CyberWire Daily - Crime, not education. Slot machine scams. Ransomware updates. Fancy Bear in Norway? Russian treason charges. GCHQ say no to "witchcraft."
Episode Date: February 6, 2017In today's podcast, we hear about how criminal markets offer ransomware-as-a-service under the guise of education. The UK's NHS and Licking County Ohio deal with separate ransomware attacks. The Slamm...er worm tried a comeback after fourteen years—so patch those known vulnerabilities. Crooks scammed slot machines, possibly by defeating their pseudo-random number generation. Norway tracks Fancy Bear. Russia says FSB officers charged with treason gave info to the Americans, but not necessarily the CIA. Markus Rauschecker outlines proposed changes to the email privacy act. GCHQ says security companies are peddling "witchcraft." Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash N2K, code N2K.
Criminal markets offer ransomware as a service under the guise of education.
The UK's NHS and Licking County, Ohio deal with separate ransomware accounts.
The slammer worm attempted a comeback after 14 years, so patch those known vulnerabilities.
Crooks scam slot machines, possibly by defeating their pseudo-random number generator.
Norway tracks fancy bear.
Russia says the FSB officers charged with treason gave info to the Americans, but not necessarily the CIA.
And GCHQ says security companies are peddling witchcraft.
I'm Dave Bittner in Baltimore with your Cyber Wire summary for Monday, February 6, 2017.
We've been following the evolution of criminal markets for some time now. The black
market has seen customer service portals, even reviews on the criminal equivalent of Yelp,
Ripper.cc. In these cases, the bad actors make little pretense about being, well, bad. But that's
not always the case. Some of the bad actors pose as legitimate or at least gray market services.
case. Some of the bad actors pose as legitimate or at least gray market services. Radware has discovered a new ransomware as a service portal on the dark web. This one is called Ranyan,
and it cloaks its crooked shame behind a fig leaf inscribed, for educational purposes only.
You'd be unwise to take it at face value. The portal looks much more like a standard
straight-up black market money-making operation. You can subscribe for 0.95 Bitcoin annually, that's about $960,
or if you're not quite as all-in as that, you can get six months for just 0.6 Bitcoin, about $600,
presumably if you act now. A word to the wise, there are a lot of legitimate security businesses that will
teach you everything you need to know about ransomware without requiring you to dump hundreds
of dollars into a dodgy dark web portal. Ransomware, of course, remains a threat,
with medical services and local governments particularly hard hit. Several national health
trusts in the UK are still digging out from under their own infestations.
And in the US, a county in Ohio, Licking County, is also dealing with ransomware that's locked them out of a number of services, including police and emergency responder systems.
So it's a threat not to be taken lightly. If you're interested in a model of how to plan
for recovery, take a look at the St. Louis, Missouri library system. They were hit, but they recovered swiftly and without paying the ransom
because they had a well-thought-out and well-executed backup system.
Speaking of Missouri, the Show-Me State's Gaming Commission has concluded
that a Russian national, a fugitive from the law of averages
and unnaturally lucky at slots, finagled some of the one-armed bandits.
The caper happened in June 2014, but remains puzzling.
Whatever they did gave them an implausibly high win rate on the slots.
The Lumiere Place Casino noticed payouts on its machines
running far higher than could be reasonably expected.
Indeed, Wire reports, the casino hadn't seen the likes of it before.
So security investigated and reviewed surveillance footage of the casino hadn't seen the likes of it before. So security investigated and reviewed
surveillance footage of the casino floor. The cameras showed a 30-something dark-haired guy
playing exclusively older slot machines manufactured by Aristocrat Leisure of Australia.
Most slot cheats physically compromise the victim machines. Not so this guy, since identified as one Morat Blyaev,
a Russian national employed allegedly by a St. Petersburg cybercriminal certificate.
And note that this is St. Petersburg, Russia, not St. Petersburg, Florida.
Shuffleboard players in the Sunshine State seem air-gapped against hacking, at least for now.
How the scam worked isn't yet fully understood, but it may have gone something like this.
Blyaev would play, pushing buttons on games like Pelican Pete or Star Drifter, while holding his smartphone unusually close to the screen.
The first attempts were normal, but he'd return in half an hour or so, play the machine, and
win big, parlaying $20 or $60 into a reliable payout of $1,300.
It appears that he was in touch with mathematicians in the home office
who cracked the device's pseudo-random number generators.
Blyaev returned to Russia, but incautiously returned stateside,
where he linked up with three fellow scammers.
The quartet were arrested last month, the first three copying a plea,
the last one using his status as a religious refugee to
provide U.S. authorities with evidence. Those who've been in the industry for a while will
recall the slammer worm, which enjoyed its heyday 14 years ago. According to Checkpoint,
someone made a concerted attempt to revive slammer at the end of 2016. We heard from
Tripwire's Senior Director of Security, Lamar Bailey,
who takes the opportunity to remind everyone that zero days may get all the press,
but your biggest threat probably comes through unpatched and known vulnerabilities.
Quote,
Organizations spend millions on the latest, greatest security products, but fail to fundamentally secure their network by just upgrading and patching old vulnerabilities.
End quote.
Patching, he says, is like locking your door.
Criminals may still get in, but you haven't made it too easy for them.
Norway's intelligence service continues to follow the tracks of Fancy Bear
through foreign and defense ministry email servers.
Fancy Bear, of course, is widely believed to be Russia's GRU.
Elsewhere in the Russian intelligence and security services, Russian
sources say the former and current FSB officers charged with treason were leaking to America,
and not necessarily the CIA. That will strike many as a distinction without a difference,
since it's difficult, although not impossible, to imagine to whom else they might have been leaking.
After all, it's unlikely to be the Small Business Administration,
even under the leadership of World Wrestling Entertainment impresario Linda McMahon.
Finally, the famously outspoken Ian Levy,
technical director of the UK's National Cyber Security Centre,
has told the security industry to knock off the FUD.
He says they're peddling witchcraft, and not the good Hogwarts kind.
There's no hint, however, that the NCSC is anticipating prosecution of threat researchers
under the authority of the Witchcraft Act of 1735.
So no worries, security industry.
Our barristers have so far offered no legal opinion as to whether prosecution
under the Fraudulent Medium Act of 1951 is similarly
unlikely. Brexit makes action under the EU's Consumer Protection Regulations a stretch too.
But we certainly wouldn't want to mess with Dr. Levy.
Calling all sellers. Salesforce is hiring account executives to join us on the cutting edge of technology.
Here, innovation isn't a buzzword.
It's a way of life.
You'll be solving customer challenges faster with agents,
winning with purpose, and showing the world what AI was meant to be.
Let's create the agent-first future together.
Head to salesforce.com slash careers to learn more.
Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks. But get this,
more than 8,000 companies like Atlassian and Quora have continuous visibility into their
controls with Vanta. Here's the gist. Vanta brings automation to evidence collection across 30
frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, and helps you
get security questionnaires done five times faster with AI.
Now that's a new way to GRC.
Get $1,000 off Vanta when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1,000 off.
In a darkly comedic look at motherhood and society's expectations, Academy Award-nominated
Amy Adams stars as a passionate artist who puts her
career on hold to stay home with her young son. But her maternal instincts take a wild and surreal
turn as she discovers the best yet fiercest part of herself. Based on the acclaimed novel,
Night Bitch is a thought-provoking and wickedly humorous film from Searchlight Pictures.
Stream Night Bitch January, only on Disney+.
Cyber threats are evolving every second,
and staying ahead is more than just a challenge.
It's a necessity.
That's why we're thrilled to partner with ThreatLocker,
a cybersecurity solution trusted by businesses worldwide.
ThreatLocker is a full suite of solutions
designed to give you
total control, stopping unauthorized applications, securing sensitive data, and ensuring your
organization runs smoothly and securely. Visit ThreatLocker.com today to see how a default
deny approach can keep your company safe and compliant.
And I'm pleased to be joined once again by Marcus Roshecker. He's the Cybersecurity Program Manager at the University of Maryland Center for Health and Homeland Security. Marcus, I saw that a group
of lawmakers, actually a bipartisan group of lawmakers, have reintroduced the Email Privacy
Act, which has to do with email and having to get warrants before searching emails.
Take us through this. What's going on here? Yeah, this new bill seeks to really close a gap
in an existing law. The existing law is the Electronic Communications Privacy Act, which was passed all the way back in the 1980s. And it basically says that government does not
need a warrant to search emails that are stored on an internet service provider's or a provider's
servers if that email is older than 180 days. Of course, nowadays, most of us store all of our emails in the cloud.
If we use a service like Google or Yahoo, we tend to just leave our emails up in the cloud
with the email service provider and never download them onto our computer,
which means that government can read all of those private emails if they are older than 180 days without actually needing a warrant.
So this is very concerning. And the bill that was introduced recently by lawmakers seeks to
address that and basically asks that government does need to get a warrant before it can read,
search through those emails, even if they're stored with the email service provider.
Yeah, it seems remarkable to me. I mean, you know, six months is,
you're not allowed to come in my house
and look through any of my papers
that are older than six months old automatically.
So, you know, this notion that at six months,
my private emails just become available,
that's news to me.
Yeah, it is concerning,
but it kind of makes sense
when you think about how the existing
law came about. And like I said, the Electronic Communications Privacy Act was passed in the 80s,
and in the 80s, email was handled very differently than it is today. So back then, in the 80s,
people would download emails that would get sent to them. They would download those emails onto their computers.
And government certainly needed a warrant and still needs a warrant to search emails that are actually exclusively stored on one's computer.
Now, of course, nowadays, people don't do that download anymore.
So this Electronic Communications Privacy Act is a perfect example
of how laws can become greatly outdated based on our advances in technology.
This is an issue that is finding bipartisan support because it just doesn't make any sense for government to have that authority to search private emails.
No one really wants that on either side of the aisle.
Can you just touch on that notion that back in the 80s they considered that something left on the server that long was abandoned?
Yeah. So basically, back in the 80s, we expected users to download emails onto their computers
when they received them. If users did not download emails onto their computers,
then they were considered abandoned. It was considered that a user
didn't have any interest in those emails anymore
if they weren't downloaded.
And therefore, the thought was that,
you know, government really shouldn't be required
to get a warrant to look at those abandoned emails.
Kind of like they don't need a warrant
to look through my trash
because it's considered something that I've thrown away.
Exactly.
Wow, interesting stuff. All right, Marcus Roshecker, thanks for joining us.
And now a message from Black Cloak. Did you know the easiest way for cyber criminals to
bypass your company's defenses is by targeting your executives and their families at home?
defenses is by targeting your executives and their families at home. Black Cloak's award-winning digital executive protection platform secures their personal devices, home networks, and connected
lives. Because when executives are compromised at home, your company is at risk. In fact, over
one-third of new members discover they've already been breached. Protect your executives and their families 24-7,
365, with Black Cloak. Learn more at blackcloak.io.
And that's The Cyber Wire. We are proudly produced in Maryland by our talented team
of editors and producers.
I'm Dave Bittner. Thanks for listening.
Your business needs AI solutions that are not only ambitious, but also practical and adaptable.
That's where Domo's AI and data products platform comes in.
With Domo, you can channel AI and data into innovative uses that deliver measurable impact.
Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights, receive alerts, and act with ease through guided apps tailored to