CyberWire Daily - Daily: Cyber-chumming the Donbas. Cisco surprises (in a good way).
Episode Date: May 19, 2016In today's podcast, we learn that the LinkedIn breach is the same old one from 2012, only now two orders of magnitude larger than thought. ESET describes a cyber surveillance campaign, Operation Groun...dbait, in Ukraine's Donbas region. Phineas Phisher hacks on behalf of Kurdish anti-capitalists. The SEC warns of cyber risks to the financial sector. Cisco reports better than expected results (thanks in part to its security business). Ben Yelin from the University of Maryland Center for Health and Homeland Security wonders if a case involving locked hard drive may go to the Supreme Court. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash n2k code N2K at checkout. That's joindelete.me.com slash N2K, code N2K.
The rest of the passwords stolen from LinkedIn back in 2012 hit the black market.
Operation Groundbait, a cyber surveillance campaign, is discovered in
eastern Ukraine. Hacktivist docks Turkish medical records. Other hacktivists might be going after
U.S. presidential campaigns. Phineas Fisher is back. The SEC warns the financial sector about
cyber risks. Cisco's results give investors a pleasant surprise, and we hear about investigations of online child exploitation.
I'm Dave Bittner in Baltimore with your CyberWire summary for Thursday, May 19, 2016.
The LinkedIn breach that surfaced yesterday turns out to be fallout from the breach the business-focused social network suffered in 2012. At the time, some 6.5 million hashed but unsalted passwords were thought to
have been compromised. But it turns out that the problem was bigger than that, by some two orders
of magnitude. Earlier this week, 117 million LinkedIn credentials turned up for sale in the
online criminal market, The Real Deal. They're selling for peanuts, relatively speaking. For
roughly $2,200 in Bitcoin, the trove of passwords can be yours. They are, for peanuts, relatively speaking. For roughly $2,200 in Bitcoin,
the trove of passwords can be yours. They are, many note, older passwords, but they do seem
legitimate. LinkedIn, at any rate, is taking the incident seriously, requiring affected users to
reset their passwords. If you haven't reset yours recently, now might be a good time to do so,
whether LinkedIn tells you or not. The original 2012 hack was, generally speaking, attributed to Russian criminals.
The hybrid war the Russian government is waging in the near abroad continues.
ESET reports finding a cyber surveillance campaign that's tracking separatists,
journalists, self-proclaimed governments, and so on in the Donbass region of eastern Ukraine.
There's no attribution, and the operation could well be run by either side.
ESET detected the campaign as the Win32 Prim Orca information-stealing Trojan.
They're calling it Operation Groundbait because the phishing emails that distributed the malware
posed as price lists for groundbait.
Hacktivists identifying themselves with Anonymous have doxed Turkish hospitals
and released sensitive patient records.
They say they did so in retaliation for ransomware attacks on some U.S. hospitals.
Many other people who identify themselves with Anonymous, however,
denounce the doxing and say that those behind it really have nothing to do with Anonymous.
It is notoriously difficult to say who's acting on behalf of an anarchist collective.
Imperva's Offer Geyer, who specializes in DDoS security research, told us that, quote,
Hacktivist groups mount attacks on both private companies and government agencies for all manner of social and political causes, end quote.
He stressed the importance of having a plan for recovery, communication, and continuity of operations should your organization come under hacktivist ministrations.
Elsewhere, Phineas Fisher, the hacktivist to whom the Gamma Group and hacking team Capers are generally attributed,
has stolen 10,000 euros in Bitcoin and donated them to Kurdish anti-capitalists in Rojava, a region in the north of Syria.
Mr. Fischer hints he's got more thefts planned, because evidently as he grows more Robin Hoodish,
he recognizes that anti-capitalists need capital too.
And speaking of capitalists, the U.S. Securities and Exchange Commission had some harsh words for
the financial sector this week. The SEC's chair, Mary Jo White,
told a Reuters financial summit that trading and financial clearinghouses had a reckless
cybersecurity posture. She said, quote, what we found as a general matter so far is a lot of
preparedness, a lot of awareness, but also their policies and procedures are not tailored to their
particular risks. As we go out there now, we are pointing that out." The SEC assesses cyber threats as a major risk to the financial sector. Other speakers at the
summit offered reactions to the problems that recently surfaced in banks' connections with
the Swift Fund Transfer System. The recent unsuccessful attempt to steal from Vietnam's
Tien Phuong Bank, detected and stopped back in December 2015,
sought to transfer 1.2 million euros to an account in Slovenia.
The U.S. presidential campaigns are in full swing, and it's safe to assume that various
actors are working to hack the candidates. U.S. Director of National Intelligence Clapper says
the intelligence community has actual evidence that this is going on,
having seen indicators that attackers are prospecting the online activities of U.S.
presidential candidates. He says they're working to educate the campaigns and that there's some likelihood that the hackers represent foreign intelligence services. But beyond that, he's
unsurprisingly tight-lipped. It's also likely that at least some activity directed against political campaigns
comes from hacktivists. David Meltzer, Tripwire's chief research officer, shared some thoughts with
us on the campaign season. He observed that it wouldn't be surprising to see an increase in
hacktivism, especially given what he called the highly polarizing election going on in the U.S.
He pointed out that there's a large and vulnerable ecosystem out there,
and it includes government sites. Quote, while most major sites already have reasonable protections
against basic DDoS attacks, the second tier of lesser-known sites, of which there are many
thousand across the government, may lack that protection and easily fall victim to these simple
cyber attacks. End quote. In industry news, Cisco surprised the markets
yesterday with some good news, confounding the pessimistic predications that had appeared in
Barron's and elsewhere. The company reported better than expected results and optimistic
guidance, both driven in significant part by its security business. Some other investment
analysts are looking at depressed stock prices for other companies, notably FireEye, as buying opportunities.
Finally, if you're like us, you wondered what ground bait was,
and why so many people in eastern Ukraine would be interested in buying it.
It turns out, chums, as one of our stringers has educated us,
that ground bait is what American fishermen would call chum,
that is, bait dumped into the water to draw fish.
Apparently, there's a solid ground bait market in many parts of the world.
So those menhaden you catch off the outer banks may have some value after all.
I'm, like, so worried about my sister.
We're engaged!
You cannot marry a murderer!
I was sick, but I am healed.
Returning to W Network and Stack TV.
The West Side Ripper is back.
If you're not killing these people, then who is?
That's what I want to know.
Starring Kaley Cuoco and Chris Messina.
The only investigating I'm doing these days is who shit their pants.
Killer messaged you yesterday?
This is so dangerous.
I got to get out of this.
Based on a true story.
New season premieres Monday at 9 Eastern and Pacific.
Only on W.
Stream on Stack TV.
Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks.
But get this. More than 8,000 companies like Atlassian and Quora have continuous visibility into their controls with Vanta.
Here's the gist. Vanta brings automation to evidence collection across 30 frameworks, like SOC 2 and ISO 27001. They also centralize key
workflows like policies, access reviews, and reporting, and helps you get security questionnaires
done five times faster with AI. Now that's a new way to GRC. Get $1,000 off Vanta when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1,000 off.
In a darkly comedic look at motherhood and society's expectations,
Academy Award-nominated Amy Adams stars as a passionate artist who puts her career on hold to stay home with her young son.
But her maternal instincts take a wild and surreal turn as she discovers the best yet fiercest part
of herself. Based on the acclaimed novel, Night Bitch is a thought-provoking and wickedly humorous
film from Searchlight Pictures. Stream Nightbitch January 24 only on Disney+.
Cyber threats are evolving every second,
and staying ahead is more than just a challenge.
It's a necessity.
That's why we're thrilled to partner with ThreatLocker,
a cybersecurity solution trusted by businesses worldwide.
ThreatLocker is a full suite of solutions designed to give you total control,
stopping unauthorized applications, securing sensitive data,
and ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today to see how a default-deny approach
can keep your company safe and compliant.
Joining me once again is Ben Yellen.
He's a senior law and policy analyst for the University of Maryland Center for Health and Homeland Security,
one of our academic and research partners.
Ben, there was an article in Ars Technica recently. It was about a man suspected of harboring child pornography on his computer.
He's been charged with no crime, but he's sitting in jail cooling off because he refuses to unlock his device.
So the government has tried to cite the All Rips Act.
And you might remember that act from the battle between Apple and the FBI over getting information from the device of
the San Bernardino shooter. And that act, which dates back to 1789, allows the government to
compel a suspect to decrypt his hard drives in order to effectuate some other judicial decision.
This particular defendant has refused to do so, and he's being held in contempt of court.
And the decision of the district court to being held in contempt of court and the
decision of the district court to hold him in contempt has been appealed but I
think the big issue here is whether the government can actually force someone to
decrypt their phone the Supreme Court has sort of addressed this issue but it
was in the context of a physical state. They said that the Fifth Amendment right against self-incrimination
prevents the government from forcing somebody to give a numbers combination to unlock a safe.
What the Supreme Court will have to work with is whether the privacy interests of a device are as
significant as those of a physical safe. And I think we have a lot of evidence that there are greater privacy interests at stake in an electronic device.
I would note that Justice Sotomayor and her concurrence in the United States v. Jones
discussed at length how much private information or revealing information can be stored on electronic devices.
So I would not be surprised to see this issue get back up to the Supreme Court.
All right. Well, keep an eye on it. Ben Yellen, thanks for joining us.
And now a message from Black Cloak. Did you know the easiest way for cyber criminals to bypass your company's defenses is by targeting your executives and their families at home. Black
Cloak's award-winning digital executive protection platform secures their personal devices, home
networks, and connected lives. Because when executives are compromised at home, your company
is at risk. In fact, over one-third of new members discover they've already been breached. Protect your executives and their
families 24-7, 365 with Black Cloak. Learn more at blackcloak.io.
And that's The Cyber Wire. We are proudly produced in Maryland by our talented team
of editors and producers.
I'm Dave Bittner. Thanks for listening.
Your business needs AI solutions that are not only ambitious, but also practical and adaptable.
That's where Domo's AI and data products platform comes in.
With Domo, you can channel AI and data into innovative uses that deliver measurable impact.
Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights, receive alerts, and act with ease through guided
apps tailored to your role. Data is hard. Domo is easy. Learn more at ai.domo.com. That's ai.domo.com.