Steptoe Cyberlaw Podcast: An Interview with Dmitri Alperovitch
Our guest for Episode 62 is Dmitri Alperovitch, co-founder and CTO of CrowdStrike Inc. and former Vice President of Threat Research at McAfee.
Published by The Lawfare Institute
in Cooperation With
Our guest for Episode 62 is Dmitri Alperovitch, co-founder and CTO of CrowdStrike Inc. and former Vice President of Threat Research at McAfee. Dmitri unveils a new Crowdstrike case study in which his company was able to impose high costs on an elite Chinese hacking team. The hackers steadily escalated the sophistication of their attacks on one of Crowdstrike’s customers until they finally unlimbered a zero-day. When even that failed, and the producer was alerted to the vulnerability, the attackers found themselves still locked out and now down one zero-day. We mull the possibility that there’s a glimmer of hope for defenders.
Dmitri and I also unpack the Great Cannon -- China’s answer to 4Chan’s Low-Orbit Ion Cannon. Citizen Lab’s report strongly suggests that the Chinese government used its censorship system to deliberately infect about 2% of the Baidu queries coming from outside China. The government injected a script into the outsiders’ machines. The script then DDOSed Github, a U.S. entity that had been making the New York Times available to Chinese readers along with numerous open source projects. The attack is novel, shows a creative and dangerous use of China’s Great Firewall, and provoked not the slightest response from the U.S. government. I ask why any company in the United States that uses the Baidu search engine or serves China-based ads should not be required to notify users that their machines may be infected with hostile code before allowing them to receive ads or conduct searches. Finally, finding something good to say about the FTC’s jurisdiction, I ask why it isn’t deceptive and unfair to automatically expose U.S. consumers to such a risk.
In other news: The courts are raking the Mississippi Attorney General over the coals for an ill-considered attack on Google. The DEA’s bulk collection program is still undercovered. The FCC is racing the FTC to investigate big telecom and internet companies for privacy violations. The Baker Plan for punishing North Korea in response to its attack on Sony has been implemented. And I break out my suits and ties from the early 1990s to celebrate the return of split-key escrowed encryption and arguments over the meaning of CALEA.
As always, send your questions and suggestions for interview candidates to CyberlawPodcast@steptoe.com or leave a message at +1 202 862 5785.
Download the sixty-second episode (mp3).
Subscribe to the Cyberlaw Podcast here. We are also now on iTunes and Pocket Casts!
Stewart A. Baker is a partner in the Washington office of Steptoe & Johnson LLP. He returned to the firm following 3½ years at the Department of Homeland Security as its first Assistant Secretary for Policy. He earlier served as general counsel of the National Security Agency.