CyberWire Daily - Daily: Snowden advanced crypto by 7 years." Proofread your way to security.
Episode Date: April 26, 2016In today's podcast we hear more about possible other instances of fraudulent messaging in the SWIFT financial transfer network. We discuss an active Android ransomware campaign that appears to be usin...g old Hacking Team exploits. US DNI Clapper thinks the acceleration of encryption, post-Snowden, really hasn't been a very good thing, and calls for a balance between privacy and security. The US continues to ramp up its cyber offensive against ISIS. Joe Carrigan from the Johns Hopkins Information Security Institute tells the tale of a scammer strung along. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash N2K, code N2K.
There may be more to swift exploitation than just the Bangladesh bank heist.
An active ransomware campaign is targeting older Android devices.
The U.S. military, like everyone else, is concerned about third-party cyber risk.
Belgium asks for more EU monitoring of social media for terrorist traffic.
And the U.S. Director of National Intelligence says Snowden accelerated the advance of commercial
strong encryption by at least seven years. And that, coming from DNI Clapper, is no letter of recommendation.
I'm Dave Bittner in Baltimore with your CyberWire summary for Tuesday, April 26, 2016.
Reuters, which says it's seen a confidential report Swift circulated privately to its customers yesterday, reports that the International Financial Transfer Network has warned that
the Bangladesh bank Bank cyber robbery
wasn't unique in exploiting software vulnerabilities to mask fraudulent transactions.
What they refer to as malicious insiders or external attackers
have submitted bogus messages to the SWIFT network on more than one occasion,
according to Reuters' account of that warning.
Observers think that one lesson to draw from the robbery is the importance of watching closely
what goes on inside an enterprise's perimeter.
If an attacker gets in, they've become functionally indistinguishable from an insider,
and they shouldn't be allowed to romp freely.
So the recommendation is that enterprises should be aware of, monitor, and control
what goes on inside their perimeter, look for lateral movement, privilege elevation, and so on. Bluecoat Labs reports an active ransomware campaign targeting older Android
systems. The attackers are locking Android devices using dog-spectus ransomware they deliver with the
Towelroot exploit kit. Towelroot delivers its payload via drive-by malicious advertising
that downloads hostile JavaScript.
Devices running older version 4 releases of Android are vulnerable.
And since those older versions are no longer supported, the devices are likely to remain vulnerable as long as they remain in use.
They're in roughly the same situation as systems running Microsoft Windows XP.
Their operating system is old, unsupported, and no longer patched.
The ransom demand is communicated through a truly implausible screen that purports to be from the
cyber police of the American National Security Agency. The cyber police have found that all
actions are illegal are fixed, whatever that may mean, and that if you don't pay your fine by the
deadline, then cyber police will rat you out to the U.S. Department of Homeland Security.
So there, you offender, you.
By the way, the ransom is $200, which the cyber police of the American National Security Agency
have thoughtfully agreed to accept in the form of iTunes gift cards.
In the U.S., senior military officers hint obliquely about concerns that foreign intelligence services could compromise defense supplier networks.
Details beyond the public statements are understandably sensitive and being closely held,
but the concern seems similar to the third-party risk worries that are widespread among commercial enterprises.
The U.S. cyber campaign against ISIS also proceeds apace. Its objectives remain first to inhibit ISIS recruiting, second to damp down jihadist inspirational propaganda, and third to interdict electronic cash transfers into the caliphate.
An overarching goal is to deprive ISIS of its semblance of legitimate sovereignty by undermining lower-level extremists' sense of security. A caliph who can't protect his subjects is not much of a caliph at all.
U.S. Director of National Intelligence James Clapper said yesterday at a breakfast session
hosted by the Christian Science Monitor that Edward Snowden's leaks accelerated the development
and widespread dissemination of commercial encryption by about seven years.
Quote, from our standpoint, it's not a good thing, he said,
making the now familiar point that encryption has been, or at least might have been,
used by terrorists to secure their communications from collection by intelligence services.
He went on to call ISIS the most sophisticated user by far of the internet, and that they've
secured their communications with commercially purchased encryption. Most sophisticated user by far of the Internet seems construed literally to be a stretch,
more sophisticated, for example, than Google or Facebook, or for that matter, Swift,
or more sophisticated than Russia's FSB.
But construed charitably, it does indeed seem true that ISIS has so far been unusually effective at online inspiration.
In any case, DNI Clapper closed with a call for striking an appropriate balance
between legitimate concerns for privacy and legitimate concerns for security.
Turning to industry news, the SecureWorks IPO still shows no more than a dead cat bounce.
Investors in cybersecurity are clearly looking beyond a story stock story
and want to see profits
and cost control. And finally, to return to the Bangladesh bank heist, the criminals behind the
Fandation, as they inadvertently spelled their foundation, that received the 81 million dollars
taken from the Bangladesh bank remain unknown and presumably at large. Perhaps they'll eventually be
collared with the help of alert proofreaders like those
at Deutsche Bank who stopped the theft short of its $951 million goal. Happy editing, English majors.
And, Schönen Dank, Deutsche Bank.
In a darkly comedic look at motherhood and society's expectations,
Academy Award-nominated Amy Adams stars as a passionate artist
who puts her career on hold to stay home with her young son.
But her maternal instincts take a wild and surreal turn
as she discovers the best yet fiercest part of herself.
Based on the acclaimed novel, Night Bitch is a thought-provoking
and wickedly humorous film from Searchlight Pictures.
Stream Night Bitch January 24 only on Disney+.
Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security, but when it comes to our GRC programs, we rely on point-in-time checks.
But get this.
More than 8,000 companies like Atlassian and Quora
have continuous visibility into their controls with Vanta.
Here's the gist.
Vanta brings automation to evidence collection across 30 frameworks,
like SOC 2 and ISO 27001.
They also centralize key workflows like policies, access reviews, and reporting,
and helps you get security questionnaires done five times faster with AI. Now that's a new way
to GRC. Get $1,000 off Vanta when you go to vanta.com slash cyber. That's vanta.com slash
cyber for $1,000 off. Cyber threats are evolving every second, and staying ahead is more than just a challenge.
It's a necessity.
That's why we're thrilled to partner with ThreatLocker,
a cybersecurity solution trusted by businesses worldwide.
ThreatLocker is a full suite of solutions designed to give you total control,
stopping unauthorized applications, securing sensitive data,
and ensuring your organization
runs smoothly and securely. Visit ThreatLocker.com today to see how a default deny approach can keep
your company safe and compliant. And joining me once again is Joe Kerrigan from the Johns Hopkins University Information Security Institute,
one of our academic and research partners.
Joe, you've got a great story to share.
One of your colleagues at Hopkins sort of had an inside view of a scammer recently.
That's correct.
At the Information Security Institute, we have a very smart and capable network engineer by the name of Chris Vanghaus.
a very smart and capable network engineer by the name of Chris Vanghaus.
And he got a phone call one day that was somebody from Microsoft telling him that he had a virus on his computer.
Now, Chris actually is an Apple user and doesn't have a Microsoft computer, so realized exactly what it was the moment he heard the person's voice on the other end describing the problem to him.
Being as quick-thinking as he is, he immediately went over to his ESXi machine,
which is a VMware product, created a new virtual machine. And just for our listeners,
what's a virtual machine? A virtual machine is a computer that runs in software. So what you get
is shared resources. And these computers exist only in the memory of the ESXi device.
So it's a way to build sort of a simulated computer that is self-contained and sort of
insulated from the rest of the world, yes? Correct. Or you can do whatever you want
with it, actually. It's actually very powerful and an excellent way to virtualize systems.
All right. So your colleague jumps on this virtual machine. What happens next?
He installs the screen sharing software that the guy tells him to install.
The guy takes control of the machine and opens up a command prompt and says,
I'm going to do a scan of your computer.
And he just types a tree command, which if you run from the root directory of a drive,
will list all of the directories, subdirectories, and files that are contained on that drive.
All right.
Now, while this is running, he starts typing again,
and he types the words virus found in the name of some executable.
This is the bad guy typing.
This is the bad guy, correct.
And he hits Control-C, which effectively stops the tree command from running.
And down at the bottom, there is a message that he has typed that says virus found.
Now, no viruses have been found. Treaty doesn't scan for viruses. It just lists the contents of
your drive. So it made it look like there's a whole lot going on on the system, even though
it was completely benign. Right. To the uninitiated, it might look scary. But to us, it was laughable.
Okay. So what happened next?
Chris actually did a very good job of keeping this guy on the phone for about two hours,
and eventually when it came time for Chris to enter his credit card information, Chris
turned off his network connection and said, oh, my internet just went down.
And essentially wasted two hours of this guy's time preventing him from scamming somebody
else.
Turnabout is fair play.
Correct.
But it's a good lesson to our listeners that this is the kind of thing you need to be careful about.
Correct.
Yeah, Microsoft will never call you and say, hey, you have a virus on your machine.
When you get that call, just hang up.
I mean, Chris took the opportunity to play with this guy and investigate because Chris knows what he's doing
and can stand up a virtual machine that he can then instantaneously destroy and have no ill effects.
If someone's not an expert and doesn't know what they're doing,
then they can wind up installing software on their machine
that they don't want having installed.
You're giving control of your machine to these people at some point in time.
And if it's a disposable machine, that's fine.
But if it's actually your machine, that's probably bad.
All right, words to the wise.
Thanks, Joe, for joining us. My pleasure.
And now a message from Black Cloak. Did you know the easiest way for cyber criminals to bypass your
company's defenses is by targeting your executives and their families at home? Black Cloak's award
winning digital executive protection platform secures their personal devices, home networks, Thank you. Protect your executives and their families 24-7, 365 with Black Cloak.
Learn more at blackcloak.io.
And that's the Cyber Wire.
We are proudly produced in Maryland by our talented team of editors and producers.
I'm Dave Bittner. Thanks for listening.
Your business needs AI solutions that are not only ambitious,
but also practical and adaptable.
That's where Domo's AI
and data products platform
comes in. With Domo, you can channel AI and data into innovative uses that deliver measurable
impact. Secure AI agents connect, prepare, and automate your data workflows, helping you gain
insights, receive alerts, and act with ease through guided apps tailored to your role.
Receive alerts and act with ease through guided apps tailored to your role.
Data is hard. Domo is easy. Learn more at ai.domo.com.
That's ai.domo.com.