CyberWire Daily - Daily: Assange still has asylum, but not so much connectivity. RT's banking woes. US-Russian cyber relations continue to worsen. General (ret.) Cartwright pleads guilty to lying about Stuxnet leaks. Email server controversy gutters on.
Episode Date: October 18, 2016In today's podcast we hear the current skinny on hacking the US elections. WikiLeaks' Assange lives, but he seems to be offline, and RT gets dumped by its British bank. The US continues to make noises... about retaliating against Russian hackers. Russia sheds crocodile tweets over American gasconade. A retired general pleads guilty to lying to the FBI. The Shadow Brokers say, really, they want someone to bid, or else. Markus Rauschecker from the University of MD Center for Health and Homeland Security explains a recent ruling involving kids' privacy online. Netskope's Ravi Balupari describes the latest behaviors of the Virlock ransomware. Level 3 keeps score on the Mirai botnet. And, fellow youths, you may after all be the weakest link. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K. stay home with her young son. But her maternal instincts take a wild and surreal turn as she
discovers the best yet fiercest part of herself. Based on the acclaimed novel, Night Bitch is a
thought-provoking and wickedly humorous film from Searchlight Pictures. Stream Night Bitch January
24 only on Disney+.
Hey everybody, Dave here. Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try DeleteMe.
I have to say, DeleteMe is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners, today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k
at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash n2k code N2K at checkout. That's joindelete.me.com slash N2K, code N2K.
Political hacking, the U.S. elections.
What's up with WikiLeaks and Russia today?
The U.S. continues to make noises about retaliation against Russian hackers.
Russia sheds crocodile tweets. A retired general pleads guilty to lying to the FBI.
The shadow brokers say, really, they want someone to bid or else. Level three keeps
score on the Mirai botnet and fellow youths. You may, after all, be the weakest link.
be the weakest link. I'm Dave Bittner in Baltimore with your Cyber Wire summary for Tuesday, October 18, 2016. Today's cybersecurity news combines the odd, the unseemly, and the lurid, which isn't
surprising since so much of it turns on politics and great power competition.
After much speculation yesterday that the U.S. had hacked him,
WikiLeaks confirms that Julian Assange's internet connectivity has indeed been cut,
and it's still apparently down, but that it wasn't cut by the United States.
Instead, the Ecuadorian government is said to be responsible for the outage.
Assange, as we know,
is currently enjoying asylum in Ecuador's embassy in London. He's wanted in Sweden for indecent
assault, a charge he denies. Ecuador's government was silent on connectivity issues, but did
indicate they will continue to extend Assange asylum. Also yesterday, RT, Russia Today, a news outlet closely aligned with President Putin's
government, has had some of its assets in the UK frozen. Its British bank, NatWest, says it's
closing RT's accounts, that the decision is not up for negotiation and that it wasn't taken lightly.
RT has since been shedding crocodile tweets on behalf of freedom of speech.
RT has since been shedding crocodile tweets on behalf of freedom of speech.
The connections between the stories are as follows.
Both WikiLeaks and Russia Today have been closely involved with, respectively,
releasing and reporting on documents related to the campaign of U.S. presidential candidate Clinton.
Those documents are, as one would expect, not reflecting great credit upon the candidate or her associates.
We note in passing that it's very difficult to look good in email.
The Clinton campaign has responded by suggesting that the doxed emails may have been altered by the Russians.
Corruption of data is obviously a very real possibility,
especially in information operations mounted by the Russian government,
and the U.S. government agrees that Russia is behind most of the election-related hacking seen this season.
But the suggestion that the emails were hoaxed stops short even of denial,
even the non-denial denial, and amounts to a kind of counsel of a priori caution.
This could happen, don't you know?
And they also point out that paying attention to these kinds of revelations
merely plays into the hands of the Russians, who would like to play kingmaker in next month's U.S.
elections. The U.S. has blamed Russia's government for the hacks that compromise the files now being
published. It's also promised some unspecified form of retaliation, and President Putin has
noted with sadness that this amounts to an American admission at a high level that it engages in state-sponsored hacking. Mr. Putin clearly has
Vice President Biden's remarks about retaliation in mind here. That the U.S. has conducted offensive
cyber operations in the past would seem to receive some confirmation from the guilty plea
retired U.S. General Cartwright entered yesterday.
He allocated, as they say on Law & Order, to lying to the FBI about having discussed Stuxnet
with reporters. The New York Times has expressed some muted disapproval of the prosecution's First
Amendment implications. General Cartwright also said that he was not the original source of the
leaks. But in the case of Fancy Bear and Cozy, the promised U.S. response remains unspecified.
It is, however, supposed to be a lulu, something that will send a message that Russia's president
cannot misread. Russian spokesmen have expressed both outrage at the stated U.S. intentions and
scorn for the capabilities the U.S. darkly hints it may deploy.
There's much speculation but little direct evidence that both NatWest Bank and the government of Ecuador may be responding to U.S. inducements to act against Russian
interests and those of Julian Assange. Speaking of Mr. Assange, the Twitterverse
was much agitated by rumors that he had died. Either conventionally assassinated or done to death by a tainted vegan meal,
Baywatch alumni Pamela Anderson is said to have taken him over the weekend.
In any case, he's fine.
The Fuhrer seems to have been ignited over some ambiguous tweets with numerical sequences in them,
WikiLeaks broadcast after Assange lost connectivity in his embassy quarters.
Those were interpreted as a kind of dead man's switch, but whatever they were, again, Mr. Assange appears to
be okay. Other documents, these released and not leaked, suggest that former Secretary of State
Clinton may have shared classified information with uncleared concierge Sidney Blumenthal over
her now-famous private email server.
Other material disclosed from the FBI investigation of said server
appear to suggest a senior State Department official
asked for retrospective declassification of some material
in exchange for his good offices in expediting FBI diplomatic assignments
to hitherto unavailable embassy posts.
The veerlock strain of ransomware continues to be a threat.
We spoke with Ravi Balupari from Netscope on what they're seeing Veerlok do in the wild.
What we have observed is some of the latest variants are exhibiting a new propagation vector
which equates to creating a cloud malware fan-out effect.
Okay, so take us through that. How are these new variations of VeerLock affecting things in the cloud?
So let's walk through one scenario. Let's say you have an enterprise with hundreds of users,
and they are using a cloud application application let's say a cloud storage application
such as box now in a typical enterprise people collaborate on documents so the user a is actually
you know sharing the document with user b and the user b in turn can share it with multiple other
users the user b can also share other documents with other users.
But in the Verloc ransomware, the pan out effect, let's say the user A's device is infected with ransomware, especially with Verloc.
The documents on his machine get synced to the cloud those documents in the cloud would get you know synced
to all the users with whom the document is shared now since the user a is infected with warlock
the warlock infected document is synced to the cloud the same document is getting back onto user
b's machine and user b you know inadvert, inadvertently, you know, clicks open
the document, he would in fact get reinfected with Verloc.
And then all the documents on his machine would get encrypted with Verloc.
And if he has shared other documents with other users, they would again get synced to
the cloud and then, you know,
they would go back to the other users' machines. So, I mean, as you can notice, there's a pattern
here wherein the infection is growing through the enterprise. You can think of it more like a worm
where Warlock virus ransomware is spreading through the network.
That's Ravi Balapari from Netscope.
The shadow brokers still haven't got any real bids on their auction of Equation Group tools.
They tell anyone who may still believe this is a real auction that they've now had it,
as the register puts it in an homage to Blazing Saddles,
pay the brokers 10 Bitcoin or the code gets it.
Level 3 has been working on the Mirai Internet of Things botnet.
They've developed a list of indicators of compromise and believe that almost 500,000 bots,
most of them in the US, Colombia, and Brazil, are being herded via Mirai malware.
Level 3 concludes from this that a lot of DVRs and IP cameras owned by consumers and small businesses are being herded via Mirai malware. Level 3 concludes from this that a lot of DVRs and IP cameras owned by
consumers and small businesses are being herded, and that a large number of bots are being deployed
against single victims. What can you do? Level 3 recommends the two Ps, patches and passwords.
Finally, my fellow youths, I have some news we'd like to hip you to. The younger crowd likes to think that it's mostly geezers and has-beens who fall for the tech support scam,
where someone calls you up and says your computer has a problem,
and that they can fix it if you give them control by handing over your password.
But it turns out it's not the gray-headed duffers who swallow the bait, hook, line, and sinker.
It's millennials.
A study by Microsoft and the National Cybersecurity Alliance
finds that half, that's right, half,
of the marks who fall for this horry con
are between the ages of 18 and 35.
So be careful, youths, what you tell the strangers who call.
And while you're at it, get off my lawn.
Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks. But get this, more than 8,000 companies
like Atlassian and Quora have continuous visibility into their controls with Vanta.
Here's the gist. Vanta brings automation to evidence collection across 30 frameworks,
like SOC 2 and ISO 27001. They also centralize key workflows
like policies, access reviews, and reporting
and helps you get security questionnaires done
five times faster with AI.
Now that's a new way to GRC.
Get $1,000 off Vanta
when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1,000 off.
Cyber threats are evolving every second, and staying ahead is more than just a challenge.
It's a necessity. That's why we're
thrilled to partner with ThreatLocker, a cybersecurity solution trusted by businesses
worldwide. ThreatLocker is a full suite of solutions designed to give you total control,
stopping unauthorized applications, securing sensitive data, and ensuring your organization
runs smoothly and securely. Visit ThreatLocker.com today to see how a default-deny approach
can keep your company safe and compliant.
Joining me once again is Marcus Roshecker.
He's the Cybersecurity Program Manager at the University of Maryland Center for Health and Homeland Security.
Marcus saw an article in Wired Magazine about New York cracking down on Mattel and Hasbro for tracking kids online.
What can you tell us about the regulations when it comes to tracking our kids?
Yeah, so in this day and age, I think most of us take it for granted that
when we go online, a lot of information is collected about us in terms of where we go to
shop, what we buy, what sites we visit. All of that is being tracked constantly as we're surfing
the web. And for the most part, I think we've kind of accepted that and we're okay with that.
And for the most part, I think we've kind of accepted that and we're okay with that.
But it seems that we're not okay with that when it comes to our kids.
And there is actually a law in place, the Children's Online Privacy Protection Act, which helps parents protect their kids when information is collected about them online.
Parents want to know that their kids are protected when they are online. And this law,
COPA for short, allows parents to be reassured when it comes to letting their kids surf online.
Basically, what the law says, what COPA says, is that websites that are specifically targeted to kids need to have policies in place and terms of service in place that allow parents to know exactly what kind of information the website would be collecting about their kids when the kids are on the website.
This is specifically for kids under the age of 13.
Yeah, you know, I see a lot of television commercials for products that say visit our website.
But when they're kids products, they often say, you know know ask your parents before you visit our website and i guess that that
ties into this right so whenever whenever a a product or a website is targeted specifically
for kids on the age of 13 there's going to need to be some parental notification there as well so
that parents will make the decision about whether or
not their kids will be able to go on that website and interact with the website. And in this case,
New York decided that both Mattel and Hasbro were not up to the standards of the law,
and they got hit with some pretty hefty fines. Right. So the penalties can be pretty hefty when a company doesn't follow
the law in this case. I think that's understandable in that most of us would want to make sure that
our kids are protected to the greatest extent possible. So the fines are pretty hefty for any
violations of these rules accordingly. Yeah. According to the article in Wired,
they paid a combined total of $835,000 in fines. That'll buy a lot of Barbies.
Yeah.
All right, Marcus, thanks for joining us.
Thank you very much.
And now, a message from Black Cloak.
Did you know the easiest way for cybercriminals to bypass your company's defenses is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform
secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk. In fact, over one-third of new members
discover they've already been breached. Protect your executives and their families 24-7, 365
with Black Cloak. Learn more at blackcloak.io.
And that's The Cyber Wire.
We are proudly produced in Maryland by our talented team of editors and producers.
I'm Dave Bittner. Thanks for listening. Your business needs AI solutions that are not only ambitious, but also practical and adaptable.
That's where Domo's AI and data products platform comes in.
With Domo, you can channel AI and data into innovative uses that deliver measurable impact, Thank you. role. Data is hard. Domo is easy. Learn more at ai.domo.com. That's ai.domo.com.