CyberWire Daily - Daily: The compleat hacker: wading pool, laptop, MiG 21; no hoodie, no problem, and more.
Episode Date: August 31, 2016In today's podcast we follow the story of alleged Russian hacking of US think tanks and election databases (allegations Russia dismisses as American provocation). US Federal and state officials think ...about securing November's vote. Mississippi organizes a new public-private cyber security coalition. SWIFT discloses new money transfer fraud attempts. New ransomware strains are out in the wild, and a Trojan is impersonating Google Chrome. Dr. Jim Kent from Nuix shares his thoughts on insider threats, and we welcome Yisroel Mirsky from Ben-Gurion University, our newest Academic and Research Partner. And, producers, rethink your B-roll: we take a look at the best stock picture of a hacker yet. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K. stay home with her young son. But her maternal instincts take a wild and surreal turn as she
discovers the best yet fiercest part of herself. Based on the acclaimed novel, Night Bitch is a
thought-provoking and wickedly humorous film from Searchlight Pictures. Stream Night Bitch January
24 only on Disney+.
Hey everybody, Dave here. Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try DeleteMe.
I have to say, DeleteMe is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners, today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k
at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash n2k code N2K at checkout. That's joindelete.me.com slash N2K, code N2K.
U.S. think tanks hacked and, like election databases,
signs point toward Russia.
Russia calls it an American provocation.
U.S. federal and state officials think about securing November's vote.
Swift sustains new money transfer fraud attempts.
New ransomware strains are out in the wild.
And a Trojan is impersonating Google Chrome.
And what would it take to get you kids into a MiG-21?
I'm Dave Bittner in Baltimore with your CyberWire summary for Wednesday, August 31, 2016.
U.S. officialdom has been slow to attribute recent politically relevant hacks to any state actors,
but CrowdStrike hasn't been coy.
The company says Cozy Bear, Russia's FSB, is behind breaches at U.S. think tanks studying Russia. The full list
of affected think tanks is unknown, but one of them is the Center for Strategic and International
Studies. CSIS not only acknowledged coming under attack, whose effects they've said they've
mitigated, but described the ministrations of Russian intelligence as part of the cost of doing
business. The director of the Center's Strategic Technologies Program, James Andrew Lewis, told Defense
One, quote, it's like a badge of honor.
Any respectable think tank has been hacked.
The Russians just don't get the idea of independent institutions, so they're looking for secret
instructions from Obama.
Another benefit is they can go to their bosses and show what they took to prove their worth
as spies, end quote.
Russian intelligence services remain the leading suspects in last month's incursions into U.S.
voting databases, but Russia today pooh-poohs all the evidence tossed up by ThreatConnect,
Fidelis, CrowdStrike, and SecureWorks as a whole lot of nothing.
These denials convince few beyond those already disposed to take at face value Russian Foreign
Minister Lavrov's denial a fortnight ago. convinced few beyond those already disposed to take at face value Russian Foreign Minister
Lavrov's denial a fortnight ago. He declined to comment on pseudo-sensational news and added,
quote, President Putin has repeatedly articulated our position and stated publicly that we never
interfere in the internal affairs of other countries, end quote. So there you have it.
In fairness to Foreign Minister Lavrov, as usual, the evidence in these cases, however compelling it may be, remains largely circumstantial.
There is, however, a growing consensus that U.S. elections are vulnerable to disruption in cyberspace.
If you're an election official anywhere in the U.S., whether you're in Hackensack, Pflugerville, Show Low, or Coalinga,
and you're worried about Cozy Bear or Fancy
Bear finding your networks just right, Red Seal's CEO Ray Rothrock offered the CyberWire
some tips we're happy to pass along to you.
First, accurately visualize all access paths across your as-built network.
Prioritize vulnerabilities based on that access and on the business context of information
in network.
Segment your network to control or limit access from untrusted sources,
like WEAD, the Internet.
Take vulnerable assets offline, if possible,
and use your security resources against high-priority vulnerabilities.
Rothrock, like many observers, sees erosion of voter trust in the electoral system
as among the more serious concerns these incidents
arouse. The insider threat continues to be a serious challenge for cybersecurity professionals,
be it the malicious actor or careless or under-trained employee. We recently caught up
with Dr. Jim Kent, Global Head of Security for NUIX. For the first time, the growing trend about
insider threat is really being realised. It's,
you know, the awareness and acceptance that the insider threat has always been the elephant in
the room that nobody really wants to talk about, is now coming more and more to the front. People
are accepting it and saying, okay, there is something that we really must look at how we deal
with. And why is insider threat important to me and why is it important to us at Nuix?
Well, for me, it encompasses a lot of the general trends that you see in cybersecurity under one umbrella.
So when we start to dig into that, it gets really interesting because we start to say,
well, look, where is the critical value data?
We're suddenly going to the realms of understanding the lay of the land.
Where is, you know, what are the threats?
We always talk about the threats of being, you know, the landscape is off.
Software is a threat.
The hardware is a threat.
And the people are a threat.
Well, I really saw the scale slide this year towards understanding that the software bits,
that we have many bits of technology in the
cyber security landscape they're trying to deal with software and hardware but the people threat
is that persistent threat and it's the variable it's always moving around so trying to understand
how we put the person as an insider threat in those situations what they would do how they
behave how we build from the ground up an approach of governance and accountability with, you know,
how do we work out who's accessing what, how it's encrypted,
how those critical value data buckets are put together
and why they're put together.
Understanding that is becoming more prevalent in the security world,
which is a really good trend that I've seen.
When you start now stepping back and reassessing what does cybersecurity really mean,
I think you can see the market in the industry and actually the clients and the drivers and the people beside it are saying,
you know, maybe it's time to start looking and thinking of this slightly different,
taking all the good bits we have found, looking at the use cases, looking at the behaviors, consolidating and bringing it all together,
and looking at how we best attack and approach the next set of prevention or detection going forward.
That's Dr. Jim Kent from NUIX.
There have been a number of public-private initiatives across the United States
that seek to foster cooperation for both security and economic development.
One of the newer ones has just been opened in Mississippi.
The Mississippi Executive Alliance for Cybersecurity, or MIAC to give it an acronym, MIAC held its first meeting last Friday.
is, quote, to provide a venue for business leadership, board members, CEOs, and CFOs to address cybersecurity so that they can effectively lead their organizations in a
connected economy, end quote.
Reuters this morning broke the news that the SWIFT international funds transfer system
has sustained several additional attacks since the well-known fraud committed against the
Bangladesh Bank.
SWIFT declined to disclose the affected
institutions this time around, but it did say the common factor in the incidents was exploitation
of weak local security that enabled attackers to request fraudulent money transfer. Swift wants
its member institutions to shore up their cybersecurity as soon as possible. The Cyberwire
heard from Balabits East Van Sabo, who said, quote, Essentially, the problem as he sees it is one of privilege abuse and privilege management.
He recommends close profiling and monitoring of privileged users.
In news of more ordinary cybercrime, Dr. Webb warns that the Mutabaha Trojan is impersonating
Chrome in the wild. ESET has been following OS10 Keydnap, which steals OS10 keychain data
and installs a backdoor in a victim machine. OS10 Keydnap has been newly observed, spreading by the transmission BitTorrent
client application. AVG has discovered a new strain of ransomware, Phantom with an F, which
poses as a Windows update to gain access to its targets. Experts continue to debate the wisdom of
paying ransom, but the best protection remains secure backup. Finally, if you'll indulge an
anecdote, one of our stringers once walked into a cyber cafe in the former Soviet Union.
He took one look, turned around, and walked back out.
If we may virtually return to Russia for a moment, we'd like to give a shout out to the
journal Foreign Policy, which is running the best stock picture of a hacker ever.
If you're tired of seeing some wraith-like figure in a hoodie hunched over a keyboard,
go check out Foreign Policy's story on election hacking.
The guy in it is shirtless and sitting in a lawn chair, scowling at a huge laptop.
In the background are a kid's inflatable wading pool,
a couple of discount camping tents, and, get this, a MiG-21.
The guy's got to be a no-good Nick if we've ever seen one.
Still, we wish we had our own MiG-21.
Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security, but when it
comes to our GRC programs, we rely on point-in-time checks. But get this, more than 8,000 companies
like Atlassian and Quora have continuous visibility into their controls with Vanta.
Here's the gist. Vanta brings automation to evidence collection across 30 frameworks, like SOC 2 and ISO 27001.
They also centralize key workflows like policies, access reviews, and reporting,
and helps you get security questionnaires done five times faster with AI.
Now that's a new way to GRC.
Get $1,000 off Vanta when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1,000 off.
Cyber threats are evolving every second, and staying ahead is more than just a challenge. Thank you. And it's my pleasure to welcome to the show our newest academic and research partner, Israel Murski from Ben-Gurion University.
Welcome to the show. Why don't we begin with an introduction? Tell us a little bit about yourself.
I came from Toronto, Canada. I was born there, and I moved to Israel when I was about 18 years old. I did some religious studies and then I did my mandatory military service here in Israel.
And afterwards, I started my first degree in communication systems engineering. And that's
where I really got involved with cyberspace security and got interested in it. And that
was really in my last year of my studies, where in order to get your degree, you have to do a final project. And I came up with this idea to, instead of encrypting binary
ones and zeros, what if we encrypted the physical signals themselves? So in other words, the voltage
that goes over the wire or the audio patterns that go over audible sound waves. The concept here is that every level that lower that you encrypt your
channel, the more information is protected. So if I encrypt the actual physical signal,
and it sounds like white noise to you, then you don't even know the bit rate per se of the
signal that's going through the channel. That's what really launched me into the domain of
cyberspace security. And actually in that idea, which we call the Vernon Physical Single Cipher,
I got a patent and sold it to a startup company.
And after that, I realized that I really wanted to become a researcher
in the domain of cyberspace security, especially for two main reasons.
One, the domain involves a lot of creativity, thinking outside the box.
And two, the domain's always changing.
There's new technologies coming out all the time
and it keeps you thinking and it keeps you on your toes.
So I searched for a place to do my master's
and I found Ben-Gurion University.
They're the center of cybersecurity here in Israel
and they're growing very fast.
And I got accepted to the direct track program
for a PhD, a five-year program.
And I'm finishing up my last year now.
Tell us about the lab there.
So the lab here, a little bit of history goes back about at least 10 years or so.
When Deutsche Telekom, or I think in the States it's called T-Mobile, so they opened up a lab here in Ben Gurion University.
And what they were really looking for is for a cooperation with the university somewhere
international in the States or in Israel and Europe.
And they had some sort of idea for a project and kind of like a bidding war, so to speak,
or in terms of proposals for research.
Ben Gurion University was accepted.
speak or in terms of proposals research bengal university was accepted it was the idea of trying to deploy scrubbing stations in their network to try and clean the traffic before it gets to the
user and they were so impressed with this three-year project that we did that they opened
a lab here and that's caused our experience or involved a lot more experience through our
university to grow and since then we do a lot of projects with the industry,
with IBM, with RSA, with Lockheed Martin,
all in the domain of cyberspace security.
And for two reasons, really.
One is because as researchers, we need funding
and we need new ideas that involve and affect the world.
And we need the data,
especially when we're talking about machine learning.
And on their side, they have the data and they have a problem and we have the expertise so
it works out quite nicely together and here in bersheva we have basically a triangle that's
being built you have the university right next to the university of a high-tech park and right next
to the high-tech park you have where the military's intelligence units are coming.
And the vision of the government is to have a cooperation center here
where each sector works together and shares information together.
All right, Israel Murski, welcome to the Cyber Wire.
And now, a message from Black Cloak.
Did you know the easiest way for cybercriminals to bypass your company's defenses is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform
secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk.
In fact, over one-third of new members discover they've already been breached.
Protect your executives and their families 24-7, 365, with Black Cloak.
Learn more at blackcloak.io.
And that's The Cyber Wire.
We are proudly produced in Maryland by our talented team of editors and producers.
I'm Dave Bittner.
Thanks for listening. Domo's AI and data products platform comes in. With Domo, you can channel AI and data into
innovative uses that deliver measurable impact. Secure AI agents connect, prepare, and automate
your data workflows, helping you gain insights, receive alerts, and act with ease through guided
apps tailored to your role. Data is hard. Domo is easy. Learn more at ai.domo.com. That's ai.domo.com.