CyberWire Daily - Daily: Not interested in Fancy Bear? Fancy Bear's interested in you. No dark-grey hats, please.
Episode Date: June 28, 2016In today's podcast we get an update on the Russian threat group that hit the DNC. A hacker claims to have nine million health insurance records for sale on the dark web. Too many medical devices are v...ulnerable to Windows 7 and XP exploits. What scared the Nuclear exploit kit's operators. The IRS takes down its e-filing PIN system, and OPM acknowledges its breach affected tens of millions more than just those seeking clearances. We hear some merger and acquisition news, catch up on some workforce training initiatives, and hear about some black hats who'd like their celebrity victims to think of them as white hats. Law expert Ben Yelin from the Center for Health and Homeland Security tells the tale of a well-intentioned security researcher raider by the FBI. Cisco's Tejas Vashi outlines their $10 million cyber security scholarship program. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K. stay home with her young son. But her maternal instincts take a wild and surreal turn as she
discovers the best yet fiercest part of herself. Based on the acclaimed novel, Night Bitch is a
thought-provoking and wickedly humorous film from Searchlight Pictures. Stream Night Bitch January
24 only on Disney+.
Hey everybody, Dave here. Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try DeleteMe.
I have to say, DeleteMe is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners, today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k
at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash N2K, code N2K.
Call them APT-28, Sophocene, Sednit, Fancy Bear, Pawnstorm, or just the GRU.
They've been after lots more than the DNC.
Dark Overlord, and probably not the boss villain from Sonic's universe,
claims to have millions of health insurance records.
Vulnerable medical devices are still running Windows 7 and XP.
Security cameras roped into a botnet 25,000 strong.
The IRS takes down its electronic filing PIN system.
OPM says, yep, that breach was worse than we thought.
Cisco buys CloudLock
and Invescorp acquires CoreSec. How Cisco is training its workforce, and it's good to be
Albanian. Just ask the police in South Yorkshire. I'm Dave Bittner in Baltimore with your CyberWire summary for Tuesday, June 28, 2016.
SecureWorks claims that Threat Group 4127, also known as APT28, Sophocy, Sednet, FancyBear, and PondStorm,
has targeted about 1,800 targets in addition to the Democratic National Committee.
Other sources continue to expect Russia to release or leak emails
from presumptive Democratic presidential nominee Hillary Clinton soon.
A hacker calling himself or herself Dark Overlord is offering three tranches of personal information
that they say were stolen from U.S. health care insurance providers. The records are said to be
in a plain-text database. A total of more than 9.2 million records are said to be in a plain-text database. A total of more than
9.2 million records are said to be involved. That's big, but not as big as the Anthem breach,
which affected about 80 million people. The asking price for all records is roughly $700,000
in Bitcoin, the very steep price justified by the hackers' promise to sell to only one buyer.
The Dark Overlord is hawking the data on the dark web market The Real Deal,
but as a seller, they have accumulated as yet no positive feedback from customers,
which suggests they are a newbie.
That, plus choosing a villain from Sonic the Hedgehog's world is your nom to hack.
Really, boys and girls.
It's not yet known whether the data are legitimate or which insurers, if any, were affected.
The Dark Overlord claims to have exploited an RDP vulnerability to known whether the data are legitimate or which insurers, if any, were affected.
The Dark Overlord claims to have exploited an RDP vulnerability to get to the data and says they were stolen from organizations in Farmington, Missouri
and other unnamed locations in the U.S. Midwest and Atlanta, Georgia.
TrapX warns that medical data is at risk from another source.
Many medical devices run outmoded operating systems,
notably Windows 7 and Windows XP,
and that attackers can gain access to health care networks
by wrapping new tools in old exploits.
Naturally, such data is sensitive,
and the theft thereof is of close interest to law enforcement.
We spoke to the University of Maryland cyber law expert Ben Yellen
about one curious case,
the FBI's raid on a security researcher who exposed an unprotected cache of medical data.
Learn from the researcher's experience.
We'll hear from him after the break.
Checkpoint is taking credit, perhaps with some justice, for the disappearance of the nuclear exploit kit.
The company believes its investigative reports spooked the criminal operations into occultation.
Sikuri reports an IoT-based distributed denial-of-service campaign against a jewelry store website.
The attackers used a big botnet of 25,000 security cameras that were connected to the Internet.
The victim was an unnamed brick-and-mortar jewelry store.
In the U.S., the Internal Revenue Service,
after observing what it called more questionable activity,
has decided to retire, presumably for good,
its troubled electronic filing PIN tool.
Elsewhere in the federal government,
the Office of Personnel Management has finally acknowledged
what informed observers have been saying for more than a year.
The breach of its security clearance management system affected far more than the 21.5 million people who'd applied for clearances.
Tens of millions of family, friends, neighbors, and associates were also affected.
In industry news, Intel continues, according to reports, to be working toward the sale of the security division formerly known as McAfee.
working toward the sale of the security division, formerly known as McAfee.
Cisco has purchased CloudLock for $293 million,
and Bahrain's Invescorp, which picked up SecureLink last year,
has bought European security shop Corsac.
No one is yet sure what effect Brexit is going to have on the security industry, but the surest bet seems to be that it will put further stress on an already tight labor market.
One company, the aforementioned Cisco, is taking matters into its own hands
and bringing some cybersecurity talent development in-house.
We spoke with Cisco's Tejas Vashi about the company's scholarship program.
It's a two-year program over which we hope to get about 10,000 individuals to go through the program.
The end goal is to get and build new
talent into the industry. So the program is really concentrated around a certification known as CCNA
Cybersecurity Ops. As with all of our Cisco certifications, this certification is focused
on a specific industry job role. The job role that this certification is targeting
is a cybersecurity analyst or a security operations center analyst. Vashi says the
need for these kinds of certifications reflects the fact that cybersecurity is a rapidly evolving
industry. Whether you talk about the change in the networking space overall with cloud-based technologies,
Internet of Things, where multiple endpoints are being brought into the network,
that all need to be protected.
Every time you add a new endpoint or an end device,
it adds a new surface of attack or a new vulnerability to the network.
It adds a new surface of attack or a new vulnerability to the network.
Our customers and the industry in general is struggling to find the right skills in the environment to actually bring into their workforce to be able to secure their network and evolve their overall operations.
The Cisco Scholarship Program targets both experienced workers and those who are new to the field. You've got the traditional workforce, the folks that are in the
space right now that absolutely need to be re-skilled to make sure that they can keep up
with the new vulnerabilities that are emerging on what seems to be a daily basis or multiple
times a day even, right?
In addition to that, you need to bring in new talent with diverse perspectives,
diverse ways of thinking, diverse ideas in terms of problem solving,
because that's what this space is all about, is identifying what the issues are and being able to have a mitigation plan created to address them.
That's Tejas Vashi from Cisco. You can learn more about the Cisco Global Cybersecurity Scholarship
on their website. You may have heard that Google CEO Sundar Pichai Kaur's account was hacked over
the weekend. He thus joins Mark Zuckerberg among the ranks of tech bigwigs who've suffered compromises of some personal accounts.
The group claiming responsibility calls itself OurMine and claims to be providing a security testing service for executives, celebrities, and others with the money to pay $100 to improve their social media security or $1,000 for a full web scan, whatever that may entail, or $5,000 for a comprehensive security audit.
OurMine has also claimed to have hacked accounts belonging to G.I. Joe star Channing Tatum,
Daniel Eck, Spotify CEO, and Werner Vogel's Amazon CTO. They say other hacks are coming.
CSO calls the hacks publicity stunts and notes that OurMine claims to have earned $18,400 so far selling its services.
Wired has a longer, more critical profile.
They were in touch with an anonymous representative of OurMine
who said the group wasn't criminal,
but a security group trying to teach people that they're not safe.
Whatever hat they're wearing, and we're calling it black, not gray,
they change their IP address frequently to stay ahead of the law. Wired sensibly advises, quote, those seeking a security audit should
probably not engage a group of anonymous law-breaking Twitter defacement artists, end quote.
So again, link accounts with caution, if at all, use multi-factor authentication,
and don't reuse passwords, not even great ones like da-da-da.
and don't reuse passwords, not even great ones like da-da-da.
Finally, police in South Yorkshire are investigating an attack,
apparently by Albanian patriotic hacktivists,
who defaced police websites with a cartoon,
the double-eagled Albanian flag and a little bit of brag.
Prominently featured was the sentence,
it's good to be an Albanian, which is no doubt true,
although there seems to be little point to insisting on it in Doncaster or Sheffield. Maybe it's a Brexit thing.
Miller Lite. The light beer brewed for people who love the taste of beer,
and the perfect pairing for your game time. When Miller Lite set out to brew a light beer, they had to choose great taste or 90 calories per can.
They chose both because they knew the best part of beer is the beer.
Your game time tastes like Miller time.
Learn more at MillerLite.ca.
Must be legal drinking age.
Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks.
But get this.
More than 8,000 companies, like Atlassian and Quora have continuous visibility
into their controls with Vanta. Here's the gist. Vanta brings automation to evidence collection
across 30 frameworks like SOC 2 and ISO 27001. They also centralize key workflows like policies,
access reviews, and reporting, and helps you get security questionnaires done five times faster with AI.
Now that's a new way to GRC.
Get $1,000 off Vanta when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1, dollars off. That's why we're thrilled to partner with ThreatLocker, the cybersecurity solution trusted by businesses worldwide.
ThreatLocker is a full suite of solutions designed to give you total control, stopping unauthorized applications, securing sensitive data, and ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today to see how a default-deny approach can keep your company safe and compliant.
I'm joined once again by Ben Yellen.
He's from the University of Maryland Center for Health and Homeland Security.
Ben, there was an article in the Daily Dot recently.
It was about the FBI raiding a dental software researcher.
He discovered some private patient data that was on a public server. It was out there. It could be
found. And the next thing he knew, he had FBI agents breaking down his door. What can you tell
us about this case? Sure. So this is a gentleman named Justin Schaefer, a guy from Texas. His home was raided by the FBI, and he's been charged,
or he's facing possible prosecution under a federal statute known as the Computer Fraud
and Abuse Act. And this is a law that's 30 years old, and basically, at its core,
it prohibits unauthorized access into information systems. The law is worded in such a vague way that even unauthorized access
that's not for any nefarious purpose, that's not for hacking, that's not for stealing information,
can still be the basis for a federal crime. And the reason that that carries extra significance
is because the punishments under the law are particularly severe. There was a tragic case
a few years back that I think many
of your listeners would remember of Aaron Swartz, who stole JSTOR documents from MIT
to show some of their security vulnerabilities. He was facing 13 charges under this Computer Fraud
and Abuse Act, was facing up to 35 years in prison and ended up committing suicide as a result of facing these federal charges.
And I think that's led a very strong movement among civil liberties advocates to reform this law, to add some element of intent that in order to be prosecuted, it's not the act that should be punished, the act of exposing a security vulnerability.
It should be the intent that's punished.
So the intent to hack, the intent to steal information.
Dave, you and I have talked about the analogy of the physical world.
If somebody went into their bank and thought the bank vault was exposed and was open
and somebody poked their head in and went to the teller and said,
do you know your bank vault is exposed. We would not expect that person to be charged with a federal crime
for unauthorized access into a bank vault. In fact, I think we would hold up that person as
being a good Samaritan. And I think that's really what happened here to Mr. Schaefer. We'll have to
see if he is actually charged and to see whether he is actually
prosecuted. But I think the more cases we see like this, we'll see more of a political effort
to reform the Computer Fraud and Abuse Act. And it's encouraging that in Congress there has been
bipartisan support for such a law. I know it's had a couple of Democratic sponsors in the House,
and Rand Paul has been an advocate on this as well.
So hopefully we can reform this from a political standpoint
so that we don't have the sort of rave that we saw here.
All right, Ben Yellen, thanks for joining us.
And now, a message from Black Cloak.
Did you know the easiest way for cybercriminals to bypass your company's defenses
is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform
secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk.
In fact, over one-third of new members discover they've already been breached.
Protect your executives and their families 24-7, 365, with Black Cloak.
Learn more at blackcloak.io.
And that's The Cyber Wire.
We are proudly produced in Maryland by our talented team of editors and producers.
I'm Dave Bittner.
Thanks for listening. Thank you. in. With Domo, you can channel AI and data into innovative uses that deliver measurable impact.
Secure AI agents connect, prepare, and automate your data workflows, helping you gain insights,
receive alerts, and act with ease through guided apps tailored to your role. Data is hard. Domo
is easy. Learn more at ai.domo.com