CyberWire Daily - Daily: Ukraine's PM resigns, in part over Panama Papers controversy. Patch news.
Episode Date: April 11, 2016In today's Daily Podcast we follow up on the Panama Papers' fallout. Leaker "John Doe" remains unidentified, and the scandal is roiling politics in Ukraine. Some observers think the Russian Financial ...Monitoring Service is behind the leaks. Dridex evolves into new lines of cyber crime. Juniper patches a suspect random number generator. GCHQ is said to have helped publishers stop the new Harry Potter book from leaking. And CyberWire editor John Petrik reviews an interesting price list from Dell SecureWorks. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K. back. If you're not killing these people, then who is? That's what I want to know. Starring Kaley Cuoco and Chris Messina. The only investigating I'm doing these days is who
shit their pants. Killer messaged you yesterday? This is so dangerous. I got to get out of this.
Based on a true story. New season premieres Monday at 9 Eastern and Pacific. Only on W.
Stream on Stack TV. Hey everybody, Dave here. Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try DeleteMe.
I have to say, DeleteMe is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash N2K and use promo code N2K at checkout. The only way to get 20% off is to go to joindeleteme.com slash N2K and enter code
N2K at checkout. That's joindeleteme.com slash N2K, code N2K. Some observers see wheels within wheels and Russian intelligence services behind the Masek Fonseco hack.
The Drydex banking Trojans infrastructure is now being turned toward paycard theft and ransomware distribution.
Flash player users get a brief respite from zero-day exploitation.
And we can now reveal the real location of the Ministry of Magic.
It's been narrowed down to Cheltenham or Harrogate, and you muggles thought it was Durham.
I'm Dave Bittner in Baltimore with your Cyber Wire summary for Monday, April 11, 2016.
The Panama Papers seem to have claimed another government in Europe as Ukraine's Prime Minister resigned Sunday.
The Prime Minister seems not to have been named in the leaked documents,
but other names, including that of Ukraine's President Poroshenko, have appeared.
UK Prime Minister Cameron is also addressing claims that he used offshore accounts.
Investigations proceed.
Reuters reports that authorities in El Salvador raided the offices of Masek Fonseco,
the law firm at the center of the incident on Friday,
seizing records and computers but detaining no one. How the leak was accomplished remains obscure,
and Masek Fonseco has denied it was an insider or whistleblower leak. Indeed, they've consistently denied any wrongdoing. All those who feel some nostalgia for the Cold War will appreciate some
Panama Papers speculation
that surfaced Friday in Newsweek. An opinion piece suggests that Russian intelligence services
may be behind the leak, given the relatively light treatment the leaks give to Russian figures.
The world press has tended to fixate on the Putin associates mentioned in the leaks,
but President Putin himself has gone largely unmentioned, and his associates represent only a fraction of those whose names appear in the papers.
This suggests that Moscow's public stance of airy dismissal is probably workable in the long run.
But the damage done to some governments in the West and the near abroad, however, has been considerable.
It's also curious that there have yet to be any significant or interesting leaks of American names.
that there have yet to be any significant or interesting leaks of American names.
While this big gap could be explained by Panama's relatively low utility as an offshore haven for U.S. tax avoidance,
there is, on the other hand, the Sadovich-Zeitink's curiously evasive
you-ain't-seen-nothing-yet response to questions about American involvement.
So, a Newsweek opinion piece runs, suggesting the possibility
that a Russian intelligence service was behind the leaks. The agency specifically called out in the Newsweek piece is the Russian
Financial Monitoring Service, which answers directly to Russia's president. The aim,
the article suggests, is essentially blackmail, presumably blackmail of the American public
figures not mentioned. So, it seems, Moscow may be hoping that people fear being bitten by the dog that didn't
bark. Anonymous dislikes the gig economy, at least in Italy. The hacktivist collective and
its colleagues in LulzSec ITA leaked personal information of CEOs and other managers as
hot Italian companies to protest Italy's new labor laws. They've also defaced at least one
employment agency and claim to have also targeted 45 others.
The grievances are the familiar gig economy objections,
poor protection of workers,
exploitive labor practices,
diversion of wealth to corporations.
Hackreed has looked through the leaked information
and concluded that it looks new,
that is not recycled from earlier data breaches,
and legitimate.
Researchers at Bugaroo and elsewhere, notably Trend Micro and Symantec, have been tracking
the Drydex banking trojan infrastructure. They believe they've discerned at least two
axes of evolution. Drydex has, first, moved into paycard credential theft, and second,
has been adapted to a ransomware distribution method. Locky is the strain of ransomware most often mentioned in connection with Drydex.
Adobe patched Flash Player Thursday, but those whose patching may be lagging seem to have received a temporary respite.
Malwarebytes reports that the criminals who attempted to exploit the now-patched Zero Day in the wild
seem to have botched the vulnerabilities incorporation into the Magnitude Exploit Kit. That fumbling won't continue forever, of course, and there are
other avenues of exploitation besides Magnitude, so all Flash Player users are still advised to
patch their systems. In other patch news, Juniper late last week completed its update to ScreenOS,
overhauling the way the system handles encryption, removing the suspect dual-EC random number generator.
The company hopes this removes lingering suspicion that its products had a backdoor
that could be exploited by government intelligence services.
A discussion draft of a U.S. Senate bill that would require vendors to decrypt their products
leaked late last week.
The draft bill, with bipartisan sponsorship by Senators Burr, a Republican from
North Carolina, and Feinstein, Democrat from California, says, quote, all providers of
communication services and products, including software, should protect the privacy of United
States persons through implementation of appropriate data security and still respect
the rule of law and comply with all legal requirements and court orders, end quote.
At the center of its provisions is this note, quote,
To uphold both the rule of law and protect the interests and security of the United States,
all persons receiving an authorized judicial order for information or data must provide,
in a timely manner, responsive, intelligible information or data,
or appropriate technical assistance to obtain such information, end quote.
Few observers like what they see, although oddly enough, the draft doesn't specify either criminal or civil penalties for violations.
In any case, it's a draft.
Now that it's withdrawn its demand for help unlocking the iPhone used by one of the San Bernardino jihadis,
the U.S. Justice Department still wants Apple's help unlocking the iPhone used by one of the San Bernardino jihadis, the U.S. Justice Department still wants Apple's help unlocking another iPhone.
This one is involved in a conventional New York drug trafficking case
that's been pending since before the San Bernardino massacre.
In this case, the demand for assistance is more straightforward.
Apple has long acknowledged it can access the particular phone in question without difficulty.
Finally, did you know there's a new Harry Potter book coming out?
There is, and it hasn't been leaked yet.
And why hasn't it leaked?
The publishers say it's been protected by GCHQ,
which is Britain's government communications headquarters.
And you probably thought GCHQ was just this bunch of muggles
when it turns out they're in the Ministry of Magic itself.
Arthur Weasley, call your office.
Transat presents a couple trying to beat the winter blues.
We could try hot yoga.
Too sweaty.
We could go skating.
Too icy.
We could book a vacation.
Like somewhere hot.
Yeah, with pools.
And a spa.
And endless snacks.
Yes! Yes! Yes!
With savings of up to 40% on Transat South packages, it's easy to say, so long to winter.
Visit Transat.com or contact your Marlin travel professional for details.
Conditions apply.
Air Transat. Travel moves us.
moves us. Do you know the status of your compliance controls right now? Like, right now?
We know that real-time visibility is critical for security, but when it comes to our GRC programs,
we rely on point-in-time checks. But get this, more than 8,000 companies like Atlassian and Quora have continuous visibility into their controls with Vanta.
Here's the gist. Vanta brings automation to evidence collection across 30 frameworks, like SOC 2 and ISO 27001.
They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done five times faster with AI. Now that's a new way to GRC. Get $1,000 off Vanta when you go to
vanta.com slash cyber. That's vanta.com slash cyber for $1,000 off. to stay home with her young son. But her maternal instincts take a wild and surreal turn as she discovers the best yet fiercest part of herself.
Based on the acclaimed novel,
Night Bitch is a thought-provoking
and wickedly humorous film from Searchlight Pictures.
Stream Night Bitch January 24 only on Disney+.
Cyber threats are evolving every second and staying ahead is more than just a challenge.
It's a necessity.
That's why we're thrilled to partner with ThreatLocker, a cybersecurity solution trusted by businesses worldwide.
ThreatLocker is a full suite of solutions designed to give you total control, stopping unauthorized applications, securing sensitive data, and ensuring your
organization runs smoothly and securely. Visit ThreatLocker.com today to see how a default
deny approach can keep your company safe and compliant.
Joining me is John Petrick, editor of the Cyber Wire.
John, there's a recent report from Dell SecureWorks outlining some pricing,
but it's not the kind of pricing you would expect to see from Dell, is it?
No, it's not.
But before I answer any more of your questions, I need to know,
do you want to know this for yourself or are you asking for a friend?
I'm absolutely asking for a friend.
Okay, good. Then we're okay. Yeah, what these are is this is Dell SecureWorks look into what the current black market pricing is for various cyber ill-gotten goods, whether they be credentials, whether they be hacks for hire, things like that.
And what did they find?
They're finding, unsurprisingly,
several things. One is that the black market is actually functioning like a market.
And the other thing they're finding is that these kinds of exploits and stolen goods are
increasingly becoming commodified. They're the kinds of things that any number of people could
afford to buy if that's what they're in the market for. So give me some examples of things I can buy
and what do they cost? Sure. Suppose you want to steal somebody's American Express card.
That's $30 a pop. You want to hire someone to conduct distributed denial of service.
You can contract for that for as low as $5 an hour, and remote access Trojan goes at the same rate.
The angular exploit kit, you can get an angular license, not a phishing license, but an
Angular license for $100. You can find other sorts of things that haven't hitherto been offered much.
You can find an ATM skimming device for $400 or less, for example. You want to hack a corporate
email account? $500 a mailbox. That's about four times what it costs to hack into a Gmail or Hotmail
account. So give me some perspective here.
I mean, how do these prices compare to what these things went for historically?
It's not all that clear because the market is a new one.
So it's not clear that we have some strong comparison.
I see.
But what we can learn from this is that this is definitely a market.
There's a market in this stuff, that there's a souk out there where people are trading these things
in a kind of illegal bazaar.
All right, John Petrick, thanks for joining us.
And now, a message from Black Cloak.
Did you know the easiest way for cybercriminals
to bypass your company's defenses
is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk.
In fact, over one-third of new members discover they've already been
breached. Protect your executives and their families 24-7, 365 with Black Cloak. Learn more
at blackcloak.io. And that's The Cyber Wire.
We are proudly produced in Maryland by our talented team of editors and producers.
I'm Dave Bittner. Thanks for listening.
Thank you.