CyberWire Daily - The end of warrantless searches?
Episode Date: January 24, 2025A federal court finds the FBI’s warrantless section 702 searches unconstitutional. The DOJ charges five in a fake IT worker scheme. The Texas Attorney General expands his investigation into automake...rs’ data sharing. CISA highlights vulnerabilities in the aircraft collision avoidance system. Estonia will host Europe's new space cybersecurity testing ground. Hackers use hardware breakpoints to evade EDR detection. Subaru’s Starlink connected vehicle service exposed sensitive customer and vehicle data. Asian nations claim progress against criminal cyber-scam camps. Our guest today is Dr. Chris Pierson, Founder and CEO of BlackCloak, with his outlook on 2025. Sticking AI crawlers in the tar pit. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest today is Dr. Chris Pierson, Founder and CEO of BlackCloak, joining us to share trends he sees coming our way in 2025. Selected Reading Court rules FBI’s warrantless searches violated Fourth Amendment (Ars Technica) US Charges Five People Over North Korean IT Worker Scheme (SecurityWeek) Texas probes four more car companies over how they collect and sell consumer data (The Record) CISA Warns of Flaws in Aircraft Collision Avoidance Systems (BankInfo Security) ESA - Estonia to host Europe's new space cybersecurity testing ground (European Space Agency) Bypassing EDR Detection by Exploiting Hardware Breakpoints at CPU Level (Cyber Security News) Subaru Starlink Vulnerability Exposed Cars to Remote Hacking (SecurityWeek) China and friends say they're hurting cyber-slave scam camps (The Register) Developer Creates Infinite Maze That Traps AI Training Bots (404 Media)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the CyberWire Network powered by N2K.
Hey everybody, Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try
DeleteMe. I have to say, DeleteMe is a game changer. Within days of signing up, they started
removing my personal information from hundreds of data brokers. I finally have peace of mind,
knowing my data privacy is protected. DeleteMe's team does all the work for you, with detailed
reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for DeleteMe.
Now at a special discount for our listeners, today get 20% off your DeleteMe plan when you go to JoinDeleteMe.com delete me dot com slash n two k and use promo code and two k at checkout the only way to
get twenty percent off is to go to join delete me dot com slash n two k and enter code and
two k at checkout that's join delete me dot com slash n two k code and two k. A federal court finds the FBI's warrantless Section 702 searches unconstitutional.
The DOJ charges five in a fake IT worker scheme.
The Texas Attorney General expands his investigation into automakers'
data sharing. SISA highlights vulnerabilities in the aircraft collision avoidance system.
Estonia will host Europe's new space cybersecurity testing ground. Hackers use hardware breakpoints
to evade EDR detection. Subaru's Starlink Connected Vehicle Service exposed sensitive
customer and vehicle data.
Asian nations claim progress against criminal cyber scam camps.
Our guest today is Dr. Chris Pearson, founder and CEO of Black Cloak, with his outlook on
2025.
And sticking AI crawlers in the tarp. It's Friday, January 24, 2025.
I'm Dave Bittner and this is your CyberWire Intel Briefing. A federal court has ruled the FBI's warrantless searches of communications under Section 702
of the Foreign Intelligence Surveillance Act
unconstitutional, citing violations of the Fourth Amendment.
Judge Lashon De'Arcy Hall stated that Americans' communications, even if incidentally collected
during foreign surveillance, require a warrant to be searched unless there are urgent national
security concerns. She criticized the FBI's practice of querying such data without judicial oversight, noting
that in some cases the agency searched for months without seeking a warrant.
The ruling stops short of banning all warrantless searches but emphasizes the need for tighter
controls.
Digital rights groups like the EFF and ACLU have hailed the decision, urging Congress
to reform Section 702 before it expires in April 2026.
They advocate for a mandatory warrant requirement and increased transparency to prevent abuses.
The ACLU called Section 702 one of the most abused provisions of FISA, citing
widespread privacy violations.
The U.S. Department of Justice charged five individuals for participating in a scheme
involving North Korean IT workers funneling funds to the Pyongyang regime. North Korean nationals Jin Seung-il and Pak Jin-sung, along with facilitators Eric Takiran's
prince Emmanuel Ashter, both U.S. citizens, and Mexican national Pedro Ernesto Alonso
de los Reyes, allegedly generated over $866,000 by obtaining work from 64 U.S. companies between 2018 and 2024.
Using forged documents and remote access setups, they concealed the North Korean's identities,
bypassing sanctions and deceiving employers.
Funds were laundered through various accounts, including a Chinese bank.
Ashter, Takiris, and Alonso have been arrested with an FBI search revealing a laptop farm
aiding the scheme.
The indictment highlights North Korea's widespread use of IT workers abroad to generate revenue
through fake identities, prompting renewed scrutiny and recent sanctions by the U.S.
government. The Texas Attorney General is investigating Ford, Hyundai, Toyota, and Fiat Chrysler
over their collection and sale of consumer data, expanding scrutiny on automakers' data practices.
This follows a lawsuit against General Motors in August for allegedly misleading consumers
about data collection and sharing it with third parties.
Texas AG Ken Paxton's office has demanded detailed records from the automakers, including
how they collect, share, and sell data, the number of customers affected, and consent
procedures.
Toyota's inquiry also targets its data-sharing practices with connected analytics services linked to its insurance programs.
Paxton's broader efforts include a January lawsuit against all state for collecting and selling location data from millions of Americans, implicating several automakers. the entire auto industry is under scrutiny for practices related to geolocation and driving
data signaling ongoing investigations into potential violations.
CISA disclosed two vulnerabilities in the Traffic Alert and Collision Avoidance System
2 used to prevent aircraft collisions.
The first flaw allows attackers to spoof aircraft locations using software-defined radios, while
the second enables manipulation of system configurations, potentially disabling collision
resolution advisories.
While exploitation is deemed unlikely outside labs, CISA recommends upgrading to mitigate
risks. Estonia is set to host Europe's new Space Cybersecurity Testing Ground.
For details, we turn to Maria Vermazes, host of N2K's T-Minus Daily Space Podcast.
The European Space Agency and the Estonian Space Office have set out to develop Europe's newest
Space Cyber Range.
The range will aim to make space technology more secure and accessible for companies across
Europe.
The program will be provided by a consortium led by SpaceIT to begin development.
The ESA Space Cyber Range will offer a safe and cost-effective way for companies to test,
validate and develop secure satellite
technologies and solutions, and perform cyber exercises and training.
The Space Cyber Range will be a virtual environment that can be supported with a physical site
to promote collaboration and provide necessary data centers, servers, and equipment.
Isis says you can picture it as a sophisticated simulator where companies can create virtual
copies of their satellites and systems to check for security weaknesses
and practice responding to cyber attacks, all before launching real hardware into
orbit of course. So why Estonia? Well it is already home to NATO's Cyber Defense
Center and the new space cyber range will be established at Foundation CR14
which is Estonia's national cyber range facility.
Be sure to check out T-Minus wherever you get your favorite podcasts.
Modern endpoint detection and response solutions depend on
event tracing for Windows to log system activities like
memory allocation, thread
manipulation, and hardware breakpoints.
These logs help detect malicious activities in real time.
However, according to research from Praetorian, attackers are increasingly exploiting ETW's
reliance on event triggers to evade detection.
A common evasion method involves hardware breakpoints, which
use CPU debug registers to monitor memory addresses for instructions. Unlike software
breakpoints, hardware breakpoints operate at the CPU level and are harder to detect.
Attackers exploit functions like NT-Continue to modify debug registers without generating ETW logs.
This technique avoids detection by EDR systems, enabling covert manipulations like altering
MC-ScanBuffer or NT-TraceEvent functions.
To counter this, security teams can monitor debug registers, enhance API tracking, and
leverage machine learning for behavioral anomaly detection.
These advanced defenses address critical gaps in current EDR architectures.
Security researcher Sam Curry discovered a vulnerability in Subaru's Starlink Connected
Vehicle Service that exposed sensitive customer and vehicle data across the U.S., Canada, and
Japan. Along with researcher Subham Shah, Curry found that Subaru's admin portal, meant
only for employees, allowed attackers to reset passwords for employee accounts without needing
confirmation tokens. By bypassing two-factor authentication, they gained admin access. This access exposed vehicle and customer data, including location history, VIN numbers, names,
zip codes, and billing information.
Alarmingly, the admin panel allowed attackers to add themselves as authorized users of vehicles,
enabling them to remotely start, stop, lock, unlock, and effectively take control of vehicles without notifying the owners.
Curry reported the flaw to Subaru on November 20th, and the issue was fixed within 24 hours.
The Langkang Mekong law enforcement operation, formed by Cambodia, Laos, Myanmar, Thailand, Vietnam, and China, say they've made progress
in combating criminal cyber-scam camps in the region.
These camps lure workers with fake job offers, then trap them in debt, confiscate passports,
and force them into scams under threats of violence.
Victims often work under brutal conditions, with some dying during escape
attempts. The camps, often located in poorly policed border areas, target global victims
through tech support scams or fraudulent investment schemes. China, with 100,000 of its citizens
reportedly enslaved, has been a driving force behind the organization's efforts. In 2024, the law enforcement operation reported 70,000 arrests,
freeing 160 people and disrupting weapons smuggling linked to the camps.
While the group pledges deeper cooperation and intelligence sharing,
critics note these promises have been made before, yet many camps remain operational.
Coming up after the break, my conversation with Dr. Chris Pearson, founder and CEO of Black Cloak, with his outlook for 2025
and sticking AI crawlers in the tar pit.
Stay with us.
Cyber threats are evolving every second and staying ahead is more than just a challenge,
it's a necessity. That's why we're thrilled to partner with ThreatLocker, Cyber threats are evolving every second, and staying ahead is more than just a challenge,
it's a necessity.
That's why we're thrilled to partner with ThreatLocker, a cybersecurity solution trusted
by businesses worldwide.
ThreatLocker is a full suite of solutions designed to give you total control, stopping
unauthorized applications, securing sensitive data, and ensuring your organization runs
smoothly and securely.
Visit threatlocker.com today to see how a default deny approach can keep your company safe and compliant.
Do you know the status of your compliance controls right now?
Like right now?
We know that real-time visibility is critical for security, but when it comes to our GRC
programs, we rely on point-in-time checks.
But get this, more than 8,000 companies like Atlassian and Quora have continuous visibility
into their controls with
Vanta. Here's the gist. Vanta brings automation to evidence collection across
30 frameworks like SOC 2 and ISO 27001. They also centralize key workflows like
policies, access reviews, and reporting, and helps you get security questionnaires done five times faster
with AI. Now that's a new way to GRC. Get $1,000 off Vanta when you go to It is always my pleasure to welcome to the show Dr. Christopher Pearson.
He is the CEO and founder of Black Cloak.
Chris, welcome back.
Hey, it's great to be here, Dave.
I know, you know, a lot of us have responded
and seen the terrible news of the killing
of the UnitedHealthcare CEO.
And I wanted to check in with you on that
because obviously you and your colleagues at Black Cloak
are in the middle of protecting executives.
I wanted to get your insights.
Like after that event happened,
what were the phone calls you were getting?
What was the, was there a mandate coming to you
from CEOs and boards saying,
find us better protection for ourselves?
Yeah, so I mean, you know,
unfortunately massively tragic events, but I mean,
what this has really shown is, is that, you know,
the risks have changed.
What people wanted to talk about,
both chief information security officers
and chief security officers after that point in time,
what they really wanted to focus on is,
how can we go ahead and mitigate some of the risks
to our executives, board members, and their families?
How can we mitigate the digital breadcrumbs
that are out there that lead folks to where they might be
in terms of their location, in terms of their presence,
in terms of their residences,
even in terms of their personal,
private email addresses and phone numbers?
And what types of steps can we security
professionals on the inside of the company do to kind of reduce this
inherent risk to an acceptable level of risk and it went beyond you know your
traditional physical security review of the home alarms professional drivers
into an area which is hey what types of threat intelligence is out there? How can we go ahead and assess the privacy better? How
can we go ahead and help reduce that attack surface? So it really has become
something that huge amount of incoming from boards of directors, from executives,
and from both CISOs and CSOs. And you know, we're obviously happy to
field the call, but you know, I'm obviously happy to field the call,
but, you know, it does seem like a lot of those risks
and the risk appetite in this area has dramatically changed.
Have things settled down from the initial,
is it fair to say, emotional response to this?
Not so much, not so much at all.
I think that this is one of those things that, you know, our
our kind of take on things has always been that the home is the next battleground. The home is the
new battleground. And so what this has done is just like COVID opened up people's eyes, the fact
that the home network is an actual attack vector for cyber criminals and nation states into corporate
devices that are being used at home and then into the network
this has also opened up people's eyes to the fact that
The personal lives of the executives and their family members is something that needs to be safeguarded
You're not safeguarding Jennifer the CEO or BobFO, or Larry, who's the CTO, you're not safeguarding them
per se.
You're safeguarding the role and the position that they have, and that's what the boards
care about.
That's what the executives and the protection teams care about.
I think eventually what's going to happen is that's what the SEC is going to care about.
Are you taking care of those things?
And so I think this is going to usher in a new era of executive protection for those persons.
So perhaps these things become table stakes? Absolutely. I think that this is
just going to become, number one, it's going to become a corporate mandate. First of
all, boards of directors, corporations, the enterprise risk management
committees, these are all going to be asking questions about what are we doing,
what are we doing to protect our executives, what are we doing to protect those people
that are kind of on the About Us, the leadership page of our website.
But also, I have a feeling that what we're going to do is, just like public reporting documents,
how are you compensating folks, what are you doing that are the key level officers of the company?
It's going to be a, how are you protecting not just the company from a cybersecurity or personal protection perspective,
but how are you actually going ahead and mitigating those risks and protecting them that fall 24-7?
How do you counsel people on when they've crossed that threshold?
I'm thinking specifically of physical security here.
At what point do I need someone to come with me
to my kids' baseball game?
I mean, a lot of it can be gleaned
from an executive threat assessment.
So literally a risk profile on that individual
and their family, it also can and should include the kids.
And that's really a conversation that needs to be had
between the security folks, the security professionals
that are on the inside of the company and that executive.
But there's some things that are just gonna be
table stakes and mandated as a result of you being the CEO,
CFO, we will have a driver for you.
You will have an armed driver in other countries. We will have kidnap and you. You will have an armed driver in other countries.
We will have kidnapping, ransom.
You will have the Mayo Clinic executive physicals, right?
Once a year type of thing.
And that's really where digital executive protection is headed.
You will have personal protection, cyber protection for you and your family as a result of your
role.
And that really is something that I think is gonna be baked in more and more.
But that executive threat assessment is a great first step
and it's a great first step at awareness.
And also the key to this is you want a willing participant.
You want the executive to understand
and to participate in their protection
because you're gonna have greater success.
This is a sunk cost for most companies.
You don't make money off of your executive protection.
What's the budgeting component here?
How do you dial it in to make it make sense?
Well, I mean, in some cases, I think, you know, I was reporting in prior years, it's
like Facebook spends $17 million a year on Mark Zuckerberg's personal privacy detail
for him
and his family and all the rest because they're just big, big targets.
The fact of the matter is that the costs of digital executive protection for those persons
is going to be dwarfed by the legal costs, remediation costs, incident response costs,
investor relation costs, filing costs for SEC stuff.
So it's the harm there and the amount of money being spent there on the latter end, it just
absolutely, absolutely towers over the costs of getting in protection to mitigate, right?
Not that it's going to be 100%, but to mitigate those risks on the front end.
Are there common blind spots that folks have?
When you meet with people to talk about this
sort of thing?
What are the things that come up where they'll say, you know, I never thought of that?
Yeah, that's a great, great question.
The first thing I would say is the extent to which their home network and home devices
play.
In a lot of cases, the things that actually gave them better security.
So hey, we have cameras all around the things that actually gave them better security, so hey, we have
cameras all around the house that are professionally installed or you have a professionally installed
managed firewall system.
A lot of those things that were for good security purposes have actually introduced more holes
and vulnerabilities into their systems.
So that's always an interesting takeaway.
The second is going to be the role that the other persons in the home, especially the kids, play in this. We actually just had one CEO have
their teenage son poke a hole in through their corporate
firewall that was at home and literally open up a port so they can have and host
the gaming server at the home, which of course, I know, we both are chuckling, Dave.
No, well, I mean, to make this about me,
when my wife and I were bringing up our two boys,
we agreed that we may be able to outsmart our kids,
but there's no way we're gonna outsmart our kids
and all of our kids' friends, right?
Well, that's right, but I mean, it's one of those stories
where the home security was great, spared? Well, that's right. But I mean, it's one of those stories where the home security was great,
but you know, spared no expense.
And then, right, you have the, well, the kids are at least home.
They're gaming.
So this is a positive attribute.
They're not down by the river doing something else.
And all of a sudden you have a hole in the firewall that the corporate laptop
comes into each night.
And then third, the exposure of the personal accounts.
So the personal Gmail, Yahoo, whatever it is
that they're using, they do a great job at work.
Yep, I've got dual factor authentication.
I've got the UBKey, I've got the authenticator.
But then they say,
I got nothing interesting on my Gmail.
Well, you got all your personal financial communications,
banking communications, legal communications,
where you're actually traveling, because a lot of those airline reservations come back to centralized
email, it exposes a lot of information.
So it's always interesting when the team is meeting with people after the fact of being
onboarded in terms of what we're able to find the exposures and then obviously needs a solution
for.
I suppose there's a certain amount of letting go that they have to do when it comes to trade
offs with privacy, right?
Like, if you've got a team of people keeping an eye on your stuff, that's a trusted relationship.
It starts all with a trusted relationship, all always.
The nice thing is, you know, speaking for us
and our platform is that since it's built from the ground up,
it's built with privacy in mind.
And Hinden Davis, you know, I mean, you know,
former chief privacy officer,
you gotta instill that in the company and the people,
the value, the product, all the rest,
and build it with privacy, you know, in there by design.
I think overall, what we've seen on the corporate side is
corporate executives, board members,
have had trusted relationships
with their professional drivers, the private jets,
with the folks that are in charge of kidnapping,
ransom or medical and all the rest, and even financial.
I mean, sometimes corporations have financial and tax experts that are hired by the company
to help and assist those executives so they don't have to worry as much about that personal
side of things.
And so what we've seen is those relationships grow over time.
I think it's a trend that's going to continue, especially as those are value enhancing for
the executive, but also provide real value
and real mitigation into the company.
Dr. Christopher Pearson is CEO and founder of Black Cloak.
Chris, thanks so much for joining us.
Hey, thank you.
Thank you.
Thank you.
Thank you.
Thank you.
Thank you.
Thank you.
Thank you.
Thank you.
Thank you.
Thank you.
Thank you.
Thank you.
Thank you. Thank you. Thank you. Thank you. Thank you. And now, a message from our sponsor Zscaler, the leader in cloud security.
Enterprises have spent billions of dollars on firewalls and VPNs, yet breaches continue
to rise by an 18% year-over-year increase in ransomware attacks and a $75 million record payout in
2024, these traditional security tools expand your attack surface with public-facing IPs
that are exploited by bad actors more easily than ever with AI tools.
It's time to rethink your security.
Zscaler Zero Trust Plus AI stops attackers by hiding your attack surface, making apps
and IPs invisible, eliminating lateral movement, connecting users only to specific apps, not
the entire network, continuously verifying every request based on identity and context,
simplifying security management with AI-powered automation, and Detecting threats using AI to analyze
over 500 billion daily transactions.
Hackers can't attack what they can't see.
Protect your organization with Zscaler, Zero Trust, and AI.
Learn more at zscaler.com slash security. Hit pause on whatever you're listening to and hit play on your next adventure.
Stay two nights and get a $50 Best Western gift card.
Life's the trip.
Make the most of it at Best Western.
Visit bestwestern.com for mischief and a knack for naming has unleashed Nepenthes,
an open-source tar pit designed to trap AI-training web crawlers in an infinite loop of randomly-generated,
self-referential webpages.
Named after carnivorous pitcher plants, Nepenthes doesn't just catch flies.
It strands crawlers in an endless maze, wasting their time and computing power like a bad
episode of Westworld.
Imagine a minotaur in a labyrinth that keeps rebuilding itself, creator Aaron B. explained.
Web crawlers, which naively follow links, get stuck in Nepenthes
loop, downloading link after link that leads back to more links.
It's hilariously Sisyphean.
Aaron describes Nepenthes as part defensive mechanism, part performance art, fueled by
frustration over AI companies scraping the Internet for profit.
Deployed defensively or offensively, it's already been hit millions of times.
Who knew the secret to fighting AI overlords was less Terminator, more carnivorous plant? And that's the CyberWire.
For links to all of today's stories, check out our daily briefing at the cyberwire.com.
Be sure to check out this weekend's Research Saturday and my conversation
with Ismael Valenzuela and Jacob Fares, both from BlackBerry. We're discussing their work
Lightspy, APT 41 deploys advanced deep data framework in targeted Southern Asia espionage
campaign. That's Research Saturday, check it out. We'd love to know what you think
of this podcast.
Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly
changing world of cybersecurity.
If you like our show, please share a rating and review in your favorite podcast app.
Please also fill out the survey in the show notes or send an email to cyberwire at n2k.com.
This episode was produced by Liz Stokes.
Our mixer is Trey Hester with original music
and sound design by Elliot Peltsman.
Our executive producer is Jennifer Iben.
Our executive editor is Brandon Karp.
Simone Vitrella is our president.
Peter Kielpe is our publisher.
And I'm Dave Bittner.
Thanks for listening.
We'll see you back here next week.