CyberWire Daily - Daily: ISIS inspiration, radicalization. FBI says no help needed to crack iPhone.
Episode Date: March 22, 2016In today's Daily Podcast we discuss what's known so far about ISIS inspiration or control of the Brussels attacks. Some precautions users can take against ransomware are recommended. The US Department... of Justice has told the presiding Magistrate the FBI no longer needs Apple's help to open the San Bernardino iPhone, and we talk with the Johns Hopkins University's Joe Carrigan about the technical pros and cons of each side's case. Finally, we say farewell to Andy Grove, long of Intel, who died yesterday at the age of 79. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K. stay home with her young son. But her maternal instincts take a wild and surreal turn as she
discovers the best yet fiercest part of herself. Based on the acclaimed novel, Night Bitch is a
thought-provoking and wickedly humorous film from Searchlight Pictures. Stream Night Bitch January
24 only on Disney+.
Hey everybody, Dave here. Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try DeleteMe.
I have to say, DeleteMe is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners, today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k
at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash N2K, code N2K.
No word yet on how ISIS terrorists coordinated this morning's bombings in Brussels.
Anonymous intervenes again in U.S. presidential campaigns, this time against Senator
Cruz. Apple issues multiple patches. The Department of Justice has told the magistrate,
thanks very much, but we don't need Apple's help to crack the San Bernardino jihadist iPhone.
And we talk about the Apple FBI case with Johns Hopkins University's Joe Kerrigan.
I'm Dave Bittner in Baltimore with your Cyber Wire summary for Tuesday, March 22, 2016.
Three bombs hit targets in Brussels, Belgium this morning, one in a metro station, the other two in the airport.
One of the airport bombings was a suicide attack.
At least 34 victims were killed and an additional 170 people are reported wounded.
Many ISIS-linked accounts on social media have praised the massacres,
and thus they seem to serve as an inspiration for jihad.
What will be coming is worse, says one tweet widely circulated among jihadist adherents.
So far, there have been no credible claims of direct responsibility.
The attacks appear to have been coordinated, but how coordination and control were achieved remains unknown. The metro station attacked is near a core European Union facility.
The bombs at the airport were detonated near airline ticket counters and a coffee shop.
As the investigation proceeds, security services will be looking closely at ISIS-sympathizing
chatter and for
signs of coordination by phone and Internet. That said, it's worth recalling the many low-tech,
even no-tech means of coordination available to terrorists. Returning to the U.S., there have
been developments in the case of the jihadist massacre in San Bernardino. The Department of
Justice yesterday asked the federal magistrate, presiding over its all-writs
act demand that Apple help unlock the iPhone used by one of the shooters, to cancel today's hearing.
The FBI says it believes it now has a way of accessing the phone that won't require Apple's
production of what the company has been calling government OS. The government said, quote,
On Sunday, March 20, 2016, an outside party demonstrated to the FBI a possible method for unlocking Farouk's iPhone.
Testing is required to determine whether it is a viable method that will not compromise data on Farouk's iPhone.
How the FBI may think it can get into the iPhone has not been revealed, nor has the identity of that outside third party. U.S. Magistrate Sherry Pym agreed to cancel the hearing
and temporarily rescinded the earlier order to Apple
that required it to render assistance.
She's told the Justice Department to get back to her by April 5th.
Public, especially industry, reaction to the case
has continued to run largely in Apple's favor.
We spoke with Johns Hopkins University's Joe Kerrigan
about the issues in the case.
We'll hear from him after the break.
Senators Burr and Feinstein, respectively chair and ranking member of the Senate Intelligence Committee,
have circulated a draft of legislation that would address encrypted systems
when they become of interest in law enforcement investigations.
Their proposed bill would give federal judges power to compel companies
to help law enforcement officials gain access to encrypted data, but without specifying how that might be done.
Penalties for noncompliance are left up to the judges issuing the order to render assistance.
Observers conclude that, for all its failure to gain traction with the public, and especially with industry,
the Justice Department's contention that terrorists and criminals will soon be able to evade detection by going dark
is finding an increasingly sympathetic audience in Congress.
Ongoing concerns about jihadist threats are also lending urgency to counter-messaging information operations
and official programs designed to preempt radicalization.
The FBI's Don't Be a Puppet video and curriculum campaign is directed at teenagers,
high schoolers and middle schoolers, and is foreseeably drawing civil libertarians' ire. The state department is in the process of standing up its global engagement center.
The center's intention is to shift focus on countering violent extremist messaging away from direct messaging and toward a growing emphasis on empowering and enabling partners, both government and non-government across the globe,
quote, for nominally more collaborative and thus presumably more credible messaging, end quote.
Apple has issued a number of patches and upgrades to the security of its products.
One of them closes a flaw in iOS messaging encryption. This is not apparently the flaw the FBI thinks it can exploit to gain access to the San Bernardino iPhone.
Anonymous turns from
presidential candidate Trump to presidential candidate Cruz, telling the Texas senator to
get out of the race or else. What else is the threatened release by the hacktivist collective
of what the man in the Guy Fawkes mask says is evidence of shameful conduct.
Ransomware remains a growing problem, but Recorded Future offers some qualified good news.
Applying one Microsoft Silverlight and three Adobe Flash Player patches
can substantially blunt many users' vulnerability to drive-by ransomware infections.
In industry news, Goldman Sachs initiates coverage of a number of cyber stocks
with a moderately bullish take on the sector.
More money managers are taking out cyber insurance policies to transfer
risk, but Fitch Ratings warns insurance companies that they should think hard about loading up on
cyber risk. They've probably already got some exposure to that risk and other policies,
and there's still too much uncertainty surrounding cyber risk underwriting,
however attractive the premiums may be. Finally, we note with respect the passing
of a Silicon Valley giant.
Longtime Intel leader Andy Grove died yesterday at the age of 79.
Our condolences to his family, friends, and colleagues,
and our thanks for his contributions to our industry and society.
I'm, like, so worried about my sister.
Randy, you cannot marry a murderer.
I was sick, but I am healed.
Returning to W Network and Stack TV.
The West Side Ripper is back.
If you're not killing these people, then who is?
That's what I want to know.
Starring Kaley Cuoco and Chris Messina.
The only investigating I'm doing these days is who shit their pants.
Killer messaged you yesterday?
This is so dangerous. I got to get out of this. Based on a true story. New season premieres Monday at 9 Eastern and Pacific. Only on
W. Stream on Stack TV. Do you know the status of your compliance controls right now? Like right now.
We know that real-time visibility is critical for security, but when it comes to our GRC
programs, we rely on point-in-time checks. But get this, more than 8,000 companies like Atlassian
and Quora have continuous visibility into their controls with Vanta. Here's the gist. Vanta brings
automation to evidence collection across 30 frameworks, like SOC 2 and ISO 27001.
They also centralize key workflows like policies, access reviews, and reporting,
and helps you get security questionnaires done five times faster with AI.
Now that's a new way to GRC.
Get $1,000 off Vanta when you go to vanta.com slash cyber. That's vanta.com
slash cyber for $1,000 off. Cyber threats are evolving every second second and staying ahead is more than just a challenge
it's a necessity that's why we're thrilled to partner with threat locker a cyber security
solution trusted by businesses worldwide threat locker is a full suite of solutions designed to
give you total control stopping unauthorized applications, securing sensitive data, and ensuring your
organization runs smoothly and securely. Visit ThreatLocker.com today to see how a default
deny approach can keep your company safe and compliant.
Joe Kerrigan joins me again.
He's from the Johns Hopkins University Information Security Institute,
one of our academic and research partners.
Joe, there's continuing intrigue with the Apple versus FBI case.
Today, the FBI saying they don't think they need Apple's help in unlocking the phone. I'm curious, what's your take on the case overall?
I am conflicted.
I don't know how I feel about it.
I haven't reached a definitive conclusion about it yet.
On one hand, I absolutely agree with Apple that there's a real chance
that the FBI is looking for a way to break the encryption system.
And there was an article in The Guardian, I think last week,
where the director of the FBI even admitted as much
that this would set a legal precedent.
I'm not sure how happy I am with the FBI trying to compel Apple
to develop software that breaks this for them.
I don't think that's a good precedent to set.
But at the same point in time, I kind of think I want to know, and the vast majority of, well, not the vast majority, but a majority of Americans, I think, want to know if these people who committed this act were associated with anybody else that might be like-minded enough to commit another act of this nature.
And to be clear, I mean, Apple has been cooperative with law enforcement
in the past. When they've been presented with warrants, they've turned over the information
that they've been able to turn over. Correct. Yeah. As have most of the ISPs and phone companies,
they turn over what they can turn over. That's right. But the difference here is that Apple is
being asked to actively defeat encryption that they've included on the devices.
Encryption which is completely legal.
Correct.
Yeah, absolutely.
And protects anybody that has an Apple phone.
So my real concern is if the FBI were able to break or the U.S. government, whatever, any organization or any foreign government,
any government entity or even any non-government entity that might have
sufficient enough resources, if the encryption could be broken, what does that do to the
rest of the universe of iPhone users?
How does that impact them?
And my guess is that it impacts them very adversely.
Police can serve warrants.
They can search your home.
They can search your possessions.
Absolutely.
So at the core of the question, I think, is it okay for encryption to empower us to have things that cannot be unlocked?
Well, that's an ethical question or a moral question.
I like to think that it does.
I like the idea of being secure in my papers, as the Fourth Amendment says.
It's secure in my property and papers.
Joe Kerrigan, thanks again for joining us.
And now, a message from Black Cloak.
Did you know the easiest way for cyber criminals to bypass your company's defenses is by targeting your executives and their families at home? Black Cloak's award-winning
digital executive protection platform secures their personal devices, home networks, and connected
lives. Because when executives are compromised at home, your company is at risk. In fact, over
one-third of new members discover they've already
been breached. Protect your executives and their families 24-7, 365 with Black Cloak.
Learn more at blackcloak.io.
And that's The Cyber Wire.
We are proudly produced in Maryland by our talented team of editors and producers.
I'm Dave Bittner. Thanks for listening.
Thank you. measurable impact. Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights, receive alerts, and act with ease through guided apps tailored to your role. Data is hard. Domo is easy. Learn more at ai.domo.com. That's ai.domo.com.