CyberWire Daily - Daily: CyberMaryland updates. Great power cyber conflict (and organized cyber crime on the side). Vote hacking, agents of influence, and information operations. IoT botnets continue to romp.
Episode Date: October 20, 2016In today's podcast we hear about Czech authorities' arrest of a Russian man in connection with 2012's LinkedIn hack. US response to Russian election hacking is still under preparation. IoT botnets pro...liferate as Mirai source code spreads through the criminal underground. Some 200 strains of ransomware are reported in the wild. Financial regulators push greater security. Muddy Waters and St. Jude continue their dispute over medical device vulnerabilities. Ran Yahalom from Ben-Gurion University discusses a group of vulnerabilities known as Bad USB. Tom Sadowski from the University of Maryland system discusses CyberMaryland and the role of the University System. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K. stay home with her young son. But her maternal instincts take a wild and surreal turn as she
discovers the best yet fiercest part of herself. Based on the acclaimed novel, Night Bitch is a
thought-provoking and wickedly humorous film from Searchlight Pictures. Stream Night Bitch January
24 only on Disney+.
Hey everybody, Dave here. Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try DeleteMe.
I have to say, DeleteMe is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners, today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k
at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash n2k code N2K at checkout. That's joindelete.me.com slash N2K, code N2K.
Check authorities arrested a Russian man in connection with 2012's LinkedIn hack.
U.S. response to Russian election hacking is still under preparation.
IoT botnets proliferate as Mirai source code spreads through the criminal underground. I'm Dave Bittner in Baltimore, coming to you from Cyber Maryland 2016 with your Cyber Wire summary for Thursday, October 20th, 2016. News that Czech authorities
arrested a Russian national on charges related to hacking U.S. targets was widely but incorrectly
seen as marking the opening shot in the much-anticipated American response to Russia's
recent cyber offensive. In fact, the crimes the still unnamed 29-year-old man is alleged to have
committed instead are related to the 2012 LinkedIn hack. Credentials stolen in that incident could
have been used in subsequent compromises, but that remains a matter of speculation.
In any case, the gentleman now facing extradition proceedings in a Prague court
isn't exactly Fancy Bear, or even Cozy Bear.
A Czech judge will decide whether he will be turned over to American authorities to face trial in the U.S.
So while the FBI appears to have helped Czech police collar this particular hacker,
So while the FBI appears to have helped check police collar this particular hacker,
the arrest doesn't seem to represent a U.S. retort to Russian hacking of the Democratic National Committee or related political targets.
Observers think that some set of stiff sanctions remains the likeliest form of U.S. response to Russian activity.
Former NSA Director Michael Hayden commented to the Heritage Foundation this week
that hacking a political party's email was the sort of espionage states do engage in.
Quote, honorable state espionage, as he put it.
That's not to say the U.S. has to like it.
Hayden went on to say that election hacking should be put in the Russian problem box,
not the cyber problem box.
This morning at Cyber Maryland, Admiral Rogers, the current NSA director,
noted that election hacking was the sort of information operation Russia has engaged in
for a long time. The emergence of cyberspace as an operational domain has greatly enhanced what
they can do in this regard. Quote, we've acknowledged that the Russians were behind
the hacking of the DNC and others. We need to step back and think about the implications of this. Fundamentally, as a nation, it's is thought unlikely in the extreme
to directly control results of voting this November.
The U.S. voting system is too disparate to make this likely,
but analysts see two potential problem areas.
Disruptive chaos on Election Day itself,
possibly produced by affecting the AP's poll tracking and result projection system,
and a general erosion of citizens' confidence in the U.S. political system.
Turning to conventional cybercrime, ransomware and IoT botnet-driven DDoS
remain the most widespread forms of cybercrime globally.
Bank Info Security's scorecard shows more than 200 ransomware strains now in circulation.
Standards bodies and regulators are working to evolve modes of defense and design,
and U.S. financial regulators in particular are promising new guidelines.
The proliferation of Mirai source code continues to drive formation of Internet of Things botnets.
Krebs on Security is tracking some firms it believes occupy some fringe area
between legitimate domain registrars and DDoS enablers.
Muddy Waters Capital, famous for having shorted St. Jude stock,
then releasing results of research that allegedly revealed vulnerabilities in St. Jude medical devices,
has returned to the news with more allegations of flaws in implantable cardiac devices.
They report these in the form of videos posted to a site Muddy Waters has established for that purpose.
St. Jude is suing both Muddy Waters Capital and the vulnerability researchers it employed, MedSec,
alleging that reports of vulnerabilities are inaccurate and sensationalized,
and done for Muddy Waters and MedSec's financial gain.
Verizon's acquisition of Yahoo remains in doubt,
as Verizon continues to assess the materiality of Yahoo's recent breach disclosure.
Not in doubt, however, are two other acquisitions.
Nehemiah Security has announced its acquisition of Triumphant, and Malwarebytes has acquired ADW Cleaner, a French company that specializes in anti-adware technology.
As we mentioned, we're podcasting today from Cyber Maryland 2016, which opened this morning at the Inner Harbor Hilton in Baltimore.
This morning's keynote address was by Admiral Michael Rogers,
NSA Director and Commander, U.S. Cyber Command.
He was particularly concerned to emphasize the importance of human capital in the cyber domain.
Some of the most excellent human capital on record will be honored here tonight as the National Cybersecurity Hall of Fame inducts its newest members.
The class of 2016 includes Dan Geere, Chief Information Security Officer at
In-Q-Tel, Lance J. Hoffman, Distinguished Research Professor of Computer Science,
the George Washington University, Horst Feistel, Cryptographer and Inventor of the United States
Data Encryption Standard, Paul Karger, High Assurance Architect, Prolific Writer and Creative
Inventor, Butler Lampson, adjunct professor at MIT,
Turing Award and Draper Prize winner,
Leonard J. Lapidula, co-author of The Bell-Lapidula Model of Computer Security,
and William Hugh Murray, pioneer, author,
and founder of the Colloquium for Information System Security Education.
Congratulations to them all.
Tom Sadowski is Vice Chancellor for Economic Development for the University System of Maryland.
He sat down with us here at Cyber Maryland to discuss the evolution of the conference
and the role of the university system in the cyber ecosystem. So here we are at Cyber Maryland and
this is an event that you have been involved with for a long time. Six years, yeah. Take us through
sort of the evolution of Cyber
Maryland and where it is today. Well, it started out as this idea about, you know, supporting the
mission at Fort Meade and NSA. And, you know, the nature of the mission there involved private
sector and the talent pool. And so we thought, you know, let's get all the community players
together and talk about how we can be better supporters of the post and that industry associated with the post.
And then we started to understand the nature of the industry and all the commercial applications.
So it kind of grew from there.
All these great relationships and this community ecosystem began to build.
And today we like to refer to it as this community of communities because Cyber Maryland then reached out to Cyber Texas and Cyber California.
And next thing you know, I think today at the conference we launched Cyber USA.
So, again, building this community network really spawned from a couple of champions that really believed in the mission here and the promise of the industry and just getting the right stakeholders together.
And what is the advantage of having a regional get-together like this?
I think the advantage of having a regional get-together is anytime you get a little too
parochial, you know, you become a little, you suffer too much from tunnel vision. So regional,
there are a lot of complementary assets throughout the region. You know, no one jurisdiction or no one, you know, confined geographic marketplace can ever feel like they control, particularly something like cyber.
So the benefits of having a regional conversation are you broaden the realm of the conversation.
You know, you have different skill sets, different, you know, I guess, backgrounds that are encouraged.
And then new ideas stem from there.
And then, you know, you garner more resources. I guess backgrounds that are encouraged and then new ideas stem from there.
And then, you know, you garner more resources and you kind of create, you know, again, I think a larger, more plugged in community.
Whereas, you know, if you're just working within a confined, constrained, I think your ideas and then your impact becomes constrained as well.
So I think regionalism has been really key.
You're involved with the university system now.
What is the role that the university system has to play in all of this? We're in the business of human capital development. That means, you know, if it's the furtherance of ideas, of creation of
new ideas, discovery, the generation of talent, all those things are critical. And, you know,
we know that we play an important role in the state's economic development conversation, but
we do a lot each and every day to support the federal government and its mission.
We do a lot every day to support industry in what they do.
And the nature of how innovation is done, it requires partnership now.
And so our job each and every day now is putting ourselves out there
and letting the world know that we're active and engaged partners in that whole innovation discussion.
And meanwhile, you know, we have to be mindful of the students.
You know, because without that human, you heard General, or I'm sorry, Admiral Mike Rogers say today,
I mean, the human capital concern is the greatest challenge we face in this cyber discussion.
And, you know, we take that seriously.
So we know that we're generating the talent and the minds necessary to keep
this nation's economic engine running. And so we take that job very seriously. And if
we're not part of the conversation, then we don't know how to best do that.
That's Tom Sadowski, Vice Chancellor for Economic Development for the University System of Maryland.
And finally, another note to you, fellow Utes, this one courtesy of Admiral Rogers,
who noted this morning that his millennial sons,
children of their generation,
think the ability to access whatever data you want
in whatever format you choose
is in the United States Constitution somewhere.
It's a living document, maybe.
And you kids, you still got to get off my lawn.
Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks.
But get this, more than 8,000 companies like Atlassian and Quora have continuous visibility into their controls with Vanta.
Here's the gist.
Vanta brings automation to evidence collection across 30 frameworks,
like SOC 2 and ISO 27001.
They also centralize key workflows
like policies, access reviews, and reporting,
and helps you get security questionnaires done
five times faster with AI.
Now that's a new way to GRC.
Get $1,000 off Vanta
when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1,000 off.
Cyber threats are evolving every second,
and staying ahead is more than just a challenge.
It's a necessity.
That's why we're thrilled to partner with ThreatLocker, a cybersecurity solution trusted by businesses
worldwide. ThreatLocker is a full suite of solutions designed to give you total control,
stopping unauthorized applications, securing sensitive data, and ensuring your organization runs smoothly and securely. Visit ThreatLocker.com today to see
how a default-deny approach can keep your company safe and compliant.
I'm pleased to be joined once again by Ron Yohalem.
He's the project leader at the Malware Lab of the Cybersecurity Research Center at Ben Gurion University.
Ron, I know today you wanted to talk about something in your research that is referred to as bad USB.
Well, Dave, users, they trust USB devices to do what they think that the device is supposed to do.
But in reality, USB devices are small computers that can be reprogrammed to do just about anything.
So you really should think of a USB device as a syringe and be sure that it's sterile before
you inject it into the host computer. This concept is commonly referred to as bad USB,
which is actually a family of USB attacks that are based on a reprogramming of the USB device's firmware.
The reprogramming is usually made possible by reverse engineering.
There are other ways, but usually you just reverse engineer the firmware update process.
And then you can practically reprogram the device to do whatever you want it to.
Now, it's important to understand that the bad USB, it's not a technical flaw or a vulnerability.
It's just completely compliant with the USB specifications. You have a lot of examples of
bad USB attacks. For example, you've got device emulation attacks, where you have a flash drive
that emulates a keyboard and injects keystrokes, or a flash drive that emulates a network adapter.
And it just overrides the host DNS and default gateway settings once you inject it into the host.
Another example of a bad USB attack would be boot sector virus.
Once you plug in an infected flash drive, it keyboard is emulated to get the host to boot from a hidden storage that was placed on the flash drive.
And this hidden storage contains a rootkit.
And that's how you get a rootkit to infect the host computer that's booting from the flash drive.
So these attacks are very, very powerful.
So are we seeing reports of these types of attacks in the wild?
very, very powerful. So are we seeing reports of these types of attacks in the wild?
Formal reports, no. But these attacks have been demonstrated. So we know they work. We have seen also some scientific papers published about different attacks also based on reprogramming
of the firmware, for example, for reprogramming of webcams, firmware, so that it's actually
spying on whoever is using the webcam and stuff like that.
All right, Ran Yihalem, thanks for joining us.
And now a message from Black Cloak. Did you know the easiest way for cyber criminals to bypass your company's defenses is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk.
In fact, over one-third of new members discover they've already been breached.
Protect your executives and their families 24-7, 365, with Black Cloak.
Learn more at blackcloak.io.
And that's The Cyber Wire.
We are proudly produced in Maryland by our talented team of editors and producers.
I'm Dave Bittner. Thanks for listening. Thank you.