The Cyber Why: What We Read This Week...
... and why you should too! Christmas Edition (12/26/2022)
Happy Holidays to my readers and friends worldwide. This is your Christmas edition of The Cyber Why. While I had hoped to get this out on Christmas day itself, I instead prioritized my family, a few gin based cocktails, and a nap on the couch. Sometimes the non-work side of me wins!
This week in The Cyber Why we complete the Hunt for the Dark Web’s Biggest Kingpin, we hack radio frequencies with a brand new tool, learn how LinkedIn has an amazing approach to building a modern cyber security program, and even find out that a guy that looks like Santa Claus, lives on a deserted island, and talks to mannequins, can live a happy life! Read on for these awesome stories and more - I hope you enjoy!
I forgot to report on these when they first came out but they are such riveting pieces of writing that I would be remiss not to include them in this final news roundup of the year. Thank you Andy Greenberg for writing such interesting and well researched content.
The Hunt for the Dark Web’s Biggest Kingpin, Part 5: Takedown (Wired)
The trap is sprung and the Kingpin taken down. A pretty amazing story with a well rehearsed and executed take down process to ensure that the target’s laptop and phone remained open and online at the time of arrest. This portion of the story details arrest through to an ending I didn’t actually see coming. The telling portion of the story is in the following quote:
After a moment's hesitation, Cazes answered this extended soliloquy with a single question: Were they going to charge him with the “kingpin statute”?
It’s crazy that “Kingpin” status was all he really cared about!
The Hunt for the Dark Web’s Biggest Kingpin, Part 6: Endgame (Wired)
And then it was done… or was it. It seems like no matter when or how a darknet market gets taken down, another one is ready to pop up and take its place. I guess I shouldn’t be surprised. As long as I can remember (and that is a LONG time) there have been dark markets, underground areas of the Internet, and places where nefarious behavior occurs. Heck I used to live in some of those places! At the end of the day, all of the less savory pieces of the world will find a place to thrive - technological advancement spares no one.
Russians Hacked JFK Airport Taxi Dispatch in Line-Skipping Scheme (Wired)
There are a bunch of interesting pieces in this Wired news roundup, but the one that caught my eye was the hacking of the Taxi line. It seems to me like there has got to be something better to hack than the taxi line in NYC. I guess this shows my ignorance as the reported hack was netting “thousands” of line skips a day at $10 a piece. That works out to a really high annual salary for these hackers! </applause>
Hands On With Flipper Zero, the Hacker Tool Blowing Up on TikTok (Wired)
Bringing over the air attacks to the wild. Supposedly easy to use, Flipper Zero is a wireless penetration testing Swiss-army knife. Read, clone, copy, save, all sorts of data flying through the air around you with this fun piece of technology. Back in my younger days I would have been all over this! Someone buy it and tell me what they think in the comments below - Just don’t steal my credit card number please!
LinkedIn Has Massively Cut The Time It Take To Detect Security Threats. Here’s How It Did It (ZDNet)
I read through this article by ZDNet and it lead me to a really great blog post by the LinkedIn Security team entitled “(Re)building Threat Detection and Incident Response at LinkedIn”. The tl;dr of these two pieces is that there is a new way to conduct threat research and incident handling and it consists of a few key things: visibility, context, easy to access raw data and results, and automation. If we can get these things solved we can scale our security programs to amazing new levels. For someone looking to start a cyber security company in 2023, this is a blue print on exactly what to build and how to build it. Great read!
Okta’s source code stolen after GitHub repositories hacked (Bleeping Computer)
I guess after all this time it is possible for a private company to easily open source their software (OK maybe that was a bit too snarky!). Okta has had one hell of a rough year with multiple breaches and disclosures of both source code and customer data happening throughout 2022. My guess is the most recent source code disclosure will result in a few new zero day vulnerabilities being exploited in 2023. Time will tell!
Musk Will Resign as Twitter CEO and Focus on Engineering (MSN)
Musk recently put out a poll on Twitter asking if he should remain as CEO of Twitter. He pledged that he will do whatever the results of the poll demanded. More than 10M votes, and over 57%, said that he should step down from twitter, so as of the this news piece that’s exactly what he plans to do. The real arrogant part of his statement is this quote… talk about an ego!:
“No one wants the job who can actually keep Twitter alive. There is no successor”
Startup Whiplash Hits Some Sectors Harder Than Others (Pitchbook)
The title of this one caught my eye as I thought it might have some interesting datapoints about the valuation ambiguity that is making investing a difficult process. While they didn’t really have that information for me, what they did have was vertically cut metrics on investment activity in the last couple of years. Interesting to see which markets are holding up better than the rest.
What The Heck Happened? The Whiplash Year Of 2022 (Crunchbase News)
I guess “whiplash” is the term to end the year on. CBNews did a piece on the whiplash that was 2022 and with a very different take than PB (see above). The top few stories from each month demonstrate just how quickly we went from overheated exuberance to tepid yet still running waters, and finally to the frozen arctic ocean of recession based investing. Pretty interesting to just cruise over this one for a quick reminder of the year in review.
The Millionaire Who Lost it All and Became a Castaway (The Hustle)
From riches to rags - and apparently never better. This story of a very rich man, David Glasheen, who lost over $30M on paper in the late 80s reminds me that happiness isn’t in the dollars you have, instead it comes from within. After the stock market crash of the late 80’s Glasheen lost everything that meant something to him in his life so he bought a deserted island and moved in. Now apparently he’s happier than ever, 60 pounds lighter, and no longer battling alcoholism. It just goes to show you that life can be simple if you want it to be - although he does have two mannequins that he refers to (and talks to) as his “girlfriends”?! Maybe lost castaway isn’t a lifestyle I want to have after all.
If you’ve made it this far you either found my musings at least semi-entertaining OR you enjoy pain and kept going regardless. No matter how you made it to this point, you should know that I appreciate you. Please do me a solid and share The Cyber Why with your friends. I would love to reach a bigger audience and referrals is how I’ll do it. Help me out and I’ll see you next week!