CyberWire Daily - Daily: Run DNC has legs. NFL players get social media savvy. Online jihad. More big breaches.
Episode Date: June 15, 2016In today's podcast, we follow up on Russian intelligence services' hacks of the US Democratic National Committee, and their connection with other cyber espionage campaigns. We hear about more Chinese ...government industrial spying. ISIS claims to the Orlando shooter as one of its own as the civilized world continues to grope toward an understanding of ISIS information operations. More breaches add more credentials (and server access) to the black market. We take a quick look at Patch Tuesday. Charles Clancy from the Hume Center at Virginia Tech gives us a lesson in information sharing, and Vinny D'Agostino from K2 Intelligence shares how they're helping NFL players stay safe on social media. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K. stay home with her young son. But her maternal instincts take a wild and surreal turn as she
discovers the best yet fiercest part of herself. Based on the acclaimed novel, Night Bitch is a
thought-provoking and wickedly humorous film from Searchlight Pictures. Stream Night Bitch January
24 only on Disney+.
Hey everybody, Dave here. Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try DeleteMe.
I have to say, DeleteMe is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners, today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k
at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash n2k code N2K at checkout. That's joindelete.me.com slash N2K, code N2K. Russian espionage looks at traditional targets. Chinese operators, despite ongoing talks with the U.S., are out for trade secrets in cyberspace.
Investigation into the Orlando shootings turns toward the shooters' family connections.
ISIS claims to have inspired the massacre.
New breaches flood the black market with credentials and server access.
The U.S. Air Force may have lost more than a decade's worth of IG case data.
Microsoft patches, but Adobe holds off until it can address a new zero day.
I'm Dave Bittner in Baltimore with your CyberWire summary for Wednesday, June 15, 2016.
Yesterday, the Democratic National Committee and CrowdStrike disclosed that the U.S. political
party had been successfully compromised by Russian intelligence services. Cozy Bear, APT-29,
probably an FSB operation, had been in the network since last summer. Fancy Bear, APT-28,
a GRU operation, arrived this April a bit more noisily.
Cozy was peering into emails and chats.
Fancy was interested in many things, but particularly opposition research.
The DNC says it's now got its network security well under control.
Others think this is just the beginning for political organizations generally.
APT28 has also been known as Sofacy,
and Palo Alto Networks points out that this group is involved in an ongoing spearfishing campaign against U.S. officials.
APT 29 was implicated in earlier intrusions into U.S. unclassified email systems at the White House, State Department, and Joint Staff.
Cozy and fancy are typical espionage efforts directed against traditional targets. Chinese services,
despite ongoing talks with the U.S. about reaching a peaceful arrangement in cyberspace,
are still widely believed to engage in economic espionage. A Chinese employee of a U.S. company
is on trial for industrial espionage, and Wired reports, quote, an almost one-to-one correlation
between the breaches and China's economic interests, end quote, in campaigns against German, Indian, and other countries' firms.
ISIS claims the Orlando massacre, and some think this is a mistake,
as Shooter Mateen led an unedifying life of drink, clubbing, and uncontrolled rage.
But this is to misread not only the concept of martyrdom,
which is redemption by death in righteous combat,
not by following precepts of right living, but also the style, audience, and intent of ISIS
information operations. It's instructive that the cybercaliphate's online graphics look like those
you'd find in a first-person shooter's artwork. That is, it looks crazy, violent, and dark,
like the kind of thing a tweener boy would have in his room. Investigation into the Orlando horror itself reveals Mateen's ill-informed but attentive
consumption of various forms of online jihadist propaganda. It's also turning up unfortunate
corners of his father's and wife's online lives. Yesterday was Patch Tuesday, and Microsoft issued
its customary fixes. These were overshadowed, however, by the
news that a new Flash Zero day is being actively exploited. Kaspersky researchers say that a new
APT they're calling SCAR-Croofed has been exploiting the vulnerability against high-profile
individuals since March. Adobe has promised a fix sometime this week, perhaps as early as tomorrow.
Verizon and D-Link also issued patches yesterday,
with Verizon fixing a bug in the Verizon.net messaging system
that could have enabled email compromise.
The D-Link patch upgraded WeCrypto and the company's MyD-Link devices.
Several breaches again flood the black market with credentials.
51 million iMesh accounts, 45 million Vertical Scope forum accounts,
Vertical Scope caters to automotive, sports, tech, and other interests,
and nearly 8 million customer accounts from Japanese travel agency JTB.
The costs of the breaches to the affected enterprises are higher
than whatever the crooks are making from the sale of credentials.
And there's a new shop in the Black Market Bazaar. Kaspersky
reports finding a boutique forum selling access to government, corporate, and university servers.
If illicit money is being made here, the secret is surely volume, because the cost of access is
running at around $6. That's less than you'd pay for a glass of Cabernet at a Laurel, Maryland
happy hour. Or so we're told.
The U.S. Air Force is attempting to recover from a June 6 system crash that may have eliminated records from Inspector General cases going back to 2004. Observers aren't optimistic.
The database corruption, apparently a failure, not a hack, may have rendered the records
unrecoverable for good. In industry news, Fish Labs, IBM, and others continue to offer threat intelligence and information-sharing services.
We spoke with Charles Clancy from Virginia Tech's Hume Center
about how and why information sharing can be important and valuable.
We'll hear from him after the break.
In other industry news, K2 Intelligence, an investigative and cyber defense services firm,
has been hired by the
National Football League Players Association to help NFL players and their families live safely
and securely with social media. We spoke with K2 Intelligence's Vinny D'Agostino about what his
company's doing for the NFLPA. NFL players, much like anybody who has any kind of high-profile job,
the unique challenges that are there really center around the fact that they're so accessible
and they're so easily identifiable.
And so whereas a normal person may have a Twitter account or Facebook account
that should they have poor security controls on
or should they post something that may reflect badly upon them,
the chances of it going viral are really affecting them and their
day-to-day life are slim. And NFL players are the exact opposite situation. They are very well known.
They're not only known through what they do for a living, but the fact that they typically are
paid very well. And so that makes them a target. That makes it more likely for somebody on the
outside to want to make a name for themselves, maybe, by virtue of embarrassing a player.
to want to make a name for themselves maybe by virtue of embarrassing a player.
DiAgostino and his team came to this task already accustomed to working with high-profile clients,
thanks to work with their previous employer.
For us, it wasn't too difficult to sort of grasp because myself and our core team here on our cyber team are all former FBI agents, and so this is stuff we were dealing with very often on the government side, where we would have victims come to the FBI, whether they were former athletes or people that
are otherwise in the limelight, actresses, musicians, et cetera, and become victims of
these types of attacks. So the first step for any of these cases is to identify sort of that
digital footprint that exists for that player. What accounts are out there. And you'd be surprised at how often players or any of our high-profile clients will tell us,
well, I have three or four accounts.
I have, you know, one email, one Facebook, one Twitter account, and that's it.
And once we start digging into that background and looking at what other accounts are associated with email accounts
they may have owned in the past or other online accounts,
we might find 30 or 40 orphaned accounts out there that are vectors for bad guys to use to gain access to more critical
accounts. So they can start with an abandoned AOL account. They can start with an abandoned
MySpace account and use that to pivot within those social media profiles to gain access to
other accounts, which is a real danger. Putting the proper technical security measures in place is important,
but Vinny D'Agostino emphasized the importance of providing specific training
for the players and their families as well.
The use of social media is so widespread that not many people spend time to talk about,
how are you securing your account?
You know, I have a password. Well, how strong is the password?
Do you have two-factor setup?
Do you have alerting setup? So if somebody logs in from an unknown IP address,
are you going to become aware of that? Who has access to those accounts? Who in your entourage
have you given access to your Twitter account? For whatever reason, do they still have access?
Should they have access? Things like that. And so there's always an educational component to that
that I think really benefits them going forward
because it's sort of the teaching man the fish philosophy
where now they leave and they're in a much better posture
for themselves and many times for their families
to let them know the things that they can do
to better secure their accounts.
That's Vinny DiAgostino from K2 Intelligence.
Finally, deep learning is now the popular name for a lot of stuff we used to call artificial intelligence. Finally, deep learning is now the popular name for a lot of stuff we used to call
artificial intelligence. Artificial intelligence sounded scary enough, and yes, thank you, we did
see the Terminator back in the day, but deep learning sounds positively occult, the kind of
esoterica the sorcerer's apprentice read from his mentor's book of spells. And that didn't end well
either. But before you turn off your water and lock up
your brooms, Wired wants you to remember
it's all just math.
Read the whole thing, and if you have trouble finding it,
there's always a link in the CyberWire's daily
issue.
Do you know the status of your
compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks.
But get this.
More than 8,000 companies like Atlassian and Quora
have continuous visibility into their controls with Vanta.
Here's the gist.
Vanta brings automation to evidence collection
across 30 frameworks,
like SOC 2 and ISO 27001.
They also centralize key workflows
like policies, access reviews, and reporting,
and helps you get security questionnaires done
five times faster with AI.
Now that's a new way to GRC. Get $1,000 off Vanta when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1,000 off. Thank you. solution trusted by businesses worldwide. ThreatLocker is a full suite of solutions
designed to give you total control, stopping unauthorized applications, securing sensitive
data, and ensuring your organization runs smoothly and securely. Visit ThreatLocker.com today to see
how a default deny approach can keep your company safe and compliant.
Joining me once again is Dr. Charles Clancy, Director of the Hume Center for National Security and Technology at Virginia Tech. Charles, I know one of your cybersecurity research
initiatives is in the area of information sharing. Well, not everyone has broad visibility to the Internet
in the same way that, for example, the NSA may have.
And as an individual organization trying to combat a threat
that's coming at you from many different vectors across the Internet,
the only way to effectively do that is to kind of pool the resources
with your peer organizations.
And so we're seeing information sharing as a key trend
between peer organizations in order for we're seeing information sharing as a key trend between
peer organizations in order for them to have the data needed to do the analytics necessary
to combat the growing cyber threat. And so what kind of work are you all doing to help move this
along? We are working currently with the telecommunications industry on STIX and TAXI.
STIX and TAXI are two standards that were originally developed with funding from
DHS that are now international standards for information sharing. And we're currently working
on a pilot with the telecommunications sector to begin to allow other operators and landline
operators the ability to share information about threats to their subscribers and their network,
the networks themselves. And so what's the desired outcome?
Once we are able to share information in a more efficient way,
what are we hoping to have come from that?
So once we can more efficiently share information,
then we can begin to pool analytic resources.
Most recently, the DHS and the White House have proposed the development of these information-sharing analysis organizations, or ISAUs,
which would be industry-oriented groups that would be able to
take all this data that has been shared among peers and use that as a part of an analytic
process that would help identify who the specific actors are and be able to develop better policies
for remediation of those threats. Dr. Charles Clancy, thanks for joining us.
Clancy. Thanks for joining us. And now a message from Black Cloak. Did you know the easiest way for cyber criminals to bypass your company's defenses is by targeting your executives and
their families at home? Black Cloak's award-winning digital executive protection platform secures
their personal devices, home networks, and connected lives. Because when executives are Black Cloak. Learn more at blackcloak.io.
And that's The Cyber Wire.
We are proudly produced in Maryland by our talented team of editors and producers.
I'm Dave Bittner.
Thanks for listening. and data products platform comes in. With Domo, you can channel AI and data
into innovative uses that deliver measurable impact.
Secure AI agents connect, prepare,
and automate your data workflows,
helping you gain insights, receive alerts,
and act with ease through guided apps
tailored to your role.
Data is hard.
Domo is easy.
Learn more at ai.domo.com Learn more at ai.domo.com.
That's ai.domo.com.