CyberWire Daily - Daily: Black Hat, of course. US election concerns, and more jihadist info ops.
Episode Date: August 4, 2016In today’s podcast, we get some updates from Black Hat. DNC hacks raise questions about US voting security, and Democratic Senators call for hearings on Donald Trump’s request that Russia find the... 30,000 emails deleted from Hillary Clinton’s State-Department-era homebrew server. China seems to be probing Philippine networks in conjunction with the dispute over territorial waters in the South China SeaMore signs that Telegram is leaky. Updates on ISIS and its competitors’ information operations. The Gozi banking Trojan is headed for US targets. Bitfinex is looted of tens of millions in Bitcoin. The Real Deal criminal market’s boss is missing. Vikram Sharma from Quintessence Labs shares lessons learned about entrepreneurial course correction. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K. stay home with her young son. But her maternal instincts take a wild and surreal turn as she
discovers the best yet fiercest part of herself. Based on the acclaimed novel, Night Bitch is a
thought-provoking and wickedly humorous film from Searchlight Pictures. Stream Night Bitch January
24 only on Disney+.
Hey everybody, Dave here. Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try DeleteMe.
I have to say, DeleteMe is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners, today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k
at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash n2k code N2K at checkout. That's joindelete.me.com slash N2K, code N2K.
Blackhat sees some winners, not only of the Best of Blackhat competition,
but also the experts who captured the flag at the Kaizen.
DNC hacks raise questions about U.S. voting security.
Democratic senators call for hearings on Donald Trump's request that Russia find the 30,000
emails deleted from Hillary Clinton's State Department-era Homebrew server.
China seems to be probing Philippine networks in conjunction with a dispute over territorial
waters in the South China Sea.
The Gozi banking trojan is said to be headed for U.S. targets.
Bitfinex is looted of tens of millions in Bitcoin.
The real-deal criminal market seems to be suffering from poor customer service, and
no one quite knows what's become of the boss.
I'm Dave Bittner in Baltimore with your CyberWire summary for Thursday, August 4th, 2016.
We're out at Black Hat and we'll have an additional podcast devoted to some interviews with the participants.
But for now, we'd like to recognize some of the people who've taken honors at the event,
starting with Aaron Lint, Vice President of Research at ARCSAN,
who placed first in Booz Allen Hamilton's Kaizen.
The Kaizen is a Capture the Flag event sponsored annually by Booz Allen Hamilton.
We spoke with Booz Allen Hamilton's Timothy Neri about the competition.
It started about four years ago as an internal training exercise,
and we've been bringing it out to Black Hat and running this competition for a couple years now.
It's a great exercise for people to sharpen their cybersecurity skills and their tool sets and learn some new things. So this year at Capture
the Flag we're running a traditional Jeopardy style. So we have challenges ranging from
web hacking to exploitation, reverse engineering, coding, a little bit of everything. Kaizen
itself is rooted in the Japanese culture and has a meaning of continuous improvement of self.
And that's something that we feel very strongly about and that we want to continuously improve our skill set in cybersecurity.
And that you always have to stay on top.
Doing capture flags is one great way to keep your skills sharp.
This year's Kaizen winner was Aaron Lindt, vice president of research at ArcXan.
I'm actually a repeat player. I came in third place
a couple years back, but first time I won. I'm a graduate of Purdue University, a computer science
master's there, and I started off working at a small application security company. I kind of
worked up through the ranks as kind of being a good white hat hacker and attacker, you know,
can really enforcing, like, I'm always about practical attacks in software, not the sophisticated
crazy hacks.
Most of the hacks that happen are kind of simple and really straightforward.
That's one of the things I think is misconception that a lot of people have.
So these competitions sort of highlight that fact and make it accessible to people.
It's an excellent tool to learn. It's an opportunity
to branch out in a safe space. You're not on the fire line. It's not your employment
at risk, etc. So I always encourage people that are learning in InfoSec to play CTFs
as many and as often as you can. I always find it very interesting that there's something
new and that you learn
something new every time. That's why, you know, keeping fresh with these skills is really important.
Congratulations, Aaron. Congratulations also to the winners of Dark Reading's Best of Black Hat,
Deep Instinct, which was named Most Innovative Startup, Vectra, recognized as the most innovative
emerging company, and Paul Vixie, founder and CEO of Farsight Security, named the most innovative thought leader.
In the wider world, the Democratic National Committee complains that the FBI should have warned the DNC earlier that it was under cyber attack.
Had they known, the DNC says, they would have been quicker to defend, secure, and remediate.
The leaked emails from the DNC, the Democratic Congressional Campaign Committee, and the Clinton campaign,
more of which WikiLeaks promises are coming,
continue to stoke concerns about the security of U.S. voting systems.
Homeland Security Secretary Jay Johnson mulls publicly about designating voting systems as critical infrastructure,
but observers see this as, so far, amounting to little
more than an assertion of agency equities in line with the recently issued PPD-41, the president's
directive on U.S. cyber incident coordination. Issues of technology, procedures, and above all
resources remain to be addressed. Questions about former Secretary of State Clinton's homebrew
server persist,
and some Democratic senators are calling for hearings on Republican candidate Trump's invitation that Russia find and release Clinton's missing emails.
Dispute over ownership of territorial waters in the South China Sea again finds expression in cyberspace.
Chinese cyberunits appear to be prospecting Philippine targets with spyware.
F-Secure has observed the Nanhaishu rat active in regional networks.
North Korea is again actively engaging South Korean targets.
Seoul is complaining that Pyongyang has been hacking emails of South Korean diplomats.
Turning to the Islamic State and its online activities,
it's long been noted that secure messaging app Telegram
has for some time been one of ISIS's preferred means of communication.
Unfortunately for the caliphate, Telegram seems leakier than ever.
Iranian hackers are said to have taken another run at the app
and uncovered data, specifically including phone numbers, on some 15 million users.
Whether or not one of their command and control channels has proven less secure than they'd
hoped, ISIS and its competitors in jihad continue to work on their online inspiration of followers.
Egypt's Islamic State affiliate takes to the internet to promise suffering to Israel.
Boko Haram, in what amounts by jihadist standards to a charm offensive, goes online to promise
more attacks on Christians,
but reassures everyone that it will leave mosques alone.
Pakistan's al-Qaeda and Taliban group seeks to inspire through the example of Osama bin Laden,
whom, of course, they present as a martyr.
In cybercrime news, U.S. banks and credit unions are warned
that a fresh wave of Gozi malware infections is headed their way.
Gozi is an evolved version of earlier banking trojans.
It's engineered to be stealthier than its predecessors,
and it seems optimized for accomplishing fraudulent funds transfers.
Bitcoin exchange Bitfinex has taken itself offline after losses that for now total somewhere between $66 and $72 million.
Trading is suspended until the exchange can clap a stopper over the losses,
recover funds, and resume secure operations.
Neither suspects nor the precise mode of attack are known yet,
and speculation ranges from hackers to collusion by insiders.
Digital Shadows has presented their study of the Russian web hosting service Deer.io,
which further supports the general view that the service caters to online criminals.
Among its prominent users is DarkSide.global, where the criminal Tessa88 sold stolen MySpace
and Twitter passwords.
Finally, the impresario behind the real-deal criminal market seems to have disappeared,
at least for now, and the site's customer service appears to be suffering for it.
The real deal gained notoriety as the bizarre-worthy hacker Peace tried to sell stolen credentials,
most recently credentials he claimed to have stolen from Yahoo accounts.
The real deal is still up, but it's become buggy and unreliable.
Peace and others piously hope that the criminal
market wouldn't do anything really criminal, like abscond with stolen goods and services.
One can only hope.
Do you know the status of your compliance controls right now? Like, right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks.
But get this.
More than 8,000 companies like Atlassian and Quora
have continuous visibility into their controls with Vanta.
Here's the gist.
Vanta brings automation to evidence collection across 30 frameworks,
like SOC 2 and ISO 27001.
They also centralize key workflows like policies, access reviews, and reporting,
and helps you get security questionnaires done five times faster with AI.
Now that's a new way to GRC.
Get $1,000 off Vanta when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1,000 off.
Thank you. worldwide. ThreatLocker is a full suite of solutions designed to give you total control,
stopping unauthorized applications, securing sensitive data, and ensuring your organization runs smoothly and securely. Visit ThreatLocker.com today to see how a default deny approach can keep
your company safe and compliant.
And I'm pleased to be joined once again by Dr. Vikram Sharma.
He's the founder and CEO of Quintessence Labs.
Dr. Sharma, you all set out at the outset when you started Quintessence.
You were working on quantum key distribution,, very often when you're running a company and you put that product out in the real world, you have to make adjustments and there's lessons you learned. And that was your experience here
as well, yes? Absolutely, Dave. As you quite rightly noted, we started off our journey and
continue to have as one of our core capabilities, a quantum key distribution system. But as we brought that to market,
what we saw was that that market, while important, was developing at a rate slower than what we had
originally anticipated. However, I think you noted that point about agility. And I guess we were
fortunate enough to recognize that some of the capabilities that sat within the quantum key distribution
had broader applications to protect not only data in motion,
but data at rest also.
And what we did was partition out the true random number generation system,
which is a quantum random number generator,
and a couple that with advanced key management. And that seemed to resonate and indeed is
resonating stronger with market. So our learning certainly has been that it's been while you stay true to your original mandate, which was in the area of quantum security,
but it's been critical to be responsive to the market and adjust and adapt your offering
to take into account the feedback that the market is providing.
And when you're dealing with this internally, you're a relatively new company,
you're starting up, you're getting going.
Was there any resistance internally?
Was there any challenges when people were coming back
and saying, hey, what you're doing is great,
but we really need something different
or something additional to that?
Yes, Dave.
There were a couple of areas in particular
that I could point to where we had to evolve the group. The first was
that we were quite heavy in terms of scientific
experts in the early part of our journey.
As we made this transition towards technologies
which were a blend of conventional cybersecurity with
advanced physics,
we found the composition of the team had to evolve to accommodate that. And indeed, a number of cybersecurity experts were added in to the team.
The other thing where we found an evolution in the company was culturally,
where we had to, I guess, evolve the mindset from being one about doing very interesting and cutting-edge scientific work
to producing robust offerings that would survive in a fiercely competitive commercial environment.
All right, so you need to be responsive and you need to be agile.
Dr. Vikram Sharma, thanks for taking the time for us, and we'll talk again soon.
And now, a message from Black Cloak.
Did you know the easiest way for cyber criminals to bypass your company's defenses is by targeting your executives and their families at home.
Black Cloak's award-winning digital executive protection platform secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk.
In fact, over one-third of new members discover they've already been breached. Protect
your executives and their families 24-7, 365, with Black Cloak. Learn more at blackcloak.io.
And that's The Cyber Wire. We are proudly produced in Maryland by our talented team of editors and producers.
I'm Dave Bittner. Thanks for listening.
Your business needs AI solutions that are not only ambitious, but also practical and adaptable. Thank you. AI agents connect, prepare, and automate your data workflows, helping you gain insights,
receive alerts, and act with ease through guided apps tailored to your role.
Data is hard. Domo is easy. Learn more at ai.domo.com. That's ai.domo.com.