Podcasts
Special Editions
Ep 99
Special Editions 6.19.26
Ep 99 | 6.19.26

CyberWire Daily at 10: A decade of leaks, espionage, and influence operations.

Show Notes
Transcript

Maria Varmazis: Hello, Maria Varmazis here. Thank you for joining me today. 2026 is a big year for us here at N2K Networks. We are celebrating the 10-year anniversary of the "CyberWire Daily." Yeah, time flies when you're having fun. In today's N2K "CyberWire Special Edition," we're reflecting on a decade covering leaks, espionage, and influence operations. So much intrigue. And for this retrospective, I'm chatting with none other than Dave Bittner, host of the "CyberWire Daily." We are jumping back into our discussions about 10 years of the "CyberWire Daily," so who better to walk me through it than the host of the "CyberWire Daily," the one and only Dave Bittner. Hi, Dave.

Dave Bittner: Hello, I've been here the whole time [laughter].

Maria Varmazis: You haven't left. We're doing this again? You've been sitting there in that chair for 10 years.

Dave Bittner: Pretty much, yeah.

Maria Varmazis: Literally.

Dave Bittner: No, sometimes they let me out on good behavior, but rarely, rarely.

Maria Varmazis: Well, thank you for shambling over to the microphone now.

Dave Bittner: Yeah, that's right. Hopefully you don't hear the chains clinking too loudly, like an attic ghost.

Maria Varmazis: Oh, is that what that was? Okay.

Dave Bittner: Well, the editors edit most of it out, but every now and then some sneaks through.

Maria Varmazis: Well, for someone who's been trapped in a tiny room for 10 years, you sound very chipper. So I appreciate that, Dave. I appreciate you talking to me today about yet another panorama of what you've noticed over the last 10 years in the stories that have been covered in the "CyberWire Daily." And our focus for today is something that, honestly, I hadn't really put two and two together until I started doing some prep for this. I don't know what happened 10 years ago, but around 2016, some stuff started to happen in the cybersecurity world that I don't know what 2016 would have to do with it. It's a mystery. But there seemed to --

Dave Bittner: What was going on in the world in 2016?

Maria Varmazis: Yeah, it's weird, right?

Dave Bittner: Right.

Maria Varmazis: After years of people in InfoSec kind of chuckling about the threat of hacktivists being an overblown sort of '90s era threats, suddenly, sometime in 2016, we started seeing nation states and other large organizations, shall we say, using cybersecurity, cyber attacks, for influence operations and not just hacking stuff, but then hacking with the point of leaking that information to influence someone or something and I'll dot, dot, dot. But again, I don't know what that year could have had to do with anything, but 2016, we started seeing a whole bunch of it.

Dave Bittner: That's true.

Maria Varmazis: Yeah. What do you remember from all that, Dave?

Dave Bittner: Well, I mean, obviously, 2016 was a big election year and a contentious election year.

Maria Varmazis: What [laughter]?

Dave Bittner: I guess there's -- I guess after 2016, there's been no other kind. But I think it's fair to say that objectively that it was a contentious election year. But what we're getting to here is that we had the DNC email leaks (the Democratic National Committee). Pretty much accepted these days that Russian intelligence operators got into the Democratic Party's networks and they stole a bunch of emails and then released them during the presidential campaign. And I guess, you know, to say what was the point of departure here, what was different, is that nation states have been doing espionage forever, as long as there have been nation states.

Maria Varmazis: Yeah.

Dave Bittner: But doing this sort of thing of not just stealing the information so that you know what's going on, so that you know what the other side is up to, this was when we started or they started, it was started that the information was being leaked as a weapon. They were weaponizing this information, in this case a political weapon. So going from just simple intelligence collection and now, as you mentioned, using it for influence operations.

Maria Varmazis: Yeah, I remember some dialogue in 2016 about how ethical it would be for news organizations to report on the information that was leaked. And there was a lot of wringing of hands about, do we use this information that these -- what do we want to call them, hacktivists? That's not correct. But this information is being leaked and then it became a bit of a feeding frenzy of well, if we don't use it, someone else will use it. And now it just seems a little bit de rigueur that, you know, major news outlets are going to, of course they're going to talk about it. If it gets leaked, it's going to get used. But that wasn't always the way it was. Am I imagining this [laughter]?

Dave Bittner: No, no. I mean, the comparative innocence seems kind of quaint by today's standards.

Maria Varmazis: It was only 10 years ago.

Dave Bittner: Only 10 years ago. Oh, how time flies. And, of course, you know, we have to realize we had COVID in the middle of all this, in the middle of the last decade. Which to me really made my relationship with time itself a lot looser. And I hear lots of people say that, that time doesn't really have the same meaning that it did before COVID. I'm not sure what that means, but it seems to be commonly experienced enough that there's a lot of general agreement that that's a thing. So only 10 years.

Maria Varmazis: Yeah, truly. Yeah, it was a quainter time back then. But yeah, the DNC email leak, there was a lot of fallout from that one where the stories were sort of getting percolated through the news. But also, I think it was opening of a door of going, hey, they can do that. One can do this? Okay. And then we just saw a bunch of other campaigns sort of doing something similarly. Do you remember anything that might have come after the DNC leak in subsequent years?

Dave Bittner: Well, I mean, we had the Panama Papers.

Maria Varmazis: Yeah.

Dave Bittner: That was also right around 2016. And that was, you know, journalists got millions of documents that were talking about offshore financial arrangements, you know, the old -- in the old days used to say Swiss bank accounts. They were in islands and nations that were sympathetic to helping folks hide wealth and escape taxation and all that sort of thing. And so the release of those papers had ripples throughout the global economy. People were investigated. Some people had to resign their positions. And, you know, there were all kinds of policy debates about that. And I think one of the things that set that apart or got it so much notice at the time was just the scale of it. It was huge, millions of documents. And so journalists had their work cut out for them.

Maria Varmazis: Yeah, I think people are still pouring through them.

Dave Bittner: Right, the days before ChatGPT, right, where you could just say, analyze this, you know.

Maria Varmazis: Yeah.

Dave Bittner: It was much more of a manual process. So now we have journalists, but also activists, people who are pro-transparency, looking at this big document dump and saying -- looking at it as an opportunity to advance their cause or shine a light on things that had previously been going on in the shadows.

Maria Varmazis: Yeah, and I imagine flipping it around a little bit, organizations that were looking at these massive leaks happening that were affecting, you know, like the DNC or whatnot, maybe companies were thinking, I can't imagine how this would necessarily be relevant. Of course, I'm being very naive here. You know, but the idea of a business being hit with such an attack where their IP being leaked is obviously a business level disaster, but, you know, internal emails or policy decisions being made, that also could really affect how a company would work. I'm not sure if that was as heightened of fear pre-2016 as it then became after all this. I'm thinking of SolarWinds.

Dave Bittner: Right, but, you know, it was a great point. I mean, so now companies are thinking about the reputational damage of a potential leak. They're looking at something like this and they're saying -- the board of directors are pulling their CISO into a meeting and saying, could this happen to us, right? Could all of our information, could the confidential conversations that we have among ourselves as a board of directors, could they be accessed and leaked? Because if it can happen in the Panama Papers, if it can happen to the DNC, it could happen to anybody. And in some ways, I wonder if that kind of primed the pump for ransomware with the fear of reputational damage beyond just the actual theft of the information itself.

Maria Varmazis: Yeah, because the fear used to be, you know, if our service goes down or our website gets defaced -- and I'm going back a while -- that's egg on our face. And then, you know, customers won't trust us that we're, you know, good at our jobs. And now it's like, again, that almost feels, actually, it does honestly feel kind of quaint, like your service goes down. I mean, not great [laughter]. But how about, you know, all those board chats get leaked and then you're in the news cycle for reasons you really don't want. And that is really a mess, to put it politely.

Dave Bittner: Right, right. And then, you know, following that, we have the Shadow Brokers who were releasing these offensive cyber tools that had been linked to the NSA. You know, that was the scuttlebutt that these offensive tools originated within our own intelligence community. And one of them was EternalBlue, which later came to be used in things like WannaCry. And then what, a year after that, we had WikiLeaks publishing documents describing CIA cyber capabilities and operational techniques. So it's not just others, right? It's not just the rich and the powerful who are hiding their money. These are national security concerns when our own tools are being exposed, our own trade craft is being exposed by these hacktivists and other people who are interested in public disclosure. You know, that's a huge concern as well and also new.

Maria Varmazis: I remember hearing about the Pegasus Project, and that on its own was a commercialization of weaponization of that.

Dave Bittner: Yeah. I mean, so you had these capabilities, which I think previously had been limited to in-house intelligence agencies. And now with Pegasus, you have these sort of surveillance tools available on the open market. And certainly, I mean, Pegasus claimed that they were being very selective with who they sold these things to, but there's evidence to the contrary.

Maria Varmazis: Yeah, yeah, yeah.

Dave Bittner: It's been found being used by many folks that either Pegasus turned a blind eye to or did not know, or it got, who knows, it got passed around, right? But that was new as well, that now there's commercialization, there's a market for these tools, both for other intelligence organizations, but, you know, all the way from industrial espionage to, well, just commercial regular spyware became a thing, right? I want to know if my, you know, wife is running out on me or not. And so I'm going to put something on her phone, or her on mine. Just that it trickled down to just being something in the public awareness that you could just buy.

Maria Varmazis: It strikes me when we're talking about all of these things, from Pegasus to just the influence operations and all the different leaks, the huge, huge change in norms around all this. I don't think we can overstate that.

Dave Bittner: I don't want to hang too bright a lantern on it, but let's go back to 2016, right? I think it's fair to say again, objectively, that with 2016 came a very different expectation politically when it comes to norms, right? And we're in that, we're still in that today. So people threw the gloves off. There's things that would not have been imaginable. You know, what's the old saying back from way back when, the quaint thing? Was it Churchill who said, "gentlemen don't read each other's mail?" Probably have that wrong, but there was, you know, someone of historical significance said that.

Maria Varmazis: Yeah, something that's attributed to Churchill. That's often the case.

Dave Bittner: Sure, it was either Churchill or Mark Twain, right? I don't know. But again, quaint. And certainly espionage organizations were reading each other's mail from the beginning of time. But the point is, there was a norm that is no longer there. And through these leaks, through these capabilities, and now even with things like ransomware, which we talked about in a previous episode of our conversations here, it's the reputational damage that's huge. A lot of these actors, they're not even worried about locking the stuff up anymore. They just want to do a smash and grab and threaten to leak it, and that's enough.

Maria Varmazis: Yeah, and even as you're describing it, and I'm thinking back to the public perception, or at least how I perceived the public perception of these kinds of things, going back 10 years ago with the DNC leaks and even the Panama Papers, there was a lot less cynicism. Not saying none. And certainly within the InfoSec community, there was a healthy amount of cynicism, I would say.

Dave Bittner: Right.

Maria Varmazis: But in the public --

Dave Bittner: It's an industry more cynical than most.

Maria Varmazis: I was going to say, I'd be disappointed if they weren't. Yeah, but I mean, in the general public, I would say 10 years ago, it was almost a, oh, this has been leaked, you know, this is for the public good. There's a reason this is being sent out so we all should know about it because something needs to change. And now when these smash and grab, great way of putting it, Dave, smash and grab leaks are happening, oh, people are so much more cynical, broadly. And again, it's not just InfoSec people. I think everyone's like, yeah, yeah, yeah, what's the play here? In 10 years, that's been how I guess everyone has sort of wised up to this a little bit.

Dave Bittner: Yeah, I think we're also much more primed to be more cynical when it comes to the information that's coming at us, particularly online, that we're not as trusting as we used to be by necessity. And now we've got, wait for it, AI.

Maria Varmazis: I knew you were going to say it! I knew you were going to say it [laughter]! Everybody drink.

Dave Bittner: Right, everybody drink. Right, it's the free square on our bingo card.

Maria Varmazis: Yeah, so pouring the lighter fluid on the burning gas grill, bad idea, but here we are.

Dave Bittner: Yeah, I mean, do I even need to steal this stuff anymore to upset your reputation?

Maria Varmazis: No, we can just make things up. Yeah, just make it up. No one's going to care. Just make it up. Yeah, isn't that wild?

Dave Bittner: When people can no longer trust their eyes or their ears or, you know, because it all can be fabricated convincingly, to me, that's another shift and that's another thing we're going to have to deal with. How do you establish a chain of custody of information or video or photos or audio file, interviews, any of that stuff?

Maria Varmazis: I was just thinking of George Orwell, as you said. You were probably referencing him as well. The party told you to reject the evidence of your eyes and ears. It was their final, most essential command. That's where we're at right now with the, yeah.

Dave Bittner: Right, and anything can be dismissed as fake news. You know, senator, who was that, who was that young lady we saw you with? And they can just respond and say, fake news, we're done here, right?

Maria Varmazis: Sticks and stones or something like that.

Dave Bittner: But again, it all swings back around to norms. What is expected? What do we expect from the people we elect or the people we do business with or even the people we choose to have as our friends? There's so much more skepticism and cynicism. It's just a really challenging time. I don't know about you, but I find it to be quite often exhausting to try to wade through all of this stuff, right?

Maria Varmazis: Yeah, absolutely. And in that way, many industries, but cybersecurity certainly is a mirror to what's going on more broadly. And as we're talking about norms, I think when I was a baby cybersecurity person back in the day, a lot of the things we just talked about over the last 10 years would have -- I think would have been considered red lines of some kind. And we just kind of just kept stepping over them and looking back and going, did we just do that? I guess so, okay. And then we're just doing it again. And that's wild. I thought that that was a super no-no and here we are and that's the world we're in now and [laughter].

Dave Bittner: But I think that's a really powerful point as well. Because something that I've observed over the past 10 years is nation states' reticence to draw red lines when it comes to cyber. And I believe, and it's been supported by folks I've spoken to who know much more about this than I do, that they don't want to take away their own offensive capabilities by drawing bright red lines.

Maria Varmazis: Yeah, nobody wants to be the first person to pull a punch. I mean, yeah.

Dave Bittner: They don't want to say this is off the table if behind the scenes we're using those tools for our own purposes. But the sideline or the side effect of that is ransomware operators target hospitals. When I think who in the world would disagree that they should be off limits, right?

Maria Varmazis: Yeah.

Dave Bittner: So what a world [laughter].

Maria Varmazis: I think all of our 10-year anniversary conversations have ended up with us going, man, are we in a better place now than we were 10 years ago?

Dave Bittner: Right, right. But you think about, I mean, how much of cyber conflict, what we put under the air quotes of cyber conflict, I'd say 10 years ago was much more technical in nature. And now I think it's much more societal. I think it's much more political, as nations around the world have seen how much cyber is a force multiplier. Because you don't need aircraft carriers to do cyber, right?

Maria Varmazis: Yeah.

Dave Bittner: Yeah, you don't need to make that investment.

Maria Varmazis: I mean, you can, but you don't have to.

Dave Bittner: Right, there's no doubt. Do aircraft carriers give the United States of American an advantage? Sure.

Maria Varmazis: Of course.

Dave Bittner: But it's not -- but the Gulf is not as wide as it used to be when a small nation state can threaten turning off our lights or fouling our water or backing up our sewers because they can get into our critical infrastructure. I think, I believe that changes the equation. And I think that's a lot of what we're seeing these days are the ramifications of those truths.

Maria Varmazis: Yes. And honestly, I think with that evolution, it's also just kind of making us a little silly, I suppose, I don't think anyone thinks cybersecurity is an IT problem anymore. Whereas, I mean, surely there are organizations that may think that, and I understand. But let's get real. Any place that's really worth their salt is not thinking that anymore. It's just the risks are too great, and we've seen it play out. So nobody's going, oh, Rob the IT guy, that's his issue. No.

Dave Bittner: Right, right. And even, I mean, even on a personal level, 10 years ago, we weren't seeing gift card scams the way we are today. We weren't seeing grandparents losing their life savings the way we are these days. So again, I think that points to the general awareness of these things by necessity because as cyber has become so much a part of our daily lives through things like social media, so too has cyber crime, cyber espionage, cyber influence, naturally become part of our lives as well. And that's the new world we live in. And that genie's not going back in the bottle.

Maria Varmazis: On that upbeat note, Dave [laughter].

Dave Bittner: Right? Let's go curl up in a little ball in an empty bathtub, right? And sort of sway back and forth.

Maria Varmazis: I mean, we always live in interesting times.

Dave Bittner: Yes, indeed.

Maria Varmazis: All right. Well, Dave, as always, a really illuminating chat. I promise I won't be rocking in the corner hyperventilating into a paper bag for too long.

Dave Bittner: No promises from me.

Maria Varmazis: Yeah, it might happen, but I'll do that off mic. I'll do you a favor.

Dave Bittner: Right, right.

Maria Varmazis: Would love to know if you have any parting thoughts for the audience before we close out.

Dave Bittner: No. I mean, I'm really enjoying these looks back that you and I are doing here, and I hope the audience is as well. I think what it's done has made me kind of take stock and really see how far we've come and how much things have changed. I think when you're in the middle of it every day, there's a little, I don't know, boil the frog going on where you don't notice it in small increments. But when you really look back over the course of a decade, you can see how much things have changed. It makes me wonder where we're headed. I try to stay optimistic amidst all of this. I think most people in the world are generally good and operate in good faith, but, you know, these things happen disproportionately, I think. And what was the old joke from decades ago that "to err is human, but to really screw up requires the use of a computer?" Well, be careful what you ask for. Here we are.

Maria Varmazis: Here we are. Well, Dave Bittner, host of the "CyberWire Daily," as always, thank you so much for joining me today.

Dave Bittner: My pleasure. I look forward to our next chat.

Maria Varmazis: You got it. Thank you for joining me today. See you back here next time. [ Music ]

Special Editions
Podcast Info
HOST(S):
Dave Bittner
Maria Varmazis
Dave Bittner is a security podcast host and one of the founders at CyberWire. He's a creator, producer, videographer, actor, experimenter, and entrepreneur. He's had a long career in the worlds of television, journalism and media production, and is one of the pioneers of non-linear editing and digital storytelling.
Maria Varmazis is a podcast producer and journalist specializing in space, cybersecurity, and emerging technology. She translates complex industry developments into clear, engaging conversations and thoughtful storytelling that connects technical subjects to the people and ideas shaping the future. Maria is the host of T-Minus: Space-Cyber Briefing and co-host of Hacking Humans.
Creator: N2K Networks, Inc.