CyberWire Daily - Daily: Election, infrastructure hacks in US, Russia. Advice on Black Hat.
Episode Date: August 1, 2016In today’s podcast we hear about Russian reports of an APT active against military, scientific, defense, and government networks. US investigations into the hacks of the DNC, DCCC, and Clinton campa...ign continue, with suspicion still directed at Russia. ISIS calls online for an extension of jihad to Russia. The SpyNote Android Trojan is out in the criminal underground. Researchers report vulnerabilities associated with WhatsApp and SwiftKey. And we share some security advice from Level 3's Dale Drew for those attending Black Hat. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K. stay home with her young son. But her maternal instincts take a wild and surreal turn as she
discovers the best yet fiercest part of herself. Based on the acclaimed novel, Night Bitch is a
thought-provoking and wickedly humorous film from Searchlight Pictures. Stream Night Bitch January
24 only on Disney+.
Hey everybody, Dave here. Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try DeleteMe.
I have to say, DeleteMe is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners, today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k
at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash N2K, code N2K.
Russia says it's been hacked and it's being careful with attribution.
U.S. investigation of hacking into Democratic Party assets continues,
with most observers still seeing a Russian hand behind the incidents.
ISIS issues fresh calls for jihad.
The spy note Android Trojan seems poised for an outbreak.
Vulnerabilities affecting users of SwiftKey and WhatsApp are reported.
And some advice for those attending Black Hat.
I'm Dave Bittner in Baltimore with your CyberWire summary for Monday, August 1, 2016.
Over the weekend, Russia's FSB reported that some 20 organizations in that country had been afflicted by sophisticated advanced persistent threats.
Many reports are calling the incidents attacks on critical infrastructure,
persistent threats. Many reports are calling the incidents attacks on critical infrastructure,
but in this case infrastructure seems to be used loosely to describe any network regarded as important. The affected enterprises are said to include, quote, scientific and military institutions,
defense contractors, and public authorities, end quote, and the hacking appears to aim at espionage
as opposed to disruption or destruction. Russian sources declined to attribute the incident,
but suggest the responsible actors are both sophisticated and capable.
Kaspersky Labs is investigating, and it too declines to offer attribution,
although it describes whoever's responsible as a powerful cyber gang.
It's difficult to read the reports without seeing a not-so-veiled-to-quoque
aimed in the general direction of Washington, or perhaps more precisely in the general direction of Langley and Fort Meade.
Recent weeks have been dominated by news of election-related hacking of Democratic Party sites in the U.S., including the Clinton campaign, the Democratic National Committee, and the Democratic Congressional Campaign Committee.
and the Democratic Congressional Campaign Committee.
The consensus that these attacks were the work of Russia's FSB and GRU has been growing and has been accompanied by increasingly sharp calls for retaliation,
recognition that we are in a cyber war, etc.
So refusing the easy temptation of quick attribution to the U.S. is telling.
There may be some example setting going on here.
The prim Russian coinus about attributing the incident stands in contrast to much coverage in the U.S. media,
who've been quick to see the hacks as evidence that someone, usually specified as NSA, is doing something.
It's worth remembering that such attribution is, for now, however much it might appear to be likely,
a matter of speculation on the grounds of a priori probability.
appear to be likely, a matter of speculation on the grounds of a priori probability.
We note that Russia Today, a reliable conduit of the Putinist view of things,
quotes U.S. Director of National Intelligence Clapper with approval when he advises everyone to stop hyperventilating until we know more about the election season hacks in the U.S.
Investigation is in the hands of the FBI and may be expected to proceed at the usual deliberate speed of law enforcement.
Concern over the Russian hacks of the Democratic Party, forgive the hyperventilation, we're just noting the consensus,
it isn't limited to U.S. figures.
A British general has pointed out that such activities may represent a new normal in 21st century hybrid conflict.
General Sir Richard Barons called for a civilian reserve,
what the Times of London calls a part-time army of geeks, that could be made available to respond
to comparable threats to the UK. This proposal for a kind of cyber dad's army has had echoes
in other countries' plans for various kinds of cyber reserves that could draw upon civilian
security talent at need. In the US, for example, there are ongoing congressional discussions of expanding the
role of the National Guard in cyber defense.
WikiLeaks' Julian Assange declined yesterday to say whence he received the DNC documents
WikiLeaks has made public, essentially refusing to burn his sources.
If those sources are in fact Russian security organs, their motivation remains
an open question. The likeliest motive may be the general goal of eroding confidence in U.S.
political institutions, as opposed to supporting any particular electoral outcome, but the observers
who are commenting are at this point engaging in speculation. French police investigate alleged
accomplices in the church attack near Rhone,
suggesting that the ISIS killers were not so much lone wolves as members of a local pack that heard the howling from Syria.
Two persons are said to be the subject of the inquiry so far.
Over the weekend, ISIS called upon its followers to bring jihad to Russia.
The call was issued in the form of a YouTube video,
with partial authentication coming through the video's distribution via known ISIS Telegram accounts.
There are a variety of small but interesting developments in cybercrime to report.
Some of Configure's old command and control infrastructure, thought to have been out of commission, has begun to turn up in current criminal campaigns.
The code for the spy node Android Trojan has leaked to the underground
market. Observers expect it to appear in attacks soon. SpyNote is capable of installing a backdoor
in an infected device. SwiftKey's typing predictions may be leaky, and the vendor has moved to suspend
that function. Deleted WhatsApp messages are said to persist in the cloud, where they could be susceptible to interception.
Finally, Black Hat is underway.
The training sessions that began over the weekend continue today.
Tomorrow, the conference features the CISO Summit,
and Wednesday and Thursday will be devoted to workshops, presentations, and sponsored sessions.
We'll be offering some perspective from the event as the week goes on. And we trust that our stringers are being properly careful at Black Hat. If you're
attending, you should be careful too. This conference is always a bit wild in terms of
the security challenges it presents, and we needn't even describe the challenges presented
by the concurrently running but independent DEF CON. Suffice it to say that Black Hat is sometimes called Defcon's grown-up counterpart.
We spoke to Dale Drew from Level 3 about some Black Hat do's and don'ts,
so we'll hear from him after the break.
So stay safe out there.
What goes on in Vegas doesn't necessarily stay in Vegas, you know.
And follow any Pokemon with due caution.
come on with due caution. Do you know the status of your compliance controls right now? Like, right now? We know that real-time visibility is critical for security, but when it comes to our
GRC programs, we rely on point-in-time checks. But get this, more than 8,000 companies like Atlassian
and Quora have continuous visibility into their controls with Vanta. Here's the gist. Vanta brings
automation to evidence collection across 30 frameworks, like SOC 2 and ISO 27001.
They also centralize key workflows like policies, access reviews, and reporting,
and helps you get security questionnaires done five times faster with AI. Now that's a new way
to GRC. Get $1,000 off Vanta when you go to vanta.com slash cyber. That's vanta.com slash
cyber for $1,000 off.
Cyber threats are evolving every second, and staying ahead is more than just a challenge.
It's a necessity. That's why we're thrilled to partner with ThreatLocker,
a cybersecurity solution trusted by businesses worldwide.
ThreatLocker is a full suite of solutions designed to give you total control,
stopping unauthorized applications, securing sensitive data,
and ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today to see how a default
deny approach can keep your company safe and compliant.
And joining me once again is Dale Drew. He's the chief security officer at Level 3 Communications.
Dale, a lot of people are gearing up to head out to the Black Hat conference.
You've got some tips and some precautions for folks who might be heading out to the show.
I do.
You know, Black Hat is not your typical security conference.
It is not for the faint of heart from a security perspective.
not for the faint of heart from a security perspective.
And the sort of precautions that I would recommend are things that help people protect themselves when they're in an environment that is just awash with very technical people
who are experimenting on new technology at that venue and that event.
on new technology at that venue in that event. We've seen situations where conference goers are creating their own wireless hotspots with the same name as the legitimate conference name. So
people get connected to, quote, the bad guy hotspot rather than the legitimate hotspot.
Bad guys then intercept all that traffic. They inject malware in the middle of that traffic
and then can take over a computer and then produce research results.
We've even seen bad guys or conference goers create cell phone towers that are used to
intercept cell phone traffic and, again, get access to the data or inject payloads into the data
for the purposes of gaining access to passwords or getting access to the end device itself.
So a lot of caution is advised when you go to Black Hat.
We really recommend a few things.
We recommend that if you're going to be taking electronic gear,
make sure that your laptops and your phones are wiped of any personal or confidential data.
In fact, we really recommend just wiping the system from scratch
and reinstalling the operating system and going with the blank machine.
And then that way, when you come back, you can wipe that machine again
in the event that there's been any malicious code that may have been deposited on that system. We recommend you changing your passwords.
And so if you're there and you're surfing webpages or online banking or any of that,
any personal or professional business use, we recommend changing your passwords before you go
to the conference and then changing your passwords when you return back from the conference.
Again, in the event your passwords may have been intercepted or collected and therefore
used against you.
We recommend trying not to use the conference wireless because you really don't know what
wireless infrastructure you are connecting to.
And try to use a cell phone hotspot, either your cell phone itself
or bring like a MiFi. We would really recommend disabling Bluetooth on your devices because
Bluetooth can not only be intercepted, it can be used as a vehicle to intercept traffic.
Just a few to round this out here, We recommend bringing a NFC or near field communications blocker for things like your credit cards.
People have built devices at these conferences where they just have to get fairly close to your wallet or your purse, and they can read the data off of your credit card, including your credit card number, your expiration date, and your security code.
So if you take an NFC blocker, you'll block access to those sorts of readers while you're walking around the conference floor.
And then last but not least, do not accept USB drives at conferences like this.
You do not know what will be on the drive.
Those are a primary method of delivering bad content to your computer.
of delivering bad content to your computer. And when you're withdrawing money out of an ATM at a conference, check the ATM to make sure that there isn't a skimmer on the ATM itself. Those
are really the main sort of takeaways that we have that have really contributed to people
losing access to personal information or losing access to professional assets.
or losing access to professional assets.
All right.
So Black Hat, not your average tech conference.
So extra precautions are in order.
Absolutely.
All right.
Dale Drew, thanks for joining us.
And now a message from Black Cloak.
Did you know the easiest way for cyber criminals to bypass your company's defenses is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk. In fact,
over one-third of new members discover they've already been breached. Protect your executives and their families 24-7, 365, with Black Cloak. Learn more at blackcloak.io.
and that's the cyber wire we are proudly produced in maryland by our talented team of editors and producers i'm dave bittner thanks for listening Your business needs AI solutions that are not only ambitious, but also practical and adaptable.
That's where Domo's AI and data products platform comes in.
With Domo, you can channel AI and data into innovative uses that deliver measurable impact.
Secure AI agents connect, prepare, and automate your data workflows, helping you gain insights, receive alerts, and act
with ease through guided apps tailored to your role. Data is hard. Domo is easy. Learn more at
ai.domo.com. That's ai.domo.com.