CyberWire Daily - CyberWire Daily at 10: A decade of leaks, espionage, and influence operations. [Special Edition]
Episode Date: June 19, 2026In this special edition of CyberWire Daily’s 10th anniversary series, N2K CyberWire's Maria Varmazis and Dave Bittner discuss leaks, espionage and influence operations over the past 10 years. Toge...ther they reflect on a decade of cybersecurity developments, focusing on the pivotal year 2016 where a shift occurred. Join N2K as we cover the rise of nation-state cyber operations, major leaks like the Panama Papers and DNC email hacks, and the evolving landscape of cyber norms, trust, and threat perception. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyberwire Network, powered by N2K.
Maria Vermazza is here. Thank you for joining me today.
2026 is a big year for us here at N2K Networks.
We are celebrating the 10-year anniversary of the Cyberwire Daily.
Yeah, time flies when you're having fun.
In today's N2K Cyberwire special edition,
we're reflecting on a decade covering leaks, espionage, and influence operations.
So much intrigue.
And for this retrospective, I'm chatting with none other than Dave Bittner, host of the CyberWire Daily.
We are jumping back into our discussions about 10 years of the CyberWire Daily.
So who better to walk me through it then?
The host of the CyberWire Daily, the one and only, Dave Bittner.
Hi, Dave.
Hello.
I've been here the whole time.
You haven't left.
We're doing this again?
You've been sitting there in that chair for 10 years.
Pretty much.
Literally.
having well.
No, sometimes they let me out on good behavior, but rarely, rarely.
Well, thank you for shambling over to the microphone.
Yeah, that's right.
Hopefully you don't hear the chains clinking too loudly, like an attic ghost.
Oh, is that what that was?
Okay.
Well, the editors edit most of it out, but everyone in some sneaks through.
Well, for someone who's been trapped in a tiny room for 10 years, you sound very chipper, so appreciate that, Dave.
I appreciate you talking to me today about yet another panorama of what you've noticed over the last 10 years in the stories that have been covered in the Cyberwire Daily.
And our focus for today is something that honestly I hadn't really put two and two together until I started doing some prep for this.
I don't know what happened 10 years ago, but around 2016, some stuff started to happen in the cyber security world that I don't know what 2016 would have to do with it.
It's a mystery.
But there seems...
What is going on in the world in 2016?
Yeah, it's weird, right?
Right, right.
After years of people in Infosec kind of chuckling about the threat of hacktivists being
an overblown sort of 90s-era threats, suddenly sometime in 2016 we started seeing
nation states and other large organizations, shall we say, using cybersecurity as cyber attacks
for influence operations and not just hacking stuff, but then...
hacking with the point of leaking that information
to influence someone or something
and I'll dot dot dot dot
but again I don't know what that year could have had to do with anything
but 2016 we started seeing a whole bunch of it
that's true yeah what do you remember from all that tape
well I mean obviously
2016 was a big election year
and a contentious election year
I guess there's I guess after 2016
there's been no other kind
But I think it's fair to say that objectively that it was a contentious election year.
But what we're getting to here is that we had the DNC email leaks,
the Democratic National Committee pretty much accepted these days
that Russian intelligence operators got into the Democratic Party's networks
and they stole a bunch of emails and then released them during the,
presidential campaign.
And I guess, you know, to say what was the point of departure here, what was different
is that nation states had been doing espionage forever, as long as there have been nation states.
True.
But doing this sort of thing of not just stealing the information so that you know what's going
on, so that you know what the other side is up to.
This was when we started or they started, it was started that the information.
was being leaked as a weapon.
They were weaponizing this information,
in this case a political weapon.
So going from just simple intelligence collection,
and now, as you mentioned,
using it for influence operations.
Yeah, I remember some dialogue in 2016
about how ethical it would be
for news organizations
to report on the information that was leaked.
And there was a lot of ringing of hands
about, do we use this information that these,
what do we want to call them hacktivists?
That's not correct.
But this information that's being leaked
and then it became a bit of a feeding frenzy
if we don't use it, someone else will use it.
And now it just seems a little bit der rigour
that major news outlets are going to,
of course they're going to talk about it.
If it gets leaked, it's going to get used.
But that wasn't always the way it was.
Am I imagining this?
No, no.
I mean, the comparative innocence
seems kind of quaint by today's standards.
You're right.
It's only 10 years ago.
Only 10 years ago.
Oh.
how time fly. And of course, you know, we have to realize we had COVID in the middle of all this,
in the middle of the last decade, which to me really made my relationship with time itself a lot looser.
And I hear lots of people say that. Time doesn't really have the same meaning that it did before COVID.
I'm not sure what that means, but it seems to be commonly experienced enough that there's a lot of general agreement that's a thing.
So, yeah, the black hole of time.
Yeah, truly.
Yeah, it was quaintor time back then.
But, yeah, the DNC email leak, there was a lot of fallout from that one where the stories
were sort of getting percolated through the news, but also I think it was an opening
of a door of going, hey, they can do that.
So one can do this?
Okay.
And then we just saw a bunch of other campaigns sort of doing something similarly.
Do you remember anything that might have come after the DNC?
the DNC leak in subsequent years?
Well, we had the Panama Papers.
That was also right around 2016,
and that was, you know,
journalists got millions of documents
that were talking about offshore financial arrangements.
You know, the old, in the old days,
used to say Swiss bank accounts.
You know, they were in islands
and nations that were sympathetic
to helping folks hide wealth.
and escape taxation and all that sort of thing.
And so the release of those papers had ripples throughout the global economy.
People were investigated.
Some people had to resign their positions.
And there were all kinds of policy debates about that.
And I think one of the things that set that apart or got it so much notice at the time was just the scale of it.
It was huge, millions of documents.
And so journalists had that.
their work cut out for them.
Yeah, they think people are still pouring through them.
Right, the days before chat GPT, right?
Where you could just say, analyze this, you know.
Yeah, yeah, yeah.
It was much more of a manual process.
So now we have journalists, but also activists,
people who are pro-transparency,
looking at this big document dump and saying,
looking at it as an opportunity to advance their cause
or shine a light on things that had previously been going on in the shadows.
Yeah, and I imagine flipping it around a little bit,
organizations that were looking at these massive leaks happening
that were affecting, you know, like the DNC or whatnot,
maybe companies were thinking,
I can't imagine how this would necessarily be relevant.
Of course, I'm being very naive here,
but, you know, the idea of a business being hit with such an attack
where their IP being leaked is obviously a business.
business level disaster, but, you know, internal emails or policy decisions being made, that also
could really affect how a company would work. I'm not sure if that was as heightened a fear pre-2016
as it then became after all this. I'm thinking of solar winds. Right, right. Well, it was a great
point. I mean, so now companies are thinking about the reputational damage of a potential leak. They're
looking at something like this, and they're saying the board of directors are pulling their
SISO into a meeting and saying, could this happen to us, right?
Could all of our information, could the confidential conversations that we have among ourselves
as a board of directors, could they be accessed and leaked?
Because if it can happen in the Panama Papers, if it can happen to the DNC, it could happen
to anybody.
And in some ways, I wonder if that kind of primed the pump for ransomware with the fear
of reputational damage beyond just the actual theft of the information itself.
Yeah, because the fear used to be, you know, if our service goes down or our website gets to face,
then I'm going back a while, that's egg on our face. And then, you know, customers won't trust us
that we're, you know, good at our jobs. And now it's like, again, that almost feels, actually,
it does honestly feel kind of quaint like your service goes down. I mean, not great. But, you know,
how about, yeah, all those board chats get leaked. And that's, then you're in the news cycle for reasons
you really don't want, and that is really a mess, to put it politely.
Right, right.
And then, you know, following that, we have the shadow brokers who were releasing these offensive cyber tools that had been linked to the NSA.
You know, that was the scuttlebutt that these offensive tools originated within our own intelligence community.
and one of them was Eternal Blue,
which later came to be used in things like Wanna Cry.
And then, what, a year after that,
we had WikiLeaks publishing documents
describing CIA cyber capabilities
and operational techniques.
So it's not just others, right?
It's not just the rich and the powerful
who are hiding their money.
these are national security concerns.
When our own tools are being exposed,
our own tradecraft is being exposed
and by these hacktivists
and other people who are interested in public disclosure,
you know, that's a huge concern as well
and also new.
I remember hearing about the Pegasus Project
and that on its own was a commercialization of weaponization.
of that? Yeah. Yeah. I mean, so you had these capabilities, which I think previously had been limited to in-house intelligence agencies, and now with Pegasus, you have these sort of surveillance tools available on the open market, and certainly, I mean, Pegasus claimed that they were being very selective with who they sold these things to, but there's evidence to the
contrary.
Yeah, yeah, yeah.
It's been found being used by many folks that either Pegasus turned a blind eye to or did not
know or it got, who knows, it got passed around, right?
But that was new as well, that now there's commercialization.
There's a market for these tools, both for other intelligence organizations, but, you know,
all the way from industrial espionage to, well, just.
commercial regular spyware became a thing right i want to know if my you know wife is running out
on me or not and so i'm going to put something on her phone or or her on mine you know it's just that
it trickled down to just being something in the public awareness that you could just buy
it strikes me when we're talking about all of these things uh from pegasus to uh just the
influence operations and uh all the different leaks the huge
huge change in norms around all this.
I don't think we can overstate that.
I don't want to hang too bright a lantern on it,
but let's go back to 2016, right?
I think it's fair to say, again, objectively,
that with 2016 came a very different expectation politically
politically when it comes to norms, right?
And as we're in that, we're still in that,
today. So people threw the gloves off. There's things that would not have been imaginable.
You know, what's the old saying back from way back when the quaint thing was a Churchill who said
gentlemen don't read each other's mail? Probably have that wrong. But there was, you know,
someone of historical significance said that. Yeah. Something mischributed to Churchill.
You know, that's often as the case. Sure. It was either Churchill or Mark Twain, right? I don't know.
But again, quaint, and certainly espionage organizations were reading each other's mail from the beginning of time.
But the point is there was a norm that is no longer there.
And through these leaks, through these capabilities, and now even with things like ransomware,
which we talked about in a previous episode of our conversations here,
It's the reputational damage that's huge.
A lot of these actors, they're not even worried about locking the stuff up anymore.
They just want to do a smash and grab and threaten to leak it.
And that's enough.
Yeah.
And even as you're describing it, and I'm thinking back to the public perception,
or at least how I perceived the public perception of these kinds of things,
going back 10 years ago with the DNC leaks and even the Panama Papers,
there was a lot less cynicism, not saying none,
and certainly within the infoset community,
there was a healthy amount of cynicism, I would say.
Right.
But in the public...
It's an industry more cynical than most.
I was going to say, I'd be disappointed if they weren't.
Yes.
Yeah, but I mean, in the general public,
I would say 10 years ago, it was almost a, oh, this has been leaked.
You know, this is for the public good.
There's a reason this is being sent out so we all should know about it
because something needs to change.
And now when these smash and grab,
great way of putting it, Dave. Smash and grab leaks are happening. Oh, people are so much more cynical
broadly. And again, it's not just Infosec people. I think everyone's like, yeah, yeah, yeah, what's the play here?
In 10 years, that's been how I guess everyone has sort of wised up to this a little bit.
Yeah. I think we're also much more primed to be more cynical when it comes to the information that's
coming at us, particularly online, that we're not as trusting as we used to be by necessity.
and now we've got, wait for it, AI.
I knew you were going to say it.
I knew you were going to say it.
Everybody drink.
Right, everybody drink.
Right, it's the free square on our bingo card.
Yeah, so pouring the lighter fluid on the burning gas grill.
Bad idea, but here we are.
Yeah, I mean, do I even need to steal the stuff anymore to upset,
your reputation.
Now we can just create a deep fake.
Yeah, just make it up.
No one's going to care.
Just make it up.
Yeah, isn't that wild?
When people can no longer trust their eyes or their ears or, you know,
because it all can be fabricated convincingly, to me, that's another shift.
And that's another thing we're going to have to deal with.
How do you establish a chain of custody of information or video or folks?
photos or audio file, interviews, any of that stuff.
I was just thinking of George Orwell, as you said, that you were probably referencing him as well.
The party told you to reject the evidence of your eyes and ears.
It was their final most essential command.
That's where we're at right now with the, yeah.
Right.
When anything can be dismissed as fake news, you know, Senator, you know, who was that young lady we saw you with?
And they can just respond and say, fake news, we're done here.
Right?
Sticks and stones or something like that.
Right.
But again, you know, it all swings back around to norms.
What is expected?
What do we expect from the people we elect or the people we do business with
or even the people we choose to have as our friends?
There's so much more skepticism and cynicism.
It's just a really challenging time.
I don't know about you, but I find it to be quite often exhausting.
to try to wade through all of this stuff, right?
Yeah, absolutely.
And in that way, many industries,
but cybersecurity certainly is a mirror
to what's going on more broadly.
And as we're talking about norms,
I think when I was a baby cybersecurity person
back in the day,
a lot of the things we just talked about
over the last 10 years would have,
I think would have been considered red lines of some kind.
And we just kind of just kept stepping over them
and looking back and going,
did we just do that?
I guess so.
okay, and then we're just doing it again.
And that's wild.
I thought that that was a super no-no, and here we are,
and that's the world we're in now.
But I think that's a really powerful point as well,
because something that I've observed
over the past 10 years
is nation states' reticence to draw red lines
when it comes to cyber.
And I believe, and it's been supported
by folks I've spoken to who know much more about this than I do,
that they don't want to take away their own offensive capabilities
by drawing bright red lines.
Yeah, nobody wants to be the first person to pull a punch.
I mean, right, right, yeah.
Yeah, they don't want to say this is off the table
if behind the scenes we're using those tools for our own purposes.
But the side line or the side effect of that is
ransomware operators target hospitals.
when I think who in the world would disagree that they should be off limits, right?
Yep.
Yeah.
So what a world.
I think all of our 10-year anniversary conversations have ended up with us going, man, are we in a better place now than we were 10 years ago?
Right, right.
But do you think about, I mean, how much of cyber conflict, what we put under the air quotes of cyber conflict,
I'd say 10 years ago was much more technical in nature.
And now I think it's much more societal.
I think it's much more political.
As nations around the world have seen how much cyber is a force multiplier
because you don't need aircraft carriers to do cyber, right?
Yeah.
You don't need to make that investment.
I mean, you can, but you don't have to.
There's no doubt, do aircraft carriers give the United States of American advantage?
Sure.
Of course.
But it's not, but the Gulf is not as wide as it used to be when a small nation state can threaten turning off our lights or fowling our water or backing up our sewers because they can get into our critical infrastructure.
I think, I believe that changes the equation.
and I think that's a lot of what we're seeing these days
are the ramifications of those truths.
Yes, and honestly, I think with that evolution,
it's also just kind of making this a little silly, I suppose.
I don't think anyone thinks cybersecurity is an IT problem anymore.
Whereas, I mean, surely there are organizations that may think that, and I understand,
but let's get real.
Any place that's really worth their salt is not thinking that anymore.
It's just the risks are too great, and we've seen it play out.
Yeah. So nobody's going, oh, Rob the IT guy, that's his issue. No.
Right, right. And even, I mean, even on a personal level, 10 years ago, we weren't seeing gift card scams the way we are today.
We weren't seeing grandparents losing their life savings the way we are these days.
So, again, I think that points to the general awareness of these things by necessity because as cyber has become so much
part of our daily lives through things like social media so too has cyber crime cyber espionage
cyber influence naturally become part of our lives as well and that's the new world we live in
and that genie's not going back in the bottle well on that upbeat note dave right let's go
curl up in a little ball in an empty bathtub right and sort of sway back and forth
I mean, we always live in interesting times.
Yes, yes indeed.
Oh, my God.
All right.
Well, Dave, as always, a really illuminating chat.
I promise I won't be rocking in the corner, hyperventilating into a paper bag for too long.
No promises from me.
Yeah, it might happen, but I'll do that off, Mike.
I'll do you a favor.
Right, right.
Would love to know if you have any parting thoughts for the audience before we close out.
No, I mean, I'm really enjoying these looks back.
that you and I are doing here, and I hope the audience is as well. I think what it's done has
made me kind of take stock and really see how far we've come and how much things have changed.
I think when you're in the middle of it every day, there's a little, I don't know,
boil the frog going on where you don't notice it in small increments. But when you really
look back over the course of a decade, you can see how much things have changed.
It makes me wonder where we're headed. I try to stay.
optimistic amidst all of this. I think most people in the world are generally good and operate in good
faith, but these things happen disproportionately, I think. And what was the old joke from
decades ago that to air is human but to really screw up requires the use of a computer?
Well, be careful what you ask for. Here we are. Here we are. Well,
Bittner, host of the CyberWire Daily. As always, thank you so much for joining me today.
My pleasure. I look forward to our next chat. You got it. Thank you for joining me today.
See you back here next time.