CyberWire Daily - Bear prints around the Czech Foreign Ministry. Tinker, tailor, soldier, hacker, Humpty Dumpty. Gamer forum breaches. Where in the world is Phineas Phisher?
Episode Date: February 1, 2017Bear prints in the Czech foreign ministry. Tinker, tailor, soldier, hacker in Moscow, with a side of Humpty Dumpty. Gamer forum data breaches go undetected for seventeen months. Credential reuse (and ...the limitations of human memory) are seen as a big threat to security. An IBM study throws up its hands over the state of healthcare cyber security. Trustwave's Chris Schueler reviews their latest report on resource limitations. Emily Wilson from Terbium Labs tracks the increased use of doxing. And Phineas Phisher, depending on whom you believe, is either under arrest or still at large. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash N2K, code N2K. Taylor Soldier Hacker in Moscow with a side of Humpty Dumpty. Gamer forum data breaches go undetected for 17 months.
Credential reuse and the limitations of human memory are seen as a big threat to security.
An IBM study throws up its hands over the state of healthcare cybersecurity.
And Phineas Fisher, depending on whom you believe, is either under arrest or still at large.
either under arrest or still at large.
I'm Dave Bittner in Baltimore with your CyberWire summary for Wednesday, February 1, 2017.
International conflict in cyberspace raises a few interesting stories today.
The latest government to experience what has the signs of a fancy bear visitation,
that is attention from Russia's GRU, is the Czech Republic's.
The country's foreign minister disclosed that its email system has been illicitly accessed.
Foreign Minister Lubomir Zorolik said the intrusion appeared to be the work of a nation-state. He didn't say which nation-state, but he pointedly observed that the incident
looked a lot like last year's email doxing of the U.S. Democratic National Committee. General consensus among observers, and there's not
much dissent in evidence on the matter, is that it's probably the work of Russian intelligence
services. We've seen reports that ISIS information campaigns suggest that the caliphate is beginning
to splinter. Whether this foreshadows a terrorist diaspora or tighter centralized control is still unknown,
but it appears that the fissures are due to military pressure in the caliphate's core claimed territories.
Thus, it seems to be kinetic and not information operations that are hurting ISIS.
U.S. Central Command's Web Ops information campaign against ISIS is drawing poor reviews from both
observers and whistleblowers. Bloomberg characterizes web ops as a botched operation.
Critics allege web ops has been a slipshod effort marred by indifferent linguistic skills,
tendentious self-assessments, and cronyism. The campaign prominently featured engagement
with ISIS adherents and potential adherents in social media,
but critics see such engagement as defeated by poor mastery of Arabic vocabulary, let alone idiom, by the operators.
The FSB officers arrested by Russia are now being officially accused of ties to the US CIA,
so there clearly is an espionage dimension to the scandal.
to the US CIA, so there clearly is an espionage dimension to the scandal.
That doesn't, of course, rule out criminal corruption as well, especially given the interpenetration of cybercrime and cyberespionage researchers see in Russian practice.
Bloomberg columnist Leonid Bershidsky wrote about the FSB that, quote,
parallel to their official duties, officers often run private data security operations
involving blackmail and protection.
Apparently, the online gadflies of Shaltey-Botey really have put a burr under the Russian leadership's saddle.
The bigwigs are particularly exercised over its revelation of discreditable communications among Kremlin insiders.
discreditable communications among Kremlin insiders. This gives the affair some symmetry with corresponding American uneasiness over the role WikiLeaks has played in shaping public opinion.
According to Radio Free Europe, Radio Liberty, Vladimir Enikeyev, Shaltey Boltey's founder,
has also been arrested, but hasn't been charged with espionage.
An article in the Moscow Times suggests that the incident represents
characteristically fierce infighting among security agencies, and that in particular,
the FSB's Information Security Center may have grown too powerful for the liking of its rivals,
and those rivals are now being permitted to purge it. Two of those arrested, Colonel Sergei
Mikhailov and Major Dmitry Dukakayev belong to the Information Security Center.
It wouldn't be the first time in Russian history that one intelligence organization has purged
another. The news isn't all tinker-tailor-soldier-hacker. More conventional forms of cyber
threat, of course, persist. It appears that personal information of about two and a half
million PlayStation and Xbox gamers have been exposed in a hack of gaming for a Xbox X360 ISO and PSP ISO.
The hack occurred in 2015, but its details are just now coming to light.
One of the challenges facing cybersecurity professionals is the proper allocation of resources.
You've got a budget and a team, but how do you decide how much of those precious resources
get channeled toward any particular task or threat?
Trustwave just published a survey report titled Money, Mines, and the Masses,
a study of cybersecurity resource limitations.
And we spoke with Trustwave's Chris Shuler about what they found.
It's a very deep and wide chasm that CISOs and VP of Securities have to go fill
and to get funding to fill all those various voids and gaps, it can be very expensive.
So I think the challenge is what we're seeing, and obviously the report kind of does back it up,
is that they're trying to conquer the achievable, and that's the
low-hanging fruit, and going after the endpoints, going after email, web filtering. Those are
probably the heavily, most heavily utilized in an organization. So they're obviously getting
funding for those items, but they're not getting funding for the rest of the items. And many of those items
are the ones that they need probably the most focus on because they're going to find
probably the nastiest stuff that would impact their environment.
I was interested to see if the report found that turnover was a particular problem.
Yeah, turnover has been a very big challenge in the industry
itself. And predominantly, it's because when you look at the skills that are required within IT
security, you know, it's been a huge evolution for us. You know, as our understanding of the
various attacks against organizations, we've quickly realized that there's a lot of positions that needed laser focus for those security challenges.
So if you look at 10 years ago, the generic IT security admin or engineer,
the skill level was, let's say, a level of 1 to 10. It was a 5.
I think what's happened now in the last decade is,
as our understanding of the attacks and the way that the cybercrime organizations and government nation-states, they've become much more sophisticated.
So subsequently, the skills required for the good guys have become more challenging.
So you have people that maybe have entered the security space
and entered it at the lower level and then quickly, directionally saw that they had an
expertise in a given area, right? Maybe it's a pen testing, incident response, deep threat research.
And the challenge is that a lot of organizations, specifically private organizations, their ability to fund that growth is a challenge for those individuals.
So like anybody would do with a hot and very demanding or high demand skill is they're going
to look out in the market and see if anyone's willing to pick them up as a threat researcher,
for example.
And people do.
That's Chris Schuller from Trustwave.
Cybersecurity in the healthcare sector continues to prompt eye-rolling from industry observers.
In the UK, half the National Health Service trusts only scan their web applications for vulnerabilities annually, if that often.
Looking at the sector as a whole, IBM offers some despairing lyricism.
It's a leaky vessel in a stormy sea.
Finally, Spanish police say they've nabbed Phineas Fisher,
famous for hacking the controversial lawful intercept tool providers Gamma Group and Hacking Team.
But Mr. Fisher has since communicated that he's safe and still at large.
Calling all sellers.
Salesforce is hiring account executives
to join us on the cutting edge of technology.
Here, innovation isn't a buzzword.
It's a way of life.
You'll be solving customer challenges
faster with agents,
winning with purpose,
and showing the world
what AI was meant to be.
Let's create the agent-first future together.
Head to salesforce.com slash careers
to learn more.
Do you know the status
of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks.
But get this.
More than 8,000 companies like Atlassian and Quora
have continuous visibility into their controls with Vanta.
Here's the gist.
Vanta brings automation to evidence collection
across 30 frameworks,
like SOC 2 and ISO 27001.
They also centralize key workflows
like policies, access reviews, and reporting,
and helps you get security questionnaires done
five times faster with AI.
Now that's a new way to GRC.
Get $1,000 off Vanta when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1,000 off.
In a darkly comedic look at motherhood and society's expectations,
Academy Award-nominated Amy Adams stars as a passionate artist who puts her career on hold to stay home with her young son.
But her maternal instincts take a wild and surreal turn
as she discovers the best yet fiercest part of herself.
Based on the acclaimed novel, Night Bitch is a thought-provoking and wickedly humorous film
from Searchlight Pictures. Stream Night Bitch January 24 only on Disney+.
Cyber threats are evolving every second, and staying ahead is more than just a challenge.
It's a necessity.
That's why we're thrilled to partner with ThreatLocker,
a cybersecurity solution trusted by businesses worldwide.
ThreatLocker is a full suite of solutions designed to give you total control,
stopping unauthorized applications, securing sensitive data,
and ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today to see how a default-deny approach can keep your company safe and compliant.
And joining me once again is Emily Wilson. She's the Director of Analysis at Terbium Labs.
And joining me once again is Emily Wilson. She's the director of analysis at Terbium Labs.
Emily, doxing. You wanted to make the point that doxing is becoming more of a common thing to see online, particularly know, when you think of doxing in its original form, what you see is people taking revenge on other hackers or gamers or people in a particular kind of community online.
And now this is becoming a much more common thing being used for, you know, people in the media that
you don't like or politicians that you don't like or, you know, executives at companies you disagree
with. And it's it's become much more fair game. And I think it's no longer it's no longer something
that crosses a line. Right. This is part of just the normal playbook. I don't like you or you you
said something I disagree with. I'm going to expose your personal information. And in some cases,
you are your spouse and your kids. And here's where you went to high school. And, you know, here's your next door neighbor. You know, this is this is
definitely becoming just kind of part of the way things work. And are you seeing, you know,
sort of availability of doxing as a service, if you will? I think it's interesting. Doxing as a
service isn't quite what what we see presented. It's actually more you'll see things where someone will provide a list of targets
and say, you know, have at them or have fun.
And so it's much less, hey, I'm here to dox anyone that you need.
That does exist.
It's much more of a, hey, guys, here's a list of names.
Let's have fun.
Or sometimes much more personally, you know, this is my ex-girlfriend.
Make her life miserable.
So rather than having a book club or a gaming club or something,
people gather around online virtually and come at people for sport.
Yes, definitely.
And I think in some of these places, you know, in some cases it's groups against other groups.
So, you know, here's Anonymous attacking, you know, a group of, you know, a trade association
they disagree with. But in some cases, it's a group of individuals gathering around another
individual for sport. And it's creepy is the word that comes to mind. And from your point of view,
you know, monitoring this sort of thing, is there are there ever indicators where you can,
you know, point out to someone, hey, it as though uh there's a group that's starting to gather information on you or heads up or is this or is it more spontaneous than
that uh it depends always always the great answer it depends there are definitely times when uh you
know a group or an individual is making a shift to a new industry or a new interest or a hey watch
this space and you know what that actor tends to be focused on.
So you have a sense.
In other cases, it's a bit more spontaneous,
you know, as you can imagine, right?
You know, whatever is in the news cycle.
So whether it was, you know, politicians during the election
or, you know, certain information during the, you know,
Dakota pipeline situation or, you know,
even law enforcement in the wake of a police shooting, for example.
There are certain things like that where you imagine this has happened
and someone's going to get doxxed.
I'm not sure who it is, but there are a few obvious choices.
All right, interesting stuff.
Emily Wilson, thanks for joining us.
And now a message from Black Cloak. Emily Wilson, thanks for joining us. digital executive protection platform secures their personal devices, home networks, and connected lives. Because when executives are compromised at home, your company is at risk. In fact, over one
third of new members discover they've already been breached. Protect your executives and their
families 24-7, 365 with Black Cloak. Learn more at blackcloak.io. professionals, and cybersecurity leaders who want to stay abreast of this rapidly evolving field, sign up for CyberWire Pro.
It'll save you time and keep you informed.
Listen for us on your Alexa smart speaker, too.
The CyberWire podcast is proudly produced in Maryland
out of the startup studios of DataTribe,
where they're co-building the next generation
of cybersecurity teams and technologies.
Our amazing CyberWire team is Elliot Peltzman,
Puru Prakash, Stefan Vaziri, Kelsey Vaughn, Tim Nodar, Joe Kerrigan, Carol Terrio, Ben Yellen, Our amazing CyberWire team is... Thanks for listening.
We'll see you back here tomorrow. Thank you. where Domo's AI and data products platform comes in. With Domo, you can channel AI and data into innovative uses that deliver measurable impact.
Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights, receive alerts,
and act with ease through guided apps tailored to your role.
Data is hard. Domo is easy.
Learn more at ai.domo.com. That's ai.domo.com.