The Cyber Why: What We Read This Week...
... and why you should too! (05/12/23)
Hey there! Buckle up because we’ve got hackers trying to convince us that “Birds Aren’t Real,” the Smashing Pumpkins are getting hacked and held for ransom, and a wave of jobless engineers are turning lemons into lemonade by starting up their own gigs. Sounds like a wild ride, doesn’t it? Well, strap in, ’cause that’s what we’ve got lined up for you in this fresh edition of The Cyber Why. Enjoy!
Oh, and a quick reminder – Mother’s Day is this Sunday! Time to shower our moms and the moms of our kids with love and thanks for always being our cheerleaders. Big shoutout to Kelly, my better half, and to my own mom – this week’s TCW is for you! Now, let’s dive into the FUN STUFF!
Booters Kill THOUSANDS of Birds!
The Team of Sleuths Quitly Hunting Cyberattack-for-Hire Services (Wired)
Booters. Those pesky DDoS for hire services that knock your kids offline while gaming, disrupting Internet service to your whole house in the process. There are dozens of these services operating in the wild, and team “Big Pipes” is focused on taking them down. Opposing an enemy they can never fully beat, the researchers and engineers that make up “Big Pipes” are fighting the good fight resulting in arrests and temporary disabling of these offensive services. The question left in my mind is, could (nay should?) we do similar things for tracking down attackers of other shapes and sizes? We have to be careful never to cross the line to vigilante justice, but I’m certain the authorities wouldn’t turn away such appropriate levels of help. You never know what type of damage DDoS can cause.
In some cases, DDOS attacks aimed at a single target could take down entire neighborhoods’ internet connections; disrupt emergency services; or, in one particularly gruesome case, break automated systems at a chicken farm, killing thousands of birds.
Why Not Just Build A Company - It’s SO EASY!
Pink Slips to Pitch Decks: Laid-Off Tech Workers Roll The Dice In Iffy Funding Market To Start Their Own Companies (Crunchbase)
If you’re shown the door at a big tech company in Silicon Valley, kickstart your own startup! It makes sense, right? Plus, if you’ve been part of the FAANG club (Facebook, Apple, Amazon, Netflix, Google), getting your hands on some cash isn’t too tough. And with over 143K tech folks losing their jobs in 2023 alone, it’s a trend that’s catching on fast.
But here’s the kicker the article missed. With all these newbie entrepreneurs jumping into the scene, there’s a big chance it’ll mess with the funding model at this stage. Imagine the market is flooded with so many startups that there’s more supply than demand. It usually means the overall quality takes a nosedive making it almost impossible for investors to allocate funds effectively. Basically, it’s gonna be like hunting for a diamond in a massive pile of coal.
Regulators… MOUNT UP!
The Case for Big Action to Regulate Artificial Intelligence (Chamath Palihapitiya)
Every time people talk about regulation, it somehow turns into a political mudslinging match. But here’s the thing - we can’t just stick our heads in the sand and pretend the whole thing will blow over. Just like hair metal didn’t survive past ’93, we can’t expect the AI craze to just fade away in a flurry of crappy makeup and Aquanet hair spray.
Right now, the US and the whole world are at a serious crossroads. If we get it right, regulation could help us shape the future of tech and put us at the top of the game. But if we screw it up, it could bog us down and stop us from ruling the AI market.
Remember when the Internet was just a baby in the early ’90s. If we’d slapped a bunch of rules on it then, we’d be living in a totally different world now. This article gets into the nitty-gritty of it all - check it out!
This Week In Threat News
FBI disrupts sophisticated Russian cyber espionage operation (Rick pick - Cyber Scoop) Ex-Ubiquiti engineer behind “breathtaking” data theft gets 6-year prison term (Rick Pick - Ars Technica)
This week, the G-Men announced they disrupted nearly 20-year-old Russian FSB malware known as Snake. This action wasn’t the first time Big Brother was authorized to execute commands to remove malware from citizens’ computers, and civil libertarians will no doubt be upset once again. This takedown made for big headlines but also illustrated a disconnect between high-impact, lower-likelihood attacks and what should be at the top of defenders’ threat models. Turla isn’t hacking the entire planet (although sometimes space); they typically focus on espionage targets. Most organizations should prioritize more likely scenarios like opportunistic ransomware or insider threats. Speaking of which, a former Ubiquiti engineer was sentenced for stealing tens of gigabytes of confidential data and then extorting his own company while claiming his actions were an “unsanctioned security drill.” What a defense!
OpenAI’s Launches New Privacy Controls (Read The Fine Print, Conditions May Apply!)
How To Delete Your Data From ChatGPT (Rick pick - WIRED)
OpenAI released its “Personal Data Removal Request form” which grants the power of privacy to the lucky folks living in Europe and Japan. Meanwhile, Americans and others have FOMO whispering, “What about us?” The form allows the chosen ones to erase their personal data from ChatGPT’s responses but not from the training models. OpenAI has also made it possible to delete your chat history to prevent it from being used as training data. Americans are eligible for this. You can check out the Data Controls FAQ here. I find it annoying, I want to be able to exclude my history from being trained upon, but I don’t want to lose all of my chats.
The World Is A Vampire, Sent To Drain Your BTC
Billy Corgan paid ransom to hacker who threatened to leak new Smashing Pumpkins songs (Rick pick - Louder)
Smashing Pumpkins frontman Billy Corgan recently revealed that he paid an undisclosed amount to an extortionist to keep them from leaking nine songs from their new release Atum. A fan tipped Billy off via an Instagram DM. It sounds like a third-party compromise where someone doing the mixing and mastering was compromised and Smashing Pumpkins became the victims. You can check out the KROQ interview (16:25), where Billy discusses it. Musicians are experiencing some unique challenges right now. Extortionists, AI-generated songs, and trivial copyright lawsuits are all major risks. That all being said, I do like this Deep Fake Timbaland Biggie Smalls track, though.
Tyler’s Note: As if his belief in aliens wasn’t weird enough, he had to go and get himself hacked! Here’s a link to A Brief History of Billy Corgan Losing His Goddamn Mind. Also, check out my all-time favorite video of the Smashing Pumpkins below!
If you’ve made it this far, you either found our musings at least semi-entertaining, OR you enjoyed the pain and kept going regardless. No matter how you made it to this point, you should know that we appreciate you. Please do us a solid and share The Cyber Why with your friends. We would love to reach a bigger audience, and referrals are how we do it. Help us out, and we’ll see you next week!