CyberWire Daily - Daily: Jihadists continue online inspiration. India worries about China's cyber activity. Symantec buys Blue Coat, Microsoft LinkedIn.
Episode Date: June 13, 2016In today's podcast we recap what's known publicly about ISIS inspiration of the apparent jihadist massacre at an Orlando gay club, and consider speculation about ISIS's and its rivals' information ope...rations as ISIS loses territory on the ground. Social media security concerns persist, ransomware's criminal market sees some ups and downs, and we learn about encryption keys from Quintessence Labs. M&A activity sees Symantec buy Blue Coat, and Microsoft pick up LinkedIn. India worries about China's cyber activities. John Leiseboer from Quintessense Labs outlines the importance of key management in cryptography. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K. stay home with her young son. But her maternal instincts take a wild and surreal turn as she
discovers the best yet fiercest part of herself. Based on the acclaimed novel, Night Bitch is a
thought-provoking and wickedly humorous film from Searchlight Pictures. Stream Night Bitch January
24 only on Disney+.
Hey everybody, Dave here. Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try DeleteMe.
I have to say, DeleteMe is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners, today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k
at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash N2K, code N2K. ISIS loses ground. Social media security concerns continue as more than two-factor
authentication seems necessary. The NFL Players Association hires K2 to advise its members on
online security, notes on the importance of key management, takedowns and fresh targeting shifts
the ransomware landscape, and paying ransom doesn't seem to be working these days.
Symantec buys Blue Coat and Microsoft acquires LinkedIn.
these days. Symantec buys Blue Coat and Microsoft acquires LinkedIn.
I'm Dave Bittner in Baltimore with your CyberWire summary for Monday, June 13, 2016.
There's little so far to add to early reports of Saturday's massacre in Orlando, Florida.
The attack is being claimed by ISIS and the shooter apparently called 911 to identify himself and declare his adherence to the caliphate shortly before he opened fire at the gay nightclub.
How much ISIS inspiration contributed to the attack is still unclear, so soon after the attack,
and from ISIS's point of view, it really doesn't matter much.
But the shooter, who was killed at the scene, seems to have had at least tangential contact over recent years with online
jihadists. His internet connections to sympathizers with Islamist terror were enough to bring him to
the attention of the FBI twice, but not enough for the FBI to conclude he was a serious threat.
Nor were such contacts obstacles to his getting and holding a job with G4S, a large and leading
gates and guards security company.
ISIS and its competitors in jihad, al-Qaeda and the Taliban, continue to post grisly calls to jihad.
As ISIS loses more ground, it can be expected to decline from statelet to insurgency,
and then to simple terrorism in the taxonomy offered by War on the Rocks.
The Taliban is newly active online, apparently following the ISIS template,
although in a more localized way.
Anonymous has countered with low-grade defacements of jihadist Twitter accounts.
They've been posting adult images to ISIS sympathizers' Twitter profiles and timelines.
Governments and companies in the U.S. and elsewhere continue to look with mixed success
for messaging that will help counter
the online appeal to jihad. Major social media platforms continue to remediate their credential
issues. Wired last Thursday ran an interview with Peace, the hacker who claims to be the one selling
stolen databases at big discounts. Mr. Peace, whose tone is both callow and self-important,
describes the activities of his crew, which disbanded upon its leader's retirement some time ago.
Peace decided to sell credentials when one Tessa began doing so, quote, without permission, end quote.
Peace says that the data had been more valuable before the compromises became generally known
and was bought by actors most interested in using it for spamming.
Once the data became public, selling them at low prices was simply a way of picking up a lot of cash.
It's worth noting Microsoft, undeterred by security worries,
bought LinkedIn over the weekend for a reported $26.2 billion,
and the NFL Players Association has retained a security company, K2 Intelligence,
to help its members and their families with social media security.
Let's Encrypt, the not-for-profit certificate authority backed by Mozilla, the Electronic
Frontier Foundation, and others, inadvertently leaked 7,618 users' email addresses.
That's about 1% of their users.
Let's Encrypt was established to make it easy for website administrators to switch
from HTTP to HTTPS.
Takedowns and new criminal techniques shift the ransomware landscape.
Angler and Drydex both appear to have been taken down, with Locky Ransomware exiting with Drydex.
The current ransomware leaders are Crysis, with data theft capabilities in addition to file encryption functionality,
Jigsaw, with a helpful live chat support feature to assist victims in paying the extortion,
and Flocky, said to be locking up Sharp and Philips Android-based smart TVs
with a dim-witted threat from the non-existent U.S. Cyber Police.
It's worth noting that paying ransom hasn't seemed to have helped the University of Calgary much.
Many of its systems remain unrecovered from the attack it sustained a week ago,
which means they bought very little for the $20,000 Canadian they paid their attackers.
In industry news, two startups receive journalistic or venture capital love.
The journalistic love goes to Area One Security, the spearfishing protection specialists,
who receive not just one but two mash notes from the New York Times over the weekend. Area One's leaders take some pains
to disassociate themselves from the prevailing tone of pessimism about the inevitability of
successful attacks, which pessimism they, or at least the Times, associates with FireEye's public
statements. The VC Love goes to Canadian behavioral analytics shop Intercept, which received an
undisclosed investment from In-Q-Tel, the venture fund operated by the U.S. intelligence community.
In-Q-Tel's picks are widely followed. The fund was, for example, an early investor in Palantir.
And Bluecoat didn't stay on the block for too long. Symantec has announced plans to buy the privately held company for $4.7 billion in cash.
The acquisition is seen as an enterprise security play.
Internationally, as Australia seeks to come to grips with the magnitude of the cyber threats it faces,
and the U.S. Congress considers what might constitute an act or situation provoking or justifying war in cyberspace,
India and the Republic of Korea move to higher alert
with respect to long-standing regional rivals,
especially China and North Korea.
Industry sources would like to see more of a sense of crisis in Canberra,
but in fairness, that's what you'd expect industry sources to say.
India's defense establishment is concerned with Suk-Fly
and other Chinese APT groups,
government or criminal, and hopes both higher alert levels and closer cooperation with the
U.S. in cyberspace will afford a degree of protection.
Finally, the National Cybersecurity Hall of Fame is taking nominations for the class of
2016.
If you know someone who's made cyberspace a better place through science, technology,
leadership, policy, or other art, consider recommending them for the Hall. Nominations
are open through July 20th. You can learn more at cybersecurityhalloffame.com. I don't suppose
they have a podcasting category. Too soon.
Too soon. we rely on point-in-time checks. But get this, more than 8,000 companies like Atlassian and Quora have continuous visibility into their controls with Vanta. Here's the gist. Vanta brings automation
to evidence collection across 30 frameworks, like SOC 2 and ISO 27001. They also centralize
key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done five times faster with AI.
Now that's a new way to GRC.
Get $1,000 off Vanta when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1,000 off.
Cyber threats are evolving every second, and staying ahead is more than just a challenge.
It's a necessity. That's why we're thrilled to partner with ThreatLocker, a cybersecurity solution trusted by businesses worldwide. ThreatLocker is a full
suite of solutions designed to give you total control, stopping unauthorized applications,
securing sensitive data, and ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today to see how a default deny approach can keep
your company safe and compliant. And I'm joined by John Lisabore. He is the CTO at Quintessence
Labs, one of our academic and research partners. When it comes to encryption, one of the
key aspects is key management. What can you tell us about the importance of key management when it
comes to cryptography? Well, encryption is relatively easy. All major platforms are supported
by easy-to-use, good cryptographic implementations. Certainly, care isn't necessary to build secure
applications using standard crypto implementations,
but there is no need to understand the internals of algorithms in order to use them correctly.
Unfortunately this ease of use with crypto implementations has just moved the real problem
somewhere else.
That location has been moved to is key management.
This is where a good and properly implemented key management protocol can help.
The hard parts of securely generating, managing, storing, monitoring, controlling and distributing
keys can be delegated to a key management server. As in the world of networking where IP is ubiquitous,
a well-known standard protocol is invaluable in increasing the overall security level of
applications and systems.
There are a few protocols out there that can be used for this purpose in terms of key management,
but one such protocol that is becoming more popular and is more common these days is a protocol called the OASIS Key Management Interoperability Protocol, or KMIP.
This particular protocol is supported by a large and growing number of vendors
who build either the cryptographic side of applications, perhaps encrypting disk arrays or
tape systems or applications like database encryption, and is also supported by vendors
on the other side, the key management server vendors. Having a common protocol allows users of these systems to
mix and match the server vendors and the client vendors and hopefully, as in the world of
networking, come up with solutions that are both secure and easy to implement.
A very important part of the K-Net protocol is the ability to send request messages and receive responses between different vendors' platforms.
Every six months or so, the KMIP community comes together for interoperability testing,
and we perform operations with our standard products to verify that products can create keys, get keys, can look at attributes of keys,
can modify attributes of keys, etc., in such a way that we ensure
there is both security and ease of use for the users of such systems.
John Lisabore, thanks for joining us.
And if you have any questions that you'd like to have
our academic and research partners answer on our show,
you can send them to questions at thecyberwire.com.
And now a message from Black Cloak. Did you know the easiest way for cyber criminals to bypass your
company's defenses is by targeting your executives and their families at home. Black Cloak's award-winning digital executive protection platform
secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk.
In fact, over one-third of new members discover they've already been breached.
Protect your executives and their families 24-7, 365 with Black Cloak.
Learn more at blackcloak.io.
And that's The Cyber Wire.
We are proudly produced in Maryland by our talented team of editors and producers.
I'm Dave Bittner. Thanks for listening. needs AI solutions that are not only ambitious, but also practical and adaptable. That's where
Domo's AI and data products platform comes in. With Domo, you can channel AI and data into
innovative uses that deliver measurable impact. Secure AI agents connect, prepare, and automate
your data workflows, helping you gain insights, receive alerts, and act with ease through guided apps tailored to your role.
Data is hard. Domo is easy.
Learn more at ai.domo.com.
That's ai.domo.com.