CyberWire Daily - Catphish and Charming Kittens. Data-sharing receives more scrutiny. European copyright law won't be fast-tracked. ZTE gets some relief. Juggalos and Juggalettes defeat facial recognition tools.
Episode Date: July 5, 2018In today's podcast we hear about some catphishing in the IDF's pond. Charming Kitten uses itself as bait. Facebook and Google face scrutiny over sharing users' information with third-parties. The P...irate Bay is back after its hiatus, and it's back to cryptojacking. The European Parliament voted today to reopen debate on its controversial copyright legislation. ZTE receives some perhaps temporary, perhaps more enduring, relief from US sanctions. And confusion to the Muggalos' facial recognition software. Justin Harvey from Accenture with thoughts on quantum computing. Guest is Gadi Naveh from Check Point Software with a look at open source security tools. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash n2k code N2K at checkout. That's joindelete.me.com slash N2K, code N2K.
Catfishing, the IDF, charming kitten, uses itself as bait.
Facebook and Google face scrutiny over sharing users' information with third parties.
The Pirate Bay is back after its hiatus and it's back to cryptojacking. The European Parliament
voted today to reopen debate on its controversial copyright legislation. ZTE received some perhaps
temporary, perhaps more enduring relief from U.S. sanctions and confusion to the Muggalow's
facial recognition software.
From the CyberWire studios at DataTribe, I'm Dave Bittner with your CyberWire summary
for Thursday, July 5, 2018.
The Israeli Defense Forces say, according to reports in InfoSecurity magazine and elsewhere,
that Hamas has succeeded in compromising smartphones belonging to Israeli soldiers
by using fictitious profiles, catfish, on a dating app.
Several hundred soldiers are said to have been affected in what the Israeli Defense Forces are calling
Operation Broken Heart.
The catfish then invite the soldiers to download a
malicious app, either romantically themed, like a dating app called Glance Love, or sports-themed,
especially ones that offer World Cup updates like Golden Cup. One gambit the catfish use is claiming
to be a recent immigrant to Israel, which is intended to explain the sometimes imperfect Hebrew they write.
The payload carried by the Trojanized apps is interesting and conveys a sense of what the
attackers are interested in. The malware is believed capable of turning on device microphone
and camera and of accessing phone and email contacts. There seems to be particular interest
in soldiers stationed near Palestinian territories,
and, of course, in gathering any information available on Israeli military installations.
The Iranian threat group Charming Kitten is building bogus websites purporting to be connected with Clear Sky,
the Israeli firm that's been tracking Charming Kitten for some time.
Clear Sky says the malicious site uses the URL clearskysecurity.net.
The fish bait being dangled is Clear Sky's reporting on the Iranian APT.
The threat group copied pages from Clear Sky's public reports
and changed one of them to offer a sign-in option.
Facebook has received unpleasant scrutiny over its sharing of data with third parties.
It appears that Google may have shared data originating with Gmail users. In this case,
Google has enabled certain developers to access not just Gmail metadata, but the contents of
emails themselves. It seems that Gmail users gave Mountain View permission to share reading rights to their emails
when they agreed to the end-user license agreement.
It's worth reflecting on how the purveyors of Gmail monetize it.
This would appear to be one way, and as is so often the case,
the small print of the EULA giveth to others because it taketh away from the user.
But the users did agree to it, after all.
You may recall that the Pirate Bay had been offline for about a week. It's returned. Unfortunately, it's returned with a little
something extra. A quiet crypto-jacker added to its features. This isn't a first for the Pirate Bay.
It installed crypto-miners in its users' devices back in September of 2017,
but soon stopped the practice after users complained.
But, of course, users probably shouldn't be surprised that Pirate Bay would return to its crypto-jacking ways.
The European Union today resumed deliberation over its proposed copyright law,
regarded by opponents as a meme killer at the very least, and possibly worse.
At issue in the vote today was whether to reopen debate on the law, which the European Parliament's
Legislative Committee had passed. The full Parliament voted to reopen debate by a 318-278
majority, and so the bill will not be fast-tracked, the normal course of EU legislation.
The bill will not be fast-tracked, the normal course of EU legislation.
Sir Paul McCartney likes this particular law, but others do not.
Wikipedia's Spanish, Italian, and Polish language service has been suspended in protest.
The two most controversial aspects of the legislation are Articles 11 and 13.
As explained in TechCrunch, Article 11 would impose what amounts, critics say,
to a link tax that would hit news aggregators particularly hard.
Article 13 would impose direct liability on platforms for their users' copyright infringements.
This would push them strongly in the direction of pre-filtering content, a very difficult thing to do without doing harm to fair use and even free speech.
Wikipedia's Jimmy Wales was particularly scathing in his response to EU tweets,
suggesting that anything covered by Creative Commons would remain untouched.
Mr. Wales doubts this, to say the least.
In a very rough and ready way, the recording industry and some big publishers have lined up in favor of the law,
with the tech industry and a broad spectrum of internet users lined up against it.
The law's target seems to be YouTube more than anything else,
but there are a great many other interested parties.
The availability of malware toolkits makes it easy for even unsophisticated attackers to spin up effective campaigns.
Gaddy Neve is Advanced Threat Prevention Evangelist at Checkpoint Software makes it easy for even unsophisticated attackers to spin up effective campaigns.
Gadi Neve is Advanced Threat Prevention Evangelist at Checkpoint Software,
and he offers his perspective on these tools,
including how more of them are taking advantage of open-source resources.
So I think we're in a very interesting point in time. Microsoft purchased GitHub, which is the best repository for code sharing.
And so I guess it will be very interesting to see the coming future of how Microsoft
ownership of GitHub will affect the sharing of code between companies in general.
But definitely we see that we're always one step back from the adversaries, which they always use to share data and their code and reuse code as much as they can
through open source repositories like the Metasploit project, Kali Linux,
which is used actually by us defenders and penetration testings, but definitely all these tools are
allowing attackers to get them and to start using it from scratch.
So I can say that attackers were always using code sharing repositories used by the good
guys as well as the bad guys.
by the good guys as well as the bad guys.
And they're stepping up their game with a GitHub code that's, for example, the reflective DLL injection code
that you can find in GitHub is used by attackers.
We can see obfuscation techniques for JavaScript
that is used by commercial purposes to keep your IP safe
is also used by similar techniques by
attackers and there's lots of proliferation between the good guys and
the attackers. And so how does this affect the ability to protect yourself
against these hackers? When you go in and reverse engineer things is
it a matter of saying, ah, yes, we recognize this code?
True, very true, that when it's open and sourced and made public, it's always easy to find a signature to prevent it.
But actually what we see that is used is mostly the grayware or stuff that can be considered very legit when used by one company, but the adversaries can use them as an attacker.
And that's kind of the hardest dilemma for security vendors when you have software that
can be used for legitimate purposes.
For example, even Bitcoin mining that we're seeing now, there's some very good usage for this
technology, as we can see. But there's definitely adversaries that are putting infected computers
with this technology. And then you can't decide if it's a malicious or illicit software,
what we call sometimes potentially unwanted software, etc.
what we call sometimes potentially unwanted software, etc.
So we see that very often these bad guys are using toolkits to put together their code.
I mean, does the availability of these open source tools, does it lower the bar?
Does it make it easier?
The point of entry is easier for folks who want to do these bad things?
True.
As the availability of this toolkit and open source project,
the attacker doesn't need to have the whole attack chain created by himself, but he just needs to add the latest exploits, sometimes exploits that are living nation state actors.
And these attackers can utilize these into their existing toolkits
and create a very damaging effect. As we've seen in the WannaCry, they incorporated into their
toolkit just a new exploit, the double pulsar and the eternal blue family of exploits in order to
make it wormable. They always just add one step to their arsenal. That's Gadi Naveh from Checkpoint.
ZTE gets enough relief from U.S. sanctions to update some of its products.
The company's fate, and those of other Chinese device manufacturers,
will be affected by the Sino-America trade war that may or may not be in the offing,
and more immediately by whatever sanctioning
provisions the U.S. Congress leaves in the 2019 Defense Authorization Act.
Finally, there's been much talk of facial recognition software and the sometimes useful,
sometimes problematic applications it offers. How can it be used? What might defeat it?
We'll leave uses aside for the moment and consider a new method
of defeating it. Blogger and privacy researcher Techion has described it, and you juggalos and
juggalettes out there will be pleased to learn that you're ahead of the curve. That's right,
insane clown posse makeup does the trick. The sharply contrasted black and white cosmetics
seem to defeat most facial recognition software.
We're having a difficult time figuring out a use case for this dodge,
since juggalos and juggalettes aren't by any reasonable measure inconspicuous.
CaesarNet has some speculation about people getting into military installations using it.
Now, sure, probably the MPs, SPs, Marine Guards, and so on would ask a question or two if a
juggalo presented himself at the gate in full regalia, but suppose, what if, someone used
military face camouflage to achieve a similar effect? We're not sure that would work, since
face camouflage is designed precisely to achieve a vague blended effect, quite unlike what the insane clown posse wears.
Clearly more research is needed in this matter,
but we can think of one good use case.
It's now possible to attend an insane clown posse concert
while going unrecognized by any automated surveillance that may be in use.
Something to think about, Barker, the next time you're whaling on your axe. It's a way of life. You'll be solving customer challenges faster with agents, winning with purpose, and showing the world what AI was meant to be.
Let's create the agent-first future together.
Head to salesforce.com slash careers to learn more.
Do you know the status of your compliance controls right now?
Like, right now. We know that real-time visibility is critical for security, but when it comes to our GRC programs, we rely on point-in-time checks. have continuous visibility into their controls with Vanta. Here's the gist.
Vanta brings automation to evidence collection across 30 frameworks,
like SOC 2 and ISO 27001.
They also centralize key workflows like policies, access reviews, and reporting,
and helps you get security questionnaires done five times faster with AI. Now that's a new way to GRC.
Get $1,000 off Vanta when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1,000 off.
And now, a message from Black Cloak.
Did you know the easiest way for cybercriminals to bypass your company's defenses is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform
secures their personal devices,
home networks, and connected lives. Because when executives are compromised at home,
your company is at risk. In fact, over one-third of new members discover they've already been breached. Protect your executives and their families 24-7, 365 with Black Cloak. Learn more
at blackcloak.io. And I'm pleased to be joined once again by Justin Harvey.
He's the Global Incident Response Leader at Accenture.
Justin, we have stories come by pretty regularly about quantum computing
and how that's going to change things.
I'm curious, from your point of view as an incident response guy, how are you preparing for this?
Is this really on your radar?
This is absolutely on our radar.
So Accenture recently introduced what we call the security tech vision, which is a look at the future. And the thing we've done is we've essentially put out an argument
that the proliferation of quantum computing as we know it, when it becomes generally available,
and there are people that think it's two years, there's people that think it's four years,
the people think it's eight years, regardless of how many years it's going to take to have quantum computing generally available, it is blockchain, the way that the algorithms work in order to create
a faux currency, if you will, will be essentially vulnerable.
When someone's explaining about SSL or encrypting your email, oh, don't worry, no one can break
it.
It'll take hundreds of years using conventional means.
Well, that's using conventional means. And the minute that a vendor comes out with truly a generally available quantum computing technology, those hundreds of years via conventional methods will be able to be compressed down into seconds or minutes. about is two things. The first is governments and militaries that will get early access to
quantum computing if they don't already have it today. This is quite a powerful capability
that nation states and militaries will highly seek after to have in front of the commercial.
And the first nations to truly get this and
operationalize it, it will be weaponized. So that will put people's lives in danger,
and it really will upend diplomacy even as we know it. Being able to decrypt any cable
or transaction from other nation states will truly change the world stage.
transaction from other nation states will truly change the world stage. And the second thing that I worry about is once this becomes generally available, once that switch is turned and
the first organizations start to get their quantum computing devices or their computers,
they will also have to uplift all of the rest of their infrastructure. That's great that it's
commercially available. That means other people, perhaps even in the cloud, can now do the same things that the military can. They can
crack something within seconds instead of hundreds of years. And just because that is available,
conventional computing, think of your intrusion detection system, think about your logging systems, the way that you do analytics
today. All of those, the capability isn't rendered useless. It's the amount of data,
the sheer amount of data and computing that you would have to view that the adversary could have.
From a commercial standpoint, when this is generally available, it is going to be
truly a game changer. That means that there has to be this
cascade effect across the entire industry. Now Cisco needs to come out with quantum routers,
and now FireEye needs to come out with quantum malware detection capabilities because they
simply won't be able to protect themselves using conventional cryptographic means.
When this comes, I really hope that not just security,
but society is ready for that leap.
Justin Harvey, thanks for joining us.
Thank you.
Cyber threats are evolving every second,
and staying ahead is more than just a challenge.
It's a necessity.
That's why we're thrilled to partner with ThreatLocker,
a cybersecurity solution trusted by businesses worldwide.
ThreatLocker is a full suite of solutions designed to give you total control,
stopping unauthorized applications, securing sensitive data,
and ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today to see how a default deny approach can keep your company safe and compliant.
And that's the Cyber Wire.
For links to all of today's stories, check out our daily briefing at thecyberwire.com. And for professionals and cybersecurity leaders who want to stay abreast of this rapidly evolving field, sign up for Cyber Wire Pro.
It'll save you time and keep you informed.
Listen for us on your Alexa smart speaker, too.
and keep you informed.
Listen for us on your Alexa smart speaker, too.
The Cyber Wire podcast is proudly produced in Maryland out of the startup studios of DataTribe,
where they're co-building the next generation
of cybersecurity teams and technologies.
Our amazing Cyber Wire team is Elliot Peltzman,
Puru Prakash, Stefan Vaziri, Kelsey Vaughn,
Tim Nodar, Joe Kerrigan, Carol Terrio, Ben Yellen,
Nick Volecki, Gina Johnson, Bennett Moe, Chris Russell,
John Petrick, Jennifer Iben, Rick Howard, Peter Kilpie, and I'm Dave Bittner.
Thanks for listening. We'll see you back here tomorrow.
Thank you. uses that deliver measurable impact. Secure AI agents connect, prepare, and automate your data workflows, helping you gain insights, receive alerts, and act with ease through guided apps
tailored to your role. Data is hard. Domo is easy. Learn more at ai.domo.com. That's ai.domo.com.