Episodes
-
https://www.justsecurity.org/81806/january-6-intelligence-and-warning-timeline/
https://thehill.com/policy/national-security/3686920-secret-service-messages-show-the-knew-crowd-outside-jan-6-rally-was-armed/
https://zetter.substack.com/p/is-the-secret-services-claim-about
https://www.npr.org/2022/07/15/1111778878/secret-service-deleted-messages-january-6-is-that-data-really-gone
https://www.cbsnews.com/news/secret-service-texts-house-january-6-committee-federal-records-act/
-
Big Tech, honey, are you doing okay?
Whether we like it or not, large technology platforms and the for-profit institutions that make them are here to stay in our society and economy. Governments are starting to craft often-overlapping regulations to try and fix the problems that come up, but instead of looking at issues one by one, let's look at these organizations as a whole - fundamentally “grow fast and break things” companies who somehow ended up in shouldering a lot of our national security, growing the international economy, and protecting values that underpin our Western society. How well does big tech help or hinder our security, privacy, and social fabric, and how will that change as the economy slows down?
Show notes:
Twitter:Content moderation & security: Mudge whistleblower complainthttps://techcrunch.com/2022/09/13/twitter-whistleblower-mudge-congress/Deplatforming vs. Echo chambershttps://www.vanderbilt.edu/jetlaw/2021/01/31/the-de-platforming-debate-balancing-concerns-over-online-extremism-with-free-speech/https://www.youtube.com/watch?v=6V_sEqfIL9Qhttps://www.axios.com/2021/12/06/conservative-social-media-crypto-publishing-internetStaffing at Twitterhttps://www.reuters.com/technology/after-elon-musks-ultimatum-twitter-employees-start-exiting-2022-11-18/Radioshack tries to sell off user datahttps://www.washingtonpost.com/news/the-switch/wp/2015/03/26/bankrupt-radioshack-wants-to-sell-off-user-data-but-the-bigger-risk-is-if-a-facebook-or-google-goes-bust/Uber:Uber CISO court case: https://www.csoonline.com/article/3676078/what-the-uber-verdict-means-to-cisos-youre-probably-not-going-to-jail.html
Facebook / Meta:Advisory board / election issueshttps://www.cnn.com/2021/10/05/world/meanwhile-in-america-oct-6-intlBody issues re: instagram https://www.npr.org/2021/10/05/1043194385/whistleblowers-testimony-facebook-instagramOverlapping foreign government action + industrial policyState overlapping privacy lawshttps://www.ncsl.org/research/telecommunications-and-information-technology/state-laws-related-to-internet-privacy.aspx
China data privacy laws / increased balkanization of internethttps://www.ey.com/en_kw/forensic-integrity-services/how-chinas-data-privacy-and-security-rules-could-impact-your-business
Google’s Operation Aurora: https://www.youtube.com/watch?v=przDcQe6n5oCybersecurity in a technology recession (cyber security as compliance)Google being told to cut costs by VChttps://www.businessinsider.com/google-layoffs-cost-cutting-analyst-2022-11
Benefits of security / private attribution, compliance for government contractshttps://www.securityweek.com/google-wins-lawsuit-against-glupteba-botnet-operatorsFTXhttps://www.forbes.com/sites/ninabambysheva/2022/11/21/ftx-hacker-moved-nearly-200-million-of-ether-to-different-wallets/https://www.cnn.com/2022/11/18/investing/ftx-bahamas-seizure -
Missing episodes?
-
Minister Cina Lawson, Togo's Minister of Digital Economy and Transformation, joins Cyber.RaR for a special episode. In her role leading Togo's digital transformation, Minister Lawson oversaw rapid digital service penetration within Togo, the first deployment of 5G in West Africa, and an innovative mobile cash distribution solution for Covid-19 relief. Minister Lawson discusses the tradeoffs between growing a local cyber talent workforce and hiring experts, how Togo has sustained good security hygiene despite rapid increases in digital service provision and access, and how her team's innovative approach is derived from human-centric principles.
-
Worried about a nuclear war with Russia? Maybe you SHOULD be worried about beluga whales. Let’s dive in (pun intended) on why. This week on Cyber.RAR, we discuss global infrastructure in the form of undersea cables transmitting data through light traveling along silicon tubes - and how fragile these systems really are. We discuss how to monitor and defend these cable networks given how massive and interconnected they are and how geography and technology factor into strategic decision-making about espionage and cyber-enabled attacks. We conclude the episode with a tribute to Secretary of Defense Ash Carter and his tremendous impact on the Kennedy School and the nation.
Relevant Sources:
https://www.submarinecablemap.com/
https://www.nytimes.com/interactive/2019/03/10/technology/internet-cables-oceans.html
https://www.theatlantic.com/international/archive/2013/07/the-creepy-long-standing-practice-of-undersea-cable-tapping/277855/
https://www.atlanticcouncil.org/in-depth-research-reports/report/cyber-defense-across-the-ocean-floor-the-geopolitics-of-submarine-cable-security/
-
Bloomberg - FTC Sues Mobile Data Broker Over Abortion Location Data Sale https://www.bloomberg.com/news/articles/2022-08-29/ftc-sues-mobile-data-broker-over-abortion-location-data-sales?sref=P6Q0mxvj&leadSource=uverify%20wall
Vice - Data Broker Is Selling Location Data of People Who Visit Abortion Clinics https://www.vice.com/en/article/m7vzjb/location-data-abortion-clinics-safegraph-planned-parenthood
Forbes - Black Lives Matter Protestors Tracked by Secretive Phone Location Technology https://www.forbes.com/sites/zakdoffman/2020/06/26/secretive-phone-tracking-company-publishes-location-data-on-black-lives-matter-protesters/?sh=77520f5f4a1e
AP - Tech Tool Offers Police ‘Mass Surveillance on a Budget’ https://apnews.com/article/technology-police-government-surveillance-d395409ef5a8c6c3f6cdab5b1d0e27ef
AP - Across the US, Police Offers Abuse Confidential Databases https://apnews.com/article/699236946e3140659fff8a2362e16f43
Wired - WhatsApp Has Shared Your Data with Facebook for Years Actually https://www.wired.com/story/whatsapp-facebook-data-share-notification/
Gizmodo - Rights Groups Say the Pentagon is Buying its Way Around the Fourth Amendment https://gizmodo.com/rights-groups-say-pentagon-buys-freedom-from-fourth-ame-1849604210
Gizmodo - The American Data Privacy Act Would Be a Bipartisan Triumph - If It Could Pass https://gizmodo.com/can-american-data-privacy-protection-act-pass-1849413911
Gizmodo - Congresswoman Urges FTC to Investigate Newly Revealed Police Software Surveilling Americans’ Movements https://gizmodo.com/congresswoman-ftc-to-investigate-fog-data-science-softw-1849547432
Brookings - The FTC Can Rise to the Privacy Challenge, but Not Without Help from Congress https://www.brookings.edu/blog/techtank/2019/08/08/the-ftc-can-rise-to-the-privacy-challenge-but-not-without-help-from-congress/
Berkman Klein Center and Minnesota Law Review - Understanding Chilling Effects https://cyber.harvard.edu/story/2021-06/understanding-chilling-effects
PEN America - Chilling Effects: NSA Surveillance Drives US Writers to Self-Censor https://pen.org/research-resources/chilling-effects/
-
AI-enabled security can process data faster and more accurately than humans, but can it tell the difference between turtles and rifles? We answer this question and more as we cover AI-enabled cybersecurity for network defense, insider threat, and user privacy, including considering whether AI ethics are simply business ethics. We also discuss asymmetric uses for nation-states on both offensive and defensive postures and AI-enabled malware and social engineering. Dani concludes with a deep dive into "Fog Reveal" a law enforcement cellphone tracking tool that'll make you squirm.
The Verge - Google's AI Thinks Turtles are Rifles: https://www.theverge.com/2017/11/2/16597276/google-ai-image-attacks-adversarial-turtle-rifle-3d-printedForbes - Ukrainian Drones Strike Russian Artillery: https://www.forbes.com/sites/davidaxe/2022/09/02/ukraines-drones-are-back-and-blowing-up-russian-artillery/?sh=71b8f8946b8fDefenseNews - Torch.AI wins DoD Contract for Insider Threat Detection: https://www.defensenews.com/cyber/2022/08/15/torchai-wins-pentagon-insider-threat-cybersecurity-contract/Lawfare - AI and National Security: https://www.lawfareblog.com/recent-developments-ai-and-national-security-what-you-need-knowOxford Internet Institute ‘Trusting Artificial Intelligence in Cybersecurity is a Double-Edged Sword’National Security Commission on Artificial Intelligence Final Report: https://www.nscai.gov/wp-content/uploads/2021/03/Full-Report-Digital-1.pdfAP Report on Fog Reveal: https://apnews.com/article/technology-police-government-surveillance-d395409ef5a8c6c3f6cdab5b1d0e27ef -
What do Cryptocurrency and the 90's have in common? Easily exploitable bugs and also Paris Hilton, apparently.
We cover the state of regulation and cybersecurity within the blockchain and cryptocurrency space - covering environmental, democratization, and equity concerns, as well as user vs. system security, code audits and minimum standards. Corinna Fehst (MPP'18 and crypto strategy expert) makes a surprise guest appearance. Bethan talks about whether you should post your laptop screen on BeReal [spoiler alert, please don't].
Show Notes:
Corinna Fehst: https://www.belfercenter.org/person/corinna-fehstSecurity:Scams:Reports show scammers cashing in on crypto craze | Federal Trade CommissionEmbattled crypto lender Celsius is a 'fraud' and 'Ponzi scheme,' lawsuit allegesExploiting vulnerabilities in smart contracts/wallets/code:Nomad crypto bridge loses $200 million in ‘chaotic’ hack - The VergeSolana Wallet Hack: Here’s What We Know So Far - DecryptNumber of Blockchain Hacks on the RiseMoney laundering / enabler of illegal activity:U.S. seizes $2.3 mln in bitcoin paid to Colonial Pipeline hackers | ReutersFBI Seizes $500,000 Ransomware Payments and Crypto from North Korean HackersDeFi Is the Wild West of Banking and Investing. Here's What Crypto Investors Should KnowCrypto Crime Trends for 2022: Illicit Transaction Activity Reaches All-Time High in Value, All-Time Low in Share of All Cryptocurrency Activity - ChainalysisMid-year Crypto Crime Update: Illicit Activity Falls With Rest of Market, With Some Notable Exceptions - Chainalysishttps://www.cnbc.com/2022/05/18/china-is-second-biggest-bitcoin-mining-hub-as-miners-go-underground.html -
Good WashPo article: A new era of industrial policy kicks off with signing of the Chips ActGeneral relationship between semiconductors/cyber: Cybersecurity and Semiconductors: How are they related? Helpful article for context: How the 'chips-plus' bill grew by nearly 1,000 pages - Roll CallRead “Discussion of the CHIPS Act Section: The US CHIPS Act.From Grace - AAPI Amendment that was removedSkim DoD Statement for the national security angle (re microelectronics): CHIPS Act Advances DOD's Emphasis on MicroelectronicsChips Act Summary by the Department of CommerceIndustry Matching of Chips ActBloomberg's "The Big Hack - How China Used a Tiny Chip to Infiltrate US Companies""Bloomberg Stands Firm as Story Denials Mount"AAPI Profiling amendment that was removed from the CHIPS Act
-
Michaela dives deeper into the nexus of cyber and vulnerable populations through an interview with Eva Galperin, the Director of Cybersecurity at the Electronic Frontier Foundation (EFF). Listen in on our conversation about stalkerware, privacy, and activism! Listen to the end of the episode to hear what the Cyber.RAR team is up to (plus the prospect of Season 2!?). If you'd like to reach out to us, send an email to [email protected]!
Girls Lean Back Everywhere: The Law of Obscenity and the Assault on Genius: https://en.wikipedia.org/wiki/Girls_Lean_Back_Everywhere
Maryland SB 134: https://www.eff.org/deeplinks/2022/04/victory-maryland-police-must-now-be-trained-recognize-stalkerware
Resources for vulnerable populations:
--EFF: https://www.eff.org/pages/tools
--Access Now: https://www.accessnow.org/help/
--Department of Homeland Security: https://www.ready.gov/cybersecurity
--Consumer Reports: https://securityplanner.consumerreports.org/
-
How do we better protect our most vulnerable populations from cyber incidents? Michaela leads the conversation and posits that instead of thinking about it as a domain of war, we should use a climate analogy to think about the increasing vulnerability of our digital ecosystem. This could help us understand the disaggregated impacts on different communities and change the way we think about building resilience. If you'd like to reach out to us, send an email to [email protected]!
Dusseldorf University Hospital Ransomware Attack: https://www.wired.co.uk/article/ransomware-hospital-death-germany
CISA alert on the increased threat of ransomware: https://www.cisa.gov/uscert/ncas/alerts/aa22-040a
Darknet Diaries Episode: https://darknetdiaries.com/transcript/106/
Cuckoo’s Egg: https://en.wikipedia.org/wiki/The_Cuckoo%27s_Egg_(book)
Resources for vulnerable populations:
--EFF: https://www.eff.org/pages/tools
--Access Now: https://www.accessnow.org/help/
--Department of Homeland Security: https://www.ready.gov/cybersecurity
--Consumer Reports: https://securityplanner.consumerreports.org/
-
Eric Rosenbach, Co-Director of the Belfer Center and Former Chief of Staff of the Pentagon, joins Cyber.RAR to talk about the major roadblocks facing innovation within the Department of Defense. Eric, Bethan, and Sophie dive into the challenges facing talent management in national security, overcoming the DoD's aversion to innovative risk-taking, and why the DoD still doesn't have central cloud computing.
Eric Rosenbach Bio: https://www.hks.harvard.edu/faculty/eric-rosenbach
https://www.dds.mil/about
https://www.defense.gov/News/News-Stories/Article/Article/2327021/diu-making-transformative-impact-five-years-in/
-
Bethan and Sophie explore why it's so hard to get innovative digital technologies into the Defese Department. The discussion starts with JEDI (and no, not from Star Wars) and covers the challenges facing the defense innovation ecosystem and how a new aqusitions playbook is needed for software and cyber capabilities. Grace shares their experience working with technology as an Army Signal Officer and Winnona asks some tough questions about the DoD procurement and contracting process. Get ready for a few Star Wars puns!
https://aida.mitre.org/dod-innovation-ecosystem/
https://www.diu.mil/about https://innovation.defense.gov/
https://techcrunch.com/2021/11/19/pentagon-announces-new-cloud-initiative-to-replace-ill-fated-jedi-contract/
https://www.nationaldefensemagazine.org/articles/2022/1/26/silicon-valley-takes-on-the-valley-of-death
https://www.fedscoop.com/list/7-cloud-programs-leading-the-way-in-government/
https://dl.dod.cyber.mil/wp-content/uploads/dces/pdf/GeneralCESFAQs.pdf https://aida.mitre.org/ota/
-
Grace continues the conversation on so-called hacktivism and the future landscape of cyber activism with Bruce Schneier, author of the book 'Data and Goliath,' and fellow and lecturer at Harvard Kennedy School.
Bruce Schneier website and bio: https://www.schneier.com/
-
Grace asks the question: Political Hacktivism (Hacking + Activism), chaotic good or chaotic evil? What even counts as activism versus terrorism in cyberspace? Is it simply ideological or is it normative? And looking forward, what does the second rise of hacktivism mean for the global order?
-
Winnona continues her exploration of cyber mercenaries by interviewing three experts: Sophia D'Antoine & Dave Aitel, two professionals in the offensive security industry, and Sean McFate - an expert on private military contractors.
Cyber policy papers: https://docs.google.com/spreadsheets/d/1pnISykZe1nn1wwWBJRiaxYaqDoj4ADeBtsoUL41Hw2Y/edit?usp=drive_web&ouid=116612216017356103570
The Modern Mercenary: https://www.amazon.com/Modern-Mercenary-Private-Armies-World/dp/0199360103
-
Winnona asks: how does one regulate an industry that operates so far in the shadows? This is a major problem in the hack for hire industry, and something we’re going to try and tackle on our podcast episode today on Cyber.RAR. We will be looking at what it looks like to be selling hacking capabilities to governments, what the nuances within the space are, and what concerning trade-offs we’re making that governments may not understand but industry does.
Show Notes: NSO: https://www.zdnet.com/article/commerce-dept-sanctions-nso-group-positive-technologies-and-more-for-selling-spyware-and-hacking-tools/
https://www.apple.com/newsroom/2021/11/apple-sues-nso-group-to-curb-the-abuse-of-state-sponsored-spyware/
https://www.theverge.com/2021/12/21/22848485/pegasus-spyware-jamal-khashoggi-murder-nso-hanan-elatr-new-analysis
https://citizenlab.ca/2016/08/million-dollar-dissident-iphone-zero-day-nso-group-uae/
https://www.theguardian.com/us-news/2021/nov/08/nso-israeli-spyware-company-whatsapp-lawsuit-ruling
https://www.wired.com/story/nso-group-forcedentry-pegasus-spyware-analysis/
https://citizenlab.ca/2018/11/mexican-journalists-investigating-cartels-targeted-nso-spyware-following-assassination-colleague/
Offensive Cyber Capabilities https://www.atlanticcouncil.org/in-depth-research-reports/issue-brief/a-primer-on-the-proliferation-of-offensive-cyber-capabilities/ Coseinc: https://risky.biz/RB310/
-
Dani explores the cyber escalation fallacy and the evolution of cyberwarfare strategies with Erica Lonergan, Assistant Professor in the Army Cyber Institute, Research Scholar at the Saltzman Institute of War and Peace Studies and former Senior Director on the U.S. Cyberspace Solarium Commission.
Cyber Escalation Fallacy: https://www.foreignaffairs.com/articles/russian-federation/2022-04-15/cyber-escalation-fallacy
History of Russian Cyber Strategy: https://www.boozallen.com/c/insight/publication/the-logic-behind-russian-military-cyber-operations.html
-
Dani asks: how does cyber fit into modern warfare strategies? How have cyber strategies evolved in the last two decades, what can we learn from the uses of cyber capabilities in Russia's invasion of Ukraine, and how should the U.S. evolve its cyberwarfare strategy going forward? We will be exploring myths of cyberwarfare strategy - like the escalation of cyber offense into kinetic warfare - and examining where and why cyberwarfare has been effective or ineffective.
History of Russian Cyber Strategy: https://www.boozallen.com/c/insight/publication/the-logic-behind-russian-military-cyber-operations.html
-
Meet Michaela, Grace, Winnona, Bethan, Sophie, and Danielle and hear why they came together to record a limited podcast series on cyber policy issues. They dive into some nuances and laugh with each other throughout the process. Hope you enjoy!
Harvard Reading and Research Credits https://www.hks.harvard.edu/educational-programs/courses/course-registration