CyberWire Daily - Al Qaeda tries its hand at inspiration. MoneyTaker cyber bank robbers. Dark web database holds a billion credentials. Bitcoin speculation and Bitcoin fraud.
Episode Date: December 11, 2017In today's podcast, we hear that al Qaeda is working on ISIS-style inspiration. The MoneyTaker gang has been raiding banks quietly for about a year and a half. HP fixes an inadvertent keylogger in... its laptops. 4iQ finds a huge database of aggregated credentials from many breaches for sale on the dark web. Bitcoin and other cryptocurrencies attract scams and hackers. Why? That's where the money is. Ben Yelin from UMD CHHS on the proposed Cybersecurity Improvement Act of 2017 legislation. An ICO scam artist is in the SEC's crosshairs, but they'll have to wait until Québec is through with him. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash N2K, code N2K.
Al-Qaeda works on ISIS-style inspiration.
The money-taker gang has been raiding banks quietly for about a year and a half.
HP fixes an inadvertent keylogger in its laptops.
4IQ finds a huge database of aggregated credentials from many breaches for sale on the dark web.
Bitcoin and other cryptocurrencies attract scams and hackers.
Why? That's where the money is.
An ICO scam artist is in the SEC's crosshairs, but they'll have to wait until Quebec is through with him.
I'm Dave Bittner with your CyberWire summary for Monday, December 11, 2017.
Borrowing from the ISIS playbook, Al-Qaeda goes online as it seeks to inspire attacks in response to the U.S. Embassy's relocation to Jerusalem.
So far, such attacks have been less widespread than have been predicted,
but there have been incidents in both Jerusalem and New York, and authorities are on alert.
No successful hacktivism has so far been reported beyond the minor website defacements noted Friday.
Group IB reports finding a Russian-speaking gang, MoneyTaker,
that's looted as much as $10 million from Russian and U.S. banks.
They've also hit targets in the U.K.
Russian institutions seem more heavily hit than banks in other countries.
MoneyTaker has been active for about a year and a half,
and it's concentrated on card processing systems, especially in Russia,
and on the SWIFT money transfer system,
especially in the U.S. Law firms and financial software vendors have also been targets.
Among their tools are the familiar Citadel and Kronos Trojans.
Some 460 models of HP laptops are found to contain a keylogger pre-installed with their Synaptics touchpad driver.
Affected models include the EliteBook, ProBook, Pavilion and Envy series.
HP has issued fixes for the devices, saying that neither HP nor Synaptics has received
access to customer data through the bug.
This indeed seems to be the case.
ZW Close, the researcher who found and responsibly disclosed the problem, described HP's
response as terrifically fast. It appears that the keylogger was in origin a debug trace
inadvertently left behind in the software. HP has a full list of the affected devices
and the steps you can take to fix them at its customer support site, support.hp.com.
Search for Synaptic's touchpad Potential and see their remediations.
Dark Web Sucs continue to draw researchers' attention.
Some of the material found there is surprising.
4iq reports that it's found a single file on the dark web that hosts 1.4 billion clear
text credentials to various sites.
dark web that hosts 1.4 billion clear text credentials to various sites. It's an interactive,
aggregated database that pulls together a lot of old, known breaches collected in the exploit.in and anti-public credential dumps, as well as more than a hundred other newer breaches.
The stuff is for sale, but 4iq can't determine who the sellers are. Whoever they may be,
they've set up Bitcoin and Dogecoin wallets to accept payment.
Bitcoin continues its rapid rise in value and receives commensurate criminal attention.
Fortinet reports observing a phishing campaign that pretends to be marketing the Bitcoin
trading application Gunbot.
Gunbot is a real, if new, trading tool, but the payload the bogus emails deliver is the malicious Orcus rat.
SANS says it's seen adult content spam email distributing a crypto coin miner.
The less said about which the better,
and what are you doing opening mail like that, Internet Storm Center?
The payload was carried in a zip archive named SeeMyXXXPhoto,
something obviously calculated to contribute
to the delinquency of a bitcoin miner get it minor mine yeah yeah and it's not just fish bait and
surreptitiously installed miners just as you can get a cheap knockoff gucci purse on certain streets
in new york and washington so too can you buy a knock-off Bitcoin wallet inside,
shockingly enough, the walled garden of the Apple Store.
Buyer beware.
We find we've had a lot to say about Bitcoin
and other cryptocurrencies lately.
It's worth noting, lest anyone come away with the wrong impression,
that there's nothing inherently criminal or even shady about cryptocurrencies.
So it's not that Bitcoin or other cryptocurrencies
is automatically, by its very nature, a cyber risk.
Still less is blockchain technology itself
riskier or more dangerous than anything else out there.
Bitcoin futures themselves are now being traded on the CBOE,
parent of the well-known Chicago Board Options Exchange,
and the world's largest futures trading exchange.
So that's surely legit, and even regulated by the Securities and Exchange Commission.
CBOE opened these futures for trading yesterday, the ticker symbol is XBT,
and the speculators are free to speculate away.
Training began yesterday at 5 p.m. U.S. Central Time,
and CBOE says the futures posted a strong start.
It's more a case of fresh meat drawing flies,
and we're not talking about the kind of flame-broiled meat
associated with the high-flying Russian cryptocurrency Voppercoin,
available at Burger King in the Arbat and elsewhere.
There's clearly a lot of cryptocurrency speculation going on out there.
Just look at the impressive rise of Bitcoin values.
We see that this afternoon one Bitcoin is trading about $16,000.
And any speculative bubble will draw crooks and fraudsters.
Just recall the dot-com boom of the late 1990s
when companies touching the then-novel e-commerce market drew very overheated speculation.
Some of those companies are with us today, others have vanished,
along with their corporate fitness centers, foosball tables, and stadium naming rights.
There are also out-and-out con artists playing in the cryptocurrency space.
One such con man, Dominic LaCroix, we've heard about before.
He's the impresario behind that Plexcoin ICO
the U.S. Securities and Exchange Commission found objectionable.
Monsieur Lacroix has been convicted of fraud in his native Quebec,
where a court handed him two months in prison and a fine of 10,000 loonies.
Justice Marc Lesage said,
Greed at the expense of investors who are promised unmatched interest rates
remain the only goal of the defendants.
Monsieur Lecroy isn't exactly flavor of the month either north or south of the border.
The U.S. SEC, you'll recall, last week froze his assets
and told a federal court in Manhattan
that Lecroy's claims about Plexcoin were a bunch of hooey.
U.S. prosecutors will have their crack at him, probably,
but only after he finishes the sabbatical Judge Lesage has granted him.
A bientot, Monsieur LaCroix.
Calling all sellers.
Salesforce is hiring account executives to join us on the cutting edge of technology.
Here, innovation isn't a buzzword. It's a way of life. You'll be solving customer challenges
faster with agents, winning with purpose, and showing the world what AI was meant to be.
Let's create the agent-first future together. Head to salesforce.com slash careers to learn more.
Together, head to salesforce.com slash careers to learn more.
Do you know the status of your compliance controls right now?
Like, right now?
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks.
But get this, more than 8,000 companies like Atlassian
and Quora have continuous visibility into their controls with Vanta. Here's the gist. Vanta brings
automation to evidence collection across 30 frameworks, like SOC 2 and ISO 27001.
They also centralize key workflows like policies, access reviews, and reporting,
and helps you get security questionnaires done five times faster with AI. Now that's a new way
to GRC. Get $1,000 off Vanta when you go to vanta.com slash cyber. That's vanta.com slash
cyber for $1,000 off. And now, a message from Black Cloak.
Did you know the easiest way for cybercriminals to bypass your company's defenses
is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform
secures their personal devices, home networks, and connected
lives. Because when executives are compromised at home, your company is at risk. In fact,
over one-third of new members discover they've already been breached. Protect your executives
and their families 24-7, 365, with Black Cloak. Learn more at blackcloak.io.
with Black Cloak. Learn more at blackcloak.io.
And joining me once again is Ben Yellen. He's a senior law and policy analyst at the University of Maryland Center for Health and Homeland Security. Ben, welcome back. We saw a story
about some legislation that's been introduced. It's the IOT Cybersecurity Improvement Act of 2017.
Take us through, what are we talking about here?
So a group of bipartisan senators, it's always good to see bipartisan measures on subjects like
this, introduced a bill called the IOT, Cybersecurity Improvement Act. And I think it's
really a response to what we've seen in terms of cyber attacks in recent years, both on government
systems and on private systems, especially as it relates to
the Internet of Things and other connected devices. And what the bill would do would be
leverage, it would leverage the government's buying power to set a sort of basic level of
security for these devices. So for a government contract, any vendor, any provider of a connected device would have to abide by stricter cybersecurity
standards. I think there are pluses and minuses to this approach from the perspective of manufacturers
of these devices. It could be a decent selling point. It could be a good business practice for
some of these producers, because if you are meeting some sort of government
standard, that can be sort of an asset in explaining why your product is secure against
cyber threats. But of course, it can be a major cost and burden during the course of production.
So it could affect, I think what this article noted, it would affect the time to market and
usability for some of these products.
And again, you know, it's not mandating anything per se from manufacturers.
It's just giving them incentive to come up with stricter cybersecurity standards if they want to contract with the government.
And obviously, every company that manufactures one of these devices knows that the government has immense buying power, particularly when we're talking about the Department of Defense and some of our intelligence agencies.
So could this be a matter of where manufacturers could slap a sticker on their product that says
that it's compliant with this act? I would hope the legislation is going to be
stricter enough. Obviously, a lot of the specifics are going to be delegated to federal agencies.
My guess is that NIST would take a lead in helping to develop these standards. We would not want a
situation where the government is putting a rubber stamp on something when the product is not
actually secure. We want this designation to have some sort of meaning. Otherwise, I think the law
wouldn't be terribly effective. So I think even if this legislation were to pass, and I think it has a decent chance of getting enacted,
I think the real legwork would be done at the administrative level,
trying to figure out exactly what standards manufacturers would have to comply with.
Ben Yellen, thanks for joining us.
Cyber threats are evolving every second, and staying ahead is more than just a challenge.
It's a necessity.
That's why we're thrilled to partner with ThreatLocker, a cybersecurity solution trusted
by businesses worldwide.
ThreatLocker is a full suite of solutions designed to give you total control, stopping
unauthorized applications, securing sensitive data, and ensuring your
organization runs smoothly and securely. Visit ThreatLocker.com today to see how a default
deny approach can keep your company safe and compliant.
And that's The Cyber Wire.
We are proudly produced in Maryland by our talented team of editors and producers.
I'm Dave Bittner. Thanks for listening. Your business needs AI solutions that are not only ambitious, but also practical and adaptable.
That's where Domo's AI and data products platform comes in.
With Domo, you can channel AI and data into innovative uses that deliver measurable impact.
Secure AI agents connect, prepare, and automate your data workflows, helping you gain insights, receive alerts,
and act with ease through guided apps tailored to your role. Data is hard. Domo is easy.
Learn more at ai.domo.com. That's ai.domo.com.