CyberWire Daily - Counterattackers' advantage? Juche no competition for cat videos, next-day delivery. CopyKitten crude but effective. FBI investigated Fruitfly Mac malware. Adobe will retire Flash in 2020. BSides notes.
Episode Date: July 26, 2017In today's podcast we hear about a Symantec study that shows APTs use some pretty buggy tools. Juche may not extend to the Internet, at least for Pyongyang's leaders. Iran's CopyKitten is charact...erized as unsophisticated but nonetheless effective. Mac users awakened by Fruitfly—the FBI is investigating. Adobe tells us to begin saying our goodbyes to Flash. Jonathan Katz from UMD on recent experiments with quantum cryptography. Stewart Kantor from Full Spectrum on protecting utility companies by using private RF (radio frequency) networks. And some notes from Vegas, because what goes on in Vegas doesn't stay there. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindelet.com slash N2K, code N2K.
A Symantec study prompts a question.
We know there's an attacker's advantage, but could there be a counter-attacker's advantage, too?
Juche may not extend to the Internet, at least for Pyongyang's leaders.
Iran's copy kitten is characterized as unsophisticated but nonetheless effective.
Mac users are awakened by Fruitfly, and the FBI is investigating.
Adobe tells us to begin saying goodbye to Flash.
And some notes from Vegas, because what goes on in Vegas does not stay there.
from Vegas, because what goes on in Vegas does not stay there.
I'm Dave Fittner in Baltimore with your Cyber Wire summary for Wednesday, July 26, 2017.
We've often heard about the attacker's advantage in cyberspace. The conventional wisdom, and its well-founded wisdom, is that the cyber attackers have the advantage.
They only need one good attempt for success.
All their failures matter not a bit, at least not as much.
But the defenders, you have to get it right all the time.
One failure, and that attacker's in, and probably out, before you know it.
So here's some food for thought that may serve to put the usual threat news into perspective.
Symantec has taken a look at some prominent advanced persistent threat groups and found that their tools tend to be buggy.
The security firm quietly suggests this could be turned to the defender's advantage.
Consider it the counter-attacker's advantage, and remember, as any graduate of the Leavenworth short course would tell you, that a counter-attack is a defensive operation.
There's no suggestion here of hacking back or of cybermark and reprisal.
North Korea is famously isolated, but what about its rulers? They're about as connected as anyone
else, according to a recorded future study. Pyongyang's elite are assiduous users of Facebook,
YouTube, and Amazon to pick just three attractive Western services, perhaps because they wish to maintain situational awareness of imperialist atrocities, although
on reflection one is reluctantly moved to skepticism.
It seems they like cat videos and next-day delivery as much as the inherently evil American
or rapacious Japanese plunderer.
Who knew?
This seems inconsistent with the j Xie spirit of collective solidarity and
self-reliance, but it may provide some insight useful to any elements of the civilized world
interested in counter-value targeting in cyberspace. Also in the study are some interesting
observations about North Korea's use of foreign networks, sourced by Recorded Future to research done by Team
Saimru. Chinese and Indian networks are most commonly exploited by Pyongyang's mix of espionage
and criminal operators. They also use networks in Kenya, Indonesia, Mozambique, Malaysia,
and Indonesia. Various looks at Iran's copy kitten operators are reaching a consensus that they're not highly skilled,
but that they've been effective at espionage nonetheless.
Clear Sky and Trend Micro report that copy kittens' wilted tulip campaign
has successfully exfiltrated data from a range of regional, European, and North American targets.
The fruit fly malware found to have been infesting Apple products is an odd one.
MacRumors calls it old and possibly abandoned, but the FBI is investigating.
Fruitfly is, or was, essentially criminal spyware.
Adobe has announced that it will finally retire Flash.
The software has been an important part of the Internet for two decades,
although its second decade has been marked by an unwanted role as an often-exploited attack surface.
But now we can all begin our goodbyes, although they'll be long goodbyes.
Adobe has scheduled Flash's final retirement for 2020.
When it comes to securing ICS and critical infrastructure,
one of the challenges is communicating securely with devices that are physically spread out.
One company working on tackling that problem is Full Spectrum, a provider of private licensed wireless broadband networks.
Stuart Cantor is CEO of Full Spectrum.
It's not just the electric grid, it's pipelines, water pipelines, wastewater, oil. And so you have all this
infrastructure out there that needs to be managed. Historically, it was managed over these dedicated
phone lines. And now you have the capability to do pervasive computing, very low cost devices
at the grid edge or any infrastructure edge? And how do you communicate with that device
and collect the information in a secure way? One easy way would be, well, let's just go
wherever there's cellular coverage, let's just go get some cellular modems. And we'll throw it on
the public internet and then we'll have access. And so that's what's introducing some of these
vulnerabilities to the various networks, because most likely it'll have a public IP address or it's the source is a public IP address that's being converted to a local address. vulnerable to all sorts of attacks. Our customers are large electric utility companies using our
equipment to create their own private wireless internet over very large areas. And so just from
a security point of view, when you're dealing with radio signals with RF, what's to keep someone from
tossing up a masked antenna and intercepting communications or jamming them or trying to
insert their own data into the line? Correct. So there are vulnerabilities there in all the
technologies. So in our aspect, we do encryption over the air. They also do VPN. So there's
multiple layers on the air interface protocol. We have the capability,
we're what they call software-defined radio technology, and the construction of even the
data frame is unique to the customer. So it makes the ability to hack a system very, very difficult.
Our customers are using frequencies that were legacy paging frequencies, legacy television frequencies, things that have been abandoned over time.
And with our technology, we repurpose those licensed frequencies for them where they own, operate, and control the frequency.
So, for example, if they find that their signal is being compromised in a certain area, the FCC is responsible to go out and find that interference and shut it down.
There's a layer of even enforceability from the government. And then we also have other
capabilities in how we dedicate traffic uplink and downlink. So there's a whole host of designs
that can be implemented over the network that allow layers of redundancy and security.
over the network that allow layers of redundancy and security.
That's Stuart Cantor from Full Spectrum.
Keynotes at B-Sides yesterday in Las Vegas highlighted calls for true multidisciplinary cooperation on the very large-scale problems we face in cybersecurity.
The disciplines that could make a major difference would prominently include economics, behavioral
sciences, and machine learning.
major difference would prominently include economics, behavioral sciences, and machine learning. Endgame gave an interesting talk, destructive malware and interstate rivalries,
the evolution of digital weapons and geopolitical conflict. Andrea Little-Limbago and Mark Dufresne
gave attack timelines and details of destructive attacks, with an emphasis on the destructive as
opposed to the merely intrusive, from Stuxnet to recent attacks centered on but extending beyond Ukraine.
Limbago put the incidents into geopolitical context
by describing the various rivalries that created the conditions for the attacks,
a smart pairing of the political and the technical.
In general, the atmosphere at B-Sides has been easygoing.
It's free, the teachers are volunteers,
and the attendees struck our stringer as passionate people who care about security
and at the same time like to have fun.
Therefore, we had a chat with the B-Sides bartender.
She told our stringer that the most commonly chosen morning beverage so far has been beer,
followed by Jägermeister.
Our sociological desk suggests this means one thing,
young crowd, college drinking habits.
Around 10.30 local time, the first Jack and Coke was ordered up.
Being Jack and Coke and not vodka and cucumbers
suggests that the demographic is more American than Russian.
So cheers, B-sides, and be sure you designate a driver
or hire a Lyft or Uber or a taxi.
or hire a Lyft or Uber or a taxi. You'll be solving customer challenges faster with agents, winning with purpose, and showing the world what AI was meant to be.
Let's create the agent-first future together.
Head to salesforce.com slash careers to learn more.
Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks.
But get this.
More than 8,000 companies like Atlassian and Quora have continuous visibility into their controls with Vanta.
Here's the gist.
Vanta brings automation to
evidence collection across 30 frameworks, like SOC 2 and ISO 27001. They also centralize key
workflows like policies, access reviews, and reporting, and helps you get security questionnaires done five times faster with AI. Now that's a new way to GRC. Get $1,000 off Vanta
when you go to vanta.com slash cyber. That's vanta.com slash cyber for $1,000 off.
In a darkly comedic look at motherhood and society's expectations,
Academy Award-nominated Amy Adams stars as a passionate artist who puts her career on hold to stay home with her young son.
But her maternal instincts take a wild and surreal turn
as she discovers the best yet fiercest part of herself.
Based on the acclaimed novel,
Night Bitch is a
thought-provoking and wickedly humorous film from Searchlight Pictures. Stream Night Bitch January
24 only on Disney+. And now a message from Black Cloak. Did you know the easiest way for cyber
criminals to bypass your company's defenses is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk.
In fact, over one-third of new members discover they've already been breached.
Protect your executives and their families 24-7, 365 with Black Cloak. Learn more at blackcloak.io.
And I'm pleased to be joined once again by Jonathan Katz.
He's a professor of computer science at the University of Maryland
and also director of the Maryland Cybersecurity Center.
Jonathan, welcome back.
We saw a story from Wired magazine.
It was talking about some physicists trying to do some work with quantum cryptography.
They were using lasers in an airplane.
Before we get to that part of the story,
can you just give us an overview about quantum cryptography? Sure. So I think most of the cryptography we're familiar with
is classical cryptography, where you're doing classical computation on classical information.
And quantum cryptography is really interesting because it uses the fundamental laws of quantum
mechanics in order to build a protocol. And what's particularly interesting there is that it's possible to build protocols
that you can prove unconditionally
are secure against any possible attacker, quantum or not.
So people are very excited about using
what's called quantum key distribution
to allow two parties to set up a key remotely,
much like we do now when we do key exchange
when setting up an SSL or a TLS connection.
And people are excited about the possibility of maybe doing that with quantum mechanics
and getting an invulnerable system for sharing keys.
And this is that situation in physics where the measurement of the key actually changes the key?
Yeah, so basically the way that you can prove security of the protocol
is by arguing that if an attacker interferes with the channel in any way,
then that interference would be detected by one of the parties. And so that's something that
fundamentally is different from what you have in classical communication, where in theory,
an attacker could read all the bits going across the channel, and neither side can even tell that
the attacker is there. So what's going on with this story in particular? Why did they have to use lasers in an
airplane to do their tests? Well, so because it's based on quantum mechanics, you need some
quantum mechanical particle, essentially, that can act as a means of communication in the protocol.
And one of the most popular ways of trying to implement that is using photons, which of course
means light, which brings us to the lasers that you mentioned earlier. So what these people were trying to demonstrate is how far apart the two parties could be
while running the protocol. And so they were using a laser and they were having one person
stand on the ground and another person flying around in the air to try to get a larger distance
between them. Right. Of course, the challenge is you want something where the people are far apart,
but yet they can see each other in a straight line. And if they're too far apart, but they're
both on the earth, then the curvature of the earth will make them not be able to see each
other by a straight line. But if one of them is flying in the air, they can get quite far away
and still be in line of sight of the person on the ground. So that's one of the challenges of
this type of cryptography is being able to use it at a distance? Yeah, very much so. I mean, for one thing, it's very sensitive to noise. And so you need to be
able to send these photons from one party to the other over a large distance without having the
signal being corrupted by the noise. And so currently, the distance over which you can run
these protocols is relatively small. And it's not yet to the point where you can imagine running
this, say, between a user in Los Angeles and a user on the East Coast.
So you can't just send it along, say, like fiber optic cables, that sort of thing.
So people are trying that also.
And people are looking at maybe using repeaters along the way to try to increase the distance.
But this is still very much research that people are carrying out
and a lot of engineering work as well to push it to larger and larger distances.
But we're not there yet.
All right.
Interesting stuff.
Jonathan Katz, thanks for joining us.
Cyber threats are evolving every second
and staying ahead is more than just a challenge.
It's a necessity.
That's why we're thrilled to partner with ThreatLocker,
a cybersecurity solution trusted by businesses worldwide.
ThreatLocker is a full suite of solutions designed to give you total control,
stopping unauthorized applications, securing sensitive data,
and ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today to see how a default
deny approach can keep your company safe and compliant.
And that's the Cyber Wire. We are proudly produced in Maryland by our talented team of editors and producers.
I'm Dave Bittner. Thanks for listening.
Your business needs AI solutions that are not only ambitious, but also practical and adaptable. Thank you. AI agents connect, prepare, and automate your data workflows, helping you gain insights,
receive alerts, and act with ease through guided apps tailored to your role. Data is hard. Domo
is easy. Learn more at ai.domo.com. That's ai.domo.com.