CyberWire Daily - Daily: Collection outstrips analysis & dissemination. When an air-gap...isn't.
Episode Date: March 24, 2016In today's Daily Podcast we discuss why ISIS inspiration seems to obviate the need for command-and-control. The US indicts seven Iranians for the Rye dam hack and DDoS against financial institutions. ...Concerns about the security of water utilities grow. ESET finds some new malware delivered by USB drive. We talk with the University of Maryland's Ben Yelin about rights to privacy in cyberspace. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash N2K, code N2K.
Why do inspired cells need electronic command and control?
It seems they may not.
Meeting face-to-face may be all that's required.
The FBI adds Syrian electronic army operators to its most wanted list.
Infrastructure hacks return to the news as indictments of Iranian operators are expected today.
Water utilities move front and center ahead of electrical power grids.
The FBI may be unlocking the San Bernardino jihadist's county-issued iPhone with some NAND mirroring
and a little help from the Bureau's friends at Celebrite. The University of Maryland's Ben Yellen talks with us about privacy rights in
cyberspace. I'm Dave Bittner in Baltimore with your Cyber Wire summary for Thursday, March 24,
2016. ISIS claims online, as usual, responsibility for the Brussels massacres.
This comes as no surprise, since the caliphate's adherents have been celebrating the murders
through their social media accounts since Tuesday.
Also, as expected, ISIS welcomes all the media coverage it's receiving,
even when that coverage condemns jihad, as, of course, throughout the civilized world it does.
ISIS believes that its messaging, including especially its propaganda of the deed,
reliably inspires recruits and fighters.
Thus the turn of ISIS information operations toward more inspiration of the disaffected
and the criminal who find themselves residing abroad.
Such recruits are easily organized, indeed easily self-organized,
into small cells whose coordinated actions are sufficiently local to require little more command and control than that which what face-to-face word of mouth can provide.
European authorities are here recognizing the old familiar lesson in the guerrilla war they are now fighting.
Intelligence collection easily outstrips analysis and dissemination.
Intelligence collection easily outstrips analysis and dissemination.
National intelligence and security services in the European Union lament the difficulty of sharing actionable intelligence across borders
and between intelligence services and their counterparts in the judicial system.
Since inspiration seems to have replaced command and control in ISIS operations,
counter-ISIS information operations take on new urgency.
But the jihadist movement may be showing early signs of moving into a phase in which organized crime becomes
a significant player. The reported involvement of Italy's Camorra gangs in rendering material
support to jihadists in Europe evokes in some respects the decades-long rise of
narco-terrorism in the New World. The convergence of the political and the criminal,
of the warrior and the gang member, is also seen among regional opponents of ISIS.
The U.S. FBI has added two members of the Assad regime's Syrian electronic army to its most wanted
list. Crooks, patriots, skids, or soldiers, it's even harder to tell with the SEA than it is with
ISIS. In legal news, Preet Bharara, U.S. attorney for the
Southern District of New York, announced late this morning that seven Iranian nationals have
been indicted for hacking a flood control dam in Rai, New York, in August and September of 2013.
The indictment names 34-year-old Hamid Firouzi as the attack's leader. Feruzi and his co-conspirators worked for two Iranian firms,
Itsek Team, also known as Itsek, and the Mursad Company. Both companies are alleged to be cat's
paws for the Iranian Revolutionary Guard Corps. The dam's control systems happened to have been
disconnected for maintenance while the attack was ongoing. At least one question remains,
why Rye, New York? What about the system or its network made it an attractive or accessible target?
In any case, there's a reward out for information leading to the apprehension and prosecution of Mr. Feruzzi and his associates.
If you know anything, the U.S. Attorney for the Southern District of New York and the FBI will be glad to hear from you.
be glad to hear from you. Much attention has focused in recent months on cyber threats to the electrical power grid, with the rolling blackouts in western Ukraine endured last December,
drawing considerable interest and provoking considerable alarm. And the results of
continuing investigation of that incident suggest that the attackers were more patient and better
prepared than previously suspected. But now threats to water systems are eclipsing those
faced by the grid. Verizon's March 2016 breach digest reports that company's risk team's
engagement with a water utility. The utility, given the pseudonym Kimori Water Company or KWC,
believed itself to be secure, but Verizon found various critical vulnerabilities
often exploited in the wild.
Verizon also found that the utility was running a very dated 1988 IBM AS400 SCADA platform
with multiple insecure network connections.
Worse yet, it appeared that the utility's managers were aware of anomalous events that
suggested unauthorized access to control systems,xplained manipulation not only of flow rates,
but of chemical treatment of water running through the system. The public health hazard
of chemical treatment manipulation is particularly disturbing. Ransomware and healthcare hacking
generally are increasing to the point where alarmists are prepared to declare an epidemic.
There is, however, some good news. The good actors at Emsisoft have released another free decryption tool.
This one works on Nemucod's cryptid ransomware.
Once again, we say bravo, Emsisoft.
Consensus among observers is now that the alternative method the FBI's come up with
to open the San Bernardino Jihadist County-issued iPhone involves NAND mirroring.
The third party who's helping the bureau is said to be
Israeli cybersecurity firm Celebrite. Finally, there's a new malware variant out there. Once
again, ESET, those boys and girls from Bratislava and San Diego, this American patriot reminds our
Slavic allies, have discovered another USB-based threat. This one's an information-stealing Trojan
that's currently active in the wild,
loaded into USB drives strewn around parking lots, workplaces, and trade shows.
Its multi-stage malware leaves no traces on the victim's computer,
the one the victims plugged the drive into,
so they may never know their data have been copied and exfiltrated.
Some are calling this an attack that overcomes air gaps,
which in a sense, we suppose, it does.
But really, if you've plugged something in, where's the gap?
So, don't plug.
Calling all sellers.
Salesforce is hiring account executives to join us on the cutting edge of technology.
Here, innovation isn't a buzzword.
It's a way of life.
You'll be solving customer challenges faster with agents,
winning with purpose, and showing the world what AI was meant to be.
Let's create the agent-first future together.
Head to salesforce.com slash careers to learn more.
Head to salesforce.com slash careers to learn more.
Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks.
But get this, more than 8,000 companies like Atlassian and Quora have continuous visibility into their controls with Vanta.
Here's the gist.
Vanta brings automation to evidence collection across 30 frameworks,
like SOC 2 and ISO 27001.
They also centralize key workflows like policies, access reviews, and reporting, Thank you. That's vanta.com slash cyber for $1,000 off. But her maternal instincts take a wild and surreal turn as she discovers the best yet fiercest part of herself.
Based on the acclaimed novel, Night Bitch is a thought-provoking and wickedly humorous film from Searchlight Pictures.
Stream Night Bitch January 24 only on Disney+.
24 only on Disney Plus. ThreatLocker is a full suite of solutions designed to give you total control, stopping unauthorized applications, securing sensitive data, and ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today to see how a default deny approach can keep your company
safe and compliant. And I'm joined once again by Ben Yellen. He's a senior law and policy analyst at
the University of Maryland Center for Health and Homeland Security. Ben, you're an expert when it
comes to electronic surveillance and the Fourth Amendment. Where do we stand right now in terms of what's been established
in terms of our right to privacy in the cyber domain?
The Fourth Amendment obviously was written before we could have considered
any of the threats of electronic surveillance.
Electronic surveillance, it has been determined,
does come under the umbrella of the Fourth Amendment,
even though it's not a physical intrusion.
And the reason it does is because the courts have said that we have a reasonable expectation
of privacy when we make any sort of electronic communication, whether it's by telephone,
email, internet, or even some of the apps that we use. So that's good. I mean, that's a very,
it's very strong to have Fourth Amendment protection. It means that in order for
the government to get that information, they need a warrant, which is a pretty good standard for
someone that warrant has to be based on probable cause. The bad news for people who are civil
libertarians is that the courts have acknowledged a national security exception and a foreign
intelligence exception to the Fourth Amendment,
meaning in many cases you actually don't need a warrant because the government has such a strong security interest that the Fourth Amendment doesn't apply to certain electronic communications
if national security is implicated. So I think on a case-by-case basis, the court frequently
weighs the national security interest at stake against the privacy interest at stake and can come to different conclusions depending on what the facts of the case are.
Really, we're going to be having this battle between privacy and security.
We've been having it in the physical world for over 200 years.
We're going to continue to have it.
over 200 years. We're going to continue to have it. I think it was sort of a fight that was reignited after 9-11, after the Patriot Act passed, after the Snowden disclosures. I don't think we're
going to come to any solution anytime soon because I think the issues are so complicated.
But it's good to know from a privacy perspective that electronic communications are subject in
general to those Fourth Amendment protections.
All right, Ben Yellen, thanks for joining us.
Thank you.
And now a message from Black Cloak. Did you know the easiest way for cyber criminals to bypass your
company's defenses is by targeting your executives and their families at home.
Black Cloak's award-winning digital executive protection platform secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk.
In fact, over one-third of new members discover they've already been breached.
Protect your executives and their families 24-7, 365, with Black Cloak.
Learn more at blackcloak.io.
And that's The Cyber Wire.
We are proudly produced in Maryland by our talented team of editors and producers.
I'm Dave Bittner. Thanks for listening.
Your business needs AI solutions that are not only ambitious, but also practical and adaptable. Thank you. Secure AI agents connect, prepare, and automate your data workflows, helping you gain insights, receive alerts,
and act with ease through guided apps tailored to your role.
Data is hard. Domo is easy.
Learn more at ai.domo.com.
That's ai.domo.com.