Welcome to Codebook, coming at you live from Las Vegas, where Black Hat and DEF CON, America's premier cybersecurity research conferences, take place back to back.
I will bet $5 on the championship success of an NFL team of Codebook readers' choosing. Vote by replying to this email. Or just send me news tips.
Today's Smart Brevity: 785 words, 3 minute read
After 6 months, Ghidra adoption is looking good. Illustration: Rebecca Zisser/Axios
In March the National Security Agency released an internal malware research tool for free to the public, a first for the secretive agency. Six months later, by most indications, the release is an even bigger event than the NSA thought.
Why it matters: Some aspects of researching malware have long required expensive software. The release of Ghidra, the NSA tool, has profoundly changed the field, opening it up to students, part-timers and hobbyists who otherwise couldn't afford to participate.
It's been a good six months for Ghidra. The software has been downloaded more than 500,000 times from GitHub.
The big picture: It's still too early to judge Ghidra's success based on its use in published malware research or incidents in which hackers have been thwarted. But based on engagement of new and old researchers alike, that kind of evidence seems likely to follow.
Background: Ghidra is a reverse-engineering tool that allows researchers to translate computer-executable programs into human-readable programming language commands. When Ghidra was released, observers speculated that the purpose of the release was to create a global research explosion to counter national threats.
Knighton will present an update on Ghidra at Black Hat on Thursday, including new NSA-developed features and answers to some of the lingering questions about the program.
Reuters reported Monday that, according to a UN report, North Korea has funded its weapons programs with $2 billion in proceeds from cybercrime.
If only the UN read Codebook, it would know North Korea funds everything using cybercrime. Sanctions have taken away the country's legitimate revenue sources, and a combination of ransomware, cryptocurrency theft and digital bank heists are its main gambit to meet its budget.
Fancy Bear lurks in IoT: Fancy Bear, the Russian hacker group most famous for its involvement in 2016 election tampering, is attempting to enter corporate networks through internet-connected devices, Microsoft's Eric Doerr will present today.
Apple sending hackers phones: Apple is expected to announce a program to give outside researchers early access to phones, allowing them to discover security flaws before wider release. The announcement was first reported by Forbes.
Wicked6 Cyber Games: The first Wicked6 Cyber Games, a college cybersecurity competition, will take place today across the street from Black Hat.
Hackers are in the mail: IBM released a fun report in conjunction with the conferences detailing how hackers could use snail mail to breach computer networks, which Axios detailed here.
The most broken blockchain: Kudelski Security is presenting FumbleChain, an intentionally insecure blockchain, at both conferences.
DOJ: AT&T employees were bribed to unlock phones. (Wired)
A Spanish brothel chain exposed a trove of internal data, including its employee's real names. (ZDNet)
CafePress, which puts slogans on T-shirts, had a breach affecting 23 million. (Infosecurity Magazine)
The NSA and FBI might relax hiring standards for qualified hackers who may have smoked marijuana. (The Register)
The White House is drafting an order to stop alleged social media bias. (Politico)
FireEye goes deep on the criminal/espionage hybrid group known as Winnti. (FireEye)
This is not a black hat.