CyberWire Daily - Daily: US cyberwar vs. ISIS. IPO fizzle? (Investors want profit.)
Episode Date: April 25, 2016In today's Daily Podcast we discuss reports that the Bangladesh Bank hackers succeeded in getting into, and manipulating, some SWIFT client software. The outlines of the US cyber campaign against ISIS... grow clearer. Updates on how the US Department of Justice is getting into iPhones. We take a look at the disappointing—to many analysts—SecureWorks IPO and what it means for VCs and cyber unicorns. Plus, CyberWire Editor John Petrik reports on last week's SINET ITSEF conference. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash n2k code N2K at checkout. That's joindelete.me.com slash N2K, code N2K.
There may be more to the Bangladesh bank hack than met the eye
as reports of the possible compromise of Swift client software appear.
The U.S. Defense Department says it's dropping cyber bombs on ISIS.
SecureWorks' IPO hasn't popped yet.
Analysts think this means industry unicorns will have to wait longer
and show some profit before their exit.
Not everyone's buying the gray hat story about how the San Bernardino iPhone was accessed,
and the U.S. Department of Justice says it won't need Apple's help on that New York phone. They've got the passcode. I'm Dave Bittner in Baltimore with your CyberWire
summary for Monday, April 25, 2016. Remember February's hack of the Bangladesh Bank? That
was a cyber heist that cost $81 million before alert proofreaders at Deutsche Bank metaphorically
smelled a rat in a misspelled word. That hack appears to have broader and more disturbing
implications. BAE security researchers warned early this morning that those behind the attack
may have succeeded in compromising SWIFT, the Society for Worldwide Interbank Financial
Telecommunication, whose platform is used internationally to manage interbank
transactions. Specifically, BAE believes the attackers modified client software called
Alliance Access to alter a database that logged bank transactions. The modification was designed
for stealth. The hackers not only altered Alliance Access to remove records of fraudulent transactions
and manipulate balances and databases,
but also prevented those transactions from being printed in Swift's tracking center.
The malware installed in the system was also capable of intercepting and destroying incoming messages,
confirming the criminal's funds transfers.
The episode shows extraordinary attention to detail in manipulating the target's environment to cover the thieves' tracks. It's worth noting that the malware affects Alliance access software only,
and not Swift's network or core messaging services. Swift has established what it calls
a facility to help customers enhance their security and find inconsistencies in database records.
Authorities in Bangladesh continue their investigation into the incident. A team from that
country's forensic training institute believes it's found the criminal's access point. The
Bangladesh bank was using second-hand network switches, reportedly without firewalls, to link
its systems. Those systems, in turn, were connected to SWIFT. The second-hand switches are said to have cost $10 each, a case of false economy if there ever was one.
In cyber war news, the U.S. Army has found exploitable vulnerabilities in its Win-T Increment 2 mobile tactical network.
The nature of those vulnerabilities is naturally unspecified, but fixes are promised, as is enhanced user training.
The U.S. has grown increasingly open about its
conduct of cyber operations against ISIS. Deputy Secretary of Defense Robert O. Wark has said,
quote, we're dropping cyber bombs. We have never done that before, end quote. The computer network
attacks are designed to disrupt ISIS messaging, command and control, and administration. All of
this, of course, is also intended to undermine
the terrorist group's ability to attract followers, who would lose confidence in ISIS security and
fear personal exposure, and, as the New York Times puts it, quote, rattle the Islamic State's
commanders who have begun to realize that sophisticated hacking efforts are manipulating
their data, end quote. The U.S. campaign is said to have begun with implants in ISIS networks
intended to gather information about commanders' online habits. After this battle space preparation,
the campaign has moved to spoofing of those commanders' communications and disruption of
ISIS messaging. Thus, U.S. cyber operators appear to be attacking not only command and control,
but ISIS's arguably more dangerous and intractable ability to inspire
and recruit. On the development of international norms for cyber warfare and on confidence
building in cyberspace, observers are waiting for word on the outcome of talks between U.S.
and Russian officials. Discussions began quietly in Geneva last week.
At Cynet's ITSEF 2016 last week, the Cyber Wire spoke with Canada's Minister of
National Defense, the Honorable Harit Singh Sajjan, about using intelligence developed in cyberspace.
He emphasized throughout that, if you want intelligence to be actionable, you've got to
deliver it to the users on the ground. You can read the discussion at thecyberwire.com
slash interviews. In industry news, SecureWorks held its long-anticipated initial public offering last week.
The IPO is widely viewed as lackluster, according to Reuters.
The stock closed at $14 in its first day of trading, which is where it had initially been priced.
While a number of cybersecurity startups have been able to persuade investors to look beyond profit,
which hasn't in many cases been there, and see the growth behind the operating losses.
This seems to no longer be the case.
Investors appear now to be looking for profit, and they're less likely to buy the story.
The SecureWorks IPO seems to have reset the market,
and analysts think the next round of unicorns may have to wait a bit before they head for the exit.
the next round of unicorns may have to wait a bit before they head for the exit.
In legal news, some observers doubt the FBI's gray hat explanation of how it accessed the San Bernardino jihadist iPhone. Fast Company reports sources who say the bureau's allusions
to a team of gray hats is in fact misdirection, covering work done by Celebrite, the Israeli firm
initially thought by most to have done the work. And finally, the U.S. Department of Justice has said it no longer needs Apple's help unlocking
an iPhone in a New York drug trial. Thank you very much. That help had been requested under
the same All-Ritz Act authority used in the San Bernardino case. An individual, sources say,
gave investigators the phone's passcode. Who individual is remains unclear.
Perhaps a relative of occupant,
or current resident,
or maybe even area man.
In a darkly comedic look
at motherhood and society's expectations,
Academy Award-nominated Amy Adams
stars as a passionate artist who puts her career on hold to stay home with her young son.
But her maternal instincts take a wild and surreal turn
as she discovers the best yet fiercest part of herself.
Based on the acclaimed novel, Night Bitch is a thought-provoking
and wickedly humorous film from Searchlight Pictures.
Stream Night Bitch January 24 only on Disney+.
Do you know the status of your
compliance controls right now?
Like, right now.
We know that real-time visibility
is critical for security, but when it
comes to our GRC programs,
we rely on point-in-time
checks. But get this, more than 8,000 companies
like Atlassian and Quora have continuous visibility into their controls with Vanta.
Here's the gist. Vanta brings automation to evidence collection across 30 frameworks,
like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting,
and helps you get security questionnaires done five times faster with AI.
Now that's a new way to GRC.
Get $1,000 off Vanta when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1,000 off.
Cyber threats are evolving every second,
and staying ahead is more than just a challenge.
It's a necessity.
That's why we're thrilled to partner with ThreatLocker, Thank you. and ensuring your organization runs smoothly and securely. Visit ThreatLocker.com today to see how a default-deny approach can keep your company safe and compliant.
Joining me is John Petrick, editor of the CyberWire.
John, you spent last week at the Cynet ITSEF conference in California.
What do you have to report from there? What did you hear on the ground?
It was an interesting conference. There was a lot of talk about risk management,
about managing cyber risk. People still are struggling with the difficulty of valuing their
own assets. How valuable actually is your IP? How valuable are your networks? How valuable are your
data? People were talking about the absence of actuarial data.
That is, what does it actually cost people when there's a cyber attack? And there are no good
surrogates for that, that people have tried to use things like stock price as a surrogate,
and that seems actually to underestimate the cost of a cyber attack. So if there's somebody
who has a good way of coming up with a surrogate for actuarial data, they would really have
something people would be interested in.
And SignNet is an innovation network.
Was there any advice for innovators, advice for entrepreneurs?
There's a lot of interesting advice about selling it to the bigger enterprises.
There's unanimous agreement that cold calling is a waste of time and that the warm introduction
is everything.
There were several people who pointed out that really nobody has the resources, no matter how big they are, to really effectively test and run down all of the products and solutions that
are given in a lab. So a lot of the people who spoke emphasized the importance of trust,
building a kind of personal familiarity with a vendor, because nobody really can test these
things in the lab. What are some of the other things they said? It's a big market.
The security market is estimated at $75 billion right now. They offered some do's and don'ts.
I'm going to give you the don'ts first. Don't come in badmouthing the competition. Don't come
in with a pitch. Company XYZ got hacked last week. You could be next. That's not effective.
Don't come in without, for example, knowing whether somebody else from
your company has already been in there talking to the prospective customer. This apparently
happens a lot. Their time's valuable. They don't like it wasted. Don't deny that you have any
competition. Everybody's got competitors. They may not do exactly what you're doing, but don't
come in and say, well, we have no competition. This is absolutely unique. It's not. So don't
make that claim. Above all, if you It's not. So don't make that
claim. Above all, if you're coming in selling, don't make your need to meet a sales quota the
customer's problem. It's not their problem. It's your problem. For the do's, they said, do your
homework, know the company you're pitching to, know what their needs are, and be able to come
in with them and give a good, clear technical story about what your product actually does.
and give a good, clear technical story about what your product actually does.
And be sure you're able to get quickly to your value proposition.
They really want innovative ways of addressing the security of their partners,
anything that can reduce third-party risk and that can reduce the risk of using APIs.
That's something that a lot of people are going to be interested in.
John Petrick, editor of the Cyber Wire. Thanks for joining us.
And now a message from Black Cloak.
Did you know the easiest way for cyber criminals to bypass your company's defenses is by targeting your executives and their families at home. Black Cloak's award-winning digital executive protection platform
secures their personal devices,
home networks, and connected lives.
Because when executives are compromised at home,
your company is at risk.
In fact, over one-third of new members discover
they've already been breached.
Protect your executives and their families
24-7, 365 365 with Black Cloak.
Learn more at blackcloak.io.
And that's The Cyber Wire.
We are proudly produced in Maryland by our talented team of editors and producers.
I'm Dave Bittner. Thanks for listening.
Your business needs AI solutions that are not only ambitious, but also practical and adaptable.
That's where Domo's AI and data products platform comes in. With Domo, you can channel AI and data into innovative uses that deliver measurable
impact. Secure AI agents connect, prepare, and automate your data workflows, helping you gain
insights, receive alerts, and act with ease through guided apps tailored to your role.
alerts and act with ease through guided apps tailored to your role. Data is hard. Domo is easy. Learn more at ai.domo.com. That's ai.domo.com.