Risky Business #409 -- Talking SWIFT hacks, news, with Adam Boileau

It's the Metlstorm hour of power...
28 Apr 2016 » Risky Business

On this week's show Adam Boileau and Patrick Gray talk about the week's information security news before diving into a detailed look at multiple recent attacks against banks' SWIFT infrastructure.

It's the Metlstorm hour of power!

Oh, and do add Patrick and Adam on Twitter if that's your thing.

Show notes

James Clapper: Snowden sped up sophistication of crypto, "it's not a good thing" | Ars Technica
http://arstechnica.com/tech-policy/2016/04/top-intelligence-official-sno...

Viber Heats Up Crypto-Debate: Adds Encryption to 711 Million Users | Threatpost | The first stop for security news
https://threatpost.com/viber-heats-up-cypto-debate-adds-encryption-to-71...

UK intel agencies spy indiscriminately on millions of innocent folks | Ars Technica
http://arstechnica.com/tech-policy/2016/04/uk-secret-police-surveillance...

FBI paid at least $1.3M for zero-day to get into San Bernardino iPhone | Ars Technica
http://arstechnica.com/tech-policy/2016/04/fbi-paid-at-least-1-3m-for-ze...

The Other Reason the FBI Doesn't Want to Reveal Its Hacking Techniques | Motherboard
http://motherboard.vice.com/read/fbi-hacking-techniques

In a first, US military plans to drop "cyberbombs" on ISIS, NYT says | Ars Technica
http://arstechnica.com/security/2016/04/us-military-plans-to-drop-cyberb...

Hacking group "PLATINUM" used Windows' own patching system against it | Ars Technica
http://arstechnica.com/security/2016/04/hacking-group-platinum-used-wind...

The Uber scammers who take users for a (very expensive) ride | Money | The Guardian
http://www.theguardian.com/money/2016/apr/22/uber-scam-hacking-account-p...

German nuclear plant's fuel rod system swarming with old malware | Ars Technica
http://arstechnica.com/security/2016/04/german-nuclear-plants-fuel-rod-s...

Active drive-by exploits critical Android bugs, care of Hacking Team | Ars Technica
http://arstechnica.com/security/2016/04/active-drive-by-attacks-exploit-...

SpyEye Makers Get 24 Years in Prison - Krebs on Security
http://krebsonsecurity.com/2016/04/spyeye-makers-get-24-years-in-prison/

PoS Attack Net Crooks 20 Million Bank Cards, Up to $400 Million | Threatpost | The first stop for security news
https://threatpost.com/pos-attacks-net-crooks-20-million-stolen-bank-car...

New Decryptor Unlocks CryptXXX Ransomware | Threatpost | The first stop for security news
https://threatpost.com/new-decryptor-unlocks-cryptxxx-ransomware/117668/

Latest TeslaCrypt Targets New File Extensions, Invests Heavily in Evasion | Threatpost | The first stop for security news
https://threatpost.com/latest-teslacrypt-targets-new-file-extensions-inv...

Empty DDoS Threats: Meet the Armada Collective
https://blog.cloudflare.com/empty-ddos-threats-meet-the-armada-collective/

Core Windows Utility Can Be Used to Bypass AppLocker | Threatpost | The first stop for security news
https://threatpost.com/core-windows-utility-can-be-used-to-bypass-apploc...

One Million Access Facebook Over Tor | Threatpost | The first stop for security news
https://threatpost.com/one-million-access-facebook-over-tor/117653/

DRAM bitflipping exploits that hijack computers just got easier | Ars Technica
http://arstechnica.com/security/2016/04/dram-bitflipping-exploits-that-h...

How I Hacked Facebook, and Found Someone's Backdoor Script | DEVCORE \u6234\u592b\u5bc7\u723e
http://devco.re/blog/2016/04/21/how-I-hacked-facebook-and-found-someones...

The Ingenious Way Iranians Are Using Satellite TV to Beam in Banned Internet | WIRED
http://www.wired.com/2016/04/ingenious-way-iranians-using-satellite-tv-b...

Hector Martin on Twitter: "How to panic a current @grsecurity kernel as any user: $ script /dev/null
https://www.reddit.com/r/programming/comments/4gn0dr/hector_martin_on_tw...

Trent Smith on Twitter: "@riskybusiness I'm hoping @NSAGov just missed April Fools day by a couple of weeks https://t.co/CXe8dd0Isc"
https://twitter.com/TrentatESD/status/724598800921194496

Here are a bunch of links related to SWIFT:

$10 router blamed in Bangladesh bank hack - BBC News
http://www.bbc.com/news/technology-36110421

BAE Systems Threat Research Blog: Two bytes to $951m
http://baesystemsai.blogspot.com.br/2016/04/two-bytes-to-951m.html

CyberCrime & Doing Time: Is the Bank of Bangladesh ready for the Global Economy?
http://garwarner.blogspot.com.br/2016/04/is-bank-of-bangladesh-ready-for...

Exclusive: SWIFT warns customers of multiple cyber fraud cases | Reuters
http://in.reuters.com/article/us-cyber-banking-swift-exclusive-idINKCN0X...

Lessons Learned from Biggest Bank Heist in History -- CIO Update
http://www.cioupdate.com/trends/article.php/3600126/Lessons-Learned-from...

Bangladesh Bank hackers compromised SWIFT software, warning issued | Reuters
http://www.reuters.com/article/us-usa-nyfed-bangladesh-malware-exclusiv-...

'Crypto Wars' timeline: A history of the new encryption debate
http://www.dailydot.com/politics/encryption-crypto-wars-backdoors-timeli...

Brazilian Cybercrime Bills Threaten Open Internet for 200 Million People
https://theintercept.com/2016/04/26/brazilian-cybercrime-bills-threaten-...