Clicky

Cybersecurity Shorts: Facebook Outage and Scraped Data, Ransomware Hackers Arrested by Europol, the Deets on the Twitch Hack and More – Futurum Tech Webcast
by Shelly Kramer | October 13, 2021

In this episode of the Futurum Tech Webcast, Cybersecurity Shorts series, I’m joined by my colleague and fellow analyst, Fred McClimans for a dive into goings on in the world of cybersecurity.

Although it wasn’t a cyberattack, we felt the global Facebook, Instagram, WhatsApp outage and the ramifications of that, beyond a mere inconvenience for many merited some discussion at the top of our show. There are a lot of nuances here and definitely worth considering the impact on people who rely exclusively on wifi connections and Facebook Messenger to communicate or on merchants who use WhatsApp to conduct business and how important those platforms have become to us as a whole.

We then turned our conversation to the following cybersecurity-related news:

  • Facebook data scraped and for sale. Sort of. Web scrapers claim to possess and are looking to sell the personal data of 1.5 billion Facebook users on a hacker forum. The seller claims to represent this group of web scrapers who have allegedly been in operation for at least four years and who have been ‘serving’ an alleged 18,000 clients. Oddly enough, this week following the Facebook outage, this thread disappeared from the hacker forum, although the poster wasn’t banned. Coincidence or not?
  • International law enforcement orgs collaborate, hackers arrested. Europol announced arrests last week that were the result of the coordination by an international coalition of French, Ukranian, EU, and American law enforcement authorities. Two hackers described as very ‘prolific’ and involved in a multitude of ransomware attacks were arrested and millions in profits were seized.
  • The Twitch hack – it’s extremely personal. Big news this past week centered on the Twitch hack. Twitch is Amazon’s cloud based gaming service and an anonymous hacker or hackers posted a 125GB torrent link to 4chan on Wednesday. The leak was discovered and verified by Video Games Chronicle and the leaked information was publicly available for download on 4chan. There’s a lot to unpack here, and a conversation you’ll definitely want to tune in for.
  • Five-year breach gave hackers access to billions of text messages. Syniverse, a company that handles text messaging and general telecommunications infrastructure for carriers around the world has confirmed that it has been hacked, potentially providing threat actors access to sensitive customer data for years. This breach could be quite significant, and our conversation explores why.
  • Atos Wins R&D Project with ESA to improve cybersecurity of satellite testing platforms. In cool news related to space and cybersecurity, Atos, a global managed security services provider, has been awarded a contract by the European Space Agency (ESA) under ARTES C&B program to develop a product to improve the cybersecurity of Electrical Ground Support platforms which are used to test the electrical systems of satellites before launch.
  • The Warren Bill Gives 48 Hours to Report Ransom Payments. We wrapped the show with a discussion about a bill proposed by Senator Elizabeth Warren and Democratic Representative Deborah Ross of the Ransom Disclosure Act. Under this proposed Act victims of ransomware attacks would be required to report payments to their hackers with 48 hours.

Watch the episode here (and subscribe to our YouTube channel while you’re there):

Or stream the audio on your favorite streaming channel here (audio)

Don’t Miss An Episode – Subscribe Below:

 

Disclaimer: The Futurum Tech Webcast is for information and entertainment purposes only. Over the course of this webcast, we may talk about companies that are publicly traded and we may even reference that fact and their equity share price, but please do not take anything that we say as a recommendation about what you should do with your investment dollars. We are not investment advisors and we do not ask that you treat us as such.

More insights from Futurum Research:

Microsoft Issues Warning on Large Scale Phishing-as-a-Service Operation 

Biden Administration Appeals to Big Tech to Raise the Bar on Cybersecurity

Massive T-Mobile Breach

Transcript:

Shelly Kramer: Hello, and welcome to this episode of the Futurum Tech Webcast, Cybersecurity Shorts Series. I’m your host, Shelly Kramer. And I’m here today with my colleague and fellow analyst. Fred McClimans. Fred, hello?

Fred McClimans: Hello, Shelly. Welcome to this week’s edition of Cyber Shorts.

Shelly Kramer: Exactly, exactly. So we are going to … there’s so much going on. Actually, there’s so much going on in this space every week, it’s really, I think, the time that we spend figuring out what we’re going to talk about, it is always fairly significant, at least it is on my end, I know. What’s the most relevant. So, but I think that what we wanted to start our conversation focusing on today was the Facebook, Instagram, WhatsApp going offline earlier this week. And while that wasn’t a hack, wasn’t a cyber security incident, it was an incident that’s really a pretty far-reaching one. Did you happen to listen to any of the testimony this week, Fred?

Fred McClimans: Yes, I sure did. All of it.

Shelly Kramer: Well, I didn’t. And so that was one of the reasons I wanted to, I mean, I got one of the things that we do here as a team when something’s happening, we have multiple channels, chat channels that we talk in. And so I saw a lot of the conversation happening around that testimony, but I, unlike everybody else, was apparently working, I don’t know. No, I’m kidding you, but anyway, no, I just didn’t have time to go watch it. So, but what I did hear, I hear some feedback from people online that there was a lot, there were some hasty generalizations made about Facebook users during some of those, that testimony and conversation. Did you see any or hear any of that?

Fred McClimans: Well, there’s always a decent amount of that when you get congressional members that are trying to get their sound bites in. I think it’s probably the most polite way of saying it. But then, there are also a number of situations that we’ve seen over the past decade or so, where members of Congress are not necessarily that tech-literate. And they make some very broad assumptions about technologies, applying the wrong features to the wrong provider, or in some cases, in this particular hearing here, one of the things we had this week was the Finsta, which is basically, it’s a way that kids-

Shelly Kramer: That person should be so embarrassed.

Fred McClimans: My kids do it. They have a separate Instagram account. They share some passwords in it and-

Shelly Kramer: Fake. It’s their fake Instagram, right?

Fred McClimans: Yeah, for Instagram, and it’s the Finsta account. Well, there was somebody that was asking the Facebook executive there, “Are you going to stop this? Are you to take that off the market? Are you going to stop this feature?” And it’s not a feature, it’s a way that kids are using the technology.

Shelly Kramer: To evade their parents.

Fred McClimans: And as I watched that, all I could think of was, “This is a great example of why technologists need to hire social anthropologists,” to figure out how are people actually going to use the technology that they have in front of them, because it’s not always intuitive.

Shelly Kramer: It is not always intuitive. Well, that was interesting. And, one of the things that I didn’t think about very much, it didn’t matter to me that Facebook was down, and that Instagram was down, and that WhatsApp was down. I use WhatsApp when I’m traveling, especially when I’m traveling out of the country. I have random conversations with friends all over the world on WhatsApp, but I don’t use it every day like a lot of people do. I don’t. I mean, I’m on Facebook daily, I’m on Instagram, probably more than anything else. But, for me, not to be able to use those platforms is no big deal.

But what I did realize is as the day went on, my family has adopted a young single mom. And one of the things that we do is help pick up her little boy from school when another family member can’t get him. And, her primary method of communicating with her family is by Facebook Messenger. And it’s because you don’t have to have a phone, you don’t have to have phone service to do it. You just have to have wifi. And that sort of opened up my thinking, too. The fact that it didn’t affect me is meaningless. But the fact that there are people all over the world who rely exclusively on Facebook, Facebook Messenger, sometimes Instagram, and WhatsApp to live their lives, that was a big deal.

Fred McClimans: Sure. Sure. There are some just basic reasons in the US why, I think a lot of people do the same thing that you’re doing here. If you think about the extended families text messaging, sending videos back and forth, group chat, let’s face it, Google, or Android phones, and iOS phones, they don’t send messages back and forth between each other particularly well. So Messenger, I mean, I use that with my extended family, because it’s just a nice, convenient way to have a sort of a private group chat. But for many parts of the world, particularly with WhatsApp, WhatsApp is the way that they engage with their banking institutions, the way they do business, it’s the way they do financial transactions. I mean, it’s very similar to sort of that all-encompassing everything on one social platform approach that we see in China.

Shelly Kramer: Yeah, which we don’t really have.

Fred McClimans: You have that, WhatsApp, in certain parts of the world. When WhatsApp goes down, everybody shuts down.

Shelly Kramer: Yeah. Yeah, no, absolutely. I thought it was really interesting, and certainly, since it happened just this week worth touching on. So then, staying on the subject of Facebook, we wanted to talk a little bit about web scrapers who are claiming to possess and looking to sell personal data on some 1.5 billion Facebook users, no small amount. Right?

Fred McClimans: No.

Shelly Kramer: And so, the interesting thing for me is that this is not a new story necessarily. I mean, well, it is new in the sense of some of this was just reported this week. But part of the information that I see about this is that the seller of this data claims to represent a group of web scrapers, who’ve allegedly been in operation for four years and have some 18,000 clients that they serve. But anyway, talk with us a little bit. So that’s a big customer base, right? And this is not just any fly-by-night organization, but talk with us a little bit if you would, Fred, about this purported web scraping and what the details there are.

Fred McClimans: It was interesting because when this first hit, I mean, this is during the week when there’s an outage, there’s congressional testimony and it first hit as if it was a hack. That somebody had actually breached Facebook systems and extracted information, which was very much in line with a lot of the conspiracies that were running around when Facebook was down. I mean, there were across Twitter and some of the non-mainstream social networks, the conspiracy theorists were just rich with it.

Shelly Kramer: That makes perfect sense.

Fred McClimans: Talking about government agents investigating and grabbing possession of all of that. In fact, there was one, they said, “FBI had raided Facebook headquarters and they had seized all of Facebook’s servers,” which of course it doesn’t work that way, quite necessarily. But, through this, this was an interesting one. What you have here is an individual, again, who has web records for, or personal records for about 1.5 billion individuals. It’s used or collected through a very basic web scraping technique. And that in and of itself, there’s nothing that I could see here really that looked like anything that was illegal, that had taken place. There were some allegations that this individual had, was putting up sort of a scam front. They didn’t really have the data. There were some people that said, “Hey, look, we paid for some of the data. We didn’t get anything back on it.”

But it seems to be relatively verified or at least reasonable that the data they have is legitimate data here. So it’s the names, it’s email addresses, it’s phone numbers, location, gender, user ID name, all the kinds of things that somebody would really want if they were trying to impersonate somebody else. And what’s interesting here is, and we’ve talked about this before, sort of the four A’s of cybersecurity data breaches. You’ve got the acquisition of data. Gather as much data as you can. You’ve got the aggregation of that data into one common data set, then the analysis of that data to extract some value, and then the activation of that value. So this year seems to be right in line with this. What they’ve done is, they’ve accumulated a lot of data from different sources and aggregated that data. Most of it, probably publicly available into a common data set that allows them to basically complete a profile of every individual user.

Shelly Kramer: It’s no big deal, right?

Fred McClimans: They’re not necessarily doing anything wrong, but it’s a huge deal that we have that information out there.

Shelly Kramer: It is.

Fred McClimans: And if this person is doing it, you know that everybody else is going to kind of follow suit on this, and kind of go right down that same path. It is interesting that when you look at this, the going price rate was about $5,000 for a million Facebook user account passwords.

Shelly Kramer: That’s pretty cheap.

Fred McClimans: I thought about buying a couple myself. Maybe you’d figure out a way to turn it into an NFT and pass it along to your kids.

Shelly Kramer: Well, the other thing though, that I thought was really interesting about this is that, so this was reported. This was in late September. The user of a known hacker forum posted an announcement claiming to possess this data. Right? And the data was put up for sale. And then we started talking about this again this week, but the thread that was talking about this disappeared from the hacker forum, where it was originally posted. And that’s not unusual, because hacker forums are legit and they vet their people. Right? But so, and sometimes they ban people who are spammers, but what was odd in this case is that the poster wasn’t banned. Although there were some people who claimed that they had bought the data, hadn’t yet received it. I didn’t go too, too far down that rabbit hole.

Fred McClimans: Yeah, the scam allegations there.

Shelly Kramer: But, it did not appear that that hacker was banned. And so there was some talk about perhaps the thread taken down as a result of a request by Facebook. So, who knows?

Fred McClimans: Yeah, it’s a tough one. We don’t know all the details here. We don’t know exactly how they collected all the data. Like I said, a lot of this information is pretty much out there, whether it’s legal or illegal, it’s available. And, certainly, one of the techniques has been talked about with this was somebody actually setting up some of these Facebook games, the quizzes. “Give us your first name, your last name, and the place that you went to high school, and that’s your poor name?

Shelly Kramer: What song was popular the year you graduated? Yeah. Oh, please. Tell me what’s happening.

Fred McClimans: Yeah. Yeah. Those things are just all designed to gather as much information about you as possible.

Shelly Kramer: They are, they are.

Fred McClimans: So I think the big question here is, will some of the data actually make its way into the legitimate data broker marketplace, and potentially be used by advertisers and marketers?

Shelly Kramer: I don’t see any reason not to think that that’s a yes. I mean, in this day and age, I’m sorry. I don’t, so.

Fred McClimans: Unfortunately.

Shelly Kramer: One of the things that we like to do when we talk about bad news is sometimes talk about good news, and that’s what I wanted to tackle next. I know that we saw some news this week about an international coalition arrested a prolific hacker group involved in ransomware attacks. And this came from Europol, the EU’s law enforcement agency when they announced some things earlier this week. Tell us a little bit about what you saw there.

Fred McClimans: Yeah. So this is amid the whole back and forth issue between US President Biden and Vladimir Putin, with the US saying, “Look, you’ve got to reign in some of these ransomware groups and these threat actors overseas.

Shelly Kramer: Cut it out, Vladimir.

Fred McClimans: Whether or not this had anything to do with that, yeah. You can’t really tell, but they arrested two individuals, two Ukrainians. They have not released the names of the individuals here, but it’s believed that they were able to extort between five and 70 million euros from their ransomware attack ventures. Now, who are these people that they’ve been attacking, that they’re kind of tagging, pegging against these guys? Well, some of the big ones. Colonial, JBS the meatpacking company, Kaseya, a number of just huge companies that paid money. Now through this, the Justice Department, working with Europol, they have been able to recover some of the money.

So what did they get coming out of this? These two individuals, they seized $375,000 in cash US. They listed as two six-figure luxury vehicles, not quite sure how to interpret that one, and the freezing of $1.3 million in cryptocurrencies. So, this is a good attack back. It’s a good offensive-defensive move here with this. But what we don’t know anything about is who else might have been involved in this? Software that they used? Were they able to access that, so they could tell pretty much where the actual software came from, how they can identify the servers and the sources for that? We just don’t know any of those details here coming out of this, but I consider it a good-news win. Two individuals arrested, collaboration between the US and Europe, the recovery of funds that potentially go back to Colonial, JBS, and others, and maybe a lesson to people who are out there in this business. And it is a business. It’s ransomware.

Shelly Kramer: It is a very big business. Yes.

Fred McClimans: I hate to say, it’s kind of like, Inc. and the mob in the early 1900s in the US. It’s a business model. They run a business venture and they need to know that it’s not a profitable business when you get caught. And you’re going to get caught, increasingly with the technologies that we have to track and strike back.

Shelly Kramer: Now, when I read this, I did not get deep enough in it to see that these hackers were associated with Colonial Pipeline, and JBS, and Kaseya. So, if that’s the case, that makes me even more excited.

Fred McClimans: Yeah. I mean, it’s a big step here. Now we do know that in the past, they had recovered some of the monies that need these organizations, and they did that by going in and actually seizing control of the servers that the cryptocurrencies were residing on. So, we can assume perhaps that in this case, that was sort of the first step in, and they leveraged what they learned from that to pursue these injuries even further. And it’s worth noting here that for all the talk about Bitcoin, as that anonymous pay my ransom in Bitcoin, all of the transactions that take place in a Bitcoin blockchain public ledger are public, with enough IP addresses and enough coordination, you can track information. So, kind of inevitable, I guess.

Shelly Kramer: Kind of inevitable. Well, we’ll see how this plays out, but I do think that that’s a nice bit of news. Absolutely.

Fred McClimans: Yes.

Shelly Kramer: I like that. It gets exhausting sometimes always talking about hack after hack, after hack. So it’s great when we see good things happening. So in the opposite of good things happening, I wanted to talk next about the Twitch hack. And that’s kind of the big news of the week beyond what’s going on with Facebook. And it’s certainly big news in the gaming ecosystem, right? The gaming community. So what happened is that Twitch, which is Amazon’s streaming service was hacked earlier this week. And, it appears as though it wasn’t just another random hack. It was a personal hit. And so this was first reported by Video Games Chronicle. An anonymous hacker or hackers posted a 125-gigabit torrent linked to 4chan on Wednesday, and BGC verified that this information was available publicly for download on 4chan.

So it’s out there. This leaked information contained a lot of information, probably the most alarming of which was Twitch’s source code. And, it also included payout information related to how much Twitch’s most popular streamers make.

Fred McClimans: Which is a lot.

Shelly Kramer: Well, it is a lot, but I mean, and not to mitigate that in any way, but YouTube’s most popular personalities make a lot, and Instagram influencers. I mean, like to me, that that is not something that would piss me off, or yeah, I don’t know. I just didn’t feel like that was something that was tremendously harmful. People … I don’t know who knows? But, so how much money some of the popular Twitch creators make, the source code data for mobile, desktop, and game console, Twitch clients. There was also an unreleased steam competitor that was code-named vapor from Amazon game studios.

So, a game that hasn’t yet been released, code that was related to proprietary SDKs and internal Amazon web services used by Twitch. That’s a big deal. And along with Twitch’s internal security tools designed to improve security by having staff pretend to be hackers. So that’s sort of, “Here’s my security tools, take a look, right? Here’s what we’re using.” That’s problematic. So, but what I said though originally was that this appears to be personal. And the reason that I said that is because when the data was dumped online, the hacker or hackers said that their motivation was all about fostering competition and online streaming. Okay. I get that may be why the creators felt payment information is relevant. I get that. And the hacker described Twitch’s community as a disgusting toxic cesspool. So seems fair to say, right, that it’s a personal attack.

Fred McClimans: Yeah, perhaps along the likes of the Sony attack, the other day we talked about it.

Shelly Kramer: Exactly, exactly. That’s actually what it was compared to. And so, it did not appear even though the statement sort of maligned the Twitch community, it doesn’t appear that user data like passwords and address information were released. So, I guess that’s important. So, it looks like maybe somebody who was aggravated about Twitch and maybe Amazon more, than simply the users themselves. I don’t know. But, so this happened earlier this week, and of course, we keep talking about it, reporting on it, and learning more. And one of the things that this morning, Friday, October 8th, is that background images for Minecraft and GTA 5, which I know is a game, but I’m not a gamer, so I’ve never played it. I do know what Minecraft is. They were replaced on Twitch with images that appear to be Amazon founder, Jeff Bezos’ face. So that’s kind of, so we’re not done with this, right?

Fred McClimans: No.

Shelly Kramer: And I know you’re a gamer, and you have kids who are gamers, and so what do you think?

Fred McClimans: Yeah. It’s an interesting one. When you get something of this nature, it doesn’t look like monetization is the goal. There were initial reports that user data was out there, but that doesn’t really seem to be the case here. But I think for a lot of people, I know, I’m a Twitch user. My kids do have accounts on Twitch. Not too many people know that Amazon actually owns Twitch. I mean, Twitch is one of those online gaming streaming platforms that has just exploded over the past few years, but go back to the acquisition. I think Amazon paid, was like 950 million for this back in 2014. It’s got 41.5 million users in the US alone for this platform. It is absolutely huge. It’s over the top and it’s a competitor, direct competitor to the YouTube streaming services.

So I know, my youngest son, he had his gaming streaming channel on YouTube for Fortnite. And at a certain point, he said, “Dad, I think I’m going to move over to Twitch.” And I was like, “Okay, why?” And he’s like, “Well, I think you can make a lot more money there.” So, it’s a very interesting one, but just the fact that this code was available, that somebody was able to breach the system. It’s got to be viewed as a black eye on the part of Amazon, and their ability to secure this data. Because this streaming platform, it’s not something that’s widely used by adults around the world. It’s kids.

And, I know when you look at a platform that has kids tagged to it, and go back to earlier this week with Facebook saying that they were walking away from their plans for now for, call it like, Kidsta, kid’s Instagram out there. That’s a really dangerous thing because, the younger kids are when their personal data gets out there and their behavioral data gets out there, the way they choose passwords, when they’re online, when they’re located, who their friends are, the younger that happens, the more likely they are to be targeted through phishing attacks and social engineering attacks later in life. And, that’s a legacy that we just cannot pass on to the kids. It’s just, it’s not fair to them. And, I definitely, I look at Amazon and I go, “Guys, this is on you. You let this happen.”

Shelly Kramer: And, quite a few people mentioned that. And, according to Amazon, Twitch had a misconfigured server, it was accessed by an unauthorized third party. And, Amazon has made it clear that this breach has nothing to do with the security of its AWS cloud server. And as you said, the reality of it is Amazon owns Twitch, and one of the things that we talked about earlier before we started recording this show is that one of the things that Amazon does in many instances, is keep things fairly siloed. Like its Whole Foods business is separate from this, is separate from this, but the reality of it is, is that things sometimes aren’t silos, shouldn’t be siloed. And, one of the knocks against Amazon here was that had you had more control over this, had you, AWS been paying more attention to this, you could have perhaps avoided and, or mitigated this. And so it is, you can’t divest yourself entirely from this when this is a platform that you own.

Fred McClimans: Absolutely. And, I’ll make it very clear. I mean, and we’ve seen this, Shelly, in a lot of the primary research that we do at Futurum, where we look at the type of threats that enterprises are facing, and their concerns, and the mitigation efforts that they have to put in place. Particularly with cloud providers and some of the hyperscalers like Amazon, that are just massive in their cloud infrastructure and their market penetration. Misconfiguration of servers happens all the time. So for Amazon or anybody to say, “Look, it’s not a security issue. We weren’t hacked.” I’m sorry. I call bullshit on that. You opened the gates, you misconfigured something and you allow a security breach to occur. That’s on you.

Shelly Kramer: You know what? It is, actually. We will close this part of our conversation by saying if you’re a Twitch user, if your kids are Twitch users, this breach is still being investigated. There’s still a lot that we don’t know. And while it doesn’t appear that unencrypted password information was part of this data dump, it is recommended that Twitch users turn on two-factor authentication just to be safe. So if that’s you, if that’s your kids, please make sure to do that. It could be important. So, there we go.

So now we’re going to talk about, speaking of breaches, we’re going to speak of breaches that sort of give people nightmares. At least this one gave me nightmares. I know you’re going to give us a little bit more information on Syniverse, a company that handles text messaging and general telecom infrastructure for carriers across the world. And some bad news about a breach that happened.

Fred McClimans: Yes. A breach that not only happened, but it happened over an extended period of time. We’re talking years here, multiple years, perhaps four or five years here. So in an SEC filing, Syniverse advised, I’ll quote them here so I get it exact. “An individual or organization gained unauthorized access to databases within its network. And those systems allowed them to access 235 sets of customer data.” Now, again, let’s put this in incorrect context here. Syniverse, they are a technology company that facilitates the transfer of text messaging and communications between different carriers. In this particular case here, the data that was accessed was carrier messages. Messages from you, from me, from others that were transiting between these different networks. So those 235 customers, those aren’t individuals like you or me. Those are the AT&T’s and the T-Mobile’s, and all the carriers of the world out there. So the potential impact of this, it’s not 235 people. It’s 235 million people, if not more than that.

Shelly Kramer: Global. I mean, this isn’t just in the United States, is it? And that’s really the part of this thing that gave me nightmares. When you look at this, I don’t know if it’s 235 or 253. I can’t remember. And I think we’ve said both in this show, but these are, this is a lot of customers who in turn have a lot. This would be like saying AT&T, Verizon, T-Mobile, right? And 20 more or 200 whatever, more. That’s a lot of data. That’s a very, very big deal.

Fred McClimans: And this goes back all the way to 2016, so they know it started in May 2016. They believe it stopped in May of 2021. But, think about the volume of this here. What is it? 740 billion text messages that Syniverse handles a year.

Shelly Kramer: Right. Well, and actually, to extrapolate this out, even further, I get no less than 10 smishing messages a week. Okay. So those are SMS messages, text messages that go to my phone that tell me, updating about my UPS package, or my tax return, or the prize that I just won because I paid my AT&T bill, or all these things that are clever campaigns that are designed just to get me to click. Right? So these are like robocalls. You know how irritating robocalls are. This is like the robocalls of text messaging. But the problem here is this is, these enable phishing campaigns to be perpetrated against millions of customers.

Fred McClimans: Yeah. Yeah. And it’s one of those things where I know personally, I know this is anecdotal, but myself, my family members, my friends, we’ve all witnessed a significant increase in the number of phishing messages through text messaging. I get one, it appears from four or five different phone numbers every day, but it’s the same message. “Hey, you paid your AT&T bill on time,” right?

Shelly Kramer: Yeah, they’re really bad about that.

Fred McClimans: “Click this link for a reward.” So somebody out there knows that I’m an AT&T customer. They’re tracking.

Shelly Kramer: Exactly. That’s how this data could have … That’s the danger of this breach. They have, they know who the carriers are, so they can target the messages to AT&T. The ones I get are AT&T as well. I’m an AT&T customer. If I got something from Verizon or T-Mobile, I would instantly know it wasn’t applicable, but AT&T, it’s like, “What, what?”

Fred McClimans: But, this is interesting because a lot of people use things like iMessage. They use Facebook Messenger, they use WhatsApp because there’s an aspect of end-to-end encryption that takes place there. But people mistakenly assume that, “Oh, because that technology is available out there, it applies to just general text messages.” And it does not. When you send a text message across the network, that’s a clear message. These people uncovered a way to tap into those messages, record the information. And, it’s a black eye, a significant black eye. So now you have to look at this and go, “How does a company not discover a breach of this magnitude for five years?” Big issue.

Shelly Kramer: And how did they discover it? Do we know that? Because, I don’t know that I-

Fred McClimans: I did not see how they actually uncovered that message or the breach there. Only that they had uncovered it recently. And, again, no public announcement, but an SEC filing where they’re required to disclose. So, I’m a strong proponent of mandatory disclosure for these types of things, for exactly this reason.

Shelly Kramer: For exactly this reason. Yeah. Well, when we post the show notes here, we usually break this show up. We publish the show in its entirety, and then we break it up into vignettes, focusing on separate segments of the conversation. If we are able to find any more information about this breach, we will include that in the show notes for the vignette about this Syniverse data breach that affected telcos across the world.

Now, we’re going to talk, we’re going to move to outer space. And, we’re going to talk a little bit about a win by Atos, of an R&D project with the European space agency to improve cyber security of satellite testing platforms. Lay it on us, Fred.

Fred McClimans: Yeah, this is a feel-good story, but also there’s a cautionary tale in here that I think caught my attention and yours as well, when we were reviewing the week’s events, so to speak. So, Atos, a global services provider, one of the largest companies out there providing a variety of services from managed security services to engineering, all the classic outsourcing with a technology bent. These guys are some of the best out there and have tremendous experience in offering managed security services and helping to secure, cyber-secure different types of events and businesses’ platforms. They have been, for example, one of the regular providers of security, cybersecurity protection for the Olympic games. So they’re out there, they know what they’re doing, and it’s good to see them stepping up into this space here.

So the European Space Agency, ESA, under their ARTES, A-R-T-E-S. I’m not sure if that’s ARTES or ARTES, but their CNG program. They have been brought on to improve the cybersecurity of their electrical ground support equipment. The EGSE, they call it. What’s interesting here is that what this really gets at is a need on the part of the European Space Agency to test their satellite systems, electrically test everything before they’re launched into space. And then of course there would be follow on testing that would go with that. Now you think, “Electrical testing of a satellite, what does that have to do with cybersecurity?” Well, in the past, it had nothing to do with it. When they would test these systems, they were testing in an air gap environment. Here’s a satellite, here all the electrical components, here’s everything that we need to build into the system that we can test and isolate in this giant hangar somewhere, in this giant clean-room.

But now, think back over the last year and a half. COVID hits, pandemic, work from home. Well, those work from home people, they’re not just the marketing, the sales, the office staff.

Shelly Kramer: It’s scientists.

Fred McClimans: It’s the technical people. It’s the people who are actually doing things like building the electrical systems for satellites and testing those systems. So now, you have a really interesting situation here that is fueled, or perhaps a better word enabled because I think this is a positive, by the increase, the acceleration that we’ve seen over the past year and a half of digital transformation initiatives.

Organizations realizing, we have to work from home for the next X period of time. So let’s accelerate our plans. Let’s move more applications into the cloud. Let’s deploy different types of compute devices for end-users. Let’s bring collaboration tools out to the forefront and let’s re-architect our digital infrastructure, so that it’s more flexible and agile, because we don’t know where somebody is going to be located today, tomorrow, or the next year from now.

So, all great things that has enabled European Space Agency, and probably countless other businesses out there to actually take these processes that were previously in one room, air gap environment, and to extend those out and to include more individuals. So you get a more diverse group of testers, you get more experience, you get more expertise. This is all a great win, but now you have to secure it. And that’s where Atos has been tapped to step up in here. And, I think this is a great win for Atos, definitely a top-notch company out there in this area.

And, what I would just say is, any business out there that is involved in manufacturing, assembly, testing, design engineering, any of these aspects, if you’ve moved these systems offline or online over the past year and a half, or if the data from those systems is now online, you really need to focus on that to make sure that you’re not exposing yourself to undue risk. Because I guarantee you, especially something with the satellite space industry here, as soon as it’s known that that type of process is now taking place online, an element of non-air gap security, you know that threat actors are going to go after that.

Shelly Kramer: Well, and the world of satellites and how they’re being deployed to serve us is just growing by leaps and bounds. I know. So my twin 15-year-olds row crew, and we were on our way to a regatta this weekend on Saturday in Oklahoma City. And I live in Kansas City, Missouri, and it’s a five-hour drive through a lot of rural country. And, it was nighttime. And I was looking, I was trying to identify something up in the sky if it was a star. And I knew it wasn’t a star. My husband said, “Oh, that’s a plane.” I said, “Yeah, no, it’s not a plane.” And, I know that in your family, Fred, that you serve this role in my family. I serve the role of the person who has a head full of really nerdy information.

And so, I started telling my husband though about low earth satellites, and how common they’re becoming, and what they’re used for.
And, how especially in not only rural areas across the United States and other countries, but in third-world countries, how they are being deployed and will be deployed to provide wifi connectivity and that sort of thing. And, he’s looking at me like, I was like, “Are you?” But anyway, this is not. Satellites are a very big business. They will continue to be an even bigger business. And, the whole point them is that they’re internet-connected devices. Right? And they’re providing connectivity to people. So, starting with the foundation of security is critically important.

Fred McClimans: Yeah, it is. And when you talk about LEOs, the low-earth orbit satellites, just sort of a quick side note on that.

Shelly Kramer: See, I knew you’d have a side note because your mind, you’re my nerd husband, my nerd work husband.

Fred McClimans: So Starlink, this week, the SpaceX adventure from Elon Musk, they have confirmed that they’re going to start rolling out their Starlink services. Very limited, but later this year. So the Starlink network, that is essentially a massive number of very small communication satellites that they’ve thrown up into low earth orbit, but ultimately with the goal of pretty much blanketing the entire earth with these small satellite devices. And it’s worth noting here that these satellites, they’re not the big, massive communication satellites of yesteryear. They don’t put one up at a time. They launch hundreds at a time, very small. It’s a really interesting, fascinating approach to these satellite cubes that go up into space, but they’re launching that. So, potential threat there. And of course, there’s the whole controversy of are they painting them black, or are they silver so that they don’t mess with the stars in the night sky.

But, along that same line, you’ve got Facebook this week who announced they’re stepping back in to try and figure out a way to provide, I think it’s potentially a satellite-based, global wifi internet access type capability out there. You also have Amazon, that picked up the assets of an earlier Facebook program that is continuing with that effort there, that I think could ultimately be a very strong competitor to SpaceX and the Starlink capability out there. So there’s just a lot going on here. So, space is really cool. I F-ing love science, and we see these things taking place there. It’s great to see, but there’s always that issue of, “How do we secure that?”

Because just like we saw with the Facebook downtime this past week, when Facebook, Instagram, WhatsApp go down, in the US it may be an inconvenience. Yes. Some people couldn’t post their messages. They may not have been able to get access to customer support on Facebook Messenger, which by the way, I use Facebook Messenger for customer support. I’m not a Facebook user, but I use the customer support on Messenger. But when these systems go down, economies stop. Flights stop. And if you think about the satellite systems that we’re putting in place here, they are a massive, very sophisticated system. And, massive sophisticated systems, when they fail, tend to fail really bad.

Shelly Kramer: And they’re also attractive targets.

Fred McClimans: Yes, they’re attractive targets. And, disrupting that in some way could very easily be the next ransomware attack. Let’s shut down the global communications grid, hold that hostage. Just like you’re seeing meat packers, energy providers, healthcare providers today with ransomware attacks. So, that’s my nerd, geek-out moment for the day.

Shelly Kramer: I like it. I like it. Well, speaking of ransomware attacks, that we’re going to wrap our show with a quick mention of the Warren bill, which is a Ransom Disclosure Act that’s been proposed by Senator Elizabeth Warren and Democratic representative, Deborah Ross. And this bill proposes that victims of ransomware attacks must report payments made to their hackers within 48 hours. And this would give, this Ransomware Disclosure Act would give the Department of Homeland Security data on ransomware payments, including the amount of money demanded, how much was paid, the kind of currency used, to your point. Bitcoin is actually traceable. And, this is really a couple of things. One, I’m sure it has to do with being able to recover, to find hackers, and recover ransomware that’s paid. But also, part of what these lawmakers said when they presented this bill is that it’s essential to bolster the government’s understanding of how hackers operate, and the extent of the ransomware threat.

And, our colleague, Ron Westfall, and I recorded a webcast yesterday and our 5G Factor Webcast. And one of the things we talked about there, happened to also be related to ransomware, and something that Nokia is doing from a Silicon level to protect against ransomware or to protect against cyber threats. And just, why this matters so much is really a pretty simple answer. So we’ve seen ransomware, the global attack volume of ransomware attacks has increased by 151% for the first six months of 2021, compared with this time of year, a year ago.

And, the FBI has warned that there are a hundred different strains of ransomware circulating around the world. And from a hard numbers perspective, that SonicWall Capture Labs reported that ransomware hit 304.7 million. There were 304.7 million attempted attacks. And, to put that in perspective, there were 304.6 million ransomware attacks for all of 2020. So this is part, the first six months of 2021, we’re already almost exactly the same in terms of the number of attacks that happened in a full year.

So, threat actors, we’ve had Colonial Pipeline, we’ve had JBS that shows the threat to our supply chains. Colonial Pipeline, critical infrastructure. We have had hacks of government systems. We’ve had hacks of hospital systems. I mean, the list is seemingly endless, but anyway, so this is, I thought that this was interesting to see, and I understand the logic here. There is other pending legislation around these things. I think, reporting breaches is one of the things that’s on the table and lots of different things, but this is a little bit different than some of the other things that’s been proposed, simply because it’s saying, “If you pay ransom, you are required to report it, so that we can do the work that we need to do from a Homeland Security standpoint.” So I thought that that was, it’ll be interesting to see, right? It’s a proposal, it’s not a law.

Fred McClimans: Yeah. And, this and other initiatives, TSA just announced this week that they’re going to mandate disclosures on the cyber-attacks from the railway and some of the other transportation providers. We need this information. The only way we learn what’s taking place, and have an opportunity to successfully track down, and apprehend, and recover is through a disclosure of this type of information. So I’m all for it.

Shelly Kramer: I am all for it as well. Well, our show is a little bit longer than usual today. We had a little bit more to cover than usual, but with that, we thank you for hanging out with us today. Fred, it is always my pleasure to spend part of my day nerding out with you.

Fred McClimans: Likewise, as well. I’m glad I can be your nerdy husband here.

Shelly Kramer: I like it. I like it. My work husband. And for those of you watching on YouTube, hit that subscribe button. Those of you listening by way of a podcast platform, hit the subscribe button. And I will be sure and include links to both friends in my LinkedIn profiles and our show notes. If we’re not connected yet, send us a connection request. We’d love to know you more. And with that, thank you so much for spending time with us today. We’ll see you next week.

 

About the Author

A serial entrepreneur with a technology centric focus, Shelly has worked with some of the world’s largest brands to lead them into the digital space, embrace disruption, understand the reality of the connected customer, and help navigate the process of Digital Transformation. Read Full Bio.