CyberWire Daily - Breach disclosure: fast and slow. Mirai's minor comeback. Anti-ISIS Hacktivsts strike Amaq. North Koreans studying blockchain. Alleged Game of Thrones hacker indicted.
Episode Date: November 27, 2017In today's podcast, we hear that image-sharing service Imgur disclosed a data breach. It happened sometime ago, but they were quick to get the word out once they were aware of it. Uber faces regu...latory attention and possible post-hack headwinds for its aniticipated IPO. Mozilla's working on a Firefox add-on to warn you that a site you're visiting has been breached. There's a minor resurgence of Mirai, mostly from routers in Argentina. Anti-ISIS hacktivists school the Caliphate in information operations. What did the FBI know about Fancy Bear? North Koreans study blockchain. Ben Yelin from UMD CHHS on President Trump’s recently signed Cyber Crime Fighting Act. And winter is coming for an Iranian hacker. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash n2k code N2K at checkout. That's joindelete.me.com slash N2K, code N2K. regulatory attention, and possible post-hack headwinds for its anticipated IPO. Mozilla's working on a Firefox add-on to warn you that a site you're visiting has been breached.
There's a minor resurgence of Mirai, mostly from routers in Argentina.
Anti-ISIS hacktivists school the caliphate in information operations.
What did the FBI know about Fancy Bear?
North Koreans study blockchain.
And winter is coming for an Iranian hacker.
and study blockchain, and winter is coming for an Iranian hacker.
I'm Dave Bittner with your CyberWire summary for Monday, November 27, 2017.
Imgur, the image-sharing service, disclosed Friday that it had been hacked in 2014,
losing some 1.7 million email addresses and passwords, probably to a brute force attack against the SHA-256 hashing algorithm it was using at the time. Imgur has since moved
to Bcrypt, reckoned a more secure algorithm. Researcher Troy Hunt, who operates the site
Have I Been Pwned, discovered the breach on Thursday and immediately informed Imgur.
Their swift disclosure, just one day later, is being widely commended.
Detection, of course, was slow, but once they learned of the breach, they were very fast indeed.
As Hunt put it, quote,
I want to recognize Imgur's exemplary handling of this.
That's 25 hours and 10 minutes from my initial email to a press address,
to them mobilizing people over
Thanksgiving, assessing the data, beginning password resets, and making a public disclosure,
end quote. The obvious contrast here, of course, is the disclosure practiced by Uber,
which not only kept mum about its own 2016 breach until about a week ago, but also appears to have
paid the hackers hush money to the tune of 100 grand to keep it quiet.
Uber's breach occurred on the watch of former CEO Travis Kalanick,
who according to Reuters knew about the breach in December of last year.
The current CEO, Dara Khosrowshahi, took over the company at the end of August.
Now in the process of mopping up the damage,
Khosrowshahi is said to have learned of the incident in September,
about two weeks after moving into the CEO job. He did not immediately disclose it,
taking about two months to investigate and assess the damage.
Opinion differs on whether this delay was a proper course of action. On the one hand,
the incident was complex, involved the conduct of senior members of Uber's management team,
and was probably not then well understood.
On the other hand, people need to be warned quickly when their personal information has been compromised.
Uber faces a variety of legal and regulatory actions in many jurisdictions.
At least three U.S. states have opened investigations, New York, Connecticut, and Illinois,
and there are said to be investigations in progress by the
Federal Trade Commission, the FBI, and the U.S. Attorney for the District of Manhattan.
International investigations are said to be underway in both Australia and the United Kingdom.
Uber is privately held. It's believed, in fact, to be the most valuable privately held tech company
in the world, but it's preparing for a 2019 IPO.
Crucial to that IPO is a tender offer expected tomorrow from Japan's SoftBank.
Observers think Uber may find its value damaged by the data breach
and wind up paying what some are calling a Kalanick risk premium.
Ousted as CEO in June, Kalanick remains on Uber's board.
Mozilla is working on an enhancement to its Firefox browser to warn Internet users when
they visited websites known to have sustained data breaches.
The feature is said to use data provided by Have I Been Pwned?
An alert would come up saying, You visited hack site, followed by an input
field that appears to let visitors enter their email address to determine whether their data were among those lost.
It's one approach to raising awareness about data loss.
Bleeping Computer thinks it might be more useful if it put less emphasis on the incident
and more on encouraging affected users to change their credentials.
Mozilla's add-on is still in development.
their credentials. Mozilla's add-on is still in development.
Security researchers at Kehoe360 NetLab have told Bleeping Computer they've noticed an increase this month in Mirai botnet activity. They connected to the publication of proof-of-concept
exploit code on Halloween. There was a three-week lag. Scans using the proof-of-concept began on
November 22nd. The exploit posted online takes advantage of a hidden superuser password on older Zyzel routers.
The password apparently was shipped with the routers that used CenturyLink and QuestModem default Telnet credentials.
Most of the newly herded Mirai bots appear to be in Argentina.
The new Mirai campaign has yet to have had serious consequences, especially since the malware isn't persistent.
The bots drop out once the routers are rebooted.
A group of anti-ISIS Muslim hacktivists, Dashgram, has succeeded in breaking into ISIS news agency Amok and introduced fake news into Amok's sites.
Their goal, they say, is to contribute to the discrediting of ISIS by flooding
Amok users with bogus and scandalous, yet plausible, content. They have attempted to craft the fake
news for believability, announcements that an ISIS radio station had been destroyed in an airstrike,
things like that. ISIS handed Dashgram a victory when it told followers not to trust links presented
in Amak.
Mistrust of Amak and other ISIS outlets is something the civilized world would welcome.
The caliphate's inspiration continues to prompt great suffering. ISIS struck a Sufi mosque in Egypt over the weekend, killing more than 300 worshippers, many of them children. An attack
on a mosque is unusual for the terrorist group, but they've been denouncing
Sufism online for some time. The Associated Press reports that the U.S. FBI knew for about a year
that Fancy Bear was going after officials' email accounts, but generally didn't inform the targets
that they were being prospected by a Russian intelligence service. The report is new,
and what the FBI did or didn't do and why isn't yet clear.
The story is, as they say, developing. Observers note with misgivings an increase
in North Korean university training on blockchain technology. Recorded Future, for example,
dismisses the notion that this is an innocent intellectual trend, like a lot of ambitious
undergrounds from Sinanju looking for a career in the next new
thing. Most see the training as a harbinger of more attempts to loot Bitcoin and other
cryptocurrencies on behalf of the Pyongyang regime. Criminal interest in cryptocurrency
theft is rising across the board. The SANS Institute has been blogging about an increase
in scans for Bitcoin and Ethereum wallets, so hold on to your blockchains.
Finally, winter is coming.
Let's see, that's 20, 21, 22, 23, right, 24 days from today,
up here in the Northern Hemisphere.
But it's also coming for one Bezad Mezri,
sometime Iranian military contractor,
an alleged member of the Turk black hat security hacking team.
Mr. Mezri was indicted last week for his alleged role in hacking the HBO series Game of Thrones.
Acting U.S. attorney Jun Kim, who's obviously a fan of the show,
pointed out that winter is coming is the motto of the House of Stark,
and that, as Mr. Kim put it, today winter has come for Bazaar Mezri. Of course,
there's no way Tehran is going to serve a U.S. warrant on Mr. Mezri, but in some ways,
it's the thought that counts when you're naming and shaming. As Mr. Kim pointed out,
for the rest of his life, and he's a relatively young man in his late 20s,
he will never be able to travel outside Iran. The memory of American law enforcement is very long.
So think of it this way.
Whenever a wanted hacker is getting ready to book a vacation abroad,
the White Walkers will be there to hit him or her with an extradition order.
If Mr. Mesri is fond of the beach, may we suggest the Caspian Sea?
Calling all sellers. BNC. Winning with purpose and showing the world what AI was meant to be. Let's create the agent-first future together.
Head to salesforce.com slash careers to learn more.
Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security, but when it comes to our GRC programs, we rely on point-in-time checks. But get this, more than 8,000 companies like
Atlassian and Quora have continuous visibility into their controls with Vanta. Here's the gist,
Vanta brings automation to evidence collection across 30 frameworks, like SOC 2 and ISO 27001.
They also centralize key workflows like policies, access reviews, and reporting,
and helps you get security questionnaires done five times faster with AI.
Now that's a new way to GRC.
Get $1,000 off Vanta when you go to vanta.com slash cyber. That's
vanta.com slash cyber for $1,000 off.
In a darkly comedic look at motherhood and society's expectations,
Academy Award-nominated Amy Adams stars as a passionate artist
who puts her career on hold to stay home with her young son.
But her maternal instincts take a wild and surreal turn
as she discovers the best yet fiercest part of herself.
Based on the acclaimed novel,
Night Bitch is a thought-provoking and wickedly humorous film
from Searchlight Pictures. Stream Night Bitch January 24 only on Disney+.
And now a message from Black Cloak. Did you know the easiest way for cyber criminals to bypass your
company's defenses is by targeting your executives and their families at home.
Black Cloak's award-winning digital executive protection platform secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk.
In fact, over one-third of new members discover they've already been breached.
Protect your executives and their families 24-7, 365
with Black Cloak. Learn more at blackcloak.io.
And joining me once again is Ben Yellen. He's the Senior Law and Policy Analyst at the University
of Maryland Center for Health and Homeland Security. Ben, welcome back. We saw a article come by about President Trump,
who has signed a Cyber Crime Fighting Act, which is set to help with local and state law enforcement.
Here's a win for the president. Yeah, he signed this piece of legislation just last week,
the Strengthening State and Local Cyber Crime Fighting Act of 2017. It was introduced
in the House of Representatives
by a member named John Ratcliffe from Texas.
It also had bipartisan buy-in in both the House and the Senate,
including sponsorship from Dianne Feinstein,
a Democrat in the Senate who has been on the forefront
of many of these issues.
The legislation authorizes the National Computer Forensics Institute,
located in Hoover, Alabama.
So whoever is the congressman there, I'm sure had a major impact in shepherding this legislation.
And the idea is that this institute will get federal funding to train local officials across all 50 states and across all of our territories to become more effective at fighting cybercrime. And I think we've talked
about in other segments the importance of getting to local officials, especially first responders,
who have a glut of skills, but cybersecurity and protecting against cybercrime is not going to be
one of them. I think largely, you know, it's just not the practice of the industry to be well-versed
in these topics. But I think we're going to see more profile events where part of the emergency response is going to require at least a basis of knowledge in cybersecurity issues.
And since we already have an institute, a body that's capable of conducting these trainings, and they've already trained 7,000 local officials. I think this is a wise piece of legislation to expand that program,
give it a little bit of government funding,
and show that the federal government is willing to be a partner
with states and localities in protecting against these threats.
Yeah, it's interesting with a paralyzed Congress
that it seems like these cyber laws are some of the things that are being
able to go through without much trouble. Yeah, I mean, I think, fortunately for all of us,
this is an issue that has been particularly polarized. I think everyone is beginning to
understand the immense threat that cybersecurity poses on our country, particularly our critical
infrastructure and some of our private companies.
And I think President Trump, to his credit, has made this a priority. He came out with his
cybersecurity executive order earlier this year. And this is another piece of legislation. And
granted, it's not a major legislative accomplishment by any means, a relatively small
program. But I think it's showing that he has some interest in these
issues and that he's willing to sign pieces of legislation to assist in this effort.
All right, Ben Yellen, thanks for joining us.
Thank you.
Cyber threats are evolving every second, and staying ahead is more than just a challenge.
It's a necessity. That's why we're thrilled to partner with ThreatLocker, a cybersecurity solution trusted
by businesses worldwide. ThreatLocker is a full suite of solutions designed to give you total
control, stopping unauthorized applications, securing sensitive data, and ensuring your
organization runs smoothly and securely. Visit ThreatLocker.com
today to see how a default deny approach can keep your company safe and compliant.
And that's The Cyber Wire.
We are proudly produced in Maryland by our talented team of editors and producers.
I'm Dave Bittner. Thanks for listening.
Thank you.