This week, we interview Dmitri Alperovitch of CrowdStrike on the company's 2019 Global Threat Report, which features a ranking of Western cyber adversaries based on how long it takes each of them to turn a modest foothold into code execution on a compromised network. The Russians put up truly frightening numbers – from foothold to execution in less than twenty minutes – but the real surprise is the North Koreans, who clock in at 2:20. The Chinese take the bronze at just over 4 hours. Dmitri also gives props to a newcomer – South Korea – whose skills are substantial.
In the News Roundup, I cheer the police for using "reverse location search warrants" to compel Google to hand over data on anyone near a crime scene. Nick Weaver agrees and puts the focus on Google and others who collect the data rather than police who use it to solve crimes.
A committee of the UK House of Commons has issued a blistering final report on disinformation and fake news. I offer this TL;DR: that all right-thinking Brits must condemn Facebook because Leave won, just as all right-thinking Americans must condemn Facebook because Trump won. Maury Shenk takes a more nuanced view.
Nick and Dmitri explain just how scary the growth of DNSpionage has become. The only thing as scary seems to be the continuing effort to put voting systems on the Internet. Nick reacts to this in the typical way of his people.
The mysterious Facebook Title III case won't be unsealed, so we really still don't know what the Justice Department was trying to get Facebook to do.
The New York Times claims that India is proposing Internet censorship à la Chinois. I think that's just the New York Times's bias showing and that India is mainly imitating Europe. Maury rides to the New York Times's rescue.
In breaking news, The Cyberlaw Podcast has developed AI podcasting so good we don't dare tell you about it.
This Week in Chutzpah: Alleged hacker Lauri Love has lost his bid to recover the data he stole. I want to know why we didn't give it back to him with a couple of keyloggers installed. The temptation to decrypt it – and give prosecutors new evidence – would be irresistible.
In closing, Nick and I dwell on YouTube's pedophile comment problem and whether recommendation engines are more to blame than human nature.
In other news:
- Our colleagues Nate Jones and David Kris have launched the Culper Partners Rule of Law Series. Be sure to listen as episodes are released through Lawfare.
- Do you have policy ideas for how to improve cybercrime enforcement? Our friends at Third Way and the Journal of National Security Law & Policy are accepting proposals for their upcoming Cyber Enforcement Symposium. You can find the call for papers here.