CyberWire Daily - Cybersecurity on US Election Day. OPERA1ER threat activity. Insider threats. Hacktivist auxiliaries: influence operators in the hybrid war. And Mr. Hushpuppi is back in the news.
Episode Date: November 8, 2022Cybersecurity on US Election Day. Details on the OPERA1ER threat activity. Seasonal and secular trends in Insider threats. Hacktivist auxiliaries: influence operators in the hybrid war. Ben Yelin revi...ews election security and misinformation. Ann Johnson from Afternoon Cyber Tea speaks with Dr. Ryan Louie about the growing issue of mental illness among cybersecurity professionals. And, hey everybody, Mr. Hushpuppi is back in the news (and back in the slammer, the hoosgow, the big house…you get the picture…a sabbatical at Club Fed.) Disclaimer: The content and views expressed do not constitute medical advice and are not a substitute for professional medical advice, diagnosis, or treatment. If you need help, please contact your medical provider. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/215 Selected reading. Your Election Day cyber guide (Washington Post) Putin-linked businessman admits to US election meddling (AP NEWS) OPERA1OR: Playing god without permission (Group-IB) DTEX i3 Team Insider Risk Stats for 2022 (DTEX Systems Inc) Killnet targets Eastern Bloc government sites, but fails to keep them offline (The Record by Recorded Future) Ukrainian hacktivists claim to leak trove of documents from Russia’s central bank (The Record by Recorded Future) Notorious Nigerian influencer ‘Billionaire Gucci Master’ sentenced to 11 years in jail in the U.S. for fraud (Forbes) Hushpuppi: Notorious Nigerian fraudster jailed for 11 years in US (BBC) Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the CyberWire Network, powered by N2K.
Calling all sellers.
Salesforce is hiring account executives to join us on the cutting edge of technology.
Here, innovation isn't a buzzword.
It's a way of life.
You'll be solving customer challenges faster with agents, winning with purpose,
and showing the world what AI was meant to be. Let's create the agent-first future together.
Head to salesforce.com slash careers to learn more. Hey everybody, Dave here. Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected. Thank you. Now at a special discount for our listeners. Today, get 20% off your Delete Me plan
when you go to joindeleteme.com slash N2K
and use promo code N2K at checkout.
The only way to get 20% off
is to go to joindeleteme.com slash N2K
and enter code N2K at checkout.
That's joindeleteme.com slash N2K code N2K.
A look at cybersecurity on U.S. Election Day.
Details on the operator threat activity.
Seasonal and secular trends and insider threats.
A look at influence operators in the hybrid war.
Ben Yellen reviews election security and misinformation.
Ann Johnson from Afternoon Cyber Tea speaks with Dr. Ryan Louie about the growing issue of mental illness among cybersecurity professionals.
And hey, everybody, Mr. Hushpuppi is back in the news and back in the slammer, the hooscow, the big house.
You get the picture.
Sabbatical at Club Fed. From the CyberWire studios at DataTribe, I'm Dave Bittner with your CyberWire summary for Tuesday, November 8th, 2022.
Today is election day in the U.S.
Have you voted Americans?
In most places, you've been able to vote early or even vote by mail.
But traditionalists and procrastinators, suddenly seized by a sense of civic responsibility,
have been schlepping to the polls since early this morning.
CISA went into the final day of voting with confidence that the elections wouldn't be disrupted by cyberattacks that sought to directly attack voting. CISA is holding a series of updates
for the media throughout the day, and we're sitting in on them. But as we publish this
daily podcast, no unusual or dangerous threats have emerged.
There are, of course, scattered reports of a machine not working or a poll watcher's tablet going down,
but these are all well down in the ordinary noise of accidents and not the result of any attack on voting systems.
On the other hand, influence operations, of course, continue.
The AP reports that the increasingly high-profile Russian oligarch Yevgeny Progozin,
proprietor of both the troll-farming Internet Research Agency and the mercenary army that does business as the Wagner Group, said yesterday,
It's an unusually frank avowal of what U.S. sources have long charged.
But come on, Yevgeny Viktorovich, this isn't really what you'd call news. You could save it for TASS or RT.
The White House press secretary dismissed Mr. Pergozan's remarks yesterday, saying that they do not tell us
anything new or surprising, surely the most undeniably true thing ever uttered in a press
conference. How effective such influence operations will be remains to be seen,
and they can be counted on to continue
long after the election is over. Their goal, remember, is fundamentally to demoralize,
sow confusion, and widen pre-existing fissures in civil society. Group IB has published a detailed
account of the threat group Operator, that's operator, but instead of a T,
there's a number one, which has used off-the-shelf tools to steal between $11 million and $30
million from its victims, mostly located in Francophone regions of Africa since 2019.
The researchers include advice on defense, and their accounts afford an interesting look at what a determined criminal operator can do with commodity tools traded in the C2C market.
Researchers at DTEX have published a study on insider threats, finding that unsanctioned third-party work on corporate devices has risen by nearly 200% over the past 12 months.
has risen by nearly 200% over the past 12 months.
The researchers warn that workforce engagement declines by up to 50% in the weeks before the holiday season.
Engagement also remains affected during the first week back after the holidays.
Departing employees represent a distinct challenge.
DTEX observed that research and creation of resignation letters
increased by 20% in the
first half of 2022, increasing the potential for disgruntled employees to cause harm to the
business. The study also found that 12% of departing employees take sensitive information
with them when they leave the company. So, HR departments, look to your off-boarding.
company. So, HR departments, look to your off-boarding. Another pro-tip, we're just spitballing here, but maybe firing people by email is not the best approach.
We come now to the tale of two cyber auxiliaries in the ongoing hybrid war Russia is waging against
Ukraine. We've seen the U.S. Federal Bureau of Investigation's assessment last week of Russia's
Killnet hacktivist auxiliary as posing more of a psychological than a tangible threat to the
networks it hits with distributed denial-of-service attacks. Yesterday, the record by Recorded Future
offered some notes on Killnet's interests and targeting. The threat actor is mostly interested
in hostile nations found in
the near abroad, now independent former Soviet republics, especially Estonia and Moldova,
and former members of the defunct Soviet-led Warsaw Pact, in particular Bulgaria and Poland.
Officials in those countries essentially agree with the FBI. Killnet's operations were punitive in their intent,
and while the group crowed high in its social media channels,
the actual effects they achieved didn't rise above the now familiar nuisance level.
That probably doesn't matter, and so needn't be regarded as a failure.
At this point in the hybrid war,
these sorts of cyberattacks are best regarded as a form of influence operation,
intended more to menace and intimidate than to hobble or disrupt.
And things seem similar on the Ukrainian side.
The record also reports that Ukraine's auxiliary IT army claims to have successfully breached databases belonging to Russia's central bank.
The central bank itself has said publicly that the data breach is all hooey.
As quoted in Positive Technology's Security Lab blog, the bank said,
not a single information system of the Bank of Russia has been hacked.
The material the IT army dumped online, the central bank claimed,
was all anodyne, publicly available information.
If the central bank isn't fibbing, and they may not be, then the IT army is doing something the FBI says Kilnett's been doing for some time,
boasting in a way calculated to mess with its audience's mind.
In its Telegram channel, the IT army explained its objective in hacking
Russian banks, stating, the goal remains the same as for all banks, to create problems in
the processing of payments, to delay the fulfillment of financial obligations under contracts,
and to sow doubts among those who receive payments through it.
So, like the activities of their Russian counterparts,
the IT army in this campaign seems interested principally in influence.
And finally, hey everybody, do you remember Ramon Abbas?
Probably not.
But you may remember him under his influencer persona, Ray Hushpuppi.
Anywho, Mr. Hushpuppi, a Nigerian citizen,
was sentenced to 11 years in a federal prison
on charges related to his money laundering activities.
The judge also ordered him to pay $1.7 million
in restitution to two fraud victims.
In his salad days, Mr. Hushpuppi called himself
the billionaire Gucci master, according to Forbes.
After getting his criminal start as what the Nigerians call a Yahoo boy, engaging in romance scams,
he began to flaunt his wealth as a social media flexer,
prancing and dancing his way into the hearts and wallets of many who wished that they too might live the life of villas, supercars, fine jewelry, and designer clothes Mr. Hushpuppi displayed.
Sure, flexing on Instagram isn't the best way of flying under the Fed's radar,
but on the other hand, people are drawn to that sort of thing in the vague hope that some of the magic might rub off.
of thing in the vague hope that some of the magic might rub off. Mr. Hushpuppi's later crimes involve laundering money on behalf of North Korean threat actors who engage in fraud on behalf of
their cash-strapped pariah government. The BBC reports that two Nigerian imams wrote letters
asking for leniency on Mr. Hushpuppi's behalf, noting his generosity to widows, orphans, and food banks,
and Mr. Hushpuppi himself expressed his regrets and contrition. Come what may, the judges still
gave him 135 months in club bed, plenty of time to repent at his own leisure.
at his own leisure.
Coming up after the break,
Ben Yellen reviews election security and misinformation.
Anne Johnson from the Afternoon Cyber Tea podcast
speaks with Dr. Ryan Louie
about the growing issue of mental illness
among cybersecurity professionals.
Stay with us.
Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks.
But get this.
More than 8,000 companies like Atlassian and Quora
have continuous visibility into their controls with Vanta.
Here's the gist.
Vanta brings automation to evidence collection across 30 frameworks, Thank you. security questionnaires done five times faster with AI. Now that's a new way to GRC. Get $1,000
off Vanta when you go to vanta.com slash cyber. That's vanta.com slash cyber for $1,000 off.
And now, a message from Black Cloak.
Did you know the easiest way for cybercriminals to bypass your company's defenses is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform
secures their personal devices, home networks, and connected
lives. Because when executives are compromised at home, your company is at risk. In fact, over
one-third of new members discover they've already been breached. Protect your executives and their
families 24-7, 365, with Black Cloak. Learn more at blackcloak.io.
Anne Johnson from Microsoft is the host of the Afternoon Cyber Tea podcast.
And in a recent episode,
she speaks with Dr. Ryan Louie
about the growing issue of mental illness
among cybersecurity professionals.
I know our listeners are curious to learn about the link between psychiatry and cybersecurity.
And to bring us along on the journey, can you talk a little bit about your background?
When and why did this interest begin for you?
How did you land on cybersecurity?
And I love that cyber with a PSY as a focus area.
And can you break it all down for us?
Yes.
So I'm a psychiatrist.
So my main work is working with patients in the clinic setting.
I treat patients' conditions such as depression, bipolar disorder, PTSD, anxiety, several other
types of mental health conditions.
Before this clinic work, I used to work in a
downtown San Francisco hospital, an inpatient lock psychiatric unit. I learned a lot from that
patient population because they taught me a lot of things. They said that once they left the safety
of the hospital, they were kind of on their own. There was a lot of things they didn't know where
to go to, a lot of different things that might have been dangerous or not safe. And I would ask
them, what's your safety plan? Where do you go for help? If you need assistance, who do you go to?
It got me thinking about the bigger picture of what it means to be mentally well and to be safe.
I love technology. And as I started seeing how technology is so interwoven into everyday life,
I started to think about that a person's safety and security in
terms of their mind and their well-being is actually closely linked to the technology they
use. So hence, I was thinking about cybersecurity in the traditional sense with a C-Y for cyber
into a P-S-Y being psychiatry and cybersecurity. And I started to merge the two and think about
it in that way. So can you unpack some of
the issues commonly seen and what aspects of cybersecurity are contributing to them? And how
unique are they to this industry? Definitely the COVID-19 pandemic has amplified everything that
was already existing, both in terms of the stressors in cybersecurity and also the stressors
in mental health. COVID-19 and the pandemic made everything that much more
magnified and intense. So in thinking about this question, I oftentimes compare the world of
cybersecurity with people in healthcare. Both of our fields in the medical fields and the
cybersecurity fields share a lot of things in common. For instance, we often work under extreme
time pressure. We don't have a lot of information all the time.
We have to make decisions without all the information or things we wanted to know about,
but it demands a decision, so we have to decide.
It can be very stressful.
Oftentimes, there are limited resources, limited time, limited staff, and there are things
from left field that we may not even know about.
We always have to deal with those situations.
And for cybersecurity professionals and people in healthcare, there's the constant need to
want to be a team player.
So with all that baseline, let's pivot a bit and talk about how we can better take care
of ourselves and our teams.
And if we could start with leaders, when it comes to identifying someone who might
be struggling, what signs should leaders
look out for and what can leaders do to best support the mental health and well-being of their
teams? In thinking about what leaders can do, I think back to this time when I was a medical
student doing a rotation in one of my clinical clerkships. On the first day of orientation,
all the interns and the residents and the medical students like myself gathered around in a circle with our attending physician, who was the head and who would be writing our recommendation and giving our grades.
He said right at the outset, Seth said, we work as a team.
If anyone feels overwhelmed, there's too much stuff on their plate, I want you to just freely say, raise your hand and say, hey, I got too much.
I need some help.
There will be no penalties for doing that.
It's not going to show up on your grade sheet or your letter or your evaluation.
And just like that, he lifted up that onus
of pressure from everyone.
And we worked really well.
We worked great as a team.
That's Anne Johnson from Microsoft, host of the Afternoon Cyber Tea podcast. You can hear more of this interview and the entire Afternoon Cyber Tea collection of shows here at thecyberwire.com. And joining me once again is Ben Yellen.
He's from the University of Maryland Center for Health and Homeland Security
and also my co-host over on the Caveat podcast. Hello, Ben. Welcome back. Hello, Dave. So it is election day as we record this
and air this. I voted this morning. I believe you voted ahead of time. I did. I voted by mail.
Always a satisfying feeling to fill out your ballot, put it in the drop box, and know that
you've made a difference. It sounds corny, and it is the drop box, and know that you've made a
difference. It sounds corny, and it is very corny, but I love voting. I think it's actually fun,
even though it's also a civic duty. I agree. It does sound corny, but I do get a nice little
feeling of civic pride when I do it every time, and I think it's important. So let's talk about
pride when I do it every time. And I think it's important. So let's talk about security here. I mean, where, as we go through election day, where are we finding ourselves? We've heard from many of
the agencies who keep track of these things. Where do we stand? So I think when people think about
election security issues, they think about corrupted voting systems. They think of potential cyber attacks on voter rolls from illicit foreign
actors or agents of these foreign enemies, the Chinese government, the Russian government.
From what our federal agencies have said, our election systems are relatively safe,
are quite safe. Largely, that's due to the work of agencies like CISA, and you certainly
give them credit for it. But largely, it's due to the decentralized nature of our election system.
It might be easy or doable to hack into a single county's election system or a single jurisdiction.
But we run elections through 50 states, a bunch of different counties. It is a very decentralized process.
So it would be hard to alter the results on such a scale when you would have to penetrate a bunch of different security protocols in order to make a difference in an election.
So I think we do have a good degree of confidence in the integrity of our voting systems.
The problem is this scourge of misinformation.
And I understand why misinformation exists on this subject.
We don't actually see our ballots getting counted at a clerk's office.
They don't do that on TV.
So we kind of have to have a level of trust in the system that our votes are going to be counted,
that everybody's votes are going to be counted, that we're going to have a fair and equitable election.
One person, one vote, and we're going to end up at a fair outcome.
People take cues from their political leaders, and when elite political actors cast a doubt on the integrity of our elections, that ends up kind of causing the system to collapse on itself. And one of the ways these political actors do that is to take relatively normal things and make them seem
conspiratorial. So for example, we saw in 2020, it was a pandemic. A lot of people voted by mail.
And in several states, particularly in the Midwest, the election clerks were barred by law from opening up mail ballots until Election Day.
So the first ballots counted were ballots from people who voted on Election Day itself.
And most people who voted on Election Day were voting for Donald Trump, largely because he told his voters
to vote on Election Day. So there was this mirage that he was ahead. And really, that was just
because mail votes hadn't been counted. At a certain point in the middle of the night, they
did count the mail-in ballots. And we know from all available evidence that there was nothing
nefarious about it. There were a big batch of mail ballots. They fed them into the machine. But a lot of political leaders tried to imply that these were
vote dumps in the middle of the night, even though it was literally just counting ballots.
And it was all happening according to the rules that had been agreed to ahead of time.
Right. So there's a more sophisticated critique that says, well, these state legislatures changed rules
in the middle of an election season
because of the pandemic,
or state courts intervened to change the rules.
Those certainly might have some legitimacy,
although that needs to be fought out in a court of law,
not in a court of public opinion.
Right.
But very simple things like the fact that
mail-in ballots were counted later than election day ballots, that can lead people to conspiratorial thinking.
And it's, I think, the duty of our political leaders to ensure trust in our electoral system and not to sow doubts based on something that's really rather unremarkable.
I mean, in all elections, there have been differing modes of voting,
and certain precincts are counted before other precincts.
That's just the way we count votes.
So this scourge of misinformation and conspiracy, I think,
ends up having a really detrimental effect because people lose faith in our electoral system. Well, that's the local stuff or the provincial stuff, the call that's coming from inside the house.
I think we've also seen stories that the international actors who are looking to stir things up here in the U.S.,
they really fired up their engines over the past week or so as well to send out their own brand of disinformation.
Right.
I mean, we had a, was it a Russian oligarch
or somebody involved with the Kremlin
admit that Russia has resumed efforts
at trying to influence U.S. elections.
There are ways they can influence elections
through social media.
We heard a lot about that in 2016
just by sowing discord,
posting provocative memes
that might turn people against certain candidates
or certain causes.
Right.
It's hard to really measure
how much of an effect that actually has.
And then there are larger scale
disinformation efforts.
The most notable being hacking into
the Democratic National Committee's
emails in 2016. So that is a risk that certainly is still present and out there. I almost think
it's more important for us to fix the problems within our own house before we worry about
what happens with foreign actors. Just because I think we have to restore trust
in our electoral system
and trust that federal agencies
are going to be looking out
for these foreign actors and threats
and that it's our responsibility
to have faith in the integrity of our system.
Yeah.
Well, get out there and vote, right?
Absolutely.
By the time you hear this,
the polls might already have closed.
But if not, if you are an on-time
Daily Cyber Wire podcast listener,
you might still have a couple of hours.
There you go.
Get out there.
Do your civic duty.
All right. Ben Yellen, thanks for joining us.
Thank you. with ThreatLocker, the cybersecurity solution trusted by businesses worldwide. ThreatLocker
is a full suite of solutions designed to give you total control, stopping unauthorized applications,
securing sensitive data, and ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today to see how a default deny approach can keep your company safe and compliant. Cortado. Cozy up with the familiar flavors of pistachio or shake up your mood with an iced
brown sugar oat shaken espresso. Whatever you choose, your espresso will be handcrafted with
care at Starbucks. And that's the Cyber Wire. For links to all of today's stories, check out our daily briefing at thecyberwire.com.
The Cyber Wire podcast is a production of N2K Networks,
proudly produced in Maryland out of the startup studios of DataTribe,
where they're co-building the next generation of cybersecurity teams and technology,
and also apparently drilling holes and pulling cables.
and also apparently drilling holes and pulling cables.
Our amazing CyberWire team is Elliot Peltzman,
Trey Hester, Brandon Karp, Eliana White,
Puru Prakash, Liz Ervin, Rachel Gelfand,
Tim Nodar, Joe Kerrigan, Carol Terrio, Maria Varmatsis,
Ben Yellen, Nick Vilecki, Gina Johnson,
Bennett Moe, Catherine Murphy, Janine Daly,
Chris Russell, John Petrick, Jennifer Ivan, Rick Howard, Peter Kilpie,
Simone Petrella, and I'm Dave Bittner, desperate for a proper recording studio.
Thanks for listening, everybody. We'll see you here tomorrow. Your business needs AI solutions that are not only ambitious, but also practical and adaptable.
That's where Domo's AI and data products platform comes in. With Domo, you can channel AI and data into innovative uses that deliver measurable impact.
Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights, receive alerts, and act with ease through guided
apps tailored to your role. Data is hard. Domo is easy. Learn more at ai.domo.com. That's ai.domo.com.