CyberWire Daily - Daily: Assange to DNC: buckle up. False flags and acts of war. Blockchain notes.
Episode Date: June 20, 2016In today's podcast we review the bidding over responsibility for the DNC hack—most observers still think signs point toward Moscow. Wikileaks promises more DNC documents to come. Suspicions revive t...hat the Cyber Caliphate may be a false-flag operation and other notes on the difficulty of attribution. Dridex may be present in some SWIFT-related bank fraud. Angler seems gone for good (but replaced by other exploit kits). UK MPs suggest holding CEO's responsible for breaches by hitting their pay. Tanium and FireEye and their rejected suitors. DoJ responds to the Silk Road appeal. Jonathan Katz from the University of Maryland explains the Etherium/DAO cryptocurrency heist, and Ryan Stolte from Bay Dynamics share results from a report on board room engagement with cyber. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K. stay home with her young son. But her maternal instincts take a wild and surreal turn as she
discovers the best yet fiercest part of herself. Based on the acclaimed novel, Night Bitch is a
thought-provoking and wickedly humorous film from Searchlight Pictures. Stream Night Bitch January
24 only on Disney+.
Hey everybody, Dave here. Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try DeleteMe.
I have to say, DeleteMe is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners, today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k
at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash N2K, code N2K. sock puppets and false flags. U.S. investigation into jihadist chatter surrounding the Orlando massacre proceeds cautiously.
Drydeck said to be present in networks hit by SWIFT-related bank fraud.
Angler seems as gone for good as threats ever are in cyberspace,
but it's got several successors.
Boards and CEOs' responsibilities for breaches,
notes on rejected M&A suitors,
and the DOJ doesn't think much of the Silk Road appeal.
I'm Dave Bittner in Baltimore with your CyberWire summary for Monday, June 20, 2016.
The DNC hacker or hackers remains or remain elusive.
Guccifer 2.0 released Democratic Party donor lists late last week, and also emails purporting to show long-standing DNC preference for the party's presumptive nominee. Like the
earlier opposition research on the Republicans' presumptive nominee, none of this information is
as surprising as some of the shocked, shocked reactions to the hack would have it. WikiLeaks,
whose Julian Assange is no friend of the presumptive Democratic nominee,
says it's received more documents from the DNC compromise
and that these show how the primary process was manipulated.
Whether that amounts to more than an expression of DNC preferences remains to be seen.
Attribution remains controversial.
Guccifer 2.0 has maintained that he or she or they is not the Russian government.
There are clues in leaked material pointing to Russian speakers, but they aren't dispositive,
and Russian speaking needn't mean the Russian government.
There's a community of Russian speakers about 15 miles south-southwest of us, for example,
that has nothing to do with the Russian government,
and our editor said loudly he'd bet a month's pay they've got nothing to do with this hack either.
editors said loudly he'd bet a month's pay they've got nothing to do with this hack either.
Some outlets have accepted at face value Guccifer 2.0's claims to be an independent,
disinterested hacktivist, with the British magazine Computing going so far as to characterize the episode as an embarrassment for CrowdStrike, the firm whose investigation fingered the Russian
government. But CrowdStrike has been standing by its attribution of the attack to the probable work of the FSB and GRU.
They note, as do others, that Guccifer 2.0 could easily be a false flag for the Russian intelligence services,
and others have been commenting on the very long record of provocation by Russian security services,
more than a century extending through the Soviet era and back to the Tsars.
An op-ed by Immunity CEO Dave Itell running in Ars Technica
bluntly dismisses the idea that a lone hacker breached the DNC as not believable
and says, quote, the DNC hack and dump is what the cyber war looks like, end quote.
He argues that elections should be regarded as off-limits as much as critical infrastructure
and says the episode should serve as a test case
for how the U.S. will respond to a cyber attack by a nation-state.
Some of these observers are arguing that the group operating as the Cyber Caliphate
is also a Russian front group,
although ISIS sympathizers calling to one another online
and committing low-grade cyber vandalism
would hardly seem to require or indeed use such support or coordination.
Jihadist chatter surrounding the Orlando massacre remains under very cautious investigation in the U.S.
The gunman used Facebook during both the run-up to the shooting and during the massacre itself,
which has drawn some criticism toward Facebook.
Most observers regard this as unfair, noting that Facebook has long had a fairly effective policy against terrorist content in place,
and pointing out the difficulty of interdicting such content in near real time.
The FBI has attracted similar criticism, and here observers have again drawn attention to the tension between surveillance and civil liberties.
Transcripts of Shooter Mateen's 911 calls are expected to be made public by the Justice Department later today,
but U.S. Attorney General Lynch has said they'll be redacted to excise Mateen's Pledge of Allegiance to ISIS.
The reason offered for the redaction is official U.S. unwillingness to spread ISIS propaganda.
The DAO, that's the Decentralized Anonymous Organization Fund, has been attacked,
and public blockchain platform Ethereum has lost some $50 million in cryptocurrency.
The funds that were drained, they're called Ether in the cryptocurrency subculture,
can't be used for almost a month, however,
and an attempted rollback will serve as a test case for blockchain's self-healing abilities.
We caught up with the University of Maryland's Jonathan Katz this morning
and asked him about this particular caper and technology behind blockchain. We'll hear from him after the
break. While most speculation about the Bangladesh bank hack and other swift-linked fraud have
centered on North Korean Lazarus group code found in the affected systems, the presence of drydex
leads others to suspect Russian gang involvement. Elsewhere in cybercrime, after having vanished for a couple of weeks,
the Angler exploit kit really does seem to have departed the scene.
Malwarebytes has been reviewing what post-Angler cybercrime looks like.
Neutrino is the number one replacement, followed by Rig, Magnitude, and Sundown.
Magnitude is being seen in what Malwarebytes sniffs are low-quality campaigns.
Sundown, a newcomer in Something of a Darkbytes sniffs are low-quality campaigns.
Sundown, a newcomer in Something of a Dark Horse, is appearing in malvertising campaigns.
A parliamentary committee in the UK that's been looking into the TalkTalk hack and other incidents suggests that CEOs whose companies are hacked should have their pay docked,
so Baroness Harding might well look to her purse.
That boards and executives have become markedly
more attentive to cybersecurity seems, however, beyond dispute. We spoke with Bay Dynamics founder
and CTO Ryan Stolte about this issue, and he shared the results of Bay Dynamics' study of
board involvement with cyber. Board of directors are accountable for setting the risk appetite for
an organization, whereas senior executives will actually run the company.
And what was interesting is if you look at cyber risk in comparison to other types of risk,
like financial risk, regulatory risk, competitive risk, and legal risk,
cyber risk was rated actually a bigger concern for board of directors. And it was just slightly bigger than these, but these are the
standard pillars of risk that any company faces. Financial risk is obviously of key importance,
but regulatory risk, legal risk, competitive, et cetera, those are the things that'll make or
break an organization. So to see that the board of directors is considering cyber
risk at or above the level of concern of those other prominent risk factors or risk conversations
was surprising to me and very positive. And I think that the outcome of that is that was a
major shift in the market out there, and I think a critical
shift in order for us to get ahead of the cybersecurity challenges that we face.
And I think that conversation has shifted from maybe it'll happen, and I hope it doesn't
happen to me, and we've transitioned into we're definitely under attack.
We understand that, and we need to provide great care for the
cybersecurity challenge. The report also revealed that boards are demanding an ever-increasing level
of communication skills from their company's leadership. 59% of the board members said that
if we don't get high-quality information from our cybersecurity leadership, they may be terminated.
And it's, you know, the analogy that we'll make is imagine if your chief financial officer
walked into a boardroom and had inconsistent presentations, inconsistent numbers.
They were incomplete or didn't make sense.
They'd probably be walked straight out of the room.
You want the means of communication, how the numbers are reported,
to be consistent and understandable and tell a story. And if the cybersecurity leadership is not able to do that,
more than half of them are saying that the cybersecurity leadership will lose their job.
That's Ryan Stolte from Bay Dynamics. You can read the report on their website.
In other industry news, CRN reports that much-admired unicorn
Tanium rejected acquisition bids from both VMware and Palo Alto networks. The Motley Fool looks at
another company that turned down acquisition bids, FireEye, and says there were two rejected suitors,
Symantec, they're pretty sure about this one, and Cisco, less certain, but signs point toward San
Jose. Symantec, of course,
did purchase Blue Coat, and industry observers continue to believe that acquisition an important
one, especially in its implications for the cloud access security market.
And finally, our day's summary of the news concludes with a look at crime and punishment.
The U.S. Department of Justice responded to convicted Silk Road boss Ross Ulbrich's appeal
for a new
trial by arguing his motion should be denied and that he should spend the rest of his days in jail.
And police sweep up a cage full of online predators around Houston, Texas.
So far, none of them have offered the obvious defense.
I was framed.
It was, of course, Guccifer 3.0.
Do you know the status of your compliance controls right now?
Like, right now?
We know that real-time visibility is critical for security, but when it comes to our GRC programs, we rely on point-in-time checks.
But get this.
GRC programs, we rely on point-in-time checks. But get this, more than 8,000 companies like Atlassian and Quora have continuous visibility into their controls with Vanta. Here's the gist.
Vanta brings automation to evidence collection across 30 frameworks, like SOC 2 and ISO 27001.
They also centralize key workflows like policies, access reviews, and reporting,
and helps you get security questionnaires done
five times faster with AI.
Now that's a new way to GRC.
Get $1,000 off Vanta
when you go to vanta.com slash cyber.
That's vanta.com slash cyber
for $1,000 off.
Cyber threats are evolving every second, and staying ahead is more than just a challenge. It's a necessity.
That's why we're thrilled to partner with ThreatLocker,
a cybersecurity solution trusted by businesses worldwide.
ThreatLocker is a full suite of solutions designed to give you total control,
stopping unauthorized applications, securing sensitive data,
and ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today to see how a default
deny approach can keep your company safe and compliant.
Joining me once again is Jonathan Katz. He's a professor of computer science at the University
of Maryland and heads up the Maryland Cybersecurity Center. Jonathan, news over the weekend broke that the Ethereum cryptocurrency lost about $500 million
in value over the weekend after $60 million worth of digital currency was stolen from DAO,
a venture capital fund. What can you tell us about Ethereum?
Well, Ethereum, you can think of as kind of a second generation of Bitcoin.
At a very high level, Bitcoin, we know, provides the blockchain, which is a distributed mechanism
for keeping track and keeping a record of all the transactions in the system. And again,
at a very high level, what Bitcoin allows is for people to send money from one person to another,
send Bitcoins from one address to another.
Ethereum takes that to another level.
What Ethereum does is it allows essentially arbitrary code to be used to define
when money is transferred from one person to another,
and these are the smart contracts you mentioned.
So just as an example, Ethereum would allow you to write a contract
that would transfer money conditioned on a future event.
So this is a very simple way of gambling.
You could write a contract that would transfer money depending on, say, who won the NBA finals.
And then after that event had occurred and it was determined who won,
the contract itself would determine who gets the money from that contract.
So they set up this contract system and someone figures out a way to extract $60 million from it.
How did this come to pass?
Well, I guess it wasn't exactly the Ethereum system.
What it was was this thing called the DAO, which you can think of as a distributed investment fund.
So again, these smart contracts are very powerful.
And what you can imagine is you have some set of contracts set up that allow people to put money into a fund
and then to collectively vote on what
investments that fund should make and then to withdraw their money at any time if they wanted
to. And what happened here is that the system, this investment fund, as it were, kind of defines
the rules of the system by the code itself. Whatever is allowed by the contract defining
this distributed investment fund is what's allowed in the system. And a smart person, a smart hacker came along and was able to figure out a way to write a contract
that allowed them to withdraw essentially more money than they put in.
And this caused the fund to lose a lot of money.
They essentially stole money from the fund.
And this is now causing quite an uproar within that community.
Usually we think of systems being defined by some English language description
or maybe a more formal legal description of what the system should do
and then you try to write your code to capture the intent of the system.
And in this case, as you said, the founders of this fund had these principles
that what was allowed within the system is defined by the code itself.
And because the code allowed this attack to take place, then by the rules of the system,
it was okay and should be allowed. Of course, it doesn't go, it doesn't follow the intent of the
founders of the system. And now they're trying to figure out whether, and if so, how to recover
from this attack. All right. Well, keep an eye on it. Jonathan Katz, as always,
thanks for helping us
understand it. And now a message from Black Cloak. Did you know the easiest way for cyber criminals
to bypass your company's defenses is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform secures their personal Thank you. Protect your executives and their families 24-7, 365 with Black Cloak.
Learn more at blackcloak.io.
And that's the Cyber Wire.
We are proudly produced in Maryland by our talented team of editors and producers.
I'm Dave Bittner. Thanks for listening.
Your business needs AI solutions that are not only ambitious,
but also practical and adaptable.
That's where Domo's AI
and data products platform
comes in. With Domo, you can channel AI and data into innovative uses that deliver measurable
impact. Secure AI agents connect, prepare, and automate your data workflows, helping you gain
insights, receive alerts, and act with ease through guided apps tailored to your role.
receive alerts, and act with ease through guided apps tailored to your role.
Data is hard. Domo is easy.
Learn more at ai.domo.com.
That's ai.domo.com.