CyberWire Daily - Daily: Alleged Russian hacking & info ops, under investigation by US. IoT botnets continue to exact a DDoS toll. Yahoo! security practices.
Episode Date: September 28, 2016In today's podcast, we hear about alleged Russian hacking and information operations, and US investigations of the same. The Russian goal is thought to be the undermining of US elections' credibility.... DDoS has come to the IoT. Yahoo! security receives some harsh scrutiny. TheDarkOverlord is back, and extorting investment bankers. Kathleen Smith from ClearedJobs.net returns for more conversation about retaining employees. Malek Ben Salem from Accenture Labs explains research in semantic technology for analytics. And how much does a bear weigh, anyway? (We're thinking it would be a European Brown Bear, right, Fancy?) Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K. stay home with her young son. But her maternal instincts take a wild and surreal turn as she
discovers the best yet fiercest part of herself. Based on the acclaimed novel, Night Bitch is a
thought-provoking and wickedly humorous film from Searchlight Pictures. Stream Night Bitch January
24 only on Disney+.
Hey everybody, Dave here. Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try DeleteMe.
I have to say, DeleteMe is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners, today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k
at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash n2k code N2K at checkout. That's joindelete.me.com slash N2K, code N2K.
U.S. authorities investigate alleged Russian attempts to influence upcoming elections.
DDoS has come to the IOT.
Yahoo! Security receives some harsh scrutiny.
And how much does a bear weigh anyway? The Dark Overlord is back and extorting investment bankers.
We're thinking it would be a European brown bear.
I'm Dave Bittner in Baltimore with your CyberWire summary for Wednesday, September 28, 2016.
U.S. authorities continue to investigate what they take to be Russian intelligence services' information operations.
These include selective feeding of hacked material to various websites,
some legitimately independent, like the news services who report the leaks,
some of them fronts, like the shadow brokers and DCLeaks,
others not obviously either, like WikiLeaks,
although Mr. Assange's crew has been trending Russian.
The apparent goal remains undermining U.S. elections
and consequent diminution of U.S. prestige and influence internationally,
especially when such influence is tied to American advocacy
of democratic political reforms.
The New York Times caught up with the proprietor of King Servers,
which ThreatConnect has associated with the IP addresses the FBI says were used
in this summer's intrusions into state voting services.
That proprietor is Vladimir M. Fomenko, a 26-year-old shredder in Bisk, Russia,
who has a Guy Fawkes tattoo and a business renting out servers in Europe and North America.
Mr. Fomenko is as coy about hacking as Russian officialdom has been.
He's even willing to talk to the FBI, he says.
Quote, if the FBI asks, we are ready to supply the IP addresses, the logs, but nobody is asking.
That is a big question. End quote.
addresses, the logs. But nobody is asking. That is a big question. End quote. So there's a studied ambiguity in Russia about how the discreditable material now in public circulation has been
obtained from U.S. networks. There's no ambiguity whatsoever about the conclusions people are
invited to draw from the doxed files. Speaking of the U.S. election, Mr. Fomenko observes, quote,
In Russia, we don't have this type of election. It looks like little children fighting, end quote.
Reuters reports that the FBI has also recently opened an investigation into attempted hacks of senior Democratic Party figures' smartphones.
Neither the DNC, the Clinton campaign, nor the FBI was willing to offer comment, but Reuters cites sources in a position to know
as saying the inquiry is connected to suspected Russian attempts to influence U.S. elections.
Very large distributed denial-of-service attacks continue, and observers find the
attackers' exploitation of poorly protected IoT devices particularly worrisome.
Krebs on security has recovered thanks to Google's Project Shield,
but an even larger IoT-based attack is said to have hit OVH hosting. It's hard to patch the
things that make up the Internet of Things, as the Register observes, and it's even harder to
do so when the things in a network are at the end of their life cycle. On yesterday's show,
we spoke with Kathleen Smith from ClearJobs.net about the Hacking the Job Shortage study from Intel.
Today, we share the second part of our conversation, where we discussed employee turnover and retention.
Are there companies that just seem to be okay with churn?
I think most companies are okay with churn.
are okay with churn. The challenge, you know, when you look at the open positions that are out there,
the study really felt that the United States government and the finance industry were those that were most heavily invested in cybersecurity and that we should be looking
at them to have innovations in recruiting and retaining our workforce. But when
I took a look at recruiting and retention within the finance industry, it is not any different
than we see from many of the other industries out there. I mean, more technical companies are doing
more fascinating and captivating strategies to recruit and retain their workforce.
And the U.S. government has had to always deal with specific regulations,
specific technology, USAjobs.gov.
They're not really making many changes.
They have come out with one-on-one programs.
There are some programs that are maybe making minor headway, but there hasn't
been a full scale. We need to overhaul our system to be able to take on this challenge.
So when the best of the best find a place that they can call home, what do they find? What are
the things that make them go there and make them stay?
The things that make them go there are knowing that they're going to be part of a best-in-class
company and best-in-class team. Referrals, word of mouth, employee referral programs,
no matter the industry, are still the best ways for companies
to find their candidates. And having a really great best-in-class intrusion detection and
penetration testing team, those companies don't have any problem finding other candidates because
people are really interested in working with those people who are doing the most innovative technology.
When they go there, they know that no matter how blue their hair is, how many tats they
have, that they're still respected and accepted as a professional and that they're part of
a community and they're part of a team.
It's also understanding that there's going to be some times when there's going to be
some strange things going on and they're accepting of that. I've talked to many managers who say,
you know, I have to trust them. They're doing something that I don't quite understand,
but I have to trust them. And that's the one thing that I've seen in my 20 years of working in recruiting and marketing is that employers don't trust their employees.
And I think that that's why we need to look at the cybersecurity workforce challenge
as a way to say we need to change recruiting and workforce management.
If we're going to have candidates come into our companies, we have to trust them.
That's Kathleen Smith. She's the Chief marketing officer at ClearedJobs.net.
Yahoo's security practices draw sharp criticism from observers,
who argue that marketing decisions made under intense competitive pressure
drove the struggling Internet giant to take fatal shortcuts.
Insiders speaking on condition of anonymity to the New York Times
say Yahoo was slow to adopt the sorts of security measures Google and other companies put in place
after widely reported Chinese hacking in 2010. Yahoo was, for example, a relatively late adopter
of bug bounties, and CEO Mayer is said to have underfunded her now-departed CISO's efforts to
shore up security.
The company also declined to require a recommended password reset for fear of driving away email customers.
The consequences of the Yahoo breach for the company's deal with Verizon remain uncertain.
The Dark Overlord, whoever that is, is back and seeking to extort ransom from Los Angeles
investment bank West Park Capital.
The Dark Overlord says he'll release sensitive documents if he's not paid
and has offered a teaser of what he has. Flashpoint believes at least 13 organizations
would be harmed by the doxing. The documents appear to represent inside information of
investment and M&A planning. Finally, the suggestion made in the U.S. presidential debates this week
that, for all we know, the hacker of the DNC could have been some 400-pound guy
sitting on a bed in his parents' house has attracted much unfavorable comment.
The 400-pound weight, one of the candidates cited, has been particularly reprehended,
with some even suggesting that it's sufficiently offensive a characterization of the presumably unknown hacker
that it's likely to prompt outraged and honor-driven cyber-retaliation
against the candidate responsible for the canard.
We must, in all candor, agree.
A quick consultation of the internet tells us
that Fancy Bear probably weighs at least twice that,
and Fancy's been so active lately that the
bed in his or her parents' house may just be too hard to lull a bear to sleep. After all, if you
were Fancy Bear, you wouldn't like being cheated out of 200 plus pounds. What would Cozy Bear think?
For our non-U.S. listeners, 400 pounds is a tad north of 181 kilos. 800 pounds would be about 367 kilos.
That's a lot of bear in anybody's book. And fancy, cozy, we're willing to credit you with
800 pounds each at least. And that's no bull.
Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks. But get this.
More than 8,000 companies like Atlassian and Quora
have continuous visibility into their controls with Vanta.
Here's the gist. Vanta brings automation to evidence collection across 30 frameworks like SOC 2 and ISO 27001.
They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done five times faster with AI.
Now that's a new way to GRC.
Get $1,000 off Vanta when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1,000 off.
Cyber threats are evolving every second,
and staying ahead is more than just a challenge.
It's a necessity.
That's why we're thrilled to partner with ThreatLocker,
a cybersecurity solution trusted by businesses worldwide. ThreatLocker, a cybersecurity solution trusted by businesses worldwide.
ThreatLocker is a full suite of solutions designed to give you total control, stopping unauthorized applications, securing sensitive data, and ensuring your organization runs smoothly
and securely. Visit ThreatLocker.com today to see how a default deny approach can keep your company safe and compliant.
Joining me is Malek Ben-Salem. She's the R&D manager at Accenture Technology Labs. Malek,
I know you wanted to tell us about some of the work you're doing with semantic technology for security analytics.
Correct.
An example of semantic technologies is ontologies,
which are typically used to enable knowledge sharing and reuse.
In our lab, we try to leverage ontologies to enhance security analytics at the edge.
This was a DARPA-funded project.
It was part of the program called ICAST, the Integrated Cyber Analysis Systems Program that DARPA funded. used an ontology. We defined and built a new cybersecurity ontology, which we leveraged to
look at logs created by new software installed on devices and automatically infer the schema of that
log based on the security ontology that we've developed. Why is this important? It's because users will
keep using software all the time, and security analysts will need to understand any logs created
by that software and need to use it for understanding when a device is compromised
or when software is compromised. However, if they use existing
SIM technologies, they would have to build APIs for every new software and every new log format
that's created. With our tool, with this automated way of inferring the schema of that log,
automatically, they don't have to do that. And all of that information, all of those logs
that are created can be automatically consumed, contextualized, that information can be
contextualized. And obviously, with more context, the better decisions security analysts can make
about what the incident is about, what's the root cause, and where to look further to understand what's causing it.
And so what kind of accuracy do you get with this sort of system?
It varies depending on how structured the log is.
So some of these logs are very structured in their schema.
Others are what we can call semi-structured types of data.
But we are conducting experiments to measure those accuracies.
All right, Malek Ben Salem, interesting stuff.
Thanks for joining us.
And now a message from Black Cloak.
Did you know the easiest way for cyber criminals to bypass your company's defenses
is by targeting your executives
and their families at home?
Black Cloak's award-winning
digital executive protection platform
secures their personal devices,
home networks, and connected lives.
Because when executives
are compromised at home,
your company is at risk.
In fact, over one-third of new members discover they've already been breached. Protect your executives are compromised at home, your company is at risk. In fact, over one-third of new members discover they've already been breached.
Protect your executives and their families 24-7, 365, with Black Cloak.
Learn more at blackcloak.io.
And that's The Cyber Wire.
We are proudly produced in Maryland by our talented team of editors and producers.
I'm Dave Bittner. Thanks for listening. Thank you. uses that deliver measurable impact. Secure AI agents connect, prepare, and automate your data
workflows, helping you gain insights, receive alerts, and act with ease through guided apps
tailored to your role. Data is hard. Domo is easy. Learn more at ai.domo.com. That's ai.domo.com.