CyberWire Daily - Daily: Guccifer 2.0 claims (to general skepticism) a Clinton Foundation hack. Information operations versus voting. Yahoo! and surveillance of customers. Insulin pump vulnerability reported.
Episode Date: October 5, 2016In today's podcast, we learn that Guccifer 2.0 is back, but that few are buying what he, she, or they are selling. Experts continue to warn of Russian information operations directed against the perce...ived legitimacy of US elections. International norms of cyber conflict. IoT-based DDoS concerns rise with wide distribution of MIrai source code. Flashpoint finds Floki Bot for sale in the underground. Emily Wilson from Terbium Labs explains the difference between the deep and dark webs. Tallinn Manual coauthor Thomas Wingfield discusses developing norms in cyber conflict. More trouble for Yahoo!. M&A news. And a dating site is breached in New Zealand. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K. stay home with her young son. But her maternal instincts take a wild and surreal turn as she
discovers the best yet fiercest part of herself. Based on the acclaimed novel, Night Bitch is a
thought-provoking and wickedly humorous film from Searchlight Pictures. Stream Night Bitch January
24 only on Disney+.
Hey everybody, Dave here. Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try DeleteMe.
I have to say, DeleteMe is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners, today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k
at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash n2k code N2K at checkout. That's joindelete.me.com slash N2K, code N2K.
Guccifer 2.0 is back, but few are buying what they're selling.
Experts continue to warn of Russian information operations
directed against the perceived legitimacy of U.S. elections, international norms of cyber conflict. IoT-based DDoS concerns
rise with wide distribution of Mirai source code. Flashpoint finds Floki bot for sale in
the underground. More trouble for Yahoo, M&A News, and a dating site is breached.
is breached. I'm Dave Bittner, back in Baltimore with your Cyber Wire summary for Wednesday,
October 5th, 2016. The news today is heavier on hacking and its information operational guise that is on cybercrime, hacktivism, or espionage. The big eclat, of course, is again provided by Guccifer 2.0,
who has resurfaced with some material he, she, or they claim to have hacked
from the Clinton Foundation.
The release is surrounded by clouds of muck-raking shock,
but on closer inspection, it appears to be recycled stuff
purloined from the Democratic Party.
Longtime Guccifer 2.0 observer Motherboard offers the most direct,
demotically expressed assessment, which will balderize to hogwash. Guccifer 2.0,
if you're keeping score at home, is widely believed on circumstantial but compelling evidence
to be a sock puppet of Russian intelligence services. This particular mode of information
warfare has attracted considerable comment at the AUSA meetings.
We'll have more on that later this week.
Guccifer 2.0's communique includes a colloquial shout-out to Wikileaks and Julian Assange.
Wikileaks reiterates its plans for weekly data dumps through the U.S. elections, and
U.S. fears of election hacking are now centered on the possibility that confidence in the
vote's legitimacy could be eroded. In some quick notes on more traditional cybercrime, it's clear that
the Internet of Things botnets are, by general consensus, the new normal in attacks on businesses.
The gaming industry, dependent as it is on high levels of access, is particularly concerned,
but the worries extend to businesses generally. Too much commerce is transacted online for anyone to be blasé about the DDoS threat.
Flashpoint warns that a new exploit kit, FlokiBot, is out in the wild.
An evolution of Zeus with a noticeably improved dropper,
FlokiBot is available for $1,000 a pop on what Flashpoint characterizes as a
high-end Russian criminal forum.
In what is believed to be the first warning of its kind by a medical device manufacturer,
Johnson & Johnson alerts users to the possibility that its insulin pumps are vulnerable to cyber attack.
In more bad news for Yahoo, Reuters reports that the company engineered surveillance of its users' emails
by U.S. intelligence or law enforcement agencies.
With the sense of this being a last straw, advice on how to unsubscribe from Yahoo services is being
widely offered across the internet. How this will further affect the company's acquisition
agreement with Verizon is undetermined. Not all industry news is bad. Akamai has
announced its acquisition of Soha Systems in an all-cash deal. Soha is a provider
of enterprise secure access as a service. Carbon Black seems to be progressing toward an IPO.
And congratulations are in order for the companies being honored as this year's Cynet 16.
They'll be receiving their awards at Cynet's Innovation Showcase in Washington, November 2nd
and 3rd. The Cyber Wire will be there to cover the proceedings.
We've been spending this week at the Association of the United States Army's
annual meeting and exposition.
The experts and leaders speaking at the conference have expressed a very strong commitment
to integrating cyber operations at all levels of conflict,
from the tactical to the operational, when appropriate to the strategic.
Several of the speakers have drawn a close connection among growing urbanization worldwide,
the continued failure of states, and the coming pervasiveness of cyber threats and opportunities.
Soldiers operating in urban areas, for example, can and should expect to operate under conditions
of continuous electronic surveillance. This will shape the battle space in challenging ways.
The greatest uncertainties, speakers have said,
cluster around the survival or failure of the institutions
in which the U.S.-led post-World War II security order has found expression.
The United Nations, NATO, the European Union, the World Bank, the IMF, and others.
These institutions are under stress, and their future is unclear.
One area requiring clarity is the set of norms that will govern conduct in cyberspace.
Professor Thomas C. Wingfield of the National Defense University
was a principal author of NATO's Talon Manual,
the most influential model for how such norms will look.
He sat down with us at the Cyber Pavilion at the
AUSA meeting to talk about emerging international norms for conflict in cyberspace.
We've encountered an increased commingling of kinetic and cyber warfare, and we've heard a
number of times that the norms of cyber conflict remain immature. Do you agree with that?
I agree with it up to a point. The norms of cyber conflict are immature, but the norms of conflict in general are very mature.
Most countries agree on most norms almost all of the time.
And the trick is in applying those near universal norms to these new cyber targets and these new cyber problems.
cyber targets and these new cyber problems.
You're one of the authors of the Talon Manual,
which has acquired the reputation of being one of the more comprehensive and influential sources of the norms in conflict and cyberspace.
So how closely does the Talon Manual adhere to other earlier codifications
of such international norms, the laws of armed conflict,
the law of the sea, the just war tradition?
Very closely. The whole point of the Talon Manual was not to write new law, but rather
just take the core of existing law that almost all of the countries agreed on and apply it to
a new battlefield. Just as we had the San Remo Manual apply law of armed conflict to naval
operations and the Air and Missile War warfare manual do that for that area.
It was just meant to take the part we agree on and apply that to cyber operations.
I want to ask you about NATO's Article 5. Some of the newer members of the Atlantic Alliance
have been on the receiving end of cyber offensive operations and we're thinking of Estonia here.
Would the alliance be likely to invoke Article 5 over a cyber incident?
If it were a sufficiently dangerous situation, if it caused sufficient damage, absolutely.
We haven't seen anything in the purely cyber realm that would rise to what we'd call an armed attack,
not even a mere use of force.
So we're just at the very early stages.
If it ever did get to the
level of an armed attack, a smoking hole in the ground, a significant loss of life,
then there's not a doubt in my mind that Article 5 would be invoked.
Is there any sense or any belief that a cyber attack should require a cyber response?
Under international law, there's absolutely no requirement
to use a kinetic response for a kinetic attack
or a cyber response for a cyber attack.
Once an attack gets to the level, whether it's kinetic or cyber or a mix,
gets to the level of armed attack, smoking hole, lives lost,
then any mixture of cyber and kinetic in response is permitted, as long as it's
proportionate and necessary and follows the other norms that, of course, we follow. There's a strong
predisposition to not use kinetic if there's a way to avoid it, because it does result in a
smoking hole in the other side. But there are also limitations
the other way. Not using cyber weapons because, at least in our decade, they tend to be
one-off type of weapons. And by using a capability, we give up a certain architecture of weaponry
and we prefer not to use those silver bullets just yet. We don't, from a legal perspective, it doesn't make any difference,
and it's really more of an operational choice.
I think that there are two things that are very important, at least in the legal world.
One is the need to have an overlap between what the lawyers understand and what operators do.
That's why we're hoping, as the next Talon manual, 3.0 is going to be an operational
law handbook, we hope, that would look at these problems not from a law professor's perspective,
but rather from the questions and problems that operators have now in this immature field.
And we hope to be able to build the legal advice in cyber as the U.S. Army does a great job of doing for the operational law handbook for broad spectrum operations.
The second thing, perhaps more interesting, is the rise of lethal artificial intelligence.
We're legally responsible for what those agents do at cyber speed.
responsible for what those agents do at cyber speed. And if they start causing serious damage, or perhaps even loss of life in the not too distant future, the last human in the loop,
the operator, the commander, we would be on the hook for what those things did in our name.
So we would have to train them to know the cyber legal outer limits of what
they could do so we wouldn't end up as war criminals for releasing them into
the wild it reminds me of you know as a moss rules for robotics absolutely we
would start there and then add on the rules we give to frightened 19 year olds
that we send into combat the same rules would have to be taught and burned
into our AI agents so that whatever else they did while they're fighting at cyber speed,
they would not go afield of the rules that define us as us.
Thomas Wingfield, thanks for joining us.
It's been my pleasure. Thanks for having me.
And finally, there's another breach in an online dating and adultery facilitation service.
This one centered in New Zealand and may have affected around a million and a half users
of the mobile apps Have a Fling, Have an Affair, and Hook Up Dating.
Who knew the Kiwis were so frisky?
You know, if Kiwis weren't flightless birds, we'd advise straighten up and fly right,
but we think we'll have to settle for walk the line.
Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security, but when it
comes to our GRC programs, we rely on point-in-time checks. But get this, more than 8,000 companies
like Atlassian and Quora have continuous visibility into their controls with Vanta.
Here's the gist. Vanta brings automation to evidence collection across 30 frameworks,
like SOC 2 and ISO 27001.
They also centralize key workflows like policies, access reviews, and reporting,
and helps you get security questionnaires done five times faster with AI.
Now that's a new way to GRC.
Get $1,000 off Vanta when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1,000 off.
Cyber threats are evolving every second, and staying ahead is more than just a challenge. Thank you. designed to give you total control, stopping unauthorized applications, securing sensitive
data, and ensuring your organization runs smoothly and securely. Visit ThreatLocker.com today to see
how a default-deny approach can keep your company safe and compliant.
And I'm pleased to be joined by Emily Wilson.
She's the Director of Analysis at Terbium Labs.
Emily, you at Terbium spend a good amount of time monitoring the dark web.
Help us understand what is the difference between the dark web and the deep web.
So first, kind of by way of definition, we think
of the dark web as anywhere our clients wouldn't want to see their information appear online,
whether for sale or for vandalism. And so that can include Tor hidden services, these password
protected forums, even some technically clear websites, actually where a lot of fraud lives,
kind of top level domains based in countries that don't care as much. Western Samoa probably isn't going to shut down your carding forum. And then the deep web
really isn't as scary as it tends to be presented as. It's kind of anywhere a crawler, kind of
think of Google's web spider out indexing web pages, can't really reach. So anytime you log
in and you're in a place that you can only access with your credentials, that's the deep web.
Nothing scary or illegal about it by nature.
So are there legitimate activities going on on the dark web or is the dark web pretty much all bad stuff?
Well, not to tease out too much of a research paper we have coming out soon, but actually a fair amount of the dark web is legal activity.
This can range from standard clear web sites
that happen to have a version of their site up on a hidden service,
Facebook, for example,
or whistleblower sites where people can provide information,
even just offbeat news sites talking about
what the government doesn't want you to know
or the UFO in my backyard,
all perfectly legal activity.
All right. Emily Wilson, thanks for joining us.
And now a message from Black Cloak. Did you know the easiest way for cyber criminals to bypass your
company's defenses is by targeting your executives and their families at home? Black Cloak's award
winning digital executive protection platform secures
their personal devices, home networks, and connected lives. Because when executives are
compromised at home, your company is at risk. In fact, over one-third of new members discover
they've already been breached. Protect your executives and their families 24-7, 365,
with Black Cloak. Learn more at blackcloak.io.
And that's The Cyber Wire. We are proudly produced in Maryland by our talented team
of editors and producers. I'm Dave Bittner. Thanks for listening.
Your business needs AI solutions
that are not only ambitious,
but also practical and adaptable.
That's where Domo's AI and data products platform comes in.
With Domo, you can channel AI and data into innovative uses that deliver measurable impact.
Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights, receive alerts, and act with ease through guided apps tailored to your role.
Data is hard. Domo is easy. Learn more at ai.domo.com. That's ai.domo.com.