Welcome to Codebook. Breaking: This year's State of the Union is Wisconsin.
Marcus J. Carey, CEO of Threatcare, realized there was no book collecting the wisdom of cybersecurity's most legendary names. So he self-published one. It's now Amazon's 3rd bestselling book on security and encryption.
The big picture: "Tribe of Hackers," co-edited with Jennifer Jin, collects the essay questionnaire responses of 70 big-name hackers and information security pros. For nearly all of them, it's the first time they've put their personalities out for public view alongside their professional skills.
The questions probe everything from security myths to greatest regrets to book recommendations. The interviewees mix their musings on the philosophy of cybersecurity with mentorship and security advice.
Background: The project (and title) takes inspiration from 2017's "Tribe of Mentors" by Timothy Ferriss, a compendium of pithy advice. (The genre stretches back to Jessica Livingston's 2001 "Founders at Work.")
There's a lot of practical security knowledge in "Tribe of Hackers," but there's equally as much humanity in it.
Carey says one thing he learned was how much agreement there was on the question, "Do you need a college degree or certification to be a cybersecurity professional?"
Also: Many contributors answer the "which is the best hacker movie" question incorrectly. It's "Sneakers."
Photo: Chesnot/Getty Images
An email scam outfit is taking advantage of Gmail's "dot" feature to streamline operations, according to email security firm Agari.
Gmail dots? Gmail allows users to add or subtract periods in their email addresses at will. If you own the right to someusername[@]gmail.com, you will receive emails sent to some.user.name[@]gmail.com and s.o.m.e.u.s.e.r.n.a.m.e[@]gmail.com.
Here's where the crime comes in. BEC (business email compromise) scams run many operations in parallel. If they target a government agency offering grants or tax refunds, usually that means they have to use a different address for each instance of the scam.
The criminal group discovered by Agari, according to the official writeup, used the Google dots approach to:
All of these attacks have taken place in 2018 or 2019.
"We're not calling Google out with this report," said Hassold.
Cisco's Talos labs reports that a likely government-sponsored hacking campaign has recently targeted the Central Tibetan Administration — the current, activist incarnation of the exiled 1951 government.
Why it matters: It always matters when dissident groups are targeted by a government. While Cisco is not attributing the attack to a specific government, China, which considers Tibet part of its territory, has been in conflict with the Tibetan exile movement for decades.
The intrigue: Malware used by the attackers is "too complex" for hackers not affiliated with a government to create without help, Craig Williams, Talos director of outreach, told Codebook.
Details: The campaign spreads malware through phishing emails containing tainted PowerPoint presentations on China-Tibet relations.
In investigating ExileRAT, Talos saw it uses the same infrastructure as a different, previously undiscovered, ongoing campaign using an updated version of the LuckyCat malware. LuckyCat is the complex one.
80% of federal agencies now use DMARC to protect the public from fraudulent emails sent in their names, Valimail reported on Friday. All agencies, save for defense and intelligence ones, were required by Homeland Security to implement DMARC by October of last year.
Why it matters: 80% is actually a pretty substantial improvement from Valimail's last public statistic — when the deadline passed, only 57% of agencies met the DMARC requirement.
Codebook will return on Thursday.