CyberWire Daily - A bail hearing in Vancouver. The prospect of indictments in IP theft cases. Kubernetes vulnerabilities. Russia and Ukraine swap hacks? An advance fee scam asks for help getting out of jail.
Episode Date: December 10, 2018In today’s podcast, we hear that Huawei’s CFO awaits her immediate fate in a Vancouver detention facility, where she faces possible extradition to the US on a sanctions-violation beef. Huawei itse...lf receives hostile scrutiny from the Five Eyes, the EU, and Japan. US indictments are expected soon in other IP theft cases involving China. Upgrade Kubernetes. Russia and Ukraine swap cyberattacks in their ongoing hybrid war. An advance fee scam promises not only money, but maybe love, too. Emily Wilson from Terbium labs, on why she feels the Lesbians Who Tech conference gets diversity right. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2018/November/CyberWire_2018_12_10.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash n2k code N2K at checkout. That's joindelete.me.com slash N2K, code N2K.
Huawei's CFO awaits her immediate fate in a Vancouver detention facility,
where she faces possible extradition to the U.S. on a sanctions
violation beef. Huawei itself receives hostile scrutiny from the Five Eyes, the EU, and Japan.
U.S. indictments are expected soon in other IP theft cases involving China.
Russia and Ukraine swap cyberattacks in their ongoing hybrid war.
And an advanced fee scam promises not only money, but maybe love, too.
From the CyberWire studios at DataTribe, I'm Dave Bittner with your CyberWire summary for Monday,
December 10th, 2018. China has summoned the U.S. ambassador to demand an explanation for the arrest in Canada of Huawei CFO Meng,
promising severe, if unspecified, consequences should she not be promptly released.
U.S. Ambassador Branstad was called in by China's vice foreign minister, who, as the official
Xinhua News Service said, lodged solemn representations and strong protests against Ms. Meng's detention.
Currently in Canadian custody, Ms. Meng faces a Vancouver court's decision on whether she will be granted bail.
That decision could come as early as this afternoon or evening.
Canadian prosecutors have argued that Ms. Meng represents a flight risk.
Her attorneys deny this, saying she will not flee while she awaits a separate decision
on the U.S. request to extradite her. The U.S. has indicted Meng on charges related to fraudulently
conspiring to evade sanctions against Iran. According to the Wall Street Journal, the U.S.
alleges that a Hong Kong-registered company, Skycom, was effectively an informal subsidiary
of Huawei, and that Huawei used Skycom to persuade several banks into facilitating illegal trade with Iran.
Huawei became aware in April 2017 it was the subject of a U.S. criminal investigation.
A warrant for Ms. Meng's arrest was issued in New York on August 22nd of this year.
The charges Meng faces could bring significant prison time, should she be
tried and convicted. Multiple charges of conspiracy to commit fraud could bring 30 years each.
U.S. companies are jittery about possible retaliation. Bloomberg reports that Cisco,
for one, moved to restrict non-essential employee travel to China. Other companies are thought likely to become similarly cautious.
The lawfare may grow sharper. The U.S. is said to be preparing to unseal a number of additional
indictments of Chinese nationals, perhaps as early as this week. The Wall Street Journal reports that
federal prosecutors have been making a case against Chinese nationals, the journal describes
them as hackers linked to the
Chinese government, on charges of industrial espionage. These would be straightforward cases
of electronic spying and theft of intellectual property, not the sort of sanctions violations
alleged against Huawei. The group involved in the hacking is said to be APT10, also known as
Cloudhopper. The companies Cloudopper is said to have targeted
are service providers who offer infrastructure management or cloud service to corporations and
government agencies. Australia, New Zealand, and the U.S. have all imposed bans on the use of Huawei
products in their networks. Much of the concern in these three countries has focused on the
potentially problematic role Huawei might play in building out 5G networks. The Australian Signals Directorate has warned
that problems that affect 5G networks would not be confined to telecommunications,
with the attendant possibility of their exploitation for espionage or disruption.
There would also be a risk, ASD's head remarked, to critical infrastructure, including water and power distribution.
The UK has been somewhat less vocal on the subject of the Chinese hardware,
but the National Cyber Security Centre, in meeting with Huawei leaders last week,
extracted agreements from the company to make certain unspecified security changes in their equipment.
BT has announced the possibility that it might pull
Huawei gear from its existing 4G network. And MI6 is asking, with the force of suggestion and
recommendation, whether it wouldn't be best to simply boot Huawei equipment from the UK altogether.
Canada is the last of the Five Eyes to take action against Huawei, although willingness
to arrest the company's CFO during a Vancouver stopover
suggests that policy and sentiment
are hardening there as well.
David Van Yeo,
director of the Canadian Security Intelligence Service,
took the occasion of his first public speech last week
to warn of the risk of espionage
being carried out over 5G networks.
This is, of course, an oblique reference to Huawei.
The EU is considering similar restrictions of Huawei,
and Japan has decided to exclude both Huawei and its smaller competitor ZTE from government work.
The Kubernetes privilege escalation vulnerabilities recently revealed
continue to pose a very widespread risk to users of the popular container
technology. Fortunately, as Dark Reading points out, there are solutions. Users can upgrade
Kubernetes instances to the latest ones, and most major cloud providers say they've done so,
or they can apply mitigations that have been made generally available. Those mitigations may come at
some cost in operational smoothness, so an upgrade would seem to be the better option.
Russia's recent escalation of its hybrid war against Ukraine does indeed seem to have had a strong cyber component.
According to Defense One, researchers at Stealthcare report that Russia's seizure of three Ukrainian vessels in the Kursh Strait at the end of November
was preceded by coordinated cyber operations directed against Ukrainian government assets.
The threat groups involved include the usual suspects of Karbanak
and the less familiar but still notorious FSB-associated Gamerodon.
The campaign is thought to have aimed at developing intelligence for the anticipated naval operation.
Stealthcare also reads the attack on FSBI Polyclinic No. 2,
a hospital connected to Russia's presidential administration,
as probably Ukrainian retaliation for the naval action in the Sea of Azov.
Expect more thrust and riposte in the weeks to come.
Predictably, Huawei's troubles and Ms. Meng's detention
have prompted advance fee scams.
These are, of course, the work of ordinary criminals
and are not connected with either Huawei or its CFO.
A message circulating in WeChat says
that there's this crooked Canadian jail guard, okay,
and so he'd let Ms. Meng escape if he were bribed a couple thousand dollars.
U.S. greenbacks and not Canadian loonies. The message, which purports to be from Miss Mung
herself, says she doesn't have the cash on hand, but she'll repay you with 200,000 shares of Huawei
stock if you'll help her out of her jam. Also, as a sweetener, she says, if you are single, we can also discuss the important thing in life,
which our lonely heart's desk reads
as a veiled offer of marriage.
So, opt to it, world.
Love and money can be yours.
Or not.
Calling all sellers. Salesforce is hiring account executives Thank you. and showing the world what AI was meant to be. Let's create the agent-first future together.
Head to salesforce.com slash careers to learn more.
Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks.
But get this.
More than 8,000 companies like Atlassian and Quora
have continuous visibility into their controls with Vanta.
Here's the gist.
Vanta brings automation to evidence collection across 30 frameworks,
like SOC 2 and ISO 27001.
They also centralize key workflows like policies, access reviews, and reporting,
and helps you get security questionnaires done five times faster with AI.
Now that's a new way to GRC.
Get $1,000 off Vanta when you go to vanta.com slash cyber. That's vanta.com slash
cyber for $1,000 off. And now a message from Black Cloak. Did you know the easiest way for cyber criminals to bypass your company's defenses is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk.
In fact, over one-third of new members discover they've already been breached.
Protect your executives and their families 24-7, 365 with Black Cloak. Learn more at blackcloak.io.
And joining me once again is Emily Wilson.
She's the Fraud Intelligence Manager at Terbium Labs.
Emily, it's great to have you back.
You and I have talked before about the importance of diversity in our industry,
but I think we've also shared some frustration that sometimes we can do diversity for diversity's sake.
And you recently attended a conference, and you thought they did a good job with this. Share with us, where were you? Well, this is my second one, but I was in New York
for the Lesbians Who Tack Leadership Summit. I attended their San Francisco summit in the spring,
which was excellent enough that I immediately signed up for the next one that was stateside.
And I do think they get it right. And here's why.
We have talked before about the fact that
diversity at conferences can be performative.
It's an opportunity to say,
hey, look at us.
We got a female keynote speaker
and we have a panel of people talking about
what it's like to be a woman in tech.
And that can get very frustrating.
We're good, right?
We're good. we're good.
We did it, check the box, aren't you happy?
Can you stop sending us angry emails?
No, the answer is no, I won't stop.
So what I think is different here,
I'm a woman in tech and I'm a queer person in tech
and it can be very frustrating to go to these conferences
and feel like someone is trying to cater to me
in a way that's most comfortable for them
which is to say here i'm going to give you a platform to talk about diversity and then we're
done what's different about lesbians who tech is that this is a this is a conference this is an
organization where yes it's a diverse group yes we are minorities in our field but we're also just
doing our jobs and we're very good at our jobs and we're there to talk about doing our jobs.
And that's what's nice. It is lesbians who tech. But the emphasis on the content of these conferences is the tech.
We're not all sitting around talking about diversity all the time.
Those conversations come up because they come up naturally. That's that's part of our navigation of the professional world. But we're talking about cybersecurity.
We're talking about blockchain.
We're talking about AI and machine learning.
We're talking about data science and analytics.
We're talking about how we can get young people into the field.
We're talking about the impact of media on tech.
You know, we're here talking about our jobs.
And that's very refreshing because it seems like in mainstream conferences, we never actually get around to being able to talk about what we're good at.
And what about the fact that you are among like people, so you're not the only girl in a room full of boys.
That's true. I am not the only woman in a room full of boys. That's true. I am not the only woman in a room full of men. I am around like-minded people.
I am around people who already at first glance
share so many of my experiences in the industry.
And that's everything from frustration
about trying to convince people to use two-factor
to the difficulties of getting harassed at a conference
to trying to figure out where you want to go next in your career, to trying to reconcile the world that we're in now and the lack of security.
And that's very refreshing because, honestly, it makes it easier to just get to the root of the problems at work.
It makes it easier to problem solve or say, I'm having this problem with a team
or this problem, you know, rolling out a product.
You know, how can you help?
You know, everyone is there.
Everyone is ready to network.
Everyone is ready to help.
And also, you know, we get to bring in incredible speakers.
You know, Hillary Clinton was at this one in New York.
Megan Smith, again, of course, Kara Swisher.
You get to see very powerful people in this field, people like you,
who are ready to share their lessons and ready to help you out.
And that's something we've lost, I think, at a lot of tech conferences.
What would your advice be to the other tech conferences?
Based on what you've learned from this conference doing it right,
what are some of the lessons you wish the other
conferences could take away? I mean, the first and most obvious one, which I've said before,
and I'm going to say again, because you asked, is that I think other conferences can look at this
and immediately just shred all of their excuses about not being able to find a more diverse
speaker group. We're talking about hundreds of speakers, all of whom are women or queer people,
50% of whom are people of color. There you go. If you're looking for speakers,
pull from that list. These are people who are good at their jobs. We're here. We're in the industry.
All you have to do is ask. I think that works well. I also think, you know, something that
this conference does well is it gives people from all different backgrounds and all different
levels of experience a platform to come and talk. So maybe this is your first year as an engineer.
Maybe you've been doing this for three or four decades. You know, we're hearing both voices.
We're hearing about people who came to tech naturally or those who ended up there later. We're talking about people who are tech adjacent or people who are, you know, realizing
that their field has become a tech field. You know, everything is tech now. I think it also
creates a situation where people can have honest conversations, which is hard to do when we are
at so many of these conferences, we're focused on vendor materials or,
or pitches disguised as keynotes,
right?
This is,
this is actually just a community coming together to learn,
uh,
and to share information and to mentor and to help and to connect.
And we need to do more of that.
Do you find that the opportunity for learning is,
uh,
is,
is better?
I did just from, I imagine not having to have your guard up you don't have your guard up that's true it's a little bit different because you you
do know that you're in a in a safe space right and that certainly helps but i think also it's the
it's the concentration of subsets of these communities where again you you already know
that you have so much in common with
these people. Most of you have faced a lot of the same challenges in your career. Most of you
continue to be the minority in your office or even in your city. And so I think that that
certainly helps. But there are other things like that that we can pull from in the mainstream
industry. There are other ways that we can group people together, get smart people in a room thinking about problems together.
Lesbians Who Tech manages to bring together very smart people from all over the world,
put them in a room, and get them excited about their industry. They bring in powerful speakers from all walks of life. They
ask the hard questions because we're already here asking hard questions day to day. We're already
trying to speak up. We're already trying to figure out how to navigate this world. And I think that
getting those voices involved in more mainstream communities can bring so much more talent, so many more experiences.
If you just tap into these networks of people, we're here, right?
We've been doing this.
Megan Smith gave a keynote talking about the history of women in tech, and she reminded us we've been here the whole time.
of women in tech and she reminded us we've been here the whole time it might not be in the history because look at who's writing the history but we've been here the whole time when you bring
those voices in when you get that many people in the room solving problems is second nature
right sharing information connecting people building networks finding new jobs is second
nature because everyone is there and ready
to help. Imagine if you brought that group of people to your conferences. Imagine if you made
those people speakers. Imagine if you hired those people to work at your organization.
These are creative people. These are hard workers. We've had to work hard to get here anyway. We've had to overcome a lot to get
here anyway. That makes us an incredible resource for these industries to tap into.
Emily Wilson, thanks for joining us.
Cyber threats are evolving every second, and staying ahead is more than just a challenge.
It's a necessity.
That's why we're thrilled to partner with ThreatLocker, a cybersecurity solution trusted by businesses worldwide.
ThreatLocker is a full suite of solutions designed to give you total control,
stopping unauthorized applications, securing sensitive data, and ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today to see how a default-deny approach can keep your company safe
and compliant.
And that's the Cyber Wire.
For links to all of today's stories, check out our daily briefing at thecyberwire.com. And for professionals and cybersecurity leaders who want to stay abreast of this rapidly evolving field, sign up for Cyber Wire Pro.
It'll save you time and keep you informed.
Listen for us on your Alexa smart speaker, too.
and keep you informed.
Listen for us on your Alexa smart speaker, too.
The Cyber Wire podcast is proudly produced in Maryland out of the startup studios of DataTribe,
where they're co-building the next generation
of cybersecurity teams and technologies.
Our amazing Cyber Wire team is
Elliot Peltzman, Puru Prakash,
Stefan Vaziri, Kelsey Vaughn,
Tim Nodar, Joe Kerrigan,
Carol Terrio, Ben Yellen,
Nick Volecki, Gina Johnson,
Bennett Moe, Chris Russell,
John Petrick, Jennifer Iben, Rick Howard, Peter Kilby, and I'm Dave Bittner.
Thanks for listening. We'll see you back here tomorrow.
Thank you. uses that deliver measurable impact. Secure AI agents connect, prepare, and automate your data workflows, helping you gain insights, receive alerts, and act with ease through guided apps
tailored to your role. Data is hard. Domo is easy. Learn more at ai.domo.com. That's ai.domo.com.