CyberWire Daily - Daily: ISIS doubles down on info ops. Window shopping in crimeware souks.
Episode Date: July 28, 2016In today’s podcast we hear about how ISIS continues to pursue its strategy of using information operations to inspire lone wolves, and what investigators in France, Germany, and the United States ar...e seeing as they look at jihadist social media. We learn about advances in facial recognition software. WikiLeaks releases audio files culled from DNC email hacks. More releases are expected, and evidence continues to point (circumstantially but substantially) toward Russian services as the hackers. Trump suggests Russian intelligence would do everyone a favor if it releases the 30,000 deleted Clinton emails many think the Russians have. Gigamon's Shezad Merchant tells us all about metadata, and Marcus Rauschecker explains the privacy implications of facial recognition software. We take a stroll through the crimeware souk (just looking, thanks). Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K. stay home with her young son. But her maternal instincts take a wild and surreal turn as she
discovers the best yet fiercest part of herself. Based on the acclaimed novel, Night Bitch is a
thought-provoking and wickedly humorous film from Searchlight Pictures. Stream Night Bitch January
24 only on Disney+.
Hey everybody, Dave here. Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try DeleteMe.
I have to say, DeleteMe is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners, today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k
at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash n2k code N2K at checkout. That's joindelete.me.com slash N2K, code N2K.
ISIS doubles down on murderous online inspiration.
New technologies for fighting terror have privacy implications.
WikiLeaks isn't done with the DNC,
and speculation continues about the identity of the hackers,
with circumstantial evidence pointing towards Moscow.
People are shocked and or admiring about Trump's asking Russia what's in Clinton's 30,000 deleted emails.
Congress and others mull what counts as an act of cyber war. And security researchers do some window shopping in the dark web.
I'm Dave Bittner in Baltimore with your CyberWire summary for Thursday, July 28, 2016.
Investigators in France and Germany describe extensive posts on social media by those apparently responsible for recent attacks in Normandy and Bavaria.
The alleged attackers, all now dead either by their own hand or at the hands of police,
left behind explicit statements of their intent to kill and their allegiance to ISIS.
ISIS has continued to claim and praise the attackers, suggesting that the caliphate is
doubling down on its information operations strategy of inspiring lone wolves, in which
U.S. FBI Director Comey yesterday called
the terrorist diaspora. The public mood towards security policy is said to be shifting in both
France and Germany, with much talk in France of adopting Israeli-style security measures,
and with discussion in Germany of moving from a willkommen to an adieu approach to immigration.
In no case are there any obvious responses to terror groups' information operations,
but in a gesture against ISIS inspiration,
Le Monde has said it will no longer publish pictures of terrorists.
Over in India, Facebook is reported to have begun censoring posts related to Kashmir,
the disputed province being a perennial locus for sectarian ethnic conflict.
When it comes to analyzing your network traffic, you can look at the actual data, but according
to Shahzad Merchant from Gigamon, there's a strong case to be made for making metadata
analysis part of your toolkit.
The way to think about metadata is that it is information about a conversation, not the
actual conversation.
So the classic example is, if you think about a phone conversation, metadata is like the actual conversation. So the classic example is if you think about a phone conversation,
metadata is like the phone bill.
It tells you who's calling from where to whom for how long,
over what lines of communications.
It gives you all the information about the conversation
without actually giving you the entire conversation itself.
And network metadata is very similar.
So network metadata is information about network conversations.
So any traffic flowing on the network infrastructure, your network sessions, your network conversations,
your network flows, network metadata is information about those network conversations.
But in addition to that, a lot of very specific information that is relevant
to the security space, for example, information about DNS queries, information about every URL
being accessed, information about every HTTP redirect that you get, information about certificates
on encrypted communications, all that information is available and can get extracted and presented
as network
metadata. Of course, when you're analyzing data, privacy can be an issue. Merchant says that there
are instances where looking at metadata actually makes it possible to analyze information while
complying with privacy policies. For example, you don't want to take a look at somebody's health
records flowing online or, for example, if somebody's doing a banking transaction and you
don't want to actually look into the actual data, metadata gives you all the information about
those flows. So for example, if somebody is accessing traffic in a remote part of the
world that he should not typically be going to, you don't necessarily have to look into
the conversation. You can know that that is anomalous behavior. If somebody is visiting websites or URLs that are on a known list of bad websites,
you don't necessarily have to look into the conversation.
You can just know from the behavior that people are doing something anomalous.
There's another reason why I think network metadata is very important,
and that is when you start taking a look to the future, we know, for example,
100-gig networks are coming.
People are beginning to deploy 100 gig infrastructure. There's a big challenge
with 100 gig technologies. On a 100 gig network infrastructure, the time from one packet to the
next packet is 6.7 nanoseconds. That is 6.7 billionths of a second. And so I think it's
going to become extremely difficult for security solutions to do anything meaningful on a packet-by-packet basis if they have to do any kind of deep packet inspection.
There's just far too much traffic and it is flowing far too quickly.
And I think that's where metadata, again, plays a very important role.
It's being able to not have to look at every packet on the wire and look at information about that transaction to give you an indicator of what's actually going on.
So I think these two reasons, the speed of data and the issues associated with privacy, confidentiality, and compliance,
both of these are pointing heavily in the direction of leading towards network metadata.
That's Shahzad Merchant. He's the CTO at Gigamon.
Wikileaks continues to post Democratic National Committee files, most recently MP3 audio files
pulled from hacked emails.
The files amount to around 15 minutes of pretty anodyne stuff.
One file, a chat about visiting a zoo, even sounds like the inadvertent result of what
the kids indelicately call butt-dialing.
Their basic content is nothing new.
Some of the people who called the DNC didn't
like Senator Sanders and wanted him defeated. Speculation continues about the source of the
leaks. Almost all who've looked into the matter see strong circumstantial evidence that those
involved in hacking the DNC were Russian and probably connected to the Russian government.
Some go farther and attribute the year-long intrusion, the length of which is no longer in dispute, to the Russian intelligence services FSB and GRU, but it is worth
noting that circumstantial evidence does leave room for doubt and that attribution is always
notoriously difficult. Analysts continue to speculate about the presumably Russian hackers'
motives in leaking the files. People close to the Clinton campaign have been
saying it's because President Putin would like to see Donald Trump become his American counterpart,
a suggestion Trump dismisses out of hand. Many within the U.S. Intelligence Committee also think
this unlikely. The Council on Foreign Relations blog suggests an alternative possibility.
Perhaps the files were leaked when they were, and with all their attendant Guccifer
2.0 sock puppetry, because the organs, particularly the GRU, got caught, and so were making the best
of a bad situation. Meanwhile, Republican nominee Trump has expressed the hope that the Russians can
tell everyone what was in those 30,000 emails Democratic nominee Clinton erased before turning
the homebrew server she used during her tenure as Secretary of State over for security inspection.
Reactions to Trump's speech range from the not necessarily approving but more or less admiring,
as in instapundence evaluation, troll-level Supreme Galactic Overlord,
to the condemnatory, for example, the suggestion in Ars Technica that the speech amounted almost to solicitation of cybercrime.
More WikiLeaks are expected, as are more hacks of political campaigns.
Some op-eds, notably in NextGov, are suggesting it's time for the Secret Service to crack
down on candidates' cybersecurity the way it already has on their physical security.
This has prompted renewed discussion in the U.S. of what counts as an act of war in
cyberspace. Espionage doesn't generally count, so what might? Turning with relief to more
conventional forms of cybercriminality, we see that researchers at Digital Shadows have published
a look at Deer.io, a Russian site-building platform that the researchers say harbors an extensive crimeware market.
Deer.io hosted crime lord Tessa88's DarkSide.global,
and allegedly there's a lot of other malware being hawked there to this day.
Some of the offerings on Deer.io seem innocent enough, like a tennis score predictor, assuming it's legit, but most are fairly obviously crooked.
Elsewhere in the black market, Trend Micro
looks at Spampato Ransomware, which is now being offered as a service. We're not suggesting you
should do this, but if you were a bad guy, you could buy a lifetime license for Spampato for
the low, low price of just $39. And finally, the controllers of Petya and Misha Ransomware are
adopting aggressive marketing tactics.
They've released keys to one of their criminal rivals, Chimera,
and they've also established an affiliate program.
So now you could, although of course you wouldn't,
participate in cybercrime just as if you were an Amazon associate, but only an evil one.
Profit from Petya and Misha, they say. Step right up. They offer high infection rates, easy administration, and free crypting service.
But wait, there's more.
Provably fair, as professional cybercriminals, we know that you can't trust anyone.
The impresario's right.
So we developed a payment system based on multi-sig addresses,
where no one, including us, can rip you off.
Hmm.
Well, the prices are low.
We guess the boss is on vacation
and they've all gone crazy.
Their secret?
Volume.
Do you know the status
of your compliance controls right now?
Like, right now.
We know that real-time visibility
is critical for security, but when
it comes to our GRC programs, we rely on point-in-time checks. But get this, more than 8,000
companies like Atlassian and Quora have continuous visibility into their controls with Vanta. Here's
the gist. Vanta brings automation to evidence collection across 30 frameworks, like SOC 2 and ISO 27001.
They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done five times faster with AI.
Now that's a new way to GRC.
Now that's a new way to GRC.
Get $1,000 off Vanta when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1,000 off.
Cyber threats are evolving every second, and staying ahead is more than just a challenge. Thank you. designed to give you total control, stopping unauthorized applications, securing sensitive data, and ensuring your organization runs smoothly and securely. Visit ThreatLocker.com today to see
how a default-deny approach can keep your company safe and compliant.
Joining me once again is Marcus Roshecker. He's from the University of Maryland Center for Health www.facialrecognition.com was recently released in Russia, where it's a facial recognition software. And they're saying that you can take a photo of a passerby and with 70% reliability, identify who that person is based
on publicly available information. What do you think about this? This notion of losing our privacy
in public places, this is a serious thing, yes? Oh, absolutely. It's a very serious thing. And I think the
privacy implications of this app and all the facial recognition software that's forthcoming here
are readily apparent to anyone who just thinks about it for just a minute or so.
I think with apps like this and with facial recognition in public places, you know,
we see cameras everywhere now. And if these cameras then have that facial recognition in public places, you know, we see cameras everywhere now. And if
these cameras then have that facial recognition software built in, I think there are huge
implications for privacy. I think, you know, we can almost forget about anonymity in public spaces,
because if all these cameras are able to identify individuals just by these individuals walking into the point of view of these cameras,
I mean, our anonymity is then gone.
Similarly, our movements in public spaces may start to be tracked as we move from the
view of one camera into the next.
These cameras, through facial recognition, will be able to track us as we move along
in the public space.
So there are certainly very serious privacy implications here.
The article mentioned that even some high schools and churches have started to use facial recognition to take attendance.
So, you know, that doesn't seem like a bad thing to use it for.
But as you said, the privacy implications for law enforcement and even just your general comings and goings are a bit harrowing.
Is there any pending policy to address this sort of thing?
This facial recognition software is being used without an individual's permission.
We as an individual have no control over whether or not we are tracked by these cameras as we're out in public,
and we have no way of opting out of that kind of tracking.
So all that being said, I think, yes, we as a society need to think more about what's coming our way in terms of the technology,
the technological capabilities of facial recognition.
the technological capabilities of facial recognition.
And I think Congress and other policymakers are going to have to start thinking more and more about these issues as they're coming our way and perhaps rethink some of the policies that we have in place now, rethink some of the laws that we have in place now,
and see if they need to be amended in any way to address this new technology coming.
All right, Marcus Roschecker, we'll keep an eye on it.
Thanks for joining us.
And now a message from Black Cloak.
Did you know the easiest way for cyber criminals to bypass your company's defenses
is by targeting your executives and their families at home.
Black Cloak's award-winning
digital executive protection platform
secures their personal devices,
home networks, and connected lives.
Because when executives are compromised at home,
your company is at risk.
In fact, over one-third of new members discover
they've already been breached.
Protect your executives and their families 24-7, 365 with Black Cloak.
Learn more at blackcloak.io.
And that's The Cyber Wire.
We are proudly produced in Maryland by our talented team of editors and producers. I'm Dave Bittner. Thanks for listening.
Your business needs AI solutions that are not only ambitious, but also practical and adaptable.
That's where Domo's AI and data products platform comes in. With Domo, you can channel AI and data into innovative uses that deliver measurable impact.
Secure AI agents connect, prepare, and automate your data workflows, helping you gain insights, receive alerts,
and act with ease through guided apps tailored to your role. Data is hard. Domo is easy. Learn more at ai.domo.com. That's ai.domo.com.