CyberWire Daily - Daily: Election Eve cyber threat roundup. Retail bank Tesco stops online banking after wave of fraud.
Episode Date: November 7, 2016In today's podcast, we offer an Election Day Eve round-up of current cyber tensions, especially between the US and Russia: influence operations for sure, disruption possibly, vote manipulation maybe (...but probably not). Ukrainian hacktivists continue to dox a major Putin consigliere. UK retail bank Tesco shuts down online operations due to a wave of fraud. Ben Yelin from the University of Maryland Center of Health and Homeland Security provides a final assessment of the US presidential candidates. And Indian police say a rival service seems responsible for a July DDoS attack in Mumbai. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K. stay home with her young son. But her maternal instincts take a wild and surreal turn as she
discovers the best yet fiercest part of herself. Based on the acclaimed novel, Night Bitch is a
thought-provoking and wickedly humorous film from Searchlight Pictures. Stream Night Bitch January
24 only on Disney+.
Hey everybody, Dave here. Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try DeleteMe.
I have to say, DeleteMe is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners, today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k
at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash N2K, code N2K.
On Election Day Eve, a roundup of current cyber tensions,
especially between the U.S. and Russia.
Influence operations for sure, disruption possibly Vote manipulation, maybe, but probably not. U.K. retail bank Tesco shuts down online
operations due to a wave of fraud, and Indian police say a rival service seems responsible
for a July DDoS attack in Mumbai. I'm Dave Bittner in Baltimore with your Cyber Wire summary for Monday, November 7, 2016.
You may have heard that widespread concern about the prospects of Russian intelligence services hacking elections
has prompted authorities to take measures they hope will contribute to securing the vote.
Indeed, this is the case.
they hope will contribute to securing the vote.
Indeed, this is the case.
Government officials in Montenegro have begun to upgrade the security of that country's voting apparatus as suspicions arise that Russian operations have been interfering with election sites.
Oh, and there's also this election going on in the United States tomorrow.
The Americans, too, seem to have the same case of the willies as the Montenegrins
about Russian security services, that is, the APTs known as Cozy Bear and especially Fancy Bear.
The most commonly voiced concerns fall into three categories.
First, there's the prospect of direct manipulation of vote tallies by enemies both foreign that
would be the Russians and domestic.
Choose your own poison on this one, partner.
Despite recent proofs of concept by
Silance and others, direct hacking of votes, wholesale election theft on a scale not seen
since the good old days of the Chicago machine, is generally regarded as unlikely. The second
category of concern involves disruption of voting. Distributed denial of service attacks that might
impede voting or delay counting are thought somewhat more likely,
especially in the wake of the recent Mirai-enabled DDoS attacks that have put so many on their guard against this particular threat.
On this second class of threat, the Mirai botnet provides a cautionary example.
It now appears that last week's incident in Liberia was less devastating than initially reported,
but botnet-driven DDoS remains a matter of concern.
Andrew Howard, chief technology officer for Kudelski Security, told the CyberWire,
quote, for proven security tactics and technology for the IoT space. Companies of all types need to ensure customer devices and systems
meet desired security levels at all stages of their life cycles.
End quote.
Without taking such steps, Howard said,
companies run the risk of leaving the door open to attackers.
Returning to election fears,
there's the prospect of information operations
designed to discredit the U.S. electoral system. These operations are widely believed to be well underway,
and all signs in this regard point to Russia. Guccifer 2.0, the shadowy gadfly of the Democratic
National Committee, who's generally regarded as a sock puppet for probably the GRU, has called upon
his fellow hacktivists to monitor the U.S. elections.
And we repeat, it's unlikely in the extreme that Guccifer 2.0 is a hacktivist along the lines of Guccifer 1.0.
The call for monitoring carries a special sting for American targets,
since good government election monitoring abroad has long been a traditional staple of U.S. public diplomacy.
Guccifer 2.0, by the way, isn't the only nominal hacktivist out there doxing world leaders.
Ukrainian hackers have released documents from a second email account linked to Putin aide Vladislav Surkov, the same guy Mr. Putin says doesn't even use email.
Like earlier leaks, they purport to show aggressive Russian designs against Ukraine.
Wikileaks released another tranche of leaked emails over the weekend.
They continue to be more of the bad-looking stuff that's emerged from the Democratic National Committee and Clinton campaign accounts.
Wikileaks itself claimed it experienced a DDoS attack shortly after it released the latest set of emails,
but the site appeared to be up and functioning as of this morning.
Twitter also experienced an outage earlier today,
but that appears to have been an engineering error and not an attack,
despite the initial paranoid reactions across the Internet.
And the FBI over the weekend announced that it's looking through Anthony Weiner's laptop,
his laptop computer, that is,
and not so far found anything that would lead it to recommend
indicting Hillary Clinton for mishandling classified information.
There have been various dark hints in recent weeks
about planned or at least possible U.S. retaliation
against any Russian electoral hacking,
and senior U.S. officials and industry figures
have certainly discussed retaliatory options
in the event of a clearly attributed cyber attack.
Over the weekend, the Russian press has reported U.S. penetration of Russian critical infrastructure networks,
and the Russian government has demanded an explanation.
There's been no public U.S. response beyond continuing efforts on the part of state governors
and the Department of Homeland Security to reassure the public of the integrity of the voting system.
Forcepoint, who's been following election-related chatter closely, noted to us late this afternoon
that influence operations aside, the FBI has found, quote, malicious actors scanning and
probing state voter databases for vulnerabilities, end quote.
The actors were operating from servers hosted by a Russian company, but the probes and scans
aren't, so far at least, being attributed to the Russian government.
Election hacking aside, authorities are following internet chatter by al-Qaeda and other jihadist
groups that appears intended to inspire physical attacks on locations associated with voting.
State and federal authorities are on their guard and pursuing several lines of investigation.
It is with somber relief that we turn to ordinary cybercrime,
which is bad enough but seems somehow more tractable than election influence.
Tesco Bank, a major consumer bank in the UK,
halted online transactions after at least 20,000 customers were hit with fraud and a further 40,000 experienced attempted fraud.
It's a big enough caper with enough lessons to be learned that we offer some of the reactions we've received from security experts.
Shane Stevens from Vasco Data Security told the Cyber Wire this demonstrates the need for banks to, quote, take a step back and assess their endpoint access and all their layers of security, end quote.
Mark Wilson, director of product management at StealthBits Technology,
framed the issue for us this way, quote,
the big question is how did the perpetrator get access to 40,000 accounts?
Internet banking utilizes multi-factor authentication.
Were two-factor authentication tokens compromised?
If so, that could cast a shadow across the whole online banking and finance sector.
He also noted that Tesco isn't just a retail bank.
It's also the largest grocery retailer in the UK,
and it offers a range of services including mobile telecommunications,
internet services, insurance, and credit services.
Wilson said that, quote, unless Tesco segregates those platforms, it stands to reason that they may also be at risk, or perhaps already compromised, end quote.
Kunal Anand, CTO and co-founder of Prevoti, said to the Cyber Wire, quote,
It's one thing to steal your identity, it's another thing to steal your money. There is even more pressure on financial services organizations like Tesco to
have more controls within their network, endpoints, and applications, including RASP, to monitor and
protect against fraud. The raw data from these controls, combined with anomaly detection,
could allow organizations to react faster and help reduce overall fraud,
end quote. He thinks Tesco has some investigation and remediation left to do.
One final note on cybercrime and prospective punishment comes from India, where police in
Mumbai have concluded that a DDoS attack on a major internet service provider wasn't the work
of criminal gangs or foreign security services after all. It seems
instead a rival ISP mounted the attack. That rival is so far unnamed, but stay tuned.
Do you know the status of your compliance controls right now? Like, right now?
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks.
But get this.
More than 8,000 companies like Atlassian and Quora
have continuous visibility into their controls with Vanta.
Here's the gist.
Vanta brings automation to evidence collection across 30 frameworks,
like SOC 2 and ISO 27001.
They also centralize key workflows like policies, access reviews, and reporting,
and helps you get security questionnaires done five times faster with AI.
Now that's a new way to GRC.
Get $1,000 off Vanta when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1,000 off.
Thank you. worldwide. ThreatLocker is a full suite of solutions designed to give you total control,
stopping unauthorized applications, securing sensitive data, and ensuring your organization runs smoothly and securely. Visit ThreatLocker.com today to see how a default deny approach can keep
your company safe and compliant. our election here in the United States is right around the corner. And I wanted to check in with you to see what do we know, if anything, about our two major candidates, Hillary Clinton and
Donald Trump, about their positions when it comes to cybersecurity and things like surveillance?
Well, Dave, we actually know relatively little. It hasn't played a huge role in the campaign.
I know it actually came up at the first debate. Donald Trump famously said that
his son, Barron, was very proficient at computers. And that was sort of a segue
into talking about the importance of cybersecurity. I think on the electronic surveillance side,
both Secretary Clinton and Donald Trump would be more favorable to some of the bulk electronic
surveillance programs in the Obama administration. And it's worth pointing out the Obama administration was actually quite favorable
to electronic surveillance. For example, after the 2015 San Bernardino attacks,
Secretary Clinton called for an intelligence surge and for increased monitoring on social
media for suspected terrorists. Again, all things that the Obama administration has done.
for suspected terrorists. Again, all things that the Obama administration has done. But, you know,
I haven't seen her comment on some of the Edward Snowden divulged information, such as the phone records program or the collection of the content of online communications under the FISA Amendments
Act. So it'll be interesting to see if either of the candidates take a firm policy stance on that.
I think a lot of it will be determined by what happens in Congress.
Certainly, generally, Democratic lawmakers are slightly more eager to chip away at some of the excesses of the electronic surveillance programs.
But there was a bipartisan coalition to pass the USA Freedom Act, which ended the NSA's collection of bulk metadata back in 2015.
And that was really the first time since 9-11 that such a program had been curtailed in that way.
So I think it's certainly something worth paying attention to.
It's such a critical and important issue and has played such a small part in our presidential campaign.
So it's certainly something to pay attention to.
All right, Ben Yellen, time will tell. Thanks for joining us.
And now a message from Black Cloak. Did you know the easiest way for cyber criminals to bypass your
company's defenses is by targeting your executives and their families at home.
Black Cloak's award-winning digital executive protection platform secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk.
In fact, over one-third of new members discover they've already been breached. Protect
your executives and their families 24-7, 365, with Black Cloak. Learn more at blackcloak.io.
And that's The Cyber Wire. We are proudly produced in Maryland by our talented team of editors and producers.
I'm Dave Bittner. Thanks for listening.
Your business needs AI solutions that are not only ambitious, but also practical and adaptable. Thank you. Secure AI agents connect, prepare, and automate your data workflows, helping you gain insights, receive alerts,
and act with ease through guided apps tailored to your role.
Data is hard. Domo is easy.
Learn more at ai.domo.com.
That's ai.domo.com.