CyberWire Daily - Daily: DPRK jamming prompts search for GPS alternative. Satoshi, is that you?
Episode Date: May 2, 2016In today's podcastwe hear some encouraging examples of responsible disclosure.Ransomware is still out and about. IBM seems to see a futurein blockchain technology. Bob Hansmann from Forcepoint shares ...highlights from their threatreport. Ben Yelin tracks the Snowdenremedies. And Craig Wright again claims he's Bitcoin'sSatoshi Nakamoto—the BBC and the Economist seem readyto take him at his word. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K. stay home with her young son. But her maternal instincts take a wild and surreal turn as she
discovers the best yet fiercest part of herself. Based on the acclaimed novel, Night Bitch is a
thought-provoking and wickedly humorous film from Searchlight Pictures. Stream Night Bitch January
24 only on Disney+.
Hey everybody, Dave here. Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try DeleteMe.
I have to say, DeleteMe is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners, today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k
at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash n2k and enter code N2K at checkout. That's join delete me dot com slash N2K code N2K.
Updates on Tick. Pwned list might be pwnable. Responsible Disclosure seems to be working for
Microsoft, Valve, and the U.S. Department of Defense.
North Korean jamming prompts South Korea to look for a GPS alternative.
IBM defines blockchain security standards for the cloud.
Ransomware infestations continue.
And someone claims again that, no, really, he's Satoshi Nakamoto.
I'm Dave Bittner in Baltimore with your Cyber Wire summary for Monday, May 2, 2016.
TIC, the cyber espionage group Symantec's been tracking, has been particularly active against Japanese targets. The attackers work with drive-bys to deliver GoFairer malware, which in turn installs the Dasurf backdoor on victim systems.
TIC, says Symantec, has been careful, evasive, and given to using well-crafted exploits.
The group has taken a particular interest in Japanese companies engaged in ocean engineering,
broadcasting, and information technology.
Krebs on Security reports that InfoArmor's PwnedList, a service that lets you monitor
credentials for exposure in public places, like Pastebin, itself may be vulnerable to parameter tampering.
The service is designed to let you monitor accounts you own, but Krebs reports that it's possible to see credentials for accounts belonging to any number of other users.
The two-step authentication process involved in adding an item to one's watch list apparently doesn't verify that you've got the rights to that item.
Microsoft's Office 365 was reported at the end of last week to be susceptible to exploitation by unauthorized outsiders
who could gain access to users' files.
But it's important to note that Redmond has already closed this particular hole
and that the episode is an encouraging case study in how responsible disclosure can work.
in that the episode is an encouraging case study in how responsible disclosure can work.
The flaw lay in buggy implementation of the security authentication markup language server.
The vulnerability was discovered and disclosed earlier this year by two independent researchers,
and Microsoft is said to have fixed it within seven hours.
Another bit of responsible disclosure has enabled Valve to fix a crypto flaw in Steam that exposed passwords.
In this case, the problem was found and reported by a student, and he's been appropriately rewarded by Valve. You may wish to dust off a bit of electronic warfare vocabulary as we watch the
continuing convergence of EW with cybersecurity. The word of the day is meconning, which means the
interception of navigational signals and their replacement by deceptive signals, which are rebroadcast, usually at greater power, to deceive the recipients.
Well known for its long-time use against old radio navigation systems, mekaning power appears to be, wait for it,
the Democratic People's Republic of Korea, which has been engaged in fiddling with GPS
to lure South Korean fishing vessels into disputed waters.
South Korea is working on a more deception-resistant navigational alternative to GPS,
perhaps an enhanced version of E-LORAN.
We've seen some important threat summaries published recently.
Last week, we spoke to Verizon about their data breach report. Today, we hear from ForcePoint's
Bob Hansman, who takes us through some of the highlights of his company's threat report.
The report covers areas of insider threat, which is something a lot of companies have overlooked,
mainly with the focus on blocking an external attack where 80 to 85 percent of the
money seems to be being spent. We see a need to start considering what happens, not if I've been
breached or when I've been breached, but what can I do to find out if I've already been breached?
The report includes an analysis of a new botnet campaign that Forcepoint has named Jakku that was discovered by their special investigations team.
Jakku is an aggregate threat. Rather than a new botnet, a new zero-day attack, it is actually a name given to an aggregation of a variety of threat components used to execute a particular attack. In this case, they're using botnet servers
in a variety of countries to attack specific victims. They're very targeted, as well as using
the exact same network to do consumer-level attacks. It's very persistent, and it also uses
a great deal of evasive techniques. Rather than just the one or two we'll see in a normal attack, this one actually uses evasive techniques from stages four through seven of the traditional
kill chain. Hansman says the report emphasized the need for defensive systems to work together
in a more collaborative way. Security solutions need APIs. They need to be able to share
information, not just bubble it up to a SIM, but can they
receive or exchange guidance with something else? We need these solutions to start working together
because the attackers are working together. Jakku is a poster child for that.
That's Bob Hansman from Forcepoint. We'll hear more from him on tomorrow's show about the threat
of accidental insiders and how IT can improve their reputation.
Their website is forcepoint.com.
U.S. surveillance policy has been influenced by the leaks provided by Edward Snowden, who teleconferenced into a debate over encryption that aired yesterday.
His views on encryption were unsurprising.
He's for it and for it everywhere.
But he did make the interesting point that on this issue he, quote, stands shoulder to shoulder, end quote, with former NSA director Michael Hayden,
who's also weighed in on the pro-encryption side of the crypto wars.
In industry news, some analysts, notably at Seeking Alpha, advise investors to look beyond
IBM's recent results to its story and think that the story is more compelling than the performance.
recent results to its story and think that the story is more compelling than the performance.
In particular, they see a future in IBM's shift in emphasis toward AI, security, cloud services, and perhaps surprisingly, blockchain. On Friday, IBM announced a framework for using blockchain
networks securely while remaining compliant with the applicable privacy and security regulations.
Finance and healthcare organizations are expected
to be among the principal users of the framework. Blockchain, of course, is the enabling technology
beneath Bitcoin. And over the weekend, Australian Craig Wright has again outed himself as Bitcoin
creator Satoshi Nakamoto. The BBC and The Economist are running with the story, basically
as Mr. Wright has been telling it. The reporters who are buying his claims note that the evidence Wright offers
sounds convincing, but is hard to follow.
We don't want to be unduly skeptical, but Wright has made these claims before,
and any who find themselves reluctantly moved to continuing doubt should be forgiven.
And if we hear that Mr. Wright may be son of Grand Duchess Anastasia,
we'll really know where we are.
In any case, if the real Satoshi Nakamoto is out there and listening, give us a call.
Even if, especially if, you're Mr. Wright.
Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks.
But get this.
More than 8,000 companies like Atlassian and Quora
have continuous visibility into their controls with Vanta.
Here's the gist.
Vanta brings automation to evidence collection across 30 frameworks, like SOC 2 and ISO 27001.
They also centralize key workflows like policies, access reviews, and reporting,
and helps you get security questionnaires done five times faster with AI.
Now that's a new way to GRC. Get $1,000 off Vanta when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1,000 off. Thank you. cybersecurity solution trusted by businesses worldwide. ThreatLocker is a full suite of
solutions designed to give you total control, stopping unauthorized applications, securing
sensitive data, and ensuring your organization runs smoothly and securely. Visit ThreatLocker.com
today to see how a default-deny approach can keep your company safe and compliant.
Joining me is Ben Yellen, Senior Law and Policy Analyst at the University of Maryland Center for Health and Homeland Security. Ben, Edward Snowden was making the rounds this past weekend, appearing
in interviews on cable news. And he is, of course, famous for his leaks of classified documents, for which some consider him a traitor, some consider him a hero, and many put him
somewhere in between. But there's no denying that his leaks had an effect on the way the government
collects data. I'm curious, what are these effects, these so-called Snowden remedies?
Sure. So I think the main one was the passage of the USA Freedom Act that passed last June,
and it replaced the
Call Details Records program that Stone uncovered. The program officially ended in November, and it's
been replaced with something that I think is more palatable to civil libertarians. Instead of the
information being routinely handed over from the telecommunications companies, now the
telecommunications companies themselves hold, the telecommunications companies themselves
hold on to the data, and the government needs a court order to collect some of the data. So,
I think that was a major and important change that was the direct result of this disclosure.
And I think even folks with the NSA would admit that the disclosure itself played a large part
in ending that program.
And what is the NSA's position on this? Are these changes that they support,
that they can live with?
They are. The NSA has been very supportive of it. They were actually critical of the phone records program, even though they were the ones taking it on.
Several NSA officials had said that the program was ineffectual. A couple of commissions
that were appointed by the president, the Privacy and Civil Liberties Oversight Board,
and the president's own commission had said that the program was ineffectual and bordered on being
unconstitutional. So I think the NSA itself was supportive of the legislation. They encouraged
President Obama to sign it, and he did.
And I think they're quite pleased with the outcome.
Ben Yellen, thanks for joining us.
And now, a message from Black Cloak.
Did you know the easiest way for cybercriminals
to bypass your company's defenses
is by targeting your executives and their families at home.
Black Cloak's award-winning digital executive protection platform secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk.
In fact, over one-third of new members discover they've already been breached.
Protect your executives and their families 24-7, 365, with Black Cloak.
Learn more at blackcloak.io.
And that's The Cyber Wire.
We are proudly produced in Maryland by our talented team of editors and producers.
I'm Dave Bittner. Thanks for listening.
Your business needs AI solutions that are not only ambitious, but also practical and adaptable.
That's where Domo's AI and data products platform comes in. With Domo, you can channel AI and data into innovative uses that deliver measurable impact.
Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights, receive alerts,
and act with ease through guided apps tailored to your role. Data is hard. Domo is easy.
Learn more at ai.domo.com. That's ai.domo.com.