The Cyber Why: What We Read This Week...
... and why you should too! (9/3/24)
After a long weekend of family time, TCW is back at it again with a new drop!
This week, the TCW team learns about the “Agentic Economy,” debates the Telegram CEO’s arrest, and cries over a city playing the blame game with a researcher. We discuss the issue of cybersecurity delusion and learn one million checkbox lessons in creativity. All this and more in this week’s The Cyber Why!
The Cyber Why POD - Now in 4k! (To be fair, it always has been in 4k and high-quality audio. We’re tech nerds like that.)
TCW Newsletter and the TCW Podcast both have 2024 sponsorship slots remaining! If you are interested in reaching nearly 5k security-minded people a week via direct mail plus nearly 30K views per month, sponsor The Cyber Why. It’s inexpensive - I SWEAR! Email tyler.shields@gmail.com for more information.
WOAH - Agent Smith is BACK!
The Agentic Economy: How Billions of AI Agents Will Transform Our World (Kyle Gomez)
We will open this week’s TCW with a bit of futurism. The article explores the rise of the "Agentic Economy," where autonomous AI agents will handle everything from shopping to complex negotiations on our behalf. These digital minions could transform industries, labor markets, and even our day-to-day lives by making us either incredibly efficient or utterly irrelevant. While the idea of AIs doing our light work sounds appealing, the author also hints at the unsettling possibility of these agents outpacing human control, making decisions that could redefine what it means to work and exist in the economy.
The future of human work in an "Agentic Economy" looks both promising and unsettling. On one hand, AI agents could free us from mundane tasks and boost productivity, giving us more time for creative or meaningful pursuits. On the other hand, these same agents might outcompete humans in many jobs, leading to potential job displacement and a rethinking of what "work" even means. In short, AI might be our new colleague—or our biggest competition. I’d love to hear your thoughts in the comments below!
Telegram’s CEO Is Going To Be Staying In France Longer Than Expected
Telegram CEO Durov placed under formal investigation and banned from leaving France (France24)
Who Is Pavel Durov? Telegram CEO Charged With Multiple Crimes In France (Forbes)
Telegram CEO Pavel Durov’s Arrest Linked to Sweeping Criminal Investigation (WIRED)
(Rick pick) Telegram CEO Pavel Durov is currently under formal investigation in France and facing serious charges related to criminal activities linked to his Telegram platform. French authorities detained him but later released him on €5 million bail. Forbes estimates he has a net worth of $15.5B, so making bail was trivial. The charges against him include enabling illicit transactions, child pornography, drug trafficking, and money laundering. The arrest has caused quite a stir, upsetting free speech and privacy advocates, while others have said this is politically motivated as Durov is a Russian/French dual citizen. Durov has five different passports. $15.5B buys you many nationalities. I know some folks are upset about this. For me, anything potentially disrupting the crime on the Telegram platform is a win. I recognize it's not all bad, but that place is a cesspool for illegal activities. Tracking the cybercriminal underground shift here over the years has been interesting.
Stop Blaming The Researcher - They Aren’t The Problem
Researcher sued for sharing data stolen by ransomware with media (Bleeping Computer)
Columbus investigates whether data was stolen in ransomware attack (Bleeping Computer)
He proved the Columbus data leak hurts the public. Now, the city has silenced him (NBC4i.com)
The City of Columbus, Ohio, has sued security researcher David Leroy Ross for illegally downloading and sharing data stolen by the Rhysida ransomware gang during a July 2024 attack. The lawsuit claims Ross's actions caused community concern and interfered with police investigations, seeking damages over $25,000 and a restraining order to prevent further dissemination of the stolen data. Ross disputed claims that the leaked data was unusable, revealing sensitive information about individuals, including police officers and crime victims.
What a waste of city resources! Money and time are spent chasing down someone doing good for the community by helping them stay educated and informed on the risks of the breach. The city argues that the researcher's actions caused serious public inconvenience and alarm, and the researcher claims he’s simply trying to help. The worst part about this is that the case remains “ongoing,” with a pretrial conference scheduled for September 2025! Yes.. a year away. What a clusterf*&#.
Here’s a link to the court complaint PDF for those who are morbidly interested.
Cybersecurity Is Delusional
Cybersecurity's Delusion Problem (Resilient Cyber)
Cybersecurity lives in a state of constant delusion. We believe that the world revolves around us, and we have a tendency to take an ego-centric view when thinking of the incentive structure of cybersecurity. This thought-provoking article from Chris Hughes at Resilient Cyber sheds light on this and many other intriguing concepts. These cyber earworms have been whispered from the shadows for ages but generally aren’t called out to be debated in the light of day. Approaching topics such as "cybersecurity not being the center of the universe,” “security tools are overhyped,” and “cybersecurity is a big echo chamber,” this article takes aim at an issue we have in our industry concerning misaligned incentives and insufficient consequences. Thanks for writing this piece, Chris. I hope we can get better soon.
One Million Lessons In Creativity
One Million Check Boxes - A Badass Thread (@itseieio)
This fantastic thread on X details a fascinating story about a website called "One Million Checkboxes" (OMCB), where users can check or uncheck boxes globally. The creator initially worried about hacking but discovered that users—mainly creative teens—used the checkboxes to send secret messages, including URLs, by encoding them in binary. This led to the discovery of a Discord group of these teens who creatively used the site to draw and communicate in unexpected ways, highlighting the creative potential of constrained online environments. This is a must-read thread!
Quick Hits and Hidden Gems
TL;DR: Every AI Talk from BSidesLV, Black Hat, and DEF CON 2024 (tl;dr sec) - WOW. If you want to know anything about security and AI, read this post! Fantastic work from the goat of cyber influencers, Clint Gibler.
Investors are already valuing OpenAI at over $100B on the secondaries market (TechCrunch) - To think, I passed on this investment at a $23B valuation. Oops!
If you’ve made it this far, you either found our musings at least semi-entertaining, OR you enjoyed the pain and kept going regardless. No matter how you made it to this point, you should know that we appreciate you. Please do us a solid and share The Cyber Why with your friends. We would love to reach a bigger audience, and referrals are how we do it. Help us out, and we’ll see you next week!
I'm on the AI will be a welcome colleague side of the fence. AI Optimist and big believer that GenAI will augment our skills, may take away some of the tedious tasks that come with many cyber roles, but will still very much need 'humans in the loop'.
I love this blog post from Red Canary that supports my optimism, and especially the graphic showing how their SOC team works with GenAI.
https://redcanary.com/blog/security-operations/genai-security-operations/