Microsoft’s Recall controversy, and the North Korean insider threat
2Digest
This episode of Smashing Security explores the controversial new "Recall" feature from Microsoft, which records everything a user does on their computer. The feature has raised privacy concerns, as it could be used by abusive partners or governments to access sensitive information. The episode also features a discussion about a recent Department of Justice indictment against a woman accused of helping North Korean spies infiltrate US companies. The spies allegedly used fake identities to obtain jobs at major companies, then used remote access to steal data and money. Finally, the episode covers the top ten companies most impersonated in scams, with Best Buy Geek Squad, Amazon, and PayPal topping the list. The FTC recommends that people independently verify any communication that appears to come from a company, rather than relying on the information provided in the initial contact.
Outlines
Introduction
This Chapter introduces the episode of Smashing Security, hosted by Graham Cluley and Carol Terrio, and welcomes special guest Jeff White, author and journalist.
Jeff White's New Book
This Chapter discusses Jeff White's new book, "Rinse," which explores the world of money laundering and how technology is changing the industry. White discusses his interest in the topic, which stemmed from his previous work on "The Lazarus Heist," and highlights the importance of collaboration between cybercrime and financial crime experts.
The Recall Feature
This Chapter delves into the controversial "Recall" feature being built into Microsoft's new AI-augmented PCs. The feature records everything a user does on their computer, including screenshots, typed text, and web pages visited. The hosts discuss the potential privacy implications of this feature, particularly for users in countries with totalitarian governments or overreaching intelligence agencies.
North Korean Insider Threat
This Chapter explores a recent Department of Justice indictment against a woman accused of helping North Korean spies infiltrate US companies. The spies allegedly used fake identities to obtain jobs at major companies, then used remote access to steal data and money. The hosts discuss the implications of this case for cybersecurity and the importance of being aware of potential insider threats.
Top Impersonated Companies
This Chapter examines a report from the Federal Trade Commission (FTC) on impersonation scams. The hosts discuss the rise of impersonation scams, particularly those targeting businesses and government agencies. They also explore the top ten companies most impersonated in scams, with Best Buy Geek Squad, Amazon, and PayPal topping the list.
Pick of the Week
This Chapter features the "Pick of the Week" segment, where the hosts share their recommendations for books, movies, podcasts, and other media. Graham Cluley shares his experience with AI music generation, while Jeff White recommends a book called "Nuclear War" by Annie Jacobson. Carol Terrio recommends a television series called "The Patient" starring Steve Carell.
Keywords
Microsoft Recall
A new feature being built into Microsoft's new AI-augmented PCs that records everything a user does on their computer, including screenshots, typed text, and web pages visited. The feature has raised privacy concerns, as it could be used by abusive partners or governments to access sensitive information.
North Korea
A country known for its authoritarian government and its suspected involvement in cyberattacks and hacking. In this episode, the hosts discuss a recent Department of Justice indictment against a woman accused of helping North Korean spies infiltrate US companies.
Impersonation Scams
A type of scam where scammers pretend to represent a well-known or trusted business or government agency. The hosts discuss the rise of impersonation scams, particularly those targeting businesses and government agencies. They also explore the top ten companies most impersonated in scams, with Best Buy Geek Squad, Amazon, and PayPal topping the list.
AI Music
Music generated using artificial intelligence. Graham Cluley shares his experience with AI music generation, using a service called "Udo" to create a song about Jeff White and his new book.
Nuclear War
A book by Annie Jacobson that provides a hypothetical minute-by-minute play of what happens if North Korea launches a nuclear weapon. Jeff White recommends the book, highlighting its meticulous research and its terrifying implications for the world.
The Patient
A 10-part American psychological thriller created by Joel Fields and Joe Weisberg. Carol Terrio recommends the series, which stars Steve Carell as a therapist held prisoner by a patient with unusual therapeutic demands.
Insider Threat
A threat to an organization's security that comes from within the organization itself. The hosts discuss the case of North Korean spies allegedly infiltrating US companies by obtaining jobs and using remote access to steal data and money.
Financial Crime
Crime involving financial institutions or systems. Jeff White's new book, "Rinse," explores the world of money laundering and how technology is changing the industry. The hosts also discuss the financial crime aspects of the North Korean spy case.
Cybersecurity
The practice of protecting computer systems and networks from unauthorized access, use, disclosure, disruption, modification, or destruction. The hosts discuss the importance of cybersecurity in protecting against both external and internal threats.
Privacy
The right of individuals to control their personal information. The hosts discuss the privacy implications of Microsoft's new "Recall" feature, which records everything a user does on their computer.
Q&A
What is Microsoft's new "Recall" feature and what are the privacy concerns surrounding it?
Microsoft's "Recall" feature records everything a user does on their computer, including screenshots, typed text, and web pages visited. This has raised privacy concerns, as it could be used by abusive partners or governments to access sensitive information.
What is the recent Department of Justice indictment against a woman accused of helping North Korean spies infiltrate US companies?
The woman is accused of helping North Korean spies obtain jobs at major US companies using fake identities. The spies then used remote access to steal data and money from these companies.
What are the top ten companies most impersonated in scams?
The top ten companies most impersonated in scams, according to the FTC, are Best Buy Geek Squad, Amazon, PayPal, Microsoft, Publishers Clearing House, Wells Fargo, Apple, Comcast, Bank of America, and Norton and LifeLock.
What advice does the FTC give to people who receive communication that appears to come from a company?
The FTC recommends that people independently verify any communication that appears to come from a company, rather than relying on the information provided in the initial contact. This can be done by going to the company's own website or calling their official phone number.
What is AI music generation and how does it work?
AI music generation uses artificial intelligence to create music. Graham Cluley shares his experience with a service called "Udo" that allows users to create songs by providing a short text prompt. The AI is trained on a vast collection of musical styles and can generate music in various genres.
What is the book "Nuclear War" by Annie Jacobson about?
The book provides a hypothetical minute-by-minute play of what happens if North Korea launches a nuclear weapon. It explores the complex chain of events that would unfold, including the activation of various defense systems and the potential consequences for the world.
What is the television series "The Patient" about?
The series follows a therapist, played by Steve Carell, who is held prisoner by a patient with unusual therapeutic demands. The therapist is tasked with unwinding the patient's disturbed mind while also grappling with his own life and decisions.
What is an insider threat and how can organizations protect themselves from them?
An insider threat is a threat to an organization's security that comes from within the organization itself. This can include employees, contractors, or other individuals with access to sensitive information. Organizations can protect themselves from insider threats by implementing strong security policies, conducting regular security audits, and providing employees with security awareness training.
What are some of the financial crime aspects of the North Korean spy case?
The spies are accused of using fake identities to obtain jobs at US companies and then using remote access to steal data and money. This involves financial crimes such as identity theft, fraud, and money laundering.
Why is cybersecurity important in protecting against both external and internal threats?
Cybersecurity is important in protecting against both external and internal threats because it helps to ensure the confidentiality, integrity, and availability of an organization's data and systems. External threats can come from hackers, malware, and other malicious actors, while internal threats can come from employees, contractors, or other individuals with access to sensitive information.
Show Notes
Microsoft gets itself into a pickle with a privacy-popping new feature on its CoPilot+ PCs, the FTC warns of impersonated companies, and is your company hiring North Korean IT workers?
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by author, journalist, and podcaster Geoff White.
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- Microsoft's new Windows 11 Recall is a privacy nightmare - Bleeping Computer.
- Statement in response to Microsoft Recall feature - ICO.
- Arizona woman charged in North Korean IT worker scheme that raised millions - CNN.
- Charges and Seizures Brought in Fraud Scheme Aimed at Denying Revenue for Workers Associated with North Korea - US Department of Justice.
- New FTC Data Shed Light on Companies Most Frequently Impersonated by Scammers - FTC website.
- Who’s who in scams: a spring roundup - FTC.
- Udio.
- Geoff's Labyrinth ext v2 - Graham’s AI song about Geoff White’s book “Rinsed”.
- “Nuclear War” by Annie Jacobsen - Amazon.
- The Patient - Disney+.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get 10% off!
- Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!
- Kiteworks – Step into the future of secure managed file transfer with Kiteworks.
SUPPORT THE SHOW:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
FOLLOW US:
Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.
THANKS:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
This podcast uses the following third-party services for analysis:
OP3 - https://op3.dev/privacy
Table of contents
United States
I've always wanted to change to linux. I need to thanks microsoft for the push ;p