This week Joseph talks to Lorenzo Franceschi-Bicchierai, a journalist at TechCrunch. Lorenzo has possibly the deepest understanding of one of the wildest cybersecurity stories in years: how an employee of Trenchant, a government malware vendor that is supposed to only sell to the ‘good’ guys, secretly sold a bunch of hacking tools to a Russian company. Those tools, it looks like, then ended up with the Russian government and possibly Chinese criminals too. It’s a really insane story about how powerful hacking tech can fall into the wrong hands.
Listen to the weekly podcast on Apple Podcasts, Spotify, or YouTube. Become a paid subscriber for access to this episode’s bonus content and to power our journalism. If you become a paid subscriber, check your inbox for an email from our podcast host Transistor for a link to the subscribers-only version! You can also add that subscribers feed to your podcast app of choice and never miss an episode that way. The email should also contain the subscribers-only unlisted YouTube link for the extended video version too. It will also be in the show notes in your podcast player.
0:00 – Guest Introduction: Lorenzo Franceschi-Bicchierai
02:52 – What Is Trenchant?
03:52 – Secrecy & Evolution of Exploit Industry
05:05 – Modern Spyware Industry Landscape
08:34 – Discovery of Peter Williams
10:31 – Apple Spyware Notifications Context
13:03 – Early Reporting Strategy
14:13 – Indictment & Confirmation
15:34 – What Peter Williams Did
18:17 – Economics of Zero-Day Market
24:53 – Google Discovers “Corona” Exploit Kit
28:11 – Shift to Mass Exploitation in China
31:03 – How Did It Spread? (Speculation)
34:36 – Link Back to Trenchant Leak
36:27 – Security Failure & Industry Implications
41:04 – Ethical Stakes & Real-World Harm
43:15 – Motive & Final Reflections
