The online payments company Stripe has a new head of security, Peiter Zatko — and it’s worth noting that Zatko and another recently hired security expert, Jon Kaltwasser, used to work for DARPA and the NSA, respectively.
“Having both Peiter and Jon join, part of what makes us so glad they’re here, is that they have such extensive experience seeing the most advanced adversaries in the world,” Stripe CEO Patrick Collison said on the latest episode of Recode Decode, hosted by Kara Swisher. “Nation-states have been some of the most active attackers over the past couple of years; having people who’ve been on the defense side of that is powerful.”
Collison made those remarks in an interview we recorded before the massive ransomware attack last week that crippled large numbers of hospitals and businesses across Europe. And he presciently observed that those targets were sitting ducks.
“I think the broader public should be worried about legacy systems,” he said. “I, too, am also a consumer, and my personal data resides in all sorts of systems — not just financial systems. Health care, communications, the phone system, what have you. And I think, just speaking personally as a consumer, I feel pretty good about the information I have that resides with Facebook, with Google, with these technology companies.”
Collison went on to say that companies like Facebook and Google are savvy enough to “understand the threats,” but that their biggest strength is being young organizations.
“They don’t have these enormous, impossible-to-comprehend systems from 1970, that have points of connection that someone forgot about,” he said. “Or [they’re not] using encryption technologies that were broken 20 years ago, but no one has had the chance to go upgrade yet.”
Last week’s cyber attack, which made around 75,000 computers unusable unless their owners paid a $300 ransom to unlock them, was linked directly to old versions of Windows XP, which Microsoft had stopped supporting. As Microsoft Chief Legal Officer Brad Smith noted in a blog post Sunday, the exploit was “stolen from the National Security Agency,” one of many such vulnerabilities the NSA had knowledge of.
“An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen,” Smith wrote. “And this most recent attack represents a completely unintended but disconcerting link between the two most serious forms of cyber security threats in the world today — nation-state action and organized criminal action.”
On the new podcast, Collison said he believed a “legacy system” like those affected in Europe would be the most likely danger to his private data.
“I assume that when my information — if my information is breached, as part of some hacking, it’ll be from some 20- or 30-year-old corporation that hasn’t kept pace with the broader industry,” he said. “The fixed costs of this investment are large; many small companies just can’t afford to make the investment. If you do not have a big security team, there are too many things to do.”
“The second thing to care about is, ‘Are they a modern technology company?’” he added. “If they aren’t, if they have systems from 40 years ago — and no one will say this on the record, of course. But if you talk to anyone off the record who’s dealing with technology systems that have been around for 40 years, it is almost impossible to make it truly secure.”
If you like this show, you should also sample our other podcasts:
- Recode Media with Peter Kafka features no-nonsense conversations with the smartest and most interesting people in the media world, with new episodes every Thursday. Use these links to subscribe on Apple Podcasts, Google Play Music, Spotify (mobile only), TuneIn, Stitcher and SoundCloud.
- Too Embarrassed to Ask, hosted by Kara Swisher and The Verge's Lauren Goode, answers the tech questions sent in by our readers and listeners. You can hear new episodes every Friday on Apple Podcasts, Google Play Music, Spotify (mobile only), TuneIn, Stitcher and SoundCloud.
- And Recode Replay has all the audio from our live events, including the Code Conference, Code Media and the Code Commerce Series. Subscribe today on Apple Podcasts, Google Play Music, Spotify (mobile only), TuneIn and Stitcher.
This article originally appeared on Recode.net.