CyberWire Daily - Daily: New York area bombings, ISIS defacements, Snowden pardon debate.
Episode Date: September 19, 2016In today's podcast we offer updates on the weekend's attacks against US targets in Minnesota, New York, and New Jersey. So far the cyber dimension is limited to ISIS cheerleading and claiming credit o...nline, but the investigations are still in their early stages. Fancy Bear doxes more athletes from the WADA networks. Fancy's also still interested in US elections, and experts point out that releasing genuine emails could be battlespace preparation for online disinformation operations. In industry news, Oracle buy Palerra, and major tech companies form a Vendor Security Alliance. Malek Ben Salem from Accenture Labs outlines some frameworks they've been developing for the industrial IoT. Reactions to the prospect of a Snowden pardon, and an insider gives his take on Snowden, the movie. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K. stay home with her young son. But her maternal instincts take a wild and surreal turn as she
discovers the best yet fiercest part of herself. Based on the acclaimed novel, Night Bitch is a
thought-provoking and wickedly humorous film from Searchlight Pictures. Stream Night Bitch January
24 only on Disney+.
Hey everybody, Dave here. Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try DeleteMe.
I have to say, DeleteMe is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners, today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k
at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash N2K, code N2K.
Updates on the weekend's bombing and knife attacks
against U.S. targets in Minnesota, New York, and New Jersey.
Fancy Bear doxes more athletes from the WADA networks. Fancy's also still interested in U.S. elections, and experts point out that releasing
genuine emails could be battle space preparations for online disinformation operations. In industry
news, Oracle buys Palera and major tech companies form a vendor security alliance. Reactions to the
prospect of a Snowden pardon, and an insider gives his take on Snowden, the movie. I'm Dave Bittner in Baltimore with your Cyber Wire summary for Monday, September 19, 2016.
The weekend saw several physical attacks across the United States, with fewer injuries than might have been feared,
and with no fatalities reported, save some among the attackers. The incidents which remain under investigation include stabbings in Minnesota and a series of apparent bombings, both successful
and attempted in New York City and New Jersey. They're particularly affecting travel in the
northeastern corridor of the U.S. as one of the explosive devices was found at a rail station in Elizabeth, New Jersey, just south and west of New York City. ISIS sympathizers,
both in casual social media conversation and in ISIS's more official channels, have been quick
to applaud the attacks online, praising soldiers of jihad, and to urge others to follow their
example. As is usually the case, signs point to inspiration and local collaboration, as opposed to central
direction of the attacks.
Police have taken at least one bombing suspect into custody, one Ahmad Khan Rahami, and they're
in the process of moving in on a suspected terror cell in New Jersey.
It would be pleasing to report that cyber investigation and alert online policing revealed the plots and saved lives,
but in this case, no, we don't yet have any information to that effect.
A bomb in Seaside Park, New Jersey, went off without injuring anyone
because the charity race it apparently targeted started late.
The devices in New York City were either poorly fabricated or poorly placed.
They were similar to the bomb used at the Boston Marathon. One bomb in New York was accidentally found and inactivated by thieves
as they tried to steal the bag it was concealed in. Crooks and Elizabeth also found the bomb near
the rail trestle, but the New Jersey thieves had the decency to call police. One set of three
apparently connected cyber incidents is also under investigation by police in Dearborn, Michigan.
ISIS sympathizers defaced three Michigan Arab American organizations' websites late last week.
The hackers were apparently distressed by the organization's lack of zeal for jihad
and sought by the defacements to inspire the group's members to acts of jihad.
The affected organizations were not moved by the appeal.
Fancy Bear has released more documents it hacked from the World Anti-Doping Agency,
WADA. This tranche affects more non-U.S., prominently Australian, athletes.
Fancy Bear's interest in U.S. elections also continues unabated. Few dissent from the
consensus that Fancy Bear is run by Russian intelligence services. The U.S. Department of Homeland Security offers various forms of security support
to state elections officials. Acceptance is voluntary. Elections won't be federalized.
Concerns center around the discrediting effects of disruption and disinformation.
Information operations are more feared than data corruption in the service of direct vote fraud,
although that's a concern too.
The recent doxing campaigns may also be serving as battle space preparation.
As we heard last Thursday from former White House cybersecurity advisor Richard Clark
at Invincia's Beat the Breach event,
even if initially leaked emails are genuine,
there's no reason to expect the next tranche will be,
and this is the sort of disinformation informed election security observers worry about. Turning with relief to patch news, we hear that Mozilla is
expected to patch a Firefox zero-day tomorrow. The flaw rendered users susceptible to man-in-the-middle
attacks. It's also attracted much unfavorable comment in the vulnerability researcher Twitterverse,
who have been excoriating Mozilla for letting it happen.
In industry news, Uber, Twitter, and other tech-dependent companies have formed the Vendor Security Alliance,
which intends to drive better standards for security products.
The VSA, as it will be known, will vet and rate security products that the alliance members consider for adoption.
In M&A news, Oracle has acquired cloud security shop Polara,
and healthcare and biomedical security firm Protennis has received the Privacy Industry's
Top Honor, the 2016 HPE IAPP Privacy Innovation Award. Other winners have included IBM and
Microsoft, so bravo, Protennis, you're in distinguished company. Edward Snowden says
he's not really asked for a presidential pardon,
but he thanks his supporters for doing so on his behalf.
It's also pretty clear he thinks he'd be a good candidate for executive clemency.
The House Permanent Select Committee strongly disagrees, as we said last week,
and over the weekend, dueling editorials and op-eds took up the pro-pardon and anti-pardon causes.
Those for the pardon see Snowden as having made an indispensable contribution
to the cause of privacy and civil liberties,
generally by drawing attention to U.S. surveillance policy and capabilities.
Those opposed to the pardon ask who benefited and answer essentially Russia,
as they point out that most of what Snowden revealed
were legitimate intelligence operations against foreign targets.
They also argue that the NSA was shown to have been operating under appropriate legislative authorization
with executive and judicial oversight, which they think casts doubt on Snowden's oath to the Constitution explanation.
Oliver Stone's film Snowden, a dramatization of actual events, as they say,
comes in for some quiet criticism by retired NSA deputy director Chris Inglis,
who told National Public Radio that the deputy director depicted but not named in the flick would have been himself.
And he never met Snowden, and certainly never directly gave him the sensitive, highly important, Jason Bourne-like intelligence job
the movie
shows him entrusting to Mr. Snowden.
Snowden, he points out gently, was a systems administrator working for a contractor, doing
an important job requiring considerable skill, but he was a low-level employee.
Inglis also offered some apt genre criticism of the film's claim to be a dramatization
of actual events.
apt genre criticism of the film's claim to be a dramatization of actual events. Inglis told NPR,
quote, dramatization to me means you add the occasional exclamation point. You bring in a musician to perhaps add some background music, but you don't tell a story that is fiction, end quote.
Finally, here's some legal news that involves no fiction. Laurie Love, the British gentleman
accused of hacking U.S. defense networks, will, it seems, face the music in a U.S. Laurie Love, the British gentleman accused of hacking U.S. defense networks,
will, it seems, face the music in a U.S. federal court. A U.K. court has just ordered him extradited
across the pond.
Do you know the status of your compliance controls right now? Like, right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks.
But get this.
More than 8,000 companies like Atlassian and Quora
have continuous visibility into their controls with Vanta.
Here's the gist.
Vanta brings automation to evidence collection
across 30 frameworks,
like SOC 2 and ISO 27001.
They also centralize key workflows
like policies, access reviews, and reporting,
and helps you get security questionnaires done
five times faster with AI.
Now that's a new way to GRC. Get $1,000
off Vanta when you go to vanta.com slash cyber. That's vanta.com slash cyber for $1,000 off.
Thank you. worldwide. ThreatLocker is a full suite of solutions designed to give you total control,
stopping unauthorized applications, securing sensitive data, and ensuring your organization runs smoothly and securely. Visit ThreatLocker.com today to see how a default deny approach can keep
your company safe and compliant.
Joining me is Malek Ben-Salem.
She's the R&D manager at Accenture Technology Labs.
Malek, I know there at Accenture, you recently published a framework regarding the security for the industrial Internet of Things.
What can you tell us about that? Yeah, the industrial Internet of Things, as you know, introduces various operational
technology architectures, whether it's healthcare, manufacturing, transportation,
or energy production. All of these industries have different architectures. So at Accenture Labs, as we deal with clients from various industries,
we developed a framework for security for these industrial Internet of Things domains.
And what we focused on is what are the common themes around these architectures and what are the differences between these domains.
One thing we looked at is the edge tier, which we think has to be self-organizing and self-reliant.
Today, we see some solutions, security solutions at the edge that provide some capabilities, some security functionalities,
but there is still a gap in protecting all the devices at the edge. For example, you know,
many of these solutions are not vendor agnostic. So when you deploy them, you have to make a lot of customization for that particular industry domain.
What we're looking at in our framework is find mechanisms to detect and prevent
physical or remote tampering with edge devices, regardless of what the device is. That's one
what the device is. That's one key security capability
that we think is important.
Another security capability that we looked at also
is a distributed intrusion detection mechanism
that can optimally assign security functions
to the resource constrained devices at the edge.
So some mechanism that augments that edge layer with additional security capabilities,
whether it's an additional device that is not constrained in terms of its storage and compute capabilities,
or whether it's a gateway at the edge that is responsible for augmenting the security capabilities of the
edge devices underneath. Are we starting to see the development of these sorts of standards with
IoT devices, or is it still pretty much the Wild West out there? I think we're starting to see
that. And NIST has a working group that's working on a cybersecurity framework, and they've published several drafts
of their framework. All right, Malik Ben Salem, thanks for joining us.
And now a message from Black Cloak. Did you know the easiest way for cyber criminals to bypass your company's defenses
is by targeting your executives and their families at home? Black Cloak's award-winning
digital executive protection platform secures their personal devices, home networks, and connected
lives. Because when executives are compromised at home, your company is at risk. In fact, over
one-third of new members discover they've already been breached.
Protect your executives and their families 24-7, 365, with Black Cloak.
Learn more at blackcloak.io.
And that's The Cyber Wire.
We are proudly produced in Maryland by our talented team of editors and producers.
I'm Dave Bittner. Thanks for listening.
Your business needs AI solutions that are not only ambitious, but also practical. Thank you. measurable impact. Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights, receive alerts, and act with ease through guided apps tailored to your