Also in this playlist...
This transcript is automatically generated
-- drive by hacking the new site Drudge linking to a malware infected web story from.
-- the call the Washington freed -- Now that's story which is about the NSA leak scandal compromising -- knowing readers with the form of malware undetectable by anti virus software and we're joined from Washington by Steve ward.
Who's a vice president at CST cyber security firm that well how did this infection that can that found it got to the bottom of its ST thank you for coming on.
First of all why does this look like the Chinese.
Actually in this particular case were not convinced that it is -- it it looks more to be.
Driven by organized cybercrime.
And most likely.
Culprit would be a Russian business network as we refer to them more -- cyber criminals are outside of you know former Soviet caucuses.
But the tactic itself.
Has been employed in nation state type type attacks in this instance we call them watering hole taxes there's a drive by download -- These -- look a bit more targeted.
In the case of this particular attack hitting the Drudge site.
Or using a link off -- Drudge appears to being detonated at two million or more.
Did -- visitors a Drudge gets on a daily basis.
That's the thing and -- regardless whether it's seven to say organized cyber crime or somebody up.
Hitting judge or any of these as -- called news aggregation sued the aggregators -- news that many of issues to get our news we don't know so we go directly to the source.
We go whether -- to organize the Daily Beast on and on that these places that linked to other stories.
Is that something out safe and mean and that so many people get their news that way.
Well I mean I think what this shows is that the Internet is safe and that's unfortunate situations one that we have to to really tackle.
And one that I think -- with the work that you guys are doing in terms of exposing the cyber threat mainstream America and the boardroom is really starting to wake up to put.
Would it boils down to is this any time any of -- go -- to the Internet.
We're woefully unprotected.
We rely on these technologies like -- -- -- To protect us against these -- drive by threats against these non malicious software the attacks that that -- and unknowingly.
But those technologies are antiquated.
Built around attacks that we saw 1015 years ago.
Right and what we need to do is find ways to sort of put ourselves in Kevlar.
You know sort of encapsulated -- virus -- bubbles.
That until we run around on the Internet we're doing so in a you know sort of malware airlock now we've got to find new ways to solve this -- -- more we look.
Our email we've become trained to look for certain things and some -- ridiculously obvious like -- -- The crown prince in Nigeria and and he doesn't have the money for you we know that some are -- better now obviously these criminals have gotten better -- -- but still in your email it.
It seems like it's easier to detect knock on what.
-- in this situation though it's.
You have been very easy to open up -- -- again the Daily -- one of these sites in the morning and you're reading through the news and see something that's interesting -- -- you click on the without thinking.
It's something we should look for those types of stories are different -- -- what do we look for -- we know or do we know.
Yeah he did there really is no way to know mom and and that's the whole point of an attack vector the adversary is playing into human trust right.
Drudge -- a very trusted source of news.
That the Washington free -- a legitimate news source.
Injecting malicious code into -- legitimate web site.
And and lurking and waiting and hiding.
For people to come by is basically -- the new MO of the adversary.
And so really again it's about.
Us coming to grips with the fact that we -- -- what our way into this mess and we've got innovate our way out we've got to find.
That protect us any time or were out there browsing around on the Internet or to your point from the -- side of things -- opening up document attachments that that may also be malicious or or weaponized.
Ironic I guess in some ways that the system and do the NSA story obviously different but that is the government for all the talk we've had this week about what the government should or should not be doing in terms of snooping and -- all that kind of thing where are we.
On this kind of I guess -- snooping helping us out says the government is being on top of this are they or should -- be or where are we.
Not report well would you give.
Right I wish I could answer that in the affirmative I wish I could say that you know for all the talk this week about you know the capabilities from an offensive perspective for from -- collection -- perspective that defensively.
We're in really great shape.
But you know one need only look at the news over the course the last two and a half three years.
And and you know if you look at -- in totality what you'll see is is it is an absolute nightmare we are witnessing.
This destination we are witnessing the systematic dismantling of America's competitive future through cyber theft.
And you know no one.
You know that I have seen has really done much more than give this lip service we we've got to wake up and as a nation and understand that -- -- are are facing an existential threat.
And it's not an in the form.
You know dirty bombs and you know -- -- in the form of you know users clicking on links that they shouldn't click on or opening attachments at that.
That have been weaponized and -- that are tricked into.
Giving access to the corporate network for -- -- billions of dollars source of the worth of intellectual property -- Important information -- exactly encouraging -- by any means that maybe.
This field sports analogy is you know defense wins championships and we've got to Peter -- defense -- -- -- that absolutely appreciate it yet thank you thank you very much thousand.
Filter by section