CyberWire Daily - Alleged leaked files expose a dirty secret.
Episode Date: May 29, 2024An alleged leak of Google’s search algorithm contradicts the company’s public statements. German researchers discover a critical vulnerability in a TP-Link router. Breachforums is back…maybe. ...The Seattle Public Library suffers a ransomware attack. A Georgia man gets ten years for money laundering and romance scams, and the Treasury department sanctions a group of botnet operators. 44,000 individuals are affected by the breach of a major U.S. title insurance company. Microsoft describes North Korea’s Moonstone Sleet. Advocating for a more architectural approach to cybersecurity. Maria Varmazis speaks with WiCyS Executive Director Lynn Dohm and a panel of N2K experts about the 2024 Cyber Talent Study. A cracked password results in a multimillion dollar windfall. Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Learning Layer On our Learning Layer segment, host Sam Meisenberg and Joe Carrigan continue their discussion of Joe's ISC2 CISSP certification journey using N2K’s comprehensive CISSP training course, CISSP practice test, and CISSP practice labs. Sam and Joe dive into Domain 6: Security Assessment and Testing and tackle the following question together: You are hiring a vendor to perform a penetration test that would simulate a breach from an insider threat. What type of test would be BEST to perform? Blue Box Black Box White-hat hack White box CyberWire Guest Maria Varmazis, N2K host of T-Minus Space Daily, talks with WiCyS Executive Director Lynn Dohm and N2K's Simone Petrella, Dr. Heather Monthie, and Jeff Welgan about the 2024 Cyber Talent Study. You can find out more about the study here. Selected Reading Google won’t comment on a potentially massive leak of its search algorithm documentation (The Verge) Update TP-Link's Archer C5400X router now to fix remote takeover vulnerability (TechSpot) Data leak site BreachForums is back, boasting Live Nation/Ticketmaster user data. But is it a trap? (Malwarebytes) Ransomware attack on Seattle Public Library knocks out online systems (The Record) Man Sentenced for Laundering Over $4.5M Obtained from Business Email Compromise and Romance Fraud Schemes (United States Department of Justice) Treasury Sanctions a Cybercrime Network Associated with the 911 S5 Botnet (United States Department of Treasury) First American December data breach impacts 44,000 people (Bleeping Computer) Moonstone Sleet emerges as new North Korean threat actor with new bag of tricks (Microsoft Security Blog) Cybersecurity at a crossroads: Time to shift to an architectural approach (CSO Online) How Researchers Cracked an 11-Year-Old Password to a $3 Million Crypto Wallet (WIRED) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K. of you, I was concerned about my data being sold by data brokers. So I decided to try Delete.me.
I have to say, Delete.me is a game changer. Within days of signing up, they started removing my
personal information from hundreds of data brokers. I finally have peace of mind knowing
my data privacy is protected. Delete.me's team does all the work for you with detailed reports
so you know exactly what's been done. Take control of your data and keep your private life Thank you. JoinDeleteMe.com slash N2K and use promo code N2K at checkout.
The only way to get 20% off is to go to JoinDeleteMe.com slash N2K and enter code N2K at checkout.
That's JoinDeleteMe.com slash N2K, code N2K. An alleged leak of Google's search algorithm contradicts the company's public statements.
German researchers discover a critical vulnerability in a TP-Link router.
Breach Forums is back? Maybe.
The Seattle Public Library suffers a ransomware attack.
A Georgia man gets 10 years for money laundering and romance scams. And the Treasury Department
sanctions a group of botnet operators. 44,000 individuals are affected by the breach of a
major U.S. title insurance company. Microsoft describes North Korea's Moonstone sleet.
Microsoft describes North Korea's Moonstone sleet.
Advocating for a more architectural approach to cybersecurity,
Maria Vermasas speaks with WSIS Executive Director Lynn Dome and a panel of N2K experts about the 2024 Cyber Talent Study.
And a cracked password results in a multi-million dollar windfall. It's Wednesday, May 29th, 2024.
I'm Dave Bittner,
and this is your CyberWire Intel briefing. Thanks again for joining us here today.
It is great to have you with us.
A significant leak of 2,500 internal Google documents
reveals detailed insights into how the company's search algorithm
functions, contradicting Google's long-standing public statements. SEO expert Rand Fishkin,
who received the documents, claims they show Google has misled the public about its ranking
processes. The documents detail Google's search API and data collection practices,
offering technical insights valuable to developers and SEO professionals.
Key revelations include discrepancies about the use of Google Chrome data in rankings
and the role of EEAT, that's experience, expertise, authoritativeness, and trustworthiness.
Despite Google's claims that Chrome data isn't used for ranking and EEAT isn't a ranking factor,
the documents suggest otherwise.
They show Google tracks author data, which may influence search results,
contrary to Google's public statements.
This leak challenges Google's claimed transparency,
showing a complex secretive system influencing web content
and sparking calls for more critical examination of Google's claims
by journalists and the SEO industry.
The U.S. government's antitrust case against Google adds to this scrutiny,
highlighting the need for greater accountability
in how Google operates its search engine. Security researchers from German cybersecurity
firm OneKey have discovered a critical vulnerability in TP-Link's Archer C5400X router
with a maximum severity score of 10. The flaw in the RF test network service allows remote unauthenticated attackers
to execute arbitrary commands, compromising the device completely.
Exploiting this vulnerability can let hackers inject malware or use the router for further attacks.
TP-Link has released a patched version,
and users should update their firmware immediately
to secure their routers from potential exploitation. The notorious data leak site Breach Forums is back
online after being seized by law enforcement. The site, including its dark web domain, has raised
suspicions about whether it is a genuine revival or a law enforcement trap.
The new administrator, using the handle ShinyHunters, associated with previous breaches,
posted a dataset for sale, allegedly from Live Nation and Ticketmaster.
However, this dataset was also offered on another forum by a user named Spider-Man Data, which has raised some doubts.
The dataset's size and the new requirements for user registration further fuel skepticism.
The true operators behind the site remain unclear.
A ransomware attack on the Seattle Public Library has disrupted services,
A ransomware attack on the Seattle Public Library has disrupted services,
including the wireless network, staff and patron computers, and the online catalog.
The incident began on Saturday, just as the library planned maintenance.
Serving nearly 800,000 residents across 27 branches, the library has taken all systems offline and contacted law enforcement.
There is no recovery timeline yet.
Libraries remain open and lending of books and other materials is happening manually.
This attack is part of a larger trend with libraries worldwide targeted by ransomware gangs.
Previous victims include the British Library and Toronto Public Library.
gangs. Previous victims include the British Library and Toronto Public Library. In response,
some U.S. officials have proposed a program to improve library cybersecurity.
A Georgia man, Malachi Mullings, was sentenced to 10 years in prison on federal charges for laundering over $4.5 million from business email compromise and romance fraud schemes. Mullings, 31, used 20
bank accounts under a sham company, the Mullings Group LLC, to launder the fraud proceeds from 2019
to 2021. The schemes targeted a health care benefit program, private companies, and elderly victims.
care benefit program, private companies, and elderly victims. Mullings and his co-conspirators concealed the fraud proceeds and bought luxury items, including a Ferrari. He pleaded guilty
in January 2023 to conspiracy to commit money laundering and multiple money laundering offenses.
Meanwhile, the U.S. Treasury's Office of Foreign Assets Control has sanctioned three individuals, Yun Wang, Jingpin Liu, and Yanni Zhang, for their involvement with the malicious 911-S5 botnet.
This botnet comprised 19 million IP addresses, enabling cybercriminals to hide their activities, including fraudulent claims under the CARES Act and
bomb threats. OFAC also sanctioned three entities, Spicy Code Company Limited, Tulip Biz Pattaya
Group Company Limited, and Lily Sweets Company Limited, controlled by Wang. The individuals
used the botnet's proceeds to purchase luxury items and real estate.
These actions, taken in collaboration with international partners,
highlight the ongoing efforts to disrupt cybercriminal activities
and the associated money laundering risks in the real estate industry.
The OFAC sanctions freeze all U.S. assets of the alleged perpetrators and their entities,
blocking access to U.S. assets of the alleged perpetrators and their entities, blocking access to U.S. financial
systems. U.S. persons are prohibited from transactions with them, and secondary sanctions
risk deters international business. These actions aim to disrupt the 911-S5 botnet's operations,
cut off illicit activities, and damage their reputations. Violations of these sanctions
can result in severe legal and financial penalties, effectively isolating the designated parties
globally. First American Financial Corporation, the second largest U.S. title insurance company,
disclosed a December cyberattack that affected 44,000 individuals.
Founded in 1889, the California-based firm offers financial services for real estate transactions,
employs over 21,000 people, and earned $6 billion in revenue last year.
The breach, revealed in a May 28 SEC filing, exposed personal data.
First American will notify and offer free credit monitoring to those affected.
The breach came after the company settled a $1 million penalty for a 2019 data exposure incident.
Microsoft has identified Moonstone Sleet, a new North Korean threat actor,
targeting companies with financial and cyber espionage attacks.
Formerly known as Storm 1789,
Moonstone Sleet uses techniques common to North Korean actors,
but also employs unique methods.
These include setting up fake companies and job opportunities,
using trojanized tools, creating malicious games,
and delivering custom ransomware.
Initially overlapping with DiamondSleet,
MoonstoneSleet has since established its own infrastructure and attack strategies.
Microsoft's report details these tactics and offers recommendations for defense.
An editorial in CSO Online from John Olczyk
advocates for a shift in cybersecurity towards an architectural security approach.
This means large organizations must move from product-centric solutions
to a cohesive, scalable framework built on cloud-native technologies
like containers, serverless functions,
and APIs. This transition will enable better handling of the increasing complexity and volume
of security operations. Research shows 45% of cybersecurity professionals find their jobs
more challenging now than two years ago. Challenges include a growing attack surface,
evolving threats, more security alerts, and large data volumes.
Cloud-native apps and new devices will further increase vulnerabilities.
AltSync says generative AI will assist with basic tasks
but also enable more sophisticated attacks.
Effective data management and automation will be crucial.
Many organizations will rely on managed security service providers
to maintain advanced security architectures.
Collective defense and cooperative security efforts will become more common
with new companies emerging to support this approach. Coming up after the break, Sam Meisenberg and Joe Kerrigan continue their
discussion of Joe's ISC2 CISSP certification journey. Maria Vermazes speaks with WSIS
Executive Director Lynn Dohm and a panel of N2K experts about the 2024 Cyber Talent Study.
Stay with us.
Transat presents a couple trying to beat the winter blues.
We could try hot yoga.
Too sweaty. We could go skating. Too blues. We could try hot yoga. Too sweaty.
We could go skating.
Too icy.
We could book a vacation.
Like somewhere hot.
Yeah, with pools.
And a spa.
And endless snacks.
Yes!
Yes!
Yes!
With savings of up to 40% on Transat South packages,
it's easy to say, so long to winter.
Visit Transat.com or contact your Marlin travel professional for details.
Conditions apply. Air Transat.com or contact your Marlin travel professional for details. Conditions apply.
Air Transat. Travel moves us.
Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs,
we rely on point-in-time checks.
But get this, more than 8,000 companies like Atlassian and Quora have continuous visibility
into their controls with Vanta. Here's the gist. Vanta brings automation to evidence collection
across 30 frameworks, like SOC 2 and ISO 27001.
They also centralize key workflows like policies, access reviews, and reporting,
and helps you get security questionnaires done five times faster with AI.
Now that's a new way to GRC.
Get $1,000 off Vanta when you go to vanta.com slash cyber.
That's vanta.com slash cyber for a thousand dollars off. And now a message from Black Cloak. Did you know the easiest way for cyber
criminals to bypass your company's defenses
is by targeting your executives
and their families at home?
Black Cloak's award-winning
digital executive protection platform
secures their personal devices,
home networks,
and connected lives.
Because when executives
are compromised at home,
your company is at risk.
In fact,
over one-third of new members
discover they've already been breached. Protect your executives and their families 24-7, 365
with Black Cloak. Learn more at blackcloak.io.
Maria Vermazes, N2K host of T-Minus Space Daily,
recently spoke with WESIS Executive Director Lynn Dohm and a panel of N2K experts, including Simone Petrella,
Dr. Heather Munthe, and Jeff Welgen,
all about the 2024 Cyber Talent Study.
One of the biggest challenges that we have in the profession,
and we talk about cyber workforce as an industry,
is around data collection.
And so there's lots of opportunities to sort of understand
and collect data on, you know, what positions are out there
or how many openings are there for jobs.
But where you start to, I think one of the things
that was most exciting to us
is that with working with WSIS,
you can look at that external data
around what are the roles people are filling in,
what are they in?
But then you're now looking at,
you're collecting another data input
around the performance of the individuals themselves
and you can compare them against that role.
And so that's really powerful
because you're turning pure data collection
into insights that like the individual members can use
to understand where they want to go.
But then we as organizations
can kind of get a better sense of
what is the impact of these for, you know,
of where women go?
How do we think about how to keep them in the field?
What does that pathway look like?
So that's just, you know, data.
Everyone likes to talk about data
and machine learning and AI, but that's where it really becomes compelling. Yeah. And organizational
change can happen after that point. Yeah. Go ahead, Lynn. Yeah. And another great, and thank
you for this, Simone, is because another great area for us as a nonprofit sitting in this space
is it helps us identify areas of growth opportunity and some gaps and how could we as a
nonprofit build programs to help bridge that gap and help overcome some of those challenges that
are identified here. So not only is an opportunity for our RECIS members to participate in the actual
assessment and study, but also as a way for us as a nonprofit to be able to develop very intentional programming for helping overcome some of the challenges.
Fantastic.
And members of WSIS and people who took this specific study, one could argue that they're more career motivated.
They, in a way, sort of self-selected, one could say. But at the same time, I imagine we could also extrapolate the findings from this study and think about how it can apply to women across the cyber workforce in general.
I'm just curious, any thoughts on that? Maybe, Heather, I haven't heard as much from you. Maybe
any thoughts on that there? Yeah, I think this goes to show just that,
you know, when we're looking at recruiting, attracting, and retaining cybersecurity talent,
when you're trying to build a diverse team,
you've got to look at some of the things that make qualified applicants self-select out.
So out of that hiring process, right?
And so while we see in this diagnostic,
we see in the data that women are excelling in a lot of different areas
within cybersecurity. But when we start putting out job descriptions where we're looking at
a level one or level two analyst type of role, and we're listing out 15, 20 different pieces
of software they want to have somebody to have experience with, and maybe the mindset is,
let's just put this out there and
see what we get. Let's see who applies. The issue is that women look at that in general,
women look at that and go, I don't meet 100% of these requirements, so I'm not even going to
bother applying. And so they self-select out. So by really understanding sort of where the
workforce is, where we see the strong points of the women in
cybersecurity members, the WSIS members, and then really having that understanding of how we do our
hiring process when we're looking at, okay, we need to get more people in the door. We need to
get more people, more qualified people applying for these jobs. How do we do that? So what can
we change about our recruiting process? What can
we change about our job description so that they're more attractive to the right people
versus we're just going to shoot for a unicorn and see what we get? Yeah. Yeah. It's a familiar
issue in not just in cyber, but in a lot of tech world jobs as well, that whole unicorn hunting
phenomenon. So a question to the group.
I'm always curious when we do studies like this about things that might have surprised you
from the results.
Anyone find anything surprising from these results
that you were really just like,
wow, that's interesting?
Jeff, was that you?
Yeah, yeah.
I mean, well, one,
I think the outperformance was surprising.
I think this is not an easy diagnostic. It's very difficult. So to see
across all NICE categories was surprising. You'd expect maybe, you know, some here and some there,
but 100% that was surprising. I think the other thing that leaves me questioning and hungry for
more information is around the representation. Because when we
looked at the representation of WSIS members who took this and we're asking them, well, what
field or what functional area do you associate with? We see really low representation in
operational technology and engineering and in data engineering and analytics. Now, you could make an argument that maybe those are smaller functional fields in cybersecurity,
so maybe the smaller representation there correlates to just the broader cybersecurity
field.
I don't think, I don't know, but I don't think that's the case.
We only had three members in our 399 participants who identified in operational
technology and engineering. And we're talking about ICS SCADA systems. And, you know, just
based on experience, you know, working with people in those roles, they're male-dominated
subsets of the field. So I'm really interested in, you know, figuring out that a little bit more and just kind of learning a little bit more about how, you know, is that true?
Do we have a real big deficit in those areas?
And if so, what can we do to help promote more diversity in these niche parts of the cybersecurity industry?
niche parts of the cybersecurity industry. That's a great point. That makes me think of a whole bunch of possible cultural reasons that could contribute to that. But I won't conjecture since
it's not my study. Yeah. But Simone, I see that you wanted to add something as well.
Yeah. Well, one thing that surprised me and yet didn't surprise me at the same time was we obviously saw a kind of a really high volume
of respondents that identified as more junior in their roles.
And that was, you know, across the board,
especially in technical roles.
And I will caveat this to say,
it's hard to tell from the data,
whether because we had a separate management
and leadership category,
whether everyone kind of flowed over there.
But it did strike me to see how much the levels of technical identification in roles that are technical in nature, like at the junior level, like it started to drop off.
And we saw less and less representation at the mid and senior levels. And I know something that Lynn and I have talked about and Wises is incredibly reason I found that so interesting is because it's not only around the membership and the women who
are part of WESIS, but it's about all those corporate partners and like the industry that
and the ecosystem that surrounds it to say, what do we do? What do we now need to do? Or what do
we need to promote so that organizations are prepared to support the development of individuals and women in particular and anyone in a minority once they're on that career journey?
And that's not just support in technical training or career pathing.
All those are important, too.
But then what are the cultural implications?
How do you prevent them from wanting to step away potentially from
the workforce? Yeah, it's sort of like once we're trying to get people through the door,
but once they're in, what happens next? And people kind of go, I don't know, not much left for me
there. Yeah, Lynn, please go ahead. You're having these conversations every day. So I'm so curious
to hear your thoughts. Yeah, and that's why it's really important to have more data and to be able
to dig in deeper into this information is for our employer partners to really put intentional actions in place to, you know, to avoid these pitfalls that women are experiencing in their career.
And to piggyback on our state of inclusion assessment, it is showing that women are experiencing that glass ceiling around six to
10 years within their career. So what are we doing to overcome these challenges? And now we have data
to help support what we've always heard, you know, what we've always heard all along. And now we
finally have some data and some real good, valuable insights to share with others so that we could
start, you know, making a difference.
So follow-up question for you, Lynn, then. Recommendations to organizations. And we've
touched on this a little bit, but truly, I mean, this is not on an individual to take on and be
like, I'm going to change everything. We need organizations to really step up and make some
big changes. So what do organizations need to know? Organizations need to listen to this podcast and to understand that this is a launching
pad.
Like this is an opportunity for them to take the information from the Cyber Talent Study
and utilize it as a tool.
And to be able to understand that these are the main areas and pinpoint those challenges
and to start really having these conversations about what are we going to look at our internal
talent to ensure that they're not stuck in these common pitfalls that are being identified.
Also, if you balance the diverse talent that are on your teams at around five to six years
of an individual being in their career to ensure that they have a very clear career
growth and advancement mapped out in front of them. And as a direct
manager to those individuals, that they're paying attention. They're paying attention to the data
that's being reported. And if the value of their team is really crucial to them, then they would
really pay attention to that career growth ahead of them as well. Any other advice for organizations in terms of
takeaways here? I just want to see. Simone, go ahead. Totally agree with Lynn. Everyone should
listen to this podcast. So let's get it out there. You know, to sort of add on to that,
you know, organizations, you know, I'm going to throw the gauntlet at organizations to say
those that are investing in talent development, they are sponsoring organizations and events that
are committed to this, you have to then be able to also invest the time and the attention
internally to be able to absorb it and ride that career path. And I think it's really easy for
organizations to say, we're going to put our name on this and we're going to do it, but then they're
not committing to actually executing on the strategic vision to make that
a reality and actually move the needle when it comes to changing the dynamic of women in the
cybersecurity workforce. So, you know, my recommendation to them is, you know, forge the
partnerships, create the relationships, but then do the work internally to understand what is your
cybersecurity talent strategy. It is the largest operating expense
that you have in your budget.
I don't care how much money you have for tech.
Biggest operating expense you have is in people.
So you are already wasting money
and you can spend it more efficiently
for the little bit that you have
if you actually come up with a plan for them.
That's Maria Vermazes,
host of N2K's T-Minus Space Daily,
along with WSIS Executive Director Lynn Dome and N2K's Simone Petrella, Dr. Heather Munthe and Jeff Welgen.
You can find more information about the 2024 Cyber Talent Study in the show notes. Coming up next on our Learning Layer segment,
host Sam Meisenberg and Joe Kerrigan continue their discussion
of Joe's CISSP certification journey
using N2K's comprehensive CISSP training course,
our practice test, and practice labs.
Sam and Joe dive into Domain 6,
which focuses on security assessment and testing.
You can check out a sample question in our show notes. Cyber threats are evolving every second,
and staying ahead is more than just a challenge.
It's a necessity.
That's why we're thrilled to partner with ThreatLocker,
a cybersecurity solution trusted by businesses worldwide.
ThreatLocker is a full suite of solutions designed to give you total control,
stopping unauthorized applications, securing sensitive data,
and ensuring your organization runs smoothly and
securely. Visit ThreatLocker.com today to see how a default deny approach can keep your company safe
and compliant. Welcome back to another Learning Layer segment. We are continuing our conversation with Joe Kerrigan
as he gets ready for his CISSP.
Joe.
Yep.
Welcome back.
Thanks.
Let's talk Domain 6.
Indeed.
And how we're going to do that is like what we did for Domain 5.
Let's do a question together.
Let's do it live.
I'll put you on the spot and give your content knowledge a test.
So why don't you start by reading the question?
Ah, very good.
Like I'm taking the exam and sweating.
Yes, tell us what's going through your head.
So first, I'm going to read the word of the actual question.
It is, you are hiring a vendor to perform a penetration test
that would simulate a breach from an insider threat.
What type of test would be best to perform? And the word best is in
all caps. Okay. And what does it mean that the word best is in all caps? What does that signal
to you? That means that there are probably multiple answers that you could give here that
would be kind of correct. Yeah. But one of them is going to be more correct than the rest of them.
That's right. And also sometimes it means there's not a perfect answer.
Right.
And you might have to choose one that is, you know, technically right.
It's all relative to how right it is compared to the other ones.
Right.
So, in a weird way, I like to say, if you see best in all caps, it's going to be a hard question.
Joe, what's going through your head when you read this situation?
Summarize what's happening, and then what are you looking for?
So immediately, I remember from the lecture and actually from a lifetime of doing this,
you can have three different kinds of tests.
Really, there's two different kinds of tests and then a hybrid, right?
There's a black box test, which is where you know nothing about the environment,
and you're just going to test it.
There's a white box test, where you know everything about the environment and you're just going to test it. There's a white box test
where you know everything about the environment
and you're going to test it.
And then there is what they call a gray box test,
which is where you have something
that you know about the environment.
Maybe you have some knowledge,
but you don't have other parts of it.
The thing that sticks out in my head is
it's an insider threat.
So they don't specify
that it's like an administrative insider threat.
They just say insider threat.
So if you're going to do a pen test and you're going to emulate an external actor, you do a black box test.
If you're going to do a pen test and you're going to emulate an internal administrator or privileged user, you do a white box test.
If you're going to emulate just a standard user, a non-privileged user, that's when you do the gray box test. If you're going to emulate just a standard user, a non-privileged user, that's when you do
the gray box test.
So immediately,
my answer to the question
before I look at the options
is gray box test.
Awesome.
Love that approach.
Joe,
is gray box one of the choices?
It is not.
Oh.
Hate when that happens.
Okay.
That's very frustrating.
There are four choices
and two of them
I immediately eliminate.
Okay.
One being the blue box test.
Okay.
Because I don't know what the blue box test is.
Maybe that's what you put in the recycling bin?
Those are blue around here.
Okay.
And then the other answer I eliminate is the white hat hack,
which is more of a security research kind of thing. It's not really a test.
And it doesn't fall into white box, black box, or gray box. That's right. But the other two
answers are black box and white box. Gray box is not selected, not listed rather. So now I'm down
to these two answers, black box and white box. The question
is which test would be the best to perform? Well, a black box would not do a very good job of
emulating any kind of internal attacker. A white box might be overkill for a non-privileged user,
but it would be a good test for a privileged user. So I'm going to select white box.
Nice. And drumroll, please.
That is, of course, the right answer.
All right.
Nice work, Joe.
Thank you. Thank you. Thank you.
No applause, please.
Good work on domain six.
We'll do it again next week.
We'll talk about Domain 7.
And I'm going to try to bring a question
that's going to stump you, okay?
Oh, okay.
I would like to have that.
That's right.
When you get a question wrong, it's a learning moment.
Yes, absolutely.
All right.
We'll see you in Domain 7.
Thanks to Sam and Joe. And don't forget, we've got details on the course Joe is using to prepare for his CISSP
and a sample question in our show notes. And finally, Kim Zetter writes for Wired about the tantalizing tale of Michael,
a crypto owner who two years ago asked hacker Joe Grand to recover access
to $2 million in Bitcoin stored in an encrypted file. Grand initially turned him down. Michael
had generated his password using RoboForm, an early password manager. He had stored the password
in an encrypted file that got corrupted.
This left Michael unable to access his 43.6 Bitcoin, worth about $5,300 back in 2013.
Joe Grand, also known as Kingpin, is a hardware hacker who had successfully cracked another crypto wallet in 2022. This time, the challenge was software-based, and Michael couldn't remember
the exact date or parameters he'd used to generate his password. After several failed attempts and
much pestering of Michael for details, Grand and his collaborator Bruno discovered a flaw in the
old RoboForm version that was used by Michael. The password generator tied passwords to
the computer's date and time, making them predictable. Using this flaw, they generated
passwords from the relevant time period. Eventually, they hit the jackpot. The correct
password was generated on May 15, 2013. Michael could finally access his Bitcoin, and he gladly gave Joe Grand and
his partner Bruno their share of the proceeds. Michael sold some of it at $62,000 per coin,
ending up with 30 Bitcoin, now worth about $3 million. Michael reflects, stating,
Losing the password turned out to be a financial blessing.
Otherwise, I would have sold the Bitcoin at $40,000 and missed out on a greater fortune.
I found $20 in a jacket pocket once.
It's practically the same thing.
And that's The Cyber Wire.
For links to all of today's stories, check out our daily briefing at thecyberwire.com.
We'd love to know what you think of this podcast.
Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity.
If you like our show, please share a rating and review in your podcast app.
If you like our show, please share a rating and review in your podcast app.
Please also fill out the survey in the show notes or send an email to cyberwire at n2k.com.
We're privileged that N2K Cyber Wire is part of the daily routine of the most influential leaders and operators in the public and private sector,
from the Fortune 500 to many of the world's preeminent intelligence and law enforcement agencies.
N2K makes it easy for companies to optimize your biggest investment, your people.
We make you smarter about your teams while making your teams smarter.
Learn how at n2k.com.
This episode was produced by Liz Stokes.
Our mixer is Trey Hester with original music and sound design by Elliot Peltzman.
Our executive producer is Jennifer Iben.
Our executive editor is Brandon Karf.
Simone Petrella is our president.
Peter Kilby is our publisher.
And I'm Dave Bittner.
Thanks for listening. We'll see you back here tomorrow. Thank you. Secure AI agents connect, prepare, and automate your data workflows, helping you gain insights, receive alerts, and act with ease through guided apps tailored to your role.
Data is hard. Domo is easy.
Learn more at ai.domo.com.
That's ai.domo.com.