© 2024
Prairie Public NewsRoom
Play Live Radio
Next Up:
0:00
0:00
0:00 0:00
Available On Air Stations

Cyber Intelligence for Non-Techies ~ The Blenders Holiday Tour ~ Natural North Dakota

Ways To Subscribe

Former NPR Counterterrorism Correspondent Dina Temple Raston hosts a cyber news podcast, Click Here. There’s a special 5-part series airing Tuesday’s at 7pm Mountain on Prairie Public. The series and podcast aims to demystify the world of cybersecurity by presenting it in a human context that helps people understand and relate to those involved. The series, developed in collaboration with Recorded Future News, aims to educate consumers about the importance of cybersecurity. Finally, she expresses optimism about journalists keeping up with technological advances, with tools like AI enhancing efficiency and contributing to better journalism.

Interview Highlight: Full Transcript below

Why individuals need to be more knowledgeable about hacking than ever before:

In the past, cyber security intelligence seemed like something that was nice to know as opposed to need to know, right? Because mostly hackers were focused on governments or they were focused on big fortune 500 companies and they really didn't have a huge impact on us personally.

What's changed in the last couple of years is that these hackers are now hacking us. They're hacking your hospitals. They're hacking your city hall.

They're hacking your insurance company. They may be hacking your small business so they lock everything up with ransomware and you can't do your job until either someone unlocks that information–some sort of cyber security professional–or you pay a ransom.

…The fact that tractors now are all connected and Bluetoothed up, and you can actually run your tractor, you sit on top of it, but you can actually run your tractor from your iPhone, which is kind of an amazing thing when you think about it. And, you know, we sort of lull you into thinking, wow, that's pretty cool.

And then you suddenly think, if it's on your iPhone, it means it's on the internet. So if it's on the internet, that means somebody can hack it.

…In another show, we talked to this lovely woman who was sort of embroiled in a romance scam … and she says, look, you know, I had changed my status on Facebook from married to widowed. And within days, I was getting emails from people who were saying that they'd seen pictures of me and they were in love with me.

And there was one in particular who pretended to be a four star general or something like that and had fallen for her. And she was so outraged by this. And first of all, she found it really condescending that someone would think that she'd want to marry somebody off the internet, that she started a whole group to try and help people fight romance scams.

And in this particular episode, we actually dig down and find someone who was sort of behind one of these and what his motivation was.

{Full Transcript}

Dina Temple Raston, thank you for joining us and welcome to Main Street.

Thanks for having me.

The people that you hear from throughout this special series, particularly the episode Meet the Hackers, are a notoriously elusive group of people. Sometimes it's because they are committing crimes. Sometimes it's because they need to remain secret so that they can pursue the people committing the crimes.

How did you even start to track down these people who operate out of necessity in secrecy?

Dina Temple-Raston

Well, it's interesting because my background in public radio—I was the counterterrorism correspondent for the NPR network for more than a decade—I'm pretty good at finding people who typically don't want to be talked to, so I talked to a lot of terrorists when I was actually doing that sort of reporting. What we have on top of that is we have an amazing producer named Sean Powers who's not just helping with these special radio shows that you will be airing, but with our podcast as well.

We have a weekly podcast also called Click Here. I think part of it is that he's very good at getting people to talk to us. In addition to that, I think it's because Click Here, both the shows and the podcasts think about these kind of cyber stories differently.

We sort of create a kind of noirish, gumshoe reporting and storytelling that I think these people actually like to be part of because we're not sort of casting judgment or saying to them, you know, you're a crook, although we do occasionally say to them, do you not feel guilty or remorse for what you're doing? I think what we generally do is we're trying to introduce these people who have been in the shadows to people who've never heard them talk before, to kind of give them human shape and form because the way you start fighting these things and the way you understand how to fight these things is by giving it a form that we understand instead of sort of a dark hoodie over a keyboard.

Ashley Thornberg

Yeah, elaborate on that a little bit more if you could, a phrase like not casting judgment. As I was listening to the special series, I was really struck by how much it felt like with just a little bit more knowledge, I could become a cyber criminal. Many of these people ended up in this field based on decisions that you could kind of logically follow along with and yet it's really easy to say, oh, I would never do that.

Dina Temple-Raston

You've got something very sort of nuanced about what we're trying to do because we're trying to help people understand this whole world of cyber security and intelligence. In the past, cyber security intelligence seemed like something that was nice to know as opposed to need to know, right? Because mostly hackers were focused on governments or they were focused on big fortune 500 companies and they really didn't have a huge impact on us personally.

What's changed in the last couple of years is that these hackers are now hacking us. They're hacking your hospitals. They're hacking your city hall.

They're hacking your insurance company. They may be hacking your small business so they lock everything up with ransomware and you can't do your job until either someone unlocks that information–some sort of cyber security professional–or you pay a ransom. What we were trying to do is try to take some of the mystery out of this world because you need to understand it now to try and introduce you to some of these people.

We do much more than that in the series, but Meet the Hackers actually happens to be one of our favorites because it's the first time you really hear these people talking like people. In the same way that when I was a terrorism correspondent at NPR, one of the things that was both controversial and interesting about the way I decided to cover terrorism was that I talked to these terrorists without judgment. I said, well, why did you do this?

Why did you decide to go and join ISIS? What led to that? By understanding those building blocks, it's much easier to try to combat a problem that you understand how it grew up and became a problem than just thinking of it as a mystery.

They're totally different from me. They're not. They're a lot like us.

They just made some really bad choices.

Ashley Thornberg

Who is your intended audience?

Dina Temple-Raston

… They used to say this about my terrorism coverage. Who is really our intended audience, right? I mean, everybody wanted to know if a terrorist attack was coming, but it would be typically somewhere else, right?

It wouldn't be right here in the homeland. I think our intended audience is two different kinds of people. It's people who understand that cybersecurity is now something that they need to know about.

They're curious about it. They think that they don't have the technical knowledge they need to understand it. It turns out that you don't need that much technical knowledge.

You just need to sort of understand some building blocks, and then we take you the rest of the way. We take you by the hand and explain it to you. Our audience is people who are interested in this, people who are curious about how this is developing as a crime that is touching their lives.

I think we also think our audience is people who are actually in the technical fields, like a chief information security officer of a company or somebody who's in a tech sort of unit, an IT unit of a company. One of the big disconnects in this field is that there's a technical language, and it is completely inaccessible to regular people. We think part of what we're doing is we're helping give these IT professionals the vocabulary they need to go and talk to somebody who isn't a techie and explain what's going on.

Let me give you a specific example. There's something called a botnet. People talk about that all the time, you know, that there was a botnet that did a denial of service attack against a network.

Well, a botnet, all it really is, as technical as it sounds, is an army of zombie computers that someone controls, you don't even know they're controlling your computer, to use against someone else's network. When we talk about these various technical things …, we make it easy. …

We explain to you how a disclosure vulnerability database works and how somebody who finds, say for example, malware in a network, how they go about sort of teasing it out of the network and figuring out who's behind it. Some people have called us sort of a gumshoe reporting operation, right? Everything's kind of a mystery story.

We have main characters, you follow them, and you go on a journey with them. In the same way … we say we're sort of like This American Life meets cyber. We're telling you a story that's really enjoyable, but what you don't realize is that we're also at the same time teaching you a lot about cyber security and intelligence.

Ashley Thornberg

It is a surprisingly human-centered approach to talking about technology, and that does make it a little bit open to human flaws in thinking. And with problems like this that are either so huge in scope that a person thinks they can do absolutely nothing to help, or have this inaccessible tech language that that thinks that they are not qualified to help, you as a journalist and as a storyteller have to walk this line between the right amount of awareness to give the audience tools without going too far into fear so that people just shut down and say, I can't handle this. …Walk us through a little bit how you decide on what stays in, specific to balancing awareness with fear.

Dina Temple-Raston

So I think the old adage is if you're a journalist who's doing explanatory journalism … what you want to do is you want to be able to tell a good story that someone who understands everything will just enjoy listening to, while at the same time making it accessible to your best friend's mom. So there are a lot of very technical details that we don't get into because we don't think our best friend's mom would really necessarily find that interesting. We only need to give you enough information for you to understand how it comes together, how these things work.

And we do that from, for example, in the first show that we do, which is called From URL to IRL, we talk about how technologies have been taking on a life of their own and end up doing things that we never expected them to do. For example, the fact that tractors now are all connected and Bluetoothed up, and you can actually run your tractor, you sit on top of it, but you can actually run your tractor from your iPhone, which is kind of an amazing thing when you think about it. And, you know, we sort of lull you into thinking, wow, that's pretty cool.

And then you suddenly think, if it's on your iPhone, it means it's on the internet. So if it's on the internet, that means somebody can hack it. And so we're trying to find stories with characters that you immediately like.

…In another show, we talked to this lovely woman who was sort of embroiled in a romance scam … and she says, look, you know, I had changed my status on Facebook from married to widowed. And within days, I was getting emails from people who were saying that they'd seen pictures of me and they were in love with me.

And there was one in particular who pretended to be a four star general or something like that and had fallen for her. And she was so outraged by this. And first of all, she found it really condescending that someone would think that she'd want to marry somebody off the internet, that she started a whole group to try and help people fight romance scams.

And in this particular episode, we actually dig down and find someone who was sort of behind one of these and what his motivation was.

Ashley Thornberg

In examining people's motivations for these kinds of behaviors, what do you think about what it means to be human? That we would use these incredible tools for nefarious purposes.

Does it kind of illuminate your thoughts on the human condition at all?

Dina Temple-Raston

Well, I'm an unusual journalist in that I'm an optimist. And I'm and I'm optimistic about the human condition and human nature as well, I think. So I think what is really sort of illuminating for me is that, you know, all these different technologies, you know, the movies that we see went on AI are always very negative, right?

Or the movies we see about hackers are always very negative and paint them all in one light. And what we're trying to do is sort of provide something that's more multidimensional. And look, every single technology, whether it's cyber security or AI or anything else, is a double edged sword.

There are always going to be people who are going to use it for bad. And we actually talk in one of the episodes to someone who started one of the early dark web markets, it was something called dark code. And it was actually an American who lived, you know, in Kentucky, who started this particular dark market.

And in the beginning, it was really just something that he did with friends, so they could like swap code. And remember the old days when you could download movies. So they would find ways to sort of download movies early before anybody else.

So that was their sort of, you know, their scofflaw behavior was to try to be the first person to download first run movies and things like that. Well, before he knew it, it just sort of got it sort of spiraled, right? They thought of different ways that they might be able to make money.

And then they sort of put together these botnets I talked about before. And then they started wondering if they should sort of sell malware and packages to infiltrate different networks. And as you listen to him tell the story, you can kind of see how he got there.

And part of you is actually saying, don't do it. You know, this is going to end really badly. But he still does it.

And, and you get involved with that. And that's what we're trying to do in this story. … Besides making them less mysterious, it also makes you understand them and the human condition better.

Ashley Thornberg

The series is special for public radio, but it is part of a much larger body of work in the podcast Click Here. Give us what's the elevator speech on what the Click Here podcast is and how it might be a little bit different from the special series for public radio.

Dina Temple-Raston

Well, first of all, they're, they're 24 minutes, which is the sweet spot for, if you're commuting to and from work for the perfect length for you to just get it in your commute. But I think more than that is, there's sort of a mission that is around all of this. And that is, you know, we want people to understand this whole world of cybersecurity so that they can protect themselves.

And so whenever we talk as a group, you know, the team that puts this together, Sean Powers, Will Jarvis, and a couple of editors and some writers that we have, we always say, okay, what's going to be the spinach here? What is the thing that we're going to teach people that they didn't know about through this story? And I think that's what makes us different than really almost every other tech podcast that's out there.

Most tech podcasts are tech guys talking to each other in a kind of tech language. And we're very specifically not that. We're telling you stories that are interesting in and of themselves.

And surprise, surprise, when you're done, you understand all these things about either the way, you know, North Korea is hiding its missile weapons program, or the way Russia is hacking into various things, or the way Russia is hacking into networks in Ukraine, you understand how they're doing it, and you got a good story too.

Ashley Thornberg

One piece that was really fascinating to me is the comparison between a Russian hacker and a United States hacker, and the way that you talk about cyber warfare in today's warfare, and you and cyber experts refer to the war in Ukraine as really the first truly dual war happening on the ground and happening digitally. Really fascinating to compare the mentalities of those two different countries, comparing the Russians as being really good at long-term planning, and the United States side at being really good and able to pivot. So it also kind of comes down to foreign relations.

Did you have a sense that it would go in that direction when you started this reporting?

Dina Temple-Raston

…Whether you're Russian or Chinese or Iranian or North Korean or American, that cultural aspect is always going to inform whether it's crime, if you're a black-hat hacker, or, you know, trying to defend networks, whether you're a white-hat hacker. I will say that we did go to Ukraine this past fall.

And we spent a couple of weeks there and talked to a lot of people who were on the front lines of this cyber operation. And I think what we learned was that what we always thought about the Russians was that they were sort of, besides, you know, having all these great names for their hacking groups that were given to them, like Fancy Bear and Cozy Bear and Dancing Bear, they were always thought to be like a 10 foot grizzly, right? That they were one of the amazing hackers who could just take down an electrical network, which they had done, take down a power grid, that sort of thing.

And I think what we've learned from the past two years and watching them work in Ukraine is that Russian hackers are really good at long term planning, saying, we want to do this, let's do building block, let's say we want to take down this power grid with this control system, we'll do the building blocks to make that happen. And it's very sort of regimented. But if something were to happen that would, like in the middle of their cyber attack, would be something they wouldn't expect, their ability to actually change direction and think of something more creative is much more limited than we thought before this war.

And someone who is there who is sort of the head of a cyber sort of operations for what's the equivalent of their FSB or the equivalent of their NSA, he said to us, look, think about it. Why are the Russians having this problem? So the Russians invade, and anyone who is creative, or anyone who is really good at cyber and all this other stuff, probably left.

Because this is not a regime that is asking you to be creative or to question the regime or to question decisions. This is a regime that wants you to say yes or no, sir, and do what they tell you. And that isn't necessarily sort of the bio of a great hacker.

They go it alone, right? They have innovative ideas that they test on their own time. That's not what's going on here.

When it comes to US hackers, just because we have a different system, and I think this is working in Ukraine as well, because they have a democratic system. You know, people thinking outside the box as a general matter is encouraged. And thinking outside the box is a really important skill, whether you're doing offensive cyber, which is cyber attacks, or defensive cyber, in which you're trying to imagine, hmm, if I was Vladimir, what would I do?

I'd probably go here. And then sure enough, after one or two or three tries, you find what you're looking for. Because you were thinking in a lateral way.

And I think that cultural aspect of it is something that over the last couple of years, when we've been doing the podcast, I think that's something that we've all sort of really appreciated and found, you know, very interesting about covering this particular sort of niche of technology.

Ashley Thornberg

Has this reporting changed your approach to your digital life?

Dina Temple-Raston

Oh, absolutely. Absolutely. You know, partly because we are doing this kind of reporting, partly because we are talking to SIM swappers, or we're talking to hackers, or in one case in the last episode of this special series, we talked to the FBI's most wanted cyber guy, who's a Russian guy.

Because we're talking to them, and we know basically what they're good at is hacking into networks, the whole team is incredibly careful about cybersecurity, of multi-factor authentication, of extra firewalls, of making sure we have password managers. These are all things that I didn't really think very much about when I was at NPR and I was a terrorism correspondent. But it's something we're thinking about all the time.

Because these people could decide they don't like the story we did on them. They don't get to hear it beforehand, they hear it with everybody else. And if they don't like it, they have a very, very special way of, you know, exacting retribution, and it's online.

So we're very careful not to leave ourselves open to that.

Ashley Thornberg

Recorded Future News is a journalism offshoot of a threat intelligence company. How does that relationship work?

Dina Temple-Raston

Well, there is a company, a threat intelligence company called Recorded Future. And what it does is it actually helps companies fight cyber attacks, helps them get better threat intelligence so they won't be attacked in the first place, helps them protect their brands. In the same way that Bloomberg started out as a, basically a financial portal for traders, Recorded Future is a portal for people who want to protect their networks from bad guys.

So Bloomberg, and it turns out that I was actually one of the early Bloomberg reporters, decided to do a spinoff that was Bloomberg News. And it was completely editorially independent. But the idea behind it was, if you have someone who understands finance better, then that person will naturally gravitate to, you know, a Bloomberg terminal to trade bonds or whatever it is.

In that same way, the threat intelligence company Recorded Future started a news service about three years ago, started out with a newswire called The Record. And then two years ago, we expanded it out to include the Click Here Podcast under the feeling that educated consumers are good for everybody. So if you understand cybersecurity in a visceral way, the way we're trying to help you understand it, then you will understand the need for securing your networks, just as you asked me two years ago, did you guys, were you this careful about your passwords and everything else?

And the honest answer is no. But now that I'm a little more educated journalist, we're really careful about it.

Ashley Thornberg

Do you feel like journalists are able to keep up? I'm thinking about terrorism, thinking about 9/11 happening at a time when many people were still using paper tickets, and now we have biometrics scanning us in at the airport. That's such a huge change in technology.

Do journalists have the same leap in technological advances to keep up on reporting on this kind of thing?

Dina Temple-Raston

I feel like we do. We have producers who are really good at using social media and the internet to sort of chase people down and find connections between people that you wouldn't necessarily know are there. I think that's how we get a lot of the people we do on the podcast and on the specials.

I think that there are a lot more tools for us now, even from AI. I know everybody's so worried that AI is going to replace journalists. It's not.

AI is going to help journalists do their jobs more efficiently. The same way other technologies that have come up, whether it's programs to allow you to mix in your home, whether it's Zoom, which Zoom came along just in time for the pandemic. These technologies seem to come up and their use is something that we pick up and just makes our job easier.

I feel like we don't have that problem. I feel like we're keeping up. Of course, younger journalists keep coming up as well, and they bring their new skills.

They're much more comfortable in the social media world, say, for example, than I am. I think what we're seeing is a really good product. I think that journalism just keeps getting better.

As I said, I am an optimist, but I think good journalists are still doing really good journalism. There's a lot out there to do, and the technology we have are just giving us more tools to do better journalism.

Main Street transcripts are AI generated and corrected on a rush deadline. This text may not be in its final form and may be updated or revised in the future. Accuracy and availability may vary. The authoritative record of Main Street programming is the audio record.

Related Content