The Cyber Why: What We Read This Week...
... and why you should too! (2/17/2023)
It’s been a super busy week for myself and the team at The Cyber Why. My full-time job, travel, tons of meetings, and some great stories that all hit the wire this week made it difficult to get everything written up. My number one story of the week is the launch of Cris Thomas’ (aka Space Rogue) book “How Hackers Known As The L0pht Changed The World”. It is a must-read book. Check out the YouTube link below for an exclusive interview with Space!
Thank you again to Rick Holland for writing a lot of the security section this week! I also want to thank our guest author Namoi Buckwalter for contributing ax exclusive mid-length feel-good story for you all to consume. Check it out at the bottom of the page.
Fool’s Gold: dissecting a fake gold market pig-butchering scam (Sophos - Rick pick)
Renowned journalist, Sean Gallagher, turned Senior Threat Researcher at Sophos, wrote a fascinating deep dive into a brazen "pig butchering" scam. Sean digs into the tactics, tools, and procedures these actors use to "gain the confidence of victims and walk them slowly into giving up their personal savings." Sean shares messages he exchanged with the actors on both Twitter and Telegram; he admitted to being a security researcher, yet this didn't deter the fraudsters. These fraudsters are the scum of the earth, and thankfully, Sean is exposing them. All that glitters is not gold.
Space Rogue: How the Hackers Known As L0pht Changed the World (Amazon)
I had the pleasure of getting a pre-release copy and reading this entire book cover to cover this past weekend. I was drawn to the book primarily because I lived through the entire era myself and was in the orbit of many of the amazing people mentioned in the memoir. A story from humble beginnings, the book follows the author Cris Thomas (aka Space Rogue) from his trailer in rural Maine through his time at the hacker think tank the l0pht and onward. He and his cohorts deliver some of the hacker world’s most memorable moments including connections to a hacker war, incredible senate testimony, and eventually going on to build a corporate version of the L0pht that included some of the most impactful security people in the world. I was also lucky to have Space as a guest this week on the Enterprise Security Weekly podcast. You can watch the entire show here:
Security breach? Don’t blame your employees (TechCrunch - Rick pick)
Last week, we covered the Reddit breach, and I cannot agree more with the sentiment in this follow-up TechCrunch article, "it's not just the responsibility of the employees to keep your startup's data safe." Some tend to victim blame and "user" is often a "four-letter word" used to belittle our colleagues. Instead of victim blaming, we should look in the mirror and question the security program and controls that enabled our colleagues to make mistakes. Blaming the weakest link is a cop-out; we must do better.
Fog of war: how the Ukraine conflict transformed the cyber threat landscape (Google - Rick pick)
Next week marks the first anniversary of Russia's tragic invasion of Ukraine. Google's Threat Analysis Group, Mandiant, and Trust & Safety published an analysis titled "How the Ukraine Conflict Transformed the Cyber Threat Landscape." The report breaks down Russian government-backed attackers, information operations, and cybercrime implications. It is a fascinating read; you can view the full pdf report here.
Russian hackers disrupt Turkey-Syria earthquake relief (The Telegraph - Rick pick)
The Russian-Ukraine war ushered in a new generation of hacktivists. One such group Killnet, which is mentioned in the Google report, has targeted the FBI, US airports, US hospitals, and most recently, NATO. Killnet is a "loose group of pro-Kremlin activists who aim to disrupt military and government websites of countries that support Ukraine with fairly basic DDoS attacks." In their latest attack against NATO, they disrupted Turkey-Syria earthquake relief efforts. People often minimize the DDoS threats from hacktivist groups. If you don't have sufficient DDoS mitigation capabilities, there is nothing "minimal" when your IT and Security teams spin up to conduct incident response.
Rihanna Shines Bright As Celebrity-To-VC Example (Crunchbase News)
Work work work work work… Riri puts on one hell of a halftime show. With about 80% lip-syncing and 0% fear of heights, Rihanna sure did “shine bright like a diamond” this past Sunday evening. Since Rihanna hasn’t put out any new music since 2016, I wasn’t sure what made her relevant any longer. It turns out Robyn Rihanna Fenty is worth over $1.7B with the majority of that coming from her business efforts — Savage X Fenty, Fenty Beauty, and VC investments into numerous startups including Partake Foods and Therabody. While her celebrity VC skills haven’t quite hit the heights of Snoop Dogg or Aston Kutcher, she’s apparently no slouch in the business world.
Hacking The Tax Code (Schneier On Security)
An interesting thought experiment arises in this article by Bruce Schneier. We are feeding AI new words and languages to chew through every single day. Even source code has been run through generative AI algorithms resulting in the ability for ChatGPT to write code, create exploits and find vulnerabilities. In this article, the author explores one simple question — What if we run the entire world’s tax code through a learning algorithm? Would it be able to spit out tax loopholes just like code vulnerabilities? Hmmmm.
How Founders Should Manage Burn Rates During A Recession (Crunchbase News)
The article is super light on exciting content. In fact.. don’t even read it at all. Here’s what you need to know to manage burn rates during a recession. 1. Spend less money. 2. Make MORE money 3. Don’t be a JERK and make sure you communicate with your employees, investors, and team. It’s not like the fundamental laws of business have changed, we just buried them deep down inside for the last decade of free money. (BTW I’m going to check the logs to see how many of you click the link!)
Keanu Will Never Surrender To The Machines (Wired)
I have said this many times publicly. He’s one of the worst actors in Hollywood but he is also one of the best actors at picking amazing movies. The only actor that could come close to this not-so-prestigious title is Nic Cage (who is also HORRENDOUS - I dare you to try to change my mind). However, this article is awesome. It’s a super interesting discussion behind the scenes of John Wick, The Matrix, and the Wachowski brothers. I enjoyed the read even if “Canoe” only has one look — “stupid”.
In this week’s “Special Edition News”, The Cyber Why would like to welcome guest author Namoi Buckwalter. She contributed indirectly to last week’s article list and asked to take a more direct hand this week! She wrote a really compelling mid-length piece below with a great call to action. I’m handing over the final segment to her! Take it away Naomi!
In our feel-good story of the week, @zloirock, the author and sole full-time maintainer of core-js, the most widely-used javascript polyfill library on the internet, made waves in the software and open-source communities when he posted an 11,000-word diatribe/autobiography/appeal on his project’s README page.
Apparently, @zloirock had been toiling away as the literal embodiment of this xkcd comic for over a DECADE, without earning a single Russian red(?) cent from his work:
The sad plot twist, though, is that in January 2020, @zloirock was thrown into a Russian labor prison for 10 months for a freak accident that was 100% not his fault. When he got out, the poor guy faced incredible vitriol from the open-source community for “not keeping the library up-to-date”. Quite understandable, considering that he had been hauling rocks and scrap metal in a labor camp for the past 10 months.
Anyway, back to the story. Our hero (yes, he’s a hero), heroically (yes, I know I’m overusing the word) brought the library back up to standard, and everyone was happy again. But then, he (gasp!) made the awful, completely unreasonable request of asking the community for donations to his project, so, you know, he could eat and feed his family. He even had the gall to ask for-profit enterprise companies that were using his library to pay him for his work.
The backlash was immediate. The “community” drowned the poor man in online hate and ridicule. But our hero was able to ignore it pretty well, up until two days ago, when he posted the README.
In short, @zloirock is out of options. This was his last plea to the community for donations.
And guess what? The community showed up BIG TIME. As of now, @zloirock has collected almost $80,000 in bitcoin from generous donors worldwide. They understand how important his work is to the black box that is Javascript (nay, to all of modern web development - and thus, to the world).
This story is a true testament to the power of community and the generosity of the human spirit. We often forget that real people are pouring their hearts and souls into these projects behind the code we use every day. The fact that @zloirock had to suffer such an unjust fate and then face online vitriol for merely asking for donations is a stark reminder that we need to do better as a community.
So, let's show our support and gratitude to @zloirock and other open-source heroes like him. We can do this by donating to their Patreon, sharing their projects with others, or even just sending them a message of appreciation. Let's make sure that we never take their work for granted and that we recognize the importance of their contributions to the tech industry and beyond. Let's lift up our community and show the world what we're really made of.
If you’ve made it this far you either found my musings at least semi-entertaining OR you enjoyed the pain and kept going regardless. No matter how you made it to this point, you should know that I appreciate you. Please do me a solid and share The Cyber Why with your friends. I would love to reach a bigger audience and referrals are how I’ll do it. Help me out and I’ll see you next week!
Wooow. I disagree. Matt is amazing. Full range of acting from Bourne to that Zoo movie. Homeboy can do it all!
I understand your beef with Keanu and Nick Cage... but neither are as bad as Matt Damon. Jimmy Kimmel got it right: https://twitter.com/THR/status/836072381647040514