enforcement. But there are a 71 00:04:26.460 --> 00:04:30.060 number of drug-focused marketplaces in Russia that 72 00:04:30.060 --> 00:04:32.730 don't seem to have huge issues when it comes to law 73 00:04:32.730 --> 00:04:37.290 enforcement. And a handful of them now are providing Android 74 00:04:37.290 --> 00:04:44.160 apps to their users. So sellers can use it to list goods. They 75 00:04:44.160 --> 00:04:47.820 can also use it to keep track of the couriers they use to 76 00:04:47.820 --> 00:04:51.150 distribute goods. So one of the fascinating things about Russia 77 00:04:51.150 --> 00:04:55.440 is they don't attempt to use couriers in the sense of 78 00:04:56.220 --> 00:05:01.890 delivery services, or postal services. It turns out, they 79 00:05:01.920 --> 00:05:06.300 will typically use real-life couriers. They'll hand it off to 80 00:05:06.300 --> 00:05:11.790 a drug mule or drug trafficker, and they will do fulfillment by, 81 00:05:11.820 --> 00:05:15.720 for example, burying the package in a park and then sending the 82 00:05:15.720 --> 00:05:21.120 coordinates to the buyer and saying, "okay, it's one meter 83 00:05:21.120 --> 00:05:24.930 below the surface, or it's packaged in a magnetic 84 00:05:24.930 --> 00:05:27.540 enclosure, and you're going to have to get close enough before 85 00:05:27.540 --> 00:05:31.620 it'll ping back," I suppose, I don't know. But these dead drops 86 00:05:31.620 --> 00:05:34.740 sorts of things. And so there's this fascinating innovation 87 00:05:34.740 --> 00:05:40.020 that's going on with attempting to get buyers their goods in a 88 00:05:40.020 --> 00:05:43.410 way that doesn't imperil sellers, or the people that are 89 00:05:43.410 --> 00:05:47.640 handling the goods, because drugs (lucrative) puts you at 90 00:05:47.640 --> 00:05:50.370 risk if you're attempting to move them, of course. So there's 91 00:05:50.370 --> 00:05:54.120 this whole ecosystem that's sprung up. And back in the day, 92 00:05:54.210 --> 00:05:58.110 we would see darknet markets handling this. I think of them 93 00:05:58.110 --> 00:06:02.010 like illicit eBay with a set price or illicit Amazon 94 00:06:02.010 --> 00:06:06.150 marketplaces. When those get taken down, you'll often see 95 00:06:06.150 --> 00:06:10.140 people fall back on using encrypted chats, for example, 96 00:06:10.410 --> 00:06:15.240 but that has the difficulty of not been one to many, like an 97 00:06:15.270 --> 00:06:19.410 eBay-type model is. And so you have to still somehow get buyers 98 00:06:19.410 --> 00:06:23.070 and sellers to connect. So when you have this market now, which 99 00:06:23.070 --> 00:06:26.490 is pushing these Android apps or allowing people to use Android 100 00:06:26.490 --> 00:06:31.110 apps, you add this extra layer that in theory improves their 101 00:06:31.110 --> 00:06:36.240 operational security, assuming the provider of the app can be 102 00:06:36.240 --> 00:06:40.350 trusted, of course. But it's just this latest innovation 103 00:06:40.350 --> 00:06:43.950 we've seen as darknet market operators are attempting to 104 00:06:44.250 --> 00:06:47.910 handle this very lucrative trade, also keep themselves from 105 00:06:47.910 --> 00:06:50.820 getting disrupted. In theory, I think there might be some kill 106 00:06:50.820 --> 00:06:53.370 switch, they could flip if their infrastructure did get 107 00:06:53.370 --> 00:06:57.180 infiltrated by law enforcement. But it adds another layer, it 108 00:06:57.180 --> 00:07:00.660 makes them very difficult to stop. I don't know if we're 109 00:07:00.660 --> 00:07:03.210 going to see this outside the drug-focused marketplaces in 110 00:07:03.210 --> 00:07:06.000 Russia. These are all Russian-language operations so 111 00:07:06.000 --> 00:07:09.720 far. But certainly if it works, I predict that we will see it 112 00:07:09.750 --> 00:07:13.650 move into other arenas. And I guess we'll have to see how law 113 00:07:13.650 --> 00:07:15.360 enforcement responds. 114 00:07:16.740 --> 00:07:19.260 Anna Delaney: I get it. And so when it comes to the wider 115 00:07:19.260 --> 00:07:22.320 Russian-language darknet market scene, what are the trends, the 116 00:07:22.320 --> 00:07:23.460 movements you're tracking? 117 00:07:24.260 --> 00:07:27.110 Mathew Schwartz: Well, there's so many interesting trends. 118 00:07:27.110 --> 00:07:32.090 We've seen an attempt to sanction the darknet markets, 119 00:07:32.420 --> 00:07:35.510 sanctions by the U.S. government, and this isn't 120 00:07:35.540 --> 00:07:38.510 because of the drugs necessarily, but I think more 121 00:07:38.510 --> 00:07:43.640 because they're often offering money laundering. And this is 122 00:07:43.640 --> 00:07:47.300 used by ransomware groups. It's used by drug traffickers, other 123 00:07:47.300 --> 00:07:50.480 criminal enterprises. And so the U.S. has been attempting to 124 00:07:50.540 --> 00:07:53.750 sanction a lot of the sites that provide these services. 125 00:07:54.230 --> 00:07:58.370 According to some preliminary results, from blockchain 126 00:07:58.370 --> 00:08:01.550 intelligence firm Chainalysis. The sanctions do appear to be 127 00:08:01.550 --> 00:08:06.290 working, at least temporarily. If there is a maxim with the 128 00:08:06.290 --> 00:08:09.410 underground that they find ways of responding because again, 129 00:08:09.560 --> 00:08:12.590 supply-demand, criminal profits to be made, they're always 130 00:08:12.590 --> 00:08:15.380 looking for innovative new approaches. So that's something 131 00:08:15.380 --> 00:08:18.230 else that I've been tracking with darknet markets. But it's 132 00:08:18.230 --> 00:08:21.740 just fascinating to me that when one gets disrupted, you see 133 00:08:21.740 --> 00:08:25.040 established players moving in to try to get that business, you 134 00:08:25.040 --> 00:08:30.500 see new services get launched to try to get that business. So 135 00:08:30.500 --> 00:08:35.180 even with the threat of losing all your money - if you are a 136 00:08:35.180 --> 00:08:38.090 buyer, possibly getting incarcerated - if you're a 137 00:08:38.090 --> 00:08:42.500 seller or an admin, people keep running darknet markets. 138 00:08:43.940 --> 00:08:46.880 Anna Delaney: And so in 2023, we're going to see more do you 139 00:08:46.880 --> 00:08:49.070 think of the use of Android apps? 140 00:08:49.930 --> 00:08:52.030 Mathew Schwartz: I think we will, because it looks like it's 141 00:08:52.030 --> 00:08:55.930 working. Again, well, I didn't mention that a lot of the 142 00:08:56.170 --> 00:08:59.170 Russian-language markets that are offering this, they all are 143 00:08:59.170 --> 00:09:02.020 using something called M-Club. So it seems like they're all 144 00:09:02.020 --> 00:09:07.720 using the same engine or toolset for creating Android apps. 145 00:09:08.440 --> 00:09:11.590 Single point of failure, I think would be a concern here, but 146 00:09:11.590 --> 00:09:16.930 maybe there's some sort of assurances that are being 147 00:09:16.930 --> 00:09:20.380 provided, code-level review types of stuff, but I would 148 00:09:20.380 --> 00:09:22.960 think we would see this become more widespread. 149 00:09:22.000 --> 00:09:26.410 Anna Delaney: Well, let's see how the year goes. That's 150 00:09:26.410 --> 00:09:29.980 excellent insight. Thank you, Matt. Suparna, you've been 151 00:09:30.010 --> 00:09:34.360 discussing fraud trends for 2023 with Frank McKenna, chief fraud 152 00:09:34.360 --> 00:09:37.060 strategist at Point Predictive. It's an excellent interview. 153 00:09:37.300 --> 00:09:39.190 What are we likely to see in the year ahead, then? 154 00:09:40.710 --> 00:09:43.620 Suparna Goswami: Sure, in fact, it's a good interview that we 155 00:09:43.620 --> 00:09:46.590 had. So what we did was we wrapped up on the fraud trends 156 00:09:46.920 --> 00:09:50.670 of 2022 and what were the highlights and the fraud types 157 00:09:50.670 --> 00:09:56.070 he expects to dominate in 2023. So in 2022, surprise, surprise, 158 00:09:56.520 --> 00:10:00.600 which always surprises me - check fraud. It emerged as the 159 00:10:00.600 --> 00:10:04.830 fastest growing fraud, and fraudsters probably you're in my 160 00:10:04.830 --> 00:10:07.980 bacon and easy money, they returned to stealing checks out 161 00:10:07.980 --> 00:10:11.790 of the mailboxes. And they are changing the payees and the 162 00:10:11.790 --> 00:10:15.270 dollar amounts and selling them on the dark market on by using 163 00:10:15.270 --> 00:10:20.520 mules to deposit those check into the bank account. So that 164 00:10:20.520 --> 00:10:23.070 was one fraud. That really surprised me because I thought 165 00:10:23.070 --> 00:10:26.490 the usage of check has decreased. But it has clearly 166 00:10:26.610 --> 00:10:31.110 been the fastest growing fraud. And then was the scams and Zelle 167 00:10:31.110 --> 00:10:34.500 fraud, which I followed very closely and it took the center 168 00:10:34.500 --> 00:10:37.770 stage in 2022. And I have written an elaborate piece, 169 00:10:37.860 --> 00:10:42.840 which should be out later this week. And how can we forget the 170 00:10:42.840 --> 00:10:48.840 crypto fraud - the boom days of 2021 ended, and 2020 was a rude 171 00:10:48.840 --> 00:10:52.800 awakening back to the reality, with NFTs and the crypto market 172 00:10:52.800 --> 00:10:56.730 bubbles all burst one after the other and it led to all fraud. 173 00:10:57.420 --> 00:11:01.260 So these were the highlights of 2022. So coming back to the year 174 00:11:01.290 --> 00:11:06.120 2023, and what is expected? And surprisingly, check fraud will 175 00:11:06.120 --> 00:11:11.340 continue to see a rise. Now banks continue to use those 176 00:11:11.370 --> 00:11:15.570 aging technologies, which date back to I guess, the 1990s. And 177 00:11:15.600 --> 00:11:20.040 they are not equipped to stop the fraud. And the U.S. Postal 178 00:11:20.040 --> 00:11:23.820 Service is obviously is not really ready to protect the mail 179 00:11:23.820 --> 00:11:27.540 carriers. So check fraud is expected to hit - I've been 180 00:11:27.540 --> 00:11:34.470 speaking to bankers - $24 billion. And will probably force 181 00:11:34.470 --> 00:11:37.200 banks to invest in technologies which can detect fraudulent 182 00:11:37.200 --> 00:11:40.860 check. A few of the banks may even eliminate check 183 00:11:40.860 --> 00:11:46.110 altogether. That's also one of the prediction. And other banks 184 00:11:46.110 --> 00:11:49.860 might just make an effort to push customers, you know, 185 00:11:50.010 --> 00:11:56.370 probably to platforms like Zelle. And so that might be one 186 00:11:56.370 --> 00:12:00.360 of the three ways banks can tackle this. But yes, investment 187 00:12:00.360 --> 00:12:02.940 in technology as far as detecting fraudulent check 188 00:12:02.940 --> 00:12:05.850 concern is going to rise and we are going to see more vendors 189 00:12:05.850 --> 00:12:11.280 coming in the space. The other trend that we expect in 2023 is 190 00:12:11.280 --> 00:12:16.140 driven by the decision which some banks in the U.S. took in 191 00:12:16.140 --> 00:12:20.220 December last year to reimburse customers for specific kinds of 192 00:12:20.220 --> 00:12:24.630 authorized payment caps. But this will create a growing pain 193 00:12:24.630 --> 00:12:28.020 for fraud departments an analysts tasked with making the 194 00:12:28.050 --> 00:12:33.030 hard decision to know which is the first-party fraud, because 195 00:12:33.060 --> 00:12:37.860 you can't really know whether the person actually carrying out 196 00:12:37.860 --> 00:12:41.940 the transaction is intentionally doing it or unintentionally 197 00:12:41.940 --> 00:12:45.330 because some third-party has pushed them to do it. So 198 00:12:45.630 --> 00:12:48.390 first-party fraud and claims from fake accounts will likely 199 00:12:48.390 --> 00:12:53.400 flourish with Zelle payments. And scam reimbursement will 200 00:12:53.400 --> 00:12:57.570 considerably change the way banks really look at recovery 201 00:12:57.600 --> 00:12:59.820 process - the entire process - they will probably have to 202 00:12:59.820 --> 00:13:01.110 invest a lot more than that. 203 00:13:02.640 --> 00:13:05.520 Anna Delaney: And, Suparna, what's of interest to you in 204 00:13:05.520 --> 00:13:09.000 terms of your own reporting that you'll be observing closely in 205 00:13:09.000 --> 00:13:09.720 the coming year? 206 00:13:09.000 --> 00:13:12.630 Suparna Goswami: So I'm definitely planning on a story 207 00:13:12.660 --> 00:13:16.230 around check fraud. Probably go on Telegram and then you will 208 00:13:16.230 --> 00:13:19.710 probably see that there are fake checks, people are selling on 209 00:13:19.710 --> 00:13:22.770 darknets, there are checks, which have amounts, which you 210 00:13:22.770 --> 00:13:26.220 can probably tell the name. And there's thousands and thousands 211 00:13:26.220 --> 00:13:30.090 of player who are probably doing that. So check fraud is 212 00:13:30.090 --> 00:13:32.580 something that I will follow, though it's tough to get the 213 00:13:32.580 --> 00:13:35.880 comments from the banks. But yes, off the record, they have 214 00:13:35.880 --> 00:13:39.780 said that there is a big problem that they're facing with that. 215 00:13:40.260 --> 00:13:43.350 And the other thing that I'll closely follow is caps. I'm 216 00:13:43.350 --> 00:13:46.770 really interested to know that if banks ultimately reimburse 217 00:13:46.770 --> 00:13:50.940 customers, will that actually lead to a reduction in this kind 218 00:13:50.940 --> 00:13:54.180 of fraud? Because I don't see that happening. Customers will 219 00:13:55.620 --> 00:13:59.610 be less careful when they know they have the surety that yes, I 220 00:13:59.610 --> 00:14:02.880 will probably be reimbursed or banks will reimburse when it 221 00:14:02.880 --> 00:14:08.400 comes to pay or authorize push payment fraud. So I predict, and 222 00:14:08.430 --> 00:14:11.490 I think people will agree that first-party fraud will really 223 00:14:11.490 --> 00:14:16.710 see a big rise. And yes, banks will really have to invest in 224 00:14:16.710 --> 00:14:19.140 proactive detection software to prevent scams. 225 00:14:20.310 --> 00:14:22.950 Anna Delaney: Excellent analysis. Thank you, Suparna. 226 00:14:23.280 --> 00:14:26.550 Okay, Tony, when it comes to nation-state adversaries all 227 00:14:26.550 --> 00:14:29.970 eyes, definitely were on Russia for a lot of last year. So the 228 00:14:29.970 --> 00:14:31.590 big question is, what is China up to? 229 00:14:32.530 --> 00:14:36.160 Tony Morbin: Well, I'm about to sort of give, you know my 230 00:14:36.190 --> 00:14:40.360 perspective. Looking forward, nobody really knows. So I'll 231 00:14:40.360 --> 00:14:45.610 absolve ISMG from any of my, you know, conclusions here. But 232 00:14:45.790 --> 00:14:49.630 Russia's disastrous invasion of Ukraine has diminished Russia 233 00:14:49.630 --> 00:14:53.830 economically and diplomatically. And when the war's over, Russia 234 00:14:53.830 --> 00:14:58.180 is likely to be a weakened former world power. Despite its 235 00:14:58.180 --> 00:15:01.420 no-limits partnership with China, it's not in China's 236 00:15:01.420 --> 00:15:04.660 interest to get involved in the conflict, and Russia will likely 237 00:15:04.660 --> 00:15:09.070 become simply a dependent vassal state of a resurgent China after 238 00:15:09.070 --> 00:15:13.390 the war, suggested one commentator Alexander Gabuev. So 239 00:15:13.570 --> 00:15:16.750 how does this affect cybersecurity industry? The new 240 00:15:16.750 --> 00:15:20.170 relationship will effectively put the talents and expertise of 241 00:15:20.170 --> 00:15:23.290 Russia's criminal and state hacking community at the 242 00:15:23.290 --> 00:15:27.940 disposal of China, enhancing its already formidable offensive 243 00:15:27.940 --> 00:15:32.140 cybersecurity capability. Now, most states currently engage in 244 00:15:32.140 --> 00:15:36.280 some form of cyber spying to the extent to which their native 245 00:15:36.280 --> 00:15:39.790 talents or financial resources allow them to directed as 246 00:15:39.910 --> 00:15:42.190 extensions of their government's political and economic 247 00:15:42.190 --> 00:15:46.630 ambitions. Previously, we've seen Russia reported to have 248 00:15:46.630 --> 00:15:49.120 worked in collusion with cybercriminals, particularly 249 00:15:49.120 --> 00:15:52.990 ransomware gangs to enrich criminals. While its state cyber 250 00:15:52.990 --> 00:15:55.840 spies have infiltrated networks have their adversaries both 251 00:15:55.840 --> 00:15:59.050 government and private sector, with the assumed objectives of 252 00:15:59.050 --> 00:16:02.230 intelligence, disinformation, and potential espionage during 253 00:16:02.230 --> 00:16:05.830 conflict. I mean, most notably, the SolarWinds backdoor 254 00:16:06.040 --> 00:16:09.220 demonstrated the capability of its offensive cyber warriors. 255 00:16:09.850 --> 00:16:13.120 And of course, this activity has extended during the Ukraine war 256 00:16:13.120 --> 00:16:16.330 to actual espionage, with the deployment of wipers, including 257 00:16:16.330 --> 00:16:18.610 attacks on all sectors of government and critical 258 00:16:18.610 --> 00:16:21.610 infrastructure, but particularly energy and extending to 259 00:16:21.610 --> 00:16:25.450 satellite communications or down to DDoS attacks. Now, these 260 00:16:25.450 --> 00:16:29.380 capabilities are still going to exist after the war, but their 261 00:16:29.380 --> 00:16:33.580 use, to some extent, is likely to become subservient to the 262 00:16:33.580 --> 00:16:37.270 interests of China, on whom Russia will increasingly depend. 263 00:16:37.960 --> 00:16:41.680 Now, China has also pursued its authoritarian political aims 264 00:16:41.680 --> 00:16:45.670 online. Its primary focus, however, has appeared to be the 265 00:16:45.670 --> 00:16:50.140 theft of IP, described by one commentator as the biggest 266 00:16:50.140 --> 00:16:53.230 transfer of wealth in history. And for China, it's been 267 00:16:53.230 --> 00:16:56.500 incredibly successful. It's contributed to bringing the vast 268 00:16:56.500 --> 00:17:00.550 majority of the world's most populous country out of poverty 269 00:17:00.580 --> 00:17:04.810 in one lifetime. Also, in contrast with Russia, whose main 270 00:17:04.810 --> 00:17:08.050 engagement with Western trading, blocks was energy, China is 271 00:17:08.050 --> 00:17:10.900 actively engaged as a major player in the world's trading 272 00:17:10.900 --> 00:17:13.930 and manufacturing industries. Its products are employed 273 00:17:13.930 --> 00:17:18.040 globally, which in the age of connected devices, IoT, 274 00:17:18.190 --> 00:17:20.770 industrial internet of things, has provided it with an 275 00:17:20.770 --> 00:17:24.610 opportunity to directly deliver backdoored products, whether or 276 00:17:24.610 --> 00:17:27.850 not you believe it's actually done so. Now these concerns have 277 00:17:27.850 --> 00:17:31.720 led to the banning of 5G products from Huawei and ZTE by 278 00:17:31.720 --> 00:17:36.190 the U.S., the U.K. and many others. It's also contributed to 279 00:17:36.190 --> 00:17:39.970 a push for a ban on technology and personnel to work on 280 00:17:39.970 --> 00:17:43.690 semiconductor technology. That's to say U.S. and Western 281 00:17:43.690 --> 00:17:48.730 technology in China, and now deferred those proposals for 282 00:17:49.390 --> 00:17:53.170 moratorium on components manufactured by the top 283 00:17:53.170 --> 00:17:57.160 semiconductor company, SMIC, as well as other companies' memory 284 00:17:57.160 --> 00:18:02.470 producers YMTC and CXMT. And then earlier this month, the 285 00:18:02.500 --> 00:18:05.710 U.S. Pentagon hosted a meeting of the Five Eyes partners the 286 00:18:05.710 --> 00:18:08.680 U.S., Australia, Canada, New Zealand and the U.K. for 287 00:18:08.680 --> 00:18:11.980 cybersecurity talks. And during the discussions the group 288 00:18:12.010 --> 00:18:16.450 adopted zero trust as their new paradigm with the assumption 289 00:18:16.450 --> 00:18:19.060 that networks are already compromised, and as a result 290 00:18:19.060 --> 00:18:23.380 require continuous validation of users and devices. The moves 291 00:18:23.380 --> 00:18:27.550 against China fit in with this zero trust approach. For some 292 00:18:27.580 --> 00:18:30.550 this represents a new age of paranoia. And certainly China 293 00:18:30.550 --> 00:18:33.400 has loudly opposed each step from the banning of its 5G 294 00:18:33.400 --> 00:18:37.180 offerings to limits on semiconductor technology, and 295 00:18:37.180 --> 00:18:39.760 any suggestion that it might supply backdoor products has 296 00:18:39.760 --> 00:18:44.050 been loudly decried. But another story this month demonstrates 297 00:18:44.050 --> 00:18:48.580 that the paranoia isn't without some foundation. In the U.K it 298 00:18:48.580 --> 00:18:51.520 was reported this month that intelligence officials stripped 299 00:18:51.520 --> 00:18:54.820 back government and diplomatic vehicles and found at least one 300 00:18:54.820 --> 00:18:58.930 SIM card capable of transmitting location data. It was described 301 00:18:58.930 --> 00:19:01.930 as a Chinese tracking device, which had been placed into a 302 00:19:01.930 --> 00:19:05.410 vehicle inside a sealed part imported from a supplier in 303 00:19:05.410 --> 00:19:09.460 China and installed by the vehicle manufacturer. The report 304 00:19:09.460 --> 00:19:13.390 by I-news added the other rather disturbing things had been found 305 00:19:13.390 --> 00:19:16.180 during the extensive search, during which the cars were 306 00:19:16.180 --> 00:19:20.350 dismantled surgically down to the last nut and bolt. So going 307 00:19:20.350 --> 00:19:23.560 forward, we may see the OT capabilities and manufacturing 308 00:19:23.560 --> 00:19:27.190 opportunities afforded to China, combined with the IT skills and 309 00:19:27.190 --> 00:19:30.160 experience of Russia to create an even more formidable 310 00:19:30.220 --> 00:19:34.630 adversary opposed to democracy. So zero trust will certainly 311 00:19:34.630 --> 00:19:36.700 become the order of the day for some time to come. 312 00:19:38.170 --> 00:19:41.290 Anna Delaney: That's a rich perspective, Tony, I just want 313 00:19:41.290 --> 00:19:44.380 to ask Matt, because you've been following the war closely. What 314 00:19:44.380 --> 00:19:47.950 have you been hearing in terms of how Russia's war has perhaps 315 00:19:47.950 --> 00:19:50.530 changed the balance of power between nation-states and 316 00:19:50.740 --> 00:19:52.510 anything you just really wanted to pick up on there? 317 00:19:52.990 --> 00:19:55.630 Mathew Schwartz: Well, I want to pick up first on the zero trust 318 00:19:55.630 --> 00:19:59.800 for automobiles. I think that's a fascinating way to look 319 00:19:59.800 --> 00:20:03.400 illustrate the challenge of knowing not just where the 320 00:20:03.400 --> 00:20:06.460 device has come from, but the components that make up the 321 00:20:06.460 --> 00:20:09.850 device, the supply chain that supplies the components that 322 00:20:09.850 --> 00:20:14.320 make up the device. It's a lot of room, as Tony noted in there 323 00:20:14.320 --> 00:20:19.900 for mischief. And certainly we've seen attempts to probe 324 00:20:19.900 --> 00:20:24.130 those sorts of capabilities in the past by the likes of China. 325 00:20:25.150 --> 00:20:29.950 In terms of the Ukraine question, it's complicated, but 326 00:20:29.950 --> 00:20:33.400 I mean, we've seen so many interesting things happening on 327 00:20:33.400 --> 00:20:39.250 that front. We've seen a lot of laudable and effective efforts 328 00:20:39.280 --> 00:20:43.180 by Ukraine, in partnership, an overused word, but I think good 329 00:20:43.180 --> 00:20:46.810 here, in partnership with the West, and especially private 330 00:20:46.810 --> 00:20:49.660 businesses, such as Microsoft and others, that have been 331 00:20:49.660 --> 00:20:55.330 helping it, keep its systems running, Starlink, helping keep 332 00:20:55.330 --> 00:20:59.710 it connected. It's all been fascinating. I mean, it's been 333 00:20:59.710 --> 00:21:02.170 changing in so many ways. I think, from a cybersecurity 334 00:21:02.170 --> 00:21:08.110 standpoint, wipers, DDoS attacks, hack attacks, all that 335 00:21:08.110 --> 00:21:12.370 sort of thing continues to disrupt or attempt to disrupt 336 00:21:12.430 --> 00:21:16.060 Ukrainian operations. And yet they've managed to keep their 337 00:21:16.060 --> 00:21:20.470 defenses up and running. Kinetic attacks, I think are still far 338 00:21:20.470 --> 00:21:24.280 more of a concern. Cybersecurity is used to sometimes supplement 339 00:21:24.280 --> 00:21:27.670 those efforts. But it's not the primary efforts. So we're coming 340 00:21:27.670 --> 00:21:30.730 up on the anniversary, obviously, of the war. Doesn't 341 00:21:30.730 --> 00:21:33.490 look like it's going to be over. But I'll be rounding up some 342 00:21:33.490 --> 00:21:37.180 lessons learned definitely as we come up to that February 24th 343 00:21:37.180 --> 00:21:37.840 anniversary. 344 00:21:38.560 --> 00:21:40.570 Tony Morbin: But interesting, though, that you combined the 345 00:21:40.600 --> 00:21:45.220 supply chain with zero trust because of course, those were 346 00:21:45.220 --> 00:21:48.730 the two highlights for our industry of the Biden executive 347 00:21:48.730 --> 00:21:52.150 order. And they are very interrelated. 348 00:21:53.800 --> 00:21:58.000 Mathew Schwartz: Lot of work to be done. Information Assurance, 349 00:21:58.150 --> 00:22:02.140 I think, is sometimes a subhead or subtitle of cybersecurity. 350 00:22:02.410 --> 00:22:05.590 And there's a lot of assurance that needs to happen here. And 351 00:22:05.590 --> 00:22:08.560 it's not clear how we're going to get there. SBOMs or software 352 00:22:08.560 --> 00:22:12.190 bill of materials might help, but they are nascent, and they 353 00:22:12.190 --> 00:22:13.030 won't solve everything. 354 00:22:13.510 --> 00:22:17.500 Tony Morbin: And you can't deconstruct every component down 355 00:22:17.500 --> 00:22:20.830 to the last nut and bolt for every car. So it is as you say, 356 00:22:20.830 --> 00:22:24.820 you know, securing the supply chain with you know, real proper 357 00:22:24.820 --> 00:22:27.970 audits, and the whole process has to be strengthened. Sorry, 358 00:22:27.970 --> 00:22:28.480 Suparna? 359 00:22:29.500 --> 00:22:32.200 Suparna Goswami: I was saying ... I have been speaking to 360 00:22:32.200 --> 00:22:35.410 people, and it's really barely scratched the surface. Because 361 00:22:35.410 --> 00:22:39.910 if you are taking something from the open-source code, how will 362 00:22:39.910 --> 00:22:45.370 you just track that? It is so difficult. So as long as it's a 363 00:22:46.300 --> 00:22:50.170 step in the right direction, but yes, as Matt said, it's still 364 00:22:50.170 --> 00:22:53.710 nascent, and we need to see how it all pans out in bigger 365 00:22:53.710 --> 00:22:54.040 picture. 366 00:22:55.690 --> 00:22:58.270 Anna Delaney: Great work team. Moving on. Finally, last 367 00:22:58.270 --> 00:23:01.720 question, you've been tasked with creating a new anonymous 368 00:23:01.750 --> 00:23:05.440 web browser, of course, it would be only used for legal and safe 369 00:23:05.440 --> 00:23:08.920 activities, what would you call it? The Onion Router has been 370 00:23:08.920 --> 00:23:10.900 taken by the way, Tor. 371 00:23:12.310 --> 00:23:15.850 Tony Morbin: I'm going to jump in with Serendipity. And the 372 00:23:15.850 --> 00:23:18.430 reason is we've got Google and we've got, you know, coming 373 00:23:18.430 --> 00:23:23.200 soon, ChatGPT as ways of finding out the things that we want to 374 00:23:23.200 --> 00:23:26.440 know about. So I'd you know, come up with something different 375 00:23:26.440 --> 00:23:29.410 and give you a search engine that tells you about things you 376 00:23:29.410 --> 00:23:32.800 didn't know you wanted to know about. Because I'm an old guy 377 00:23:32.800 --> 00:23:35.650 who's used to print and that's the one thing I miss about print 378 00:23:35.770 --> 00:23:38.920 is the serendipity effect of finding out about things that 379 00:23:38.920 --> 00:23:41.560 you didn't even know you're interested in. Whereas online, 380 00:23:41.560 --> 00:23:43.840 you tend to find out what you know you're interested in? 381 00:23:44.230 --> 00:23:46.630 Anna Delaney: Yeah, I like that. And there's that positive 382 00:23:46.840 --> 00:23:50.920 feeling to it. Suparna? 383 00:23:52.000 --> 00:23:55.600 Suparna Goswami: I thought Web100 with the tagline "the 384 00:23:55.630 --> 00:23:59.320 true privacy-focused internet," because Web3 claims that it has 385 00:23:59.320 --> 00:24:02.800 better privacy, so I thought, let me have Web100, the true 386 00:24:02.860 --> 00:24:04.150 privacy-focused internet. 387 00:24:06.430 --> 00:24:06.880 Anna Delaney: Love it! 388 00:24:07.330 --> 00:24:09.820 Mathew Schwartz: Or just turn it up to 11, Suparna, that always 389 00:24:09.820 --> 00:24:17.170 works. Well, I'm going to sound a little bit like Tony but for 390 00:24:17.200 --> 00:24:22.330 different reasons. I was just thinking Serenity because so 391 00:24:22.330 --> 00:24:26.770 much news. There's so much just craziness in the world. You have 392 00:24:26.770 --> 00:24:31.990 these billionaires swaggering about causing online chaos. You 393 00:24:31.990 --> 00:24:35.890 know, who doesn't want a little bit of serenity, but maybe there 394 00:24:35.890 --> 00:24:38.410 could be a Serenity and a Serendipity tie up? I don't 395 00:24:38.410 --> 00:24:38.800 know. 396 00:24:38.890 --> 00:24:46.270 Anna Delaney: Yeah. I'm going to go for Griffin. That was the 397 00:24:46.270 --> 00:24:49.840 invisible man in H. G. Wells' The Invisible Man. 398 00:24:52.120 --> 00:24:54.340 Mathew Schwartz: Not the mythological beasts with big 399 00:24:54.340 --> 00:24:56.230 claws, but ... 400 00:24:56.290 --> 00:25:01.540 Anna Delaney: No, but that could also work. Well, it's always a 401 00:25:01.540 --> 00:25:04.210 pleasure, team. Thank you very much. I've had great fun! 402 00:25:04.720 --> 00:25:05.500 Suparna Goswami: Thank you, Anna. 403 00:25:06.040 --> 00:25:06.640 Mathew Schwartz: Thanks, Anna. 404 00:25:08.080 --> 00:25:09.910 Anna Delaney: Thank you for watching. Until next time!