Black swans, black ops, BlackCube, and red herrings
Episode 249 of the Cyberlaw Podcast
In this episode, I interview Chris Bing and Joel Schectman about their remarkable stories covering the actions of what amount to US cyber-mercenary hackers. We spare a moment of sympathy for one of those hackers, Lori Stroud, who managed to go from hiring Edward Snowden to hacking for the UAE in the space of a few years.
In the news, I ask my partner Phil Khinda whether the $29 million Yahoo breach settlement opens a new front in breach derivative litigation or is a black swan event. He says it's more of a red herring – and explains why.
This week in black ops: I ask Nate Jones to comment on the tradecraft used in an apparent effort to smear Citizen Lab for its reports on NSO. My take: This feels a lot like what BlackCube did for Harvey Weinstein, except that this was the low-budget version.
I'm not sure the indictments are working. The Russians are so far from being shamed that now they're engaged in fake hacking. Dr. Megan Reiss notes Special Counsel Mueller's recent claim that Russians are leaking discovery materials and pretending they came from a hack of the counsel's office. Remember the remarkably adroit robot that turned out to be a Russian in a robot suit? That's what this reminds us of.
And in possibly related news, Apple went out of its way to publicly embarrass Facebook and Google over their use of corporate certificates to sideload apps to record the browsing habits of paid volunteers. I'm not convinced that the fuss is justified. Whatever those users sold their data for, it's a lot more than I'm getting.
This week in dogs biting men: Ukraine says Russia is trying to disrupt its upcoming election, and the Pentagon is reportedly failing to stay ahead of cyber threats. Megan covers the first and Nate the second.
I offer one and a half cheers for Japan's pioneering and mildly intrusive survey of bot-vulnerable IoT devices. Unfortunately, it's not intrusive enough to really address the problem.
Finally, EPIC is calling on the FTC to impose a $2 billion fine, structural changes, and more on Facebook, claiming that "the algorithmic bias of the [Facebook] news feed reflects a predominantly Anglo, male world view." If you still need evidence that privacy law is the legal equivalent of a Twitter mob – an always-ready tool for punishing unpopular views – EPIC's filing should do the trick.
As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!
The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.