CyberWire Daily - Daily: Cryptocoin for DDoS? ISIS info ops more murderous as territory shrinks.
Episode Date: August 15, 2016In today's podcast we learn that Russian hackers went after Republicans as well as Democrats. An anti-doping whistleblower's account is illegally compromised. ISIS turns to online inspiration to recov...er jihadist mindshare. The MICROS point-of-sale system hack appears to underlie widespread credit card compromises. Secure Boot's "golden key" exposure is seen as a warning against backdoors. Security industry M &A and IPO notes. Level 3 Communications' Dale Drew tells us about machine-to-machine learning, and how it may improve security. And for some reason researchers develop a proof-of-concept for a DDoS-based cryptocurrency. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K. stay home with her young son. But her maternal instincts take a wild and surreal turn as she
discovers the best yet fiercest part of herself. Based on the acclaimed novel, Night Bitch is a
thought-provoking and wickedly humorous film from Searchlight Pictures. Stream Night Bitch January
24 only on Disney+.
Hey everybody, Dave here. Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try DeleteMe.
I have to say, DeleteMe is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners, today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k
at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash n2k code N2K at checkout. That's joindelete.me.com slash N2K, code N2K.
Russian hackers are revealed to have been fairly impartial with respect to U.S. political parties.
Republicans as well as Democrats receive their attentions.
So, too, apparently, have Olympic doping whistleblowers. ISIS works on its inspiration to murder as
it seeks to recoup flagging jihadist mindshare. The Taliban and Al-Qaeda continue to compete
with the caliphate. Some policy analysts see Iran as a potential ally of an anti-ISIS online
coalition. The micro's point-of-sale system hack appears to underlie credit card
compromises. Secureboot's golden key is seen as a cautionary example against implementing backdoors.
We've got some security industry M&A and IPO notes, and for some reason,
researchers develop a proof of concept for a DDoS-based cryptocurrency.
I'm Dave Bittner in Baltimore with your Cyber Wire summary for Monday, August 15, 2016.
Russian hackers apparently did, in fact, turn their attention to Republicans as well as Democrats.
Both U.S. parties have now seen major figures targeted.
Observers have been sifting through emails dumped by D.C. leaks at the end of June, and they've noticed emails from the staffs of Senators McCain and Graham.
At the time the documents were posted, most attention was drawn to emails from former
senior NATO commander General Breedlove that appeared to seek a harder NATO line toward Russia.
Elsewhere, documents purported to depict an off-the-books payment from Ukraine's former
pro-Russian government to Paul Manafort, a senior advisor to Republican presidential candidate
Trump. Manafort has had international clients, including former Ukrainian President Yanukovych.
He denies receiving off-the-books payments. Senior Democrats are suffering from loss of
personal contact information, which has exposed them to various forms of harassment.
The upshot of this is that interest in and intrusion into the electronic presence of U.S. political figures is on the upswing.
Consensus continues to regard Russian intelligence services as the source of the incidents.
Former Secretary of Defense Panetta weighed in at week's end on the controversy over emails suggesting influence from the Clinton Foundation over the State Department.
He doubts there's much to see there and notes that posturing about influence is part of the daily coin transacted in Washington.
In other Russia-connected news, this one with a connection to the Olympics. The World Anti-Doping Agency says that the electronic account Russian whistleblower
Yulia Stepanova holds with the agency has been illegally accessed through a cyber attack.
Stepanova and her family are said to be in hiding. The most recent disqualification of
a Russian athlete for alleged doping took place this Saturday.
ISIS struggles to recoup its flagging influence as competing jihadist factions make inroads into the caliphate's mindshare.
It continues to turn to the disaffected and its online messaging grows sharper, at least in Europe and Africa.
Those who adhere to the caliphate's authority should kill Christians.
Some observers wonder whether this is a kind of information ops bank shot,
seeking to provoke a crusader backlash which would in turn spur
the Ummah to a more militant piety.
Others see the message as both obvious and direct.
The goal is what it's said to be, death to unbelievers.
Some policy wonks see Iran as a natural ally of the US against ISIS, at least online.
Others think social media companies will be judged on their inability to interdict jihadist
messaging. Iran is reported, by the way, to have just concluded an agreement with Robert Mugabe's
regime in Zimbabwe to supply that country with a broad range of cybersecurity tools.
Visa warned late Friday that some cardholders' information may have been compromised
through vulnerabilities in Oracle's Micros point-of-sale system.
Giovanni Vigna, Ph.D., last-line co-founder and CTO,
and also professor in the Department of Computer Science at the University of California, Santa Barbara,
offered this comment to the Cyber Wire.
Quote,
The security of a system as a whole is as strong as the strength of its weakest link.
That's why complex systems that handle sensitive information
should have multiple levels of protections
to ensure that no device can be infected.
Point-of-sale malware is particularly hard to detect
because often point-of-sale systems
do not have in-host endpoint protection.
In these cases, network-level protection systems
become paramount, end quote.
Krebs on Security says the Eastern European cyber gang Carbonac
is behind the compromises, and that it appears credentials stolen from Oracle's microsystems
may have been used to plant malicious code on point-of-sale terminals that may in turn have
been used to harvest credit card information. In industry news, Palantir buys data visualization
startup Silk, and KBR announced Friday it had agreed to acquire Maryland-based Honeywell Technology Solutions for $266 million.
Honeywell Technology Solutions offers a broad array of services, including security services,
to U.S. defense and intelligence community customers.
Carbon Black, formerly Bit9, is expected to issue its initial public offering
next month, which will be an outlier in this year's unusually slow IPO market. Tanium remains
a favorite unicorn, receiving press coverage that says it aspires to be the Google of cybersecurity.
And speculators look at the fall in FireEye's stock price post-results and, looking at layoffs and other cost-cutting, expect FireEye's valuation to bounce back. Concerns continue about backdoors as
Microsoft works to recover from the exposure of the secure boot Golden Key. Since this leak has
implications for the security of backdoors as a technique that might balance privacy and security,
many observers see this as a cautionary tale for policymakers.
We heard from Ray Rothrock, CEO of Red Seal,
about what lessons this episode might hold for backdoors generally considered.
Quote,
We recently saw the Neo-Terrace firewall, Juniper, backdoor key,
published in the hash code, live and public on the Internet.
Backdoors are secrets that only a few know, and they're bad ideas. This is another example where backdoor access found its way to the market, except this
more broadly impacts security. While backdoors are sometimes essential for saving things in
certain situations, given the capability of backup, rebuilding, imaging, and such these days,
I have a hard time thinking backdoors were required at all. Things happen and people make mistakes, as in this case.
Even though the authors of the backdoor thought this would never happen, it did.
Backdoor designers should rethink their use of such mechanisms.
End quote.
And finally, University of Colorado researchers demonstrate,
for reasons no one can really seem to grasp,
a proof-of-concept cryptocurrency that
would let participants mine currency by participating in denial-of-service attacks.
Let's hope we don't see similar proof-of-concepts from other Colorado institutions of higher
learning, like, for example, the Colorado School of Mines, the only U.S. college or university to
offer a major in demolition.
Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks.
But get this.
More than 8,000 companies like Atlassian and Quora have continuous visibility into their controls with Vanta.
Here's the gist.
Vanta brings automation to evidence collection across 30 frameworks,
like SOC 2 and ISO 27001.
They also centralize key workflows
like policies, access reviews, and reporting,
and helps you get security questionnaires done
five times faster with AI.
Now that's a new way to GRC.
Get $1,000 off Vanta
when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1,000 off.
Cyber threats are evolving every second,
and staying ahead is more than just a challenge.
It's a necessity.
That's why we're thrilled to partner with ThreatLocker, a cybersecurity solution trusted
by businesses worldwide. ThreatLocker is a full suite of solutions designed to give you total
control, stopping unauthorized applications, securing sensitive data, and ensuring your
organization runs smoothly and securely. Visit ThreatLocker.com
today to see how a default deny approach can keep your company safe and compliant.
And I'm pleased to be joined once again by dale drew he's the chief security officer at level
three communications dale i've been hearing a lot about machine to machine learning it's a buzzword
that's gaining popularity uh let's start at the beginning here explain for our listeners what are
we talking about when we say machine to machine learning you know what what we really mean here is we mean computer programs or algorithms that is analyzing network traffic, analyzing machine log data, and learning behavior of those systems.
Beginning to learn what is legitimate and also having algorithms to discover things that it knows is not legitimate and then being able to report those.
We've seen a significant advantage in being able to monitor systems. Most systems today,
most security systems today are really geared for detecting bad activity. And so you have to
know what bad is. And so as attacks evolve and change, your understanding of what the bad activity is has to
be as up-to-date as the bad guys are. And that's why the security community has to be so responsive
to bad guys as opposed to proactive to bad guys. Machine learning provides the ability for us to be
able to detect what we know to be good and then look for things that fall outside that normal
good behavior. And everything else could be bad. And that allows us to identify emerging attacks,
new techniques, and other activity that we would otherwise not been able to detect.
And I think that it's going to change and revolutionize our security industry in ways that we've never seen
before. So is this in part, you know, dealing with the velocity, the rate of change that the
machines can adapt faster than, say, humans monitoring the situation?
No, absolutely. And it's just like your credit card monitoring company, right?
What they're doing is they're monitoring your credit card purchasing history and where you buy products and when you typically buy products and how often
you travel. And it's looking for deviations in that behavior. And when it sees those deviations,
it flags that transaction and contacts the owner and says, is this you? And this is really exactly
us applying that same sort of
time-tested technique to the cybersecurity industry and tracking what normal behavior
looks like and then identifying when we see deviations in it, reaching out and making sure
that we understand if that's a false positive or not. All right, Dale Drew, thanks for joining us.
Drew, thanks for joining us.
And now a message from Black Cloak.
Did you know the easiest way for cyber criminals to bypass your company's defenses is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform
secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk.
In fact, over one-third of new members discover they've already been breached.
Protect your executives and their families 24-7, 365, with Black Cloak.
Learn more at blackcloak.io.
And that's The Cyber Wire.
We are proudly produced in Maryland
by our talented team of editors and producers.
I'm Dave Bittner.
Thanks for listening.
Your business needs AI solutions that are not only ambitious, but also practical and adaptable.
That's where Domo's AI and data products platform comes in. With Domo,
you can channel AI and data into innovative uses that deliver measurable impact. Secure AI agents connect, prepare, and automate your data workflows, helping you gain insights, receive alerts,
and act with ease through guided apps tailored to your role.
Act with ease through guided apps tailored to your role.
Data is hard. Domo is easy.
Learn more at ai.domo.com.
That's ai.domo.com.