CyberWire Daily - Daily: Blockchains at a brewery. Ecuador says it cut Assange's Internet connection. US retaliation against Russian cyber ops may aim at embarrassment. Ransomware in London's City.
Episode Date: October 19, 2016In today's podcast, we hear that Ecuador has told the world they cut Assange's Internet connection (but will continue his asylum), and that they did so on their own. Russia Today remains predictably u...nconvinced. WikiLeaks shows no signs of stopping election doxing. The US may be considering a campaign of counter-embarrassment as its response to Russian information operations. Fallout from the Yahoo! breach continues. London banks are hit with ransomware. More IoT botnets form from Mirai code. Terbium's Emily Wilson explains the weaponization of intel. Venafi's Kevin Bocek describes what their look at Yahoo!'s encryption revealed. And we take a quick look at the blockchain. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K. stay home with her young son. But her maternal instincts take a wild and surreal turn as she
discovers the best yet fiercest part of herself. Based on the acclaimed novel, Night Bitch is a
thought-provoking and wickedly humorous film from Searchlight Pictures. Stream Night Bitch January
24 only on Disney+.
Hey everybody, Dave here. Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try DeleteMe.
I have to say, DeleteMe is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners, today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k
at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash n2k code N2K at checkout. That's joindelete.me.com slash N2K, code N2K.
Yes, Ecuador tells the world,
we cut Assange's internet connection and we did it on our own.
Russia Today says, tell it to the Marines.
WikiLeaks shows no signs of stopping election doxing.
The U.S. may be considering a campaign of counter-embarrassment
as its response to Russian information operations.
Fallout from the Yahoo breach continues.
London banks hit with ransomware.
More IoT botnets form from Mirai code.
And we take a quick look at the blockchain.
I'm Dave Bittner in Baltimore with your CyberWire summary for Wednesday, October 19, 2016.
Ecuador's government has issued a communique on Julian Assange's internet outage.
They say they did it, and on their own, not in response to any external pressure,
because Assange was using their London embassy and its internet connectivity to interfere with another country's election.
That other country, of course, is the United States.
That explanation seems about right.
No responsible foreign ministry wants its embassies used for virtual filibustering.
But Russia Today isn't buying it,
and trots out an interview with a disaffected U.S. Foreign Service type to argue on the basis
of a priori possibility that the U.S. hacked the connection. Ecuador notes that it continues to
extend Assange's asylum and that they've not interfered at all with WikiLeaks.
The U.S. response to what it unequivocally calls Russian
cyber operations against the U.S. remains unclear. Assange's internet disruption probably wasn't it,
certainly not all of it, especially since the U.S. promised to send a message that couldn't be missed.
Speculation centers on the possibility of a Panama Papers-like release of documents
embarrassing to Russian President Putin.
And a story that broke this morning is still developing.
Czech authorities announced they've arrested a Russian man in connection with cyberattacks against U.S. targets.
The Czechs collared the unnamed Russian national on October 5th, but for what they're calling
tactical reasons, held the announcement.
He's expected to face extradition to the U.S.,
which is said to have helped the Czechs identify him. Twitter commentary tends to think that
whatever the man is alleged to have done, it may not have included hacking the Democratic
National Committee. Fallout from the very large Yahoo breach continues, and the state of Verizon's
acquisition of Yahoo's core assets remains very much up in the air,
as Verizon deems the breach material to the acquisition.
Our guest Kevin Bocek from Venify spoke with us about some of the encryption issues surrounding the Yahoo breach.
What we found is a state of chaos, which indicates that Yahoo just was not prepared to deal with the amount of encrypted traffic,
prepared to deal with the amount of encrypted traffic, which likely let the bad guys get the data out,
and still are in a state of unpreparedness, and especially compared to others like Google. All right. Well, I mean, chaos is certainly a strong word.
Can you dig in and tell us what made you come to that conclusion?
Yeah, well, we took a look at what organizations are supposed to be doing right now.
Things like having MD5 digital certificates that can essentially be conjured up out of thin air using Amazon Web Services for not much money. Well, Yahoo is still using on live systems, those types of digital
certificates, again, that can basically be conjured up, and an attacker could now look like Yahoo.
That's really, really poor security. And of course, the state of the art is well beyond that.
Not only were they using MD5 certificates, but they also were still using SHA-1 certificates.
Those are certificates you probably know that in January of 2017, browsers are going to say sites using them are insecure.
So if we use Yahoo as our example of what not to do,
what are the lessons learned here? What are things that organizations should be doing
to make sure that in terms of their encryption security, they're where they need to be?
First of all, they need to know what they're using. They need to know what type of digital certificates they're using throughout their network out to the cloud.
Next, of course, once you understand what you're using, you're going to understand and be able to triage what you need to replace.
Things like SHA-1 need to be transitioned immediately because very shortly, your customers, your partners, even your employees are going to receive errors on websites saying that they are insecure.
And then ultimately what you want to get to a state is automating.
So automating the replacement, much like Google has, because now all your security systems, so your firewall, your IPS, IDS and other security systems that need to look inside of encrypted traffic can do so.
And that's something that's really, really important these days.
As we add more and more encryption, we have to be able to know what is our good encryption and then where are the bad guys trying to hide?
Because they are using encryption of their own and turning it against us. And if we're blind, much like it appears Yahoo was, we can see what the consequences can be.
That's Kevin Bocek from Venify.
Financial institutions in London are sustaining a significant ransomware campaign.
Worldwide, the prevailing strain of ransomware circulating by email remains locky.
Flashpoint and other security
companies following the fate and effect of the widely distributed Mirai IoT botnet source code
continue to watch it proliferate. Criminals are using it to herd bots around the world.
Expect more targeted distributed denial of service to emerge from the Internet of Things.
We spent Monday evening at the Blockchain Tech Talks hosted by Novetta at the Jailbreak
Brewing Company in Laurel, Maryland.
Experts from Novetta and Chainalysis spoke about blockchain technology, what it is, where
it came from, how it works, and what effect it's having on commerce, banking, and eventually
daily life.
Novetta's Peter Mueller, a self-admitted Bitcoin enthusiast,
discussed the technical principle behind blockchain, strengths and weaknesses,
and its most famous and successful application thus far, Bitcoin.
He described what people are doing right now with blockchain,
when it's useful, when it's not, and when it's just snake oil.
It's fair to say that Mueller definitely doesn't think it's snake oil.
He explained how Bitcoin's blockchain was an unalterable, append-only, distributed ledger,
and that this technology lent Bitcoin transactions both security and transparency.
He sees a significant future for blockchain technology everywhere, from financial services
to medicine. His colleague at Chainalysis, company CEO Michael Groninger,
defined blockchain as, quote,
a permissionless distributed database hardened against tampering and revision, end quote.
Its key concept is digital scarcity, items that can't be copied, only moved.
The technology has received all the hype it has, in Groninger's view,
precisely because it's disruptive. It provides what Groninger called convertibility and certifiability, and it lowers
the cost of both. It also offers a disruptive approach to financial regulation. Groninger
invited the audience to compare Uber's disruption of local transportation, the heavily regulated
taxi industry. Uber solved what's essentially a regulatory challenge
through the convergence of three technologies,
GPS, social media, and big data.
Uber's rating system created self-regulation.
Groninger added, quote,
Blockchain provides an analogous auditability,
which is what you need to regulate financial transactions.
You find a virtuous transparency in the blockchain."
Visit thecyberwire.com for accounts of the talks, as well as some background on blockchain's growing
mainstream acceptance. It's proving attractive not only to financial services, but in other areas as
well. Among the companies outside financial services that have placed big bets on blockchain are IBM,
which of course needs no introduction, and Maersk, the shipping company and leader in logistics.
One more sign of such growing acceptance appeared yesterday as a new venture fund.
Iterative Instinct, which also goes by i2,
announced that it had secured $1.4 million in capital commitment to its $2 million debut fund.
i2's investment mandate is to seed startups working in core blockchain technologies,
specifically cryptographic hashing, asymmetric cryptography, and peer-to-peer distributed computing.
And finally, we'll again advise everyone to straighten up and fly right.
Adult Friend Finder has been found vulnerable to file inclusion vulnerabilities,
and credentials for the naughty and not safe for work Brazzers site have shown up for sale in a dark web market.
Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks.
But get this.
More than 8,000 companies like Atlassian and Quora
have continuous visibility into their controls with Vanta. Here's
the gist. Vanta brings automation to evidence collection across 30 frameworks like SOC 2 and
ISO 27001. They also centralize key workflows like policies, access reviews, and reporting,
and helps you get security questionnaires done five times faster with AI. Now that's a new way Thank you. a cybersecurity solution trusted by businesses worldwide. ThreatLocker is a full suite of solutions designed to give you total control,
stopping unauthorized applications, securing sensitive data,
and ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today to see how a default-deny approach
can keep your company safe and compliant.
Joining me once again is Emily Wilson.
She's the director of analysis at Terbium Labs.
Emily, there's this notion that the bad guys are using intelligence information in new ways,
that they're actually weaponizing this information.
Tell us what we need to know about that.
Sure. I think kind of everyone has seen in the news recently kind of the data coming out of the DNC hacks,
you know, Guccifer 2.0 kind of dropping something new every week.
And that's a really interesting situation where we're seeing information being dumped, you know, whether in a large amount all at once or kind of teased out over several weeks
where an international actor is really trying to influence American policy. The election is
creeping ever closer and this information keeps making headlines as something that maybe isn't
nefarious or illegal but was intended to be kept private by a campaign is coming out.
And obviously, everyone is trying to use that to their advantage.
In this case, you know, believed to be the Russians are obviously using this to frame Hillary Clinton in a way that they think would be best for them.
And how does this how does this contrast this this this acceleration, this this evolution of tactics?
acceleration, this evolution of tactics? Sure. I mean, when you tend to think of information dumps, you think of something that is done perhaps for sale, for financial gain. I have,
you know, this powerful client list, I'll sell you the rest of it. Or for vandalism,
to make someone look bad. You know, for example, coming out of Brazil, as we head into the Olympics,
seeing information that's around the government, whether kind of government-owned organizations or kind of government police forces. And these Brazilians are using this information
to kind of highlight what they believe to be terrible actions and terrible overreach by the
government, ignoring the problems at home. And are these generally being used with criminal motives or some people using them for a type of protesting?
Sure. In some cases, there is a level of criminality to it, right?
Anytime that you are advertising stolen information for sale or kind of just because that is illegal.
But protests do tend to gain speed online, especially when you're looking at a group like Anonymous.
You know, if Anonymous says, OK, Operation Icarus, let's target the banks. There are people who are
going to jump on that bandwagon and go after a bank just because they want to be a part of the
broader protest of the international financial system. So is this a trend that you all expect
to continue? Absolutely. The election is getting closer by the day. And in addition to these larger breaches,
we're seeing a number of smaller breaches that just aren't making the news. For example, even
dating back to kind of Super Tuesday, seeing dumps of GOP delegates from a Western state and their
personal information or, you know, contact lists for candidates being dumped. And we believe that
that kind of vandalism, frankly, whether or not it's
internationally based, is going to continue to appear as we kind of move through the election
cycle and frankly through to the inauguration. All right, Emily Wilson, thanks for joining us.
And now a message from Black Cloak.
Did you know the easiest way for cybercriminals to bypass your company's defenses is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform
secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company
is at risk. In fact, over one-third of new members discover they've already been breached.
Protect your executives and their families 24-7, 365 with Black Cloak. Learn more at blackcloak.io.
And that's The Cyber Wire. We are proudly produced in Maryland by our talented team of editors and producers.
I'm Dave Bittner. Thanks for listening.
Thank you. With Domo, you can channel AI and data into innovative uses that deliver measurable impact.
Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights, receive alerts, and act with ease through guided apps tailored to your role.
Data is hard. Domo is easy. Learn more at ai.domo.com.
That's ai.domo.com. That's ai.domo.com.