Episode Transcript
Transcripts are displayed as originally observed. Some content, including advertisements may have changed.
Use Ctrl + F to search
0:02
You're listening to the Cyberwire Network
0:04
powered by N2K. This
0:16
week on Only Malware in the
0:19
Build. Make it sound
0:21
like you're narrating a Ken Burns documentary. It's
0:23
not that serious, my friend. I don't know.
0:26
It's a spork stealer with an X. Perhaps
0:28
encouraging threat actors to sleep with pajamas
0:30
on in the future. Really
0:32
take stock and think whether or not
0:35
this is worth the effort. I
0:37
like to think the request was submitted an emoji.
0:40
That was an Apple 2C for that matter, for
0:42
those of you who want to know that. Okay.
0:44
Yes, that is a distinction without a difference. Dave,
0:46
what are your dips today? I
0:51
am not sharing my dips with my
0:53
podcast co-host Rick. He's already
0:55
taken my airtime. He's not taking my dips
0:57
too. In a
1:00
world where the cyber good guys have finally
1:02
had enough. This
1:09
summer, only
1:12
malware in the building.
1:15
This is going to be money well spent. Trust me. You
1:30
guys might remember last time when we talked
1:33
about the curious case of the missing ICE
1:35
ID. Well, we got a
1:37
little bit of an answer with Operation Endgame.
1:40
This was a major law enforcement
1:42
activity called Operation Endgame. It was
1:44
a widespread effort to disrupt malware
1:46
and botnet infrastructure and
1:48
identify the alleged individuals associated with
1:51
the activity. Europol called
1:53
it the largest operation ever against
1:55
botnets. And ICE ID was
1:57
one of the malware, including S like
2:00
a bot, Smoke Loader, Bumble Beat, and Trickbot
2:02
that were also announced as part of this
2:04
takedown. Can I just say, I think
2:06
we mentioned this in the last show, okay? I
2:08
love that we have all those stupid names, right?
2:10
If it wasn't for that, I don't think I
2:12
would be a cybersecurity person. Huh. Speak
2:15
for yourself. I'm the one who has to say
2:17
all those stupid names and has to, you know,
2:20
oh, it's, it's, I
2:22
don't know, it's Sporkstealer with
2:24
an X, like, huh. Great.
2:27
No, don't give them any ideas, Dave, but I
2:30
don't want to write that one down. I've already written it down.
2:33
Sporkstealer with an X, that's my
2:35
new favorite adversary campaign. Right. Yeah.
2:38
Somebody needs to make a t-shirt that says that. It's
2:41
Sporkstealer with an X. I
2:46
have to apologize to both of you. I'm a
2:48
little, I'm a little behind the game
2:50
here. The producers told
2:53
me that this was going to be on
2:55
camera, so I'm actually wearing two layers of
2:57
Spanx. Spanx
3:01
Loader, that's where you're getting that from. Spanx
3:03
Loader. I can barely breathe here,
3:06
so. All right.
3:08
Well, Selena, take us through this. I
3:10
mean, did we see this coming? Was
3:13
there any scuttlebutt that something like this was
3:15
underway? So
3:23
I think it was kept
3:25
pretty closely under wraps. Obviously, this
3:27
was a large private-public
3:30
partnership success, so there were,
3:32
of course, some private
3:34
organizations involved, as well as a lot
3:36
of various global law enforcement. And so
3:38
it was really cool to see this
3:41
coordinated effort. And you know,
3:43
you mentioned all these silly malware
3:45
names. Well, I have to say,
3:48
part of Operation Endgame was releasing
3:50
Hollywood-style videos on all of
3:53
the malware and the suspected usernames
3:55
of folks behind it. It's almost
3:57
as if Ryan Reynolds directed it.
4:00
a malware disruption. It's fantastic.
4:03
They're really leaning in to the
4:05
trolling of threat actors. The whole
4:08
image of Ryan Reynolds trolling
4:10
a bunch of malware producing
4:13
criminals. Okay, that is right
4:15
up my alley. Oh, it's
4:17
fantastic. They have these great videos. Some are in 8-bit. Others are
4:19
cartoons. It's
4:22
just very, very fun. I want to
4:24
know how the people who got those made went
4:26
to their bosses and got the budgets approved. Like
4:30
in the federal government, you know, like, no, seriously,
4:32
this is going to be money well spent. No,
4:34
no, hear me out. I
4:38
like to think the request was submitted an emoji.
4:42
Oh, I like that. I like that.
4:45
Yes, yeah. I mean,
4:47
it's interesting to think about how law enforcement
4:49
was able to get
4:51
the drop on these folks, you know, to
4:54
listen in on their things. Selena,
4:56
did you know that Rick is actually an
4:58
old signals intelligence officer? Damn straight I am.
5:02
I didn't know that. And by old,
5:04
I mean his first job was tapping out
5:06
Morse code for the Transcontinental Railroad. And
5:10
I am still waiting for an answer back on that
5:12
first message, did I? Well,
5:17
I do think that this was a awesome
5:19
and fantastic effort by a lot of the
5:22
folks that were involved in law enforcement. I
5:25
know that we've seen takedowns before, right, where
5:27
it's like, oh, we're taking down Emotet, we're
5:29
taking down Cubot, but they
5:31
don't have necessarily multiple
5:33
legs in this chair, right? So with
5:35
Operation Endgame, you had people that were
5:37
also arrested as part of it and
5:39
identified as part of these disruptions. So
5:41
when you have, you know, the infrastructure
5:43
taken down, as well as the people
5:45
behind it potentially impacted, you
5:47
have a little bit more sort of reach and success.
5:50
And what is absolutely fantastic is this
5:52
Operation Endgame really cuts off ransomware operators
5:54
at the knees, right? law
10:00
enforcement. You know, it wasn't too long ago
10:02
that law enforcement, I mean official law enforcement
10:04
like the FBI, only thought they
10:07
could get after these folks by, you know, arresting
10:09
them and putting them on trial. But it seems
10:12
like in the last couple of
10:14
years they've decided that it's
10:16
okay to unleash the hounds, as they
10:18
say, right? And do all
10:20
kinds of vectors of disrupting this kind of
10:22
activity. Trolling is one of them, but offensive
10:25
operations and other kinds of things,
10:27
right? And it seems to
10:30
be a lot of that going on in the last year or
10:32
so. I do think it's
10:34
exciting to see more activity like
10:36
that. I also, you mentioned unleash the
10:38
hounds. I like to think it's unleashing the Millennials and
10:40
Gen Z. That's
10:43
a scary thought. Oh
10:45
no, well, so much for us, Rick. No,
10:48
they're coming for us next, Dave, is what they're doing.
10:52
You know, you know, Malware and
10:54
Rick both have one thing in common. They love
10:56
to come back just when you think you've gotten
10:58
rid of them for good. I
11:01
made the mistake of driving Rick to the
11:03
Apple Store last week. Oh no. And
11:06
we were asked to leave after he kept
11:08
badgering the poor woman at the genius bar
11:10
to sell him headphones for his Walkman. I
11:14
don't know why they don't have those. Why don't
11:16
they have those? No,
11:19
sir, we do not have floppy disks for your Apple
11:21
II Plus. Okay,
11:25
grandpa, that's down at Radio Shack. That
11:27
was an Apple IIc for that matter, for those of you
11:30
who want to know that. Yes,
11:32
that is the distinction without a difference. So,
11:37
Selena, where do you think we're headed here then? I
11:39
mean, we're seeing all of this swagger
11:42
from law enforcement. Does it feel like
11:44
it's making a dent? Are there any,
11:47
we used to talk about Whack-A-Mole, you know, and
11:49
how these organizations would just pop up. Are
11:53
there lasting after effects here? Definitely.
11:55
So I like using
11:58
swagger to describe this. focus
16:00
on, okay, can we track this? Because
16:02
it's all on the blockchain, right? So
16:04
you're able, even if it's synonymized, you're
16:07
able to see the different wallets, who's
16:09
receiving what, what's going where. And
16:12
what's kind of cool is Chainalysis
16:14
did a fantastic write-up on the
16:16
ransomware ecosystem, looking at the cryptocurrency
16:18
perspective. You can see relationships and
16:20
you can see where the
16:22
money is going and to, if
16:25
you have a wallet that you know
16:27
is identified as X
16:30
Thread actor, sending money to this Thread actor,
16:32
you can kind of see those relationships. So
16:34
in a way, it's given us a little
16:36
bit more intelligence, but at the same time,
16:38
it's made it easier to make money. So,
17:03
you mentioned the Wired story. One of
17:05
their journalists, Andy Greenberg, published a book
17:07
last year called, The Tracers in the
17:09
Dark, that talks
17:12
about the researcher's breakthrough
17:14
of being able to track down
17:16
Bitcoin, who's behind the Bitcoin transactions.
17:19
And if you had any illusions that
17:22
somehow Bitcoin was anonymous, you should
17:24
wipe those out right now. The
17:26
good guys can track you down
17:29
now and Chainalysis is the company
17:31
that, one of the companies that
17:33
are providing those tools in
17:36
the cybercriminal space now. So yeah,
17:38
it's really amazing that we figured that out at
17:40
this point. Especially like, they
17:42
call them tumblers, right? Where they would
17:45
try to, they take a bunch of
17:47
different cryptocurrency and, you know, I imagine
17:51
it either going into like a
17:53
blender or a washing machine, you
17:55
know, all just getting spun and
17:57
mixed together. But to Rick, I
18:00
mean, even that, it seems as though
18:02
law enforcement has a window into that
18:04
and they're clever enough to be able
18:06
to follow those breadcrumbs.
18:09
I think I realized that cryptocurrency was
18:11
mainstream, like super mainstream enough, and I
18:14
was watching one of my favorite British
18:17
murder mysteries. And
18:19
the- Go on. There
18:23
was death in paradise, and there was a plot
18:26
line about a guy who was
18:28
stealing electricity to mine cryptocurrency getting
18:30
murdered. Here's an exclusive
18:32
sneak peek of an all new motion
18:35
picture event. What's
18:37
this? It's a crypto mining rig.
18:40
Beautiful, isn't she? What does
18:42
it do? What it says
18:44
on the tin, it mines cryptocurrency, like
18:47
Bitcoin, or in this case, Talium. I
18:51
was like, we have fully
18:54
achieved widespread awareness about crypto
18:57
when this is a plot point on this
19:01
British mystery show. I
19:04
will know it has reached critical mass when
19:06
I can use Bitcoin at the place where
19:08
I purchase my delicious dips. Dave,
19:13
what are your dips today? I
19:15
am not sharing my dips with my
19:17
podcast co-host Rick. He's already taken my
19:19
air time. He is not taking my
19:21
dips too. Rick
19:24
can have some of my snacks when he
19:26
starts bringing jokes that are as fresh as
19:28
my dips. Until then,
19:30
no dips for you. Only
19:35
Dave's dips. Okay, only
19:37
Dave gets those dips. So
19:40
what's next, Selena? I mean, what
19:43
are we expecting here? Is this the first
19:45
of many more to come? Or
19:49
we often use these metaphors like
19:51
cyber pearl harbors and cyber 911s
19:53
and those sorts of things. So
19:55
if we turn those metaphors on,
19:57
the good guys coming after the bad
20:00
guys. You know, what's the big one
20:02
look like? Is there, is it possible to
20:04
have such a big hit that
20:06
it makes all of the bad guys really
20:09
take stock and think whether or not
20:11
this is worth the effort? Jeez, Dave,
20:13
listen to you. Make
20:15
it sound like you're narrating a Ken Burns
20:17
documentary. It's not that serious, my friend. Yeah,
20:22
we should get Ken Burns on this podcast
20:24
to narrate the, narrate the cyber war. Yes,
20:28
coming to PBS in 2025. I
20:32
think, well, you know, I think, well, so
20:34
if we're talking about metaphors, Operation Endgame, that
20:36
was like the Avengers Endgame. That was the
20:38
final big finale, say no snap. Everyone
20:41
comes together to defeat the baddies. Oh,
20:43
that's the movie with all the superheroes, right?
20:47
Yes, it absolutely is. I think
20:49
my kids told me about that. All right,
20:51
well, you may not be familiar
20:59
with the Avengers, Dave, but. I
21:01
would see, when you said Endgame, I thought
21:03
you were talking about chess. That
21:05
too, I mean, it could be a lot of
21:07
different metaphors. I guarantee
21:10
you that somebody in the FBI is
21:12
totally a fan of the Avengers movies, right? And
21:14
that is the reason it's called Endgame. Well,
21:17
there is a chess favicon on the
21:19
Operation Endgame website and the logo. Are
21:24
you saying I'm wrong, Selena? Is that what
21:26
you're saying? I'm saying that
21:28
I. Is
21:30
there a picture of Thanos on the website
21:32
or is it just the chess metaphor? The
21:35
videos look like they're superheroes involved. Okay,
21:37
the sign's saying. All right, fair enough.
21:41
We'll just say, well, let's all agree that
21:43
it's ambiguous. Well,
21:47
I mean, either way, either way, it was a big
21:49
win. And I do think that
21:51
hopefully this is kind of what the gold
21:53
standard moving forward, right? Like if we're gonna
21:56
combat these guys, it needs to be a
21:58
concerted effort with global law enforcement, public. private
22:00
partnerships, making
22:02
fun of them. That's my favorite
22:05
part. And,
22:07
you know, I think we'll
22:09
see what happens. I think it'll take a
22:11
few months for the landscape to kind
22:13
of really return or fluctuate a
22:15
little bit as we kind of get the
22:17
heartbeat of consistent activity back for some of
22:19
the actors whose botnets or
22:21
operations may have been disrupted. But I think this
22:23
is exciting. I don't really
22:26
think there's going to be a true
22:28
thing of snap for all
22:30
crime everywhere. So that would be
22:32
amazing. But then I also wouldn't have a job.
22:36
That's a good point. We all would be out of jobs
22:39
if we did the Thanos snap. Another
22:46
thing that strikes me about this is that
22:48
for the folks who are in law enforcement,
22:51
coming at something like this in this way, in
22:53
this public way, like we said, with a lot
22:55
of swagger, to me,
22:57
this really opens up avenues
23:00
for them in terms of recruiting. Right.
23:03
Because the folks who are coming out of
23:05
school or coming out of, you know, trade
23:07
school or boot camp or whatever, they
23:09
can look at this and say, you know,
23:12
maybe I'm not going to have to be
23:14
operating behind the scenes in some, you
23:16
know, nondescript government building and no one
23:18
will ever know what I do and
23:20
I won't get credit for anything. Right.
23:23
So even in the recruiting side of things, it
23:25
seems to me like law enforcement
23:27
being able to take
23:29
credit this way in such a flashy
23:32
kind of way that must help them
23:34
in that side of it as well.
23:37
I think so. You know, I don't know if it's necessarily the
23:39
people that are going to get a lot more attention. It's just
23:41
going to be the work that they're doing, I think might be
23:44
a little bit more fun. There was sleuth
23:46
con at Washington, D.C. a couple of weeks ago
23:48
and a couple of folks from the U.K.'s National
23:50
Crime Agency again talking about lock fit and the
23:52
NCA and they were able to sort of stand
23:55
there and be like, look at this great stuff
23:57
we did. Like, look at these tweets that people
23:59
made about. about the work that we were doing.
24:01
And it was really fun. And I do think that
24:04
showing your work and making it
24:06
fun and not having it necessarily
24:08
be closed off, super,
24:12
you can't talk about it. This
24:15
is a way for people to explain to people outside
24:17
of the cyber bubble, this is what happens. This is
24:19
what I do for work. This
24:21
is, these are cool projects that I'm working on. This
24:23
is why it matters. This is why it's important. And
24:25
I think not only for recruiting purposes, but I also
24:27
think for general cyber education
24:30
purposes and understanding the overall fat landscape,
24:32
telling a story via video and making,
24:34
you know, hackers in their hoodies
24:36
and as cartoons or eight big characters is a
24:38
really cool way of showing, you know, the actor,
24:41
hey, we see you, we know what you're doing.
24:43
But also people like, this is cool. Like this
24:45
is fun, cool stuff. And,
24:47
you know, it's not necessarily like spy
24:49
versus spy espionage type of thing where we
24:52
think about cyber in a lot of ways,
24:54
but this is, you know, having real impact on a
24:57
cyber criminal ecosystem is just
24:59
plain cool. Well,
25:05
aside from the cool code names that I
25:07
particularly like, right? One of the
25:10
things that makes the cybersecurity profession unique,
25:13
I think, is that you're not
25:15
just protecting your enterprise from, you
25:18
know, bad things happening, but you're actually
25:20
stopping, you know, criminals and spies and
25:22
things from being successful. You don't get
25:24
to do that if you're the clerk
25:27
at, you know, the seven of the lemon, right? So it's
25:30
an added benefit, a motivation
25:32
factor for info sec professionals.
25:35
Yeah, it's fun and it's cool. I
25:37
love making bad people sad. Yo,
25:40
I love that. Oh,
25:43
my new motto. That's
25:46
another t-shirt. I definitely
25:48
stole that from someone. That's not
25:50
a Selena original, but it
25:53
exists somewhere. It is now. It is
25:55
now. All
25:58
right, well, I think that's a great.
Podchaser is the ultimate destination for podcast data, search, and discovery. Learn More