CyberWire Daily - Daily & Week in Review: Anonymous vs. Israel. Panama Papers. The view from Japan.
Episode Date: April 8, 2016In today's Daily Podcast we report on the results of yesterday's #OpIsrael—basically a fizzle, but a fizzle with the usual disturbing implications. Pirrit adware moves to OS X. Ransomware remains a ...low-risk, high-payoff cyber caper. We take a look at some industry news: good, bad, and middling. We talk to the University of Maryland's Jonathan Katz about fully homomorphic encryption, and we discuss Japan's cyber security landscape with William Saito, special advisor to the prime minister of Japan. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash N2K, code N2K.
Israel was prepared for hashtag OpIsrael, as it usually is,
but hashtag OpIsrael may play a larger HR role in the cyber underground than is
often appreciated. Law firms do some security introspection in the Panama Papers aftermath.
An adware variety moves from Windows to OS X. Adobe distributes its expected emergency patch
for Flash Player. Tech industry observers see layoffs coming this year. We share some of the
aphoristic advice for business we heard yesterday at the Cybersecurity Risk Management 360, and we wonder, what's the connection between the
Mission Impossible theme music and hacktivist bad judgment?
I'm Dave Bittner in Baltimore with your CyberWire summary and week in review for Friday, April 8th, 2016.
Yesterday was Anonymous' annual hashtag OpIsrael, the regular hacktivist action, whose stated goal is to, quote, erase the Zionist devil from the internet, end quote, which of course it didn't succeed in doing.
in doing. Hack Read called Hashtag Op Israel more hype than harm, and indeed the attacks,
DDoS being the favorite tactic, didn't rise above the nuisance level. But as a famous space pirate once said, don't get cocky, kid. Recode puts the warning rather breathlessly, Anonymous' Hack Israel
Day could impact the entire world. Behind the screamer headline is a serious point. Hacktivist actions, especially
hashtag OpIsrael, recruit effectively, and they can also serve as surprisingly effective training
opportunities for aspiring hacktivists who eventually find their way into the cybercriminal
market. That criminal market, according to a new study by Dell SecureWorks, remains immature,
but it's growing in sophistication, with improved customer
service, more sophisticated offerings including some surprisingly comprehensive business dossiers,
and an increasingly collaborative dark web ecosystem.
Analysts continue to look into the Panama Papers hack, or at least look at it, since
details of how the hack was accomplished remain sparse.
They're offering much speculation, we stress speculation about the potential role lax security could have played in exposing the data.
Since some form of lax security somewhere contributing to a successful cyber attack
is as close to a sure thing as we're likely to have in this life,
the analysts are making a pretty safe bet.
But details remain far too thin on the ground for any more interesting conclusions
to be drawn. But law firms are taking the incident as a cautionary tale and show signs of doing some
security introspection. Japan is taking advantage of the prominence of influential Chinese families
to score public relations points against its regional rival. And speaking of Japan, this
advanced country has a significantly different cybersecurity
landscape than what Westerners may be accustomed to. William Saito is special advisor to the Prime
Minister of Japan. The startup scene in Japan is definitely different from other parts of the
world. It's still definitely in its infancy. We don't have any major players yet. And I think a
lot of the cybersecurity products that we use still tend to come from the United States, Israel, and other countries. So there's not much of a domestic presence quite yet. And I think a lot of the cybersecurity products that we use still tend to come from the United States, Israel, and other countries. So there's not much of a domestic presence quite yet.
There is venture capitalist play here. There are a lot of government subsidies as well.
The venture capital is not traditional venture capital that you see in places like the U.S.,
but there is a lot of activity in this area. So to give it credit, I think
current entrepreneurial activity has definitely increased in the last 18 months, two years.
In many Western nations, academic institutions are a common incubator for cybersecurity startups.
But according to Saito, structural differences in Japan's educational system can present challenges.
The educational basis of Japan doesn't teach many of the students, for example, who come from the sciences, managerial skills, really humanities-based accounting, marketing.
And so you see a skills delta compared to other countries, and so that's kind of unfortunate.
But there is tech that comes out of schools and academia.
Whether they survive for X number of years, that's questionable.
Saito noted that when recommending cybersecurity products and services in Japan,
it's important to recognize the cultural differences in how they prioritize risk.
It doesn't do well to try to sell it as a theft prevention thing,
that a lot of companies still feel that their data,
their intellectual property is not necessarily data bound yet.
And so they feel some level of reluctance to protect something.
And so I think cybersecurity is looked at from a different angle and specifically things
like integrity.
So your data may not be worth much if you get it stolen, but if it was changed and,
you know, schematics, wire transfers,
contracts, if they didn't there was surreptitiously changed by a competitor,
what kind of impact will that have? And so I approach cybersecurity in Japan as definitely
from a different angle because theft is not necessarily articulatable as, say, other Western
cultures. He also suggested the Japanese market provides ample opportunities
for companies looking to do business there. Given the pressures that cybersecurity plays,
and that it's inherently a global issue, there are huge opportunities here to arbitrage and enter
into a market that's just finally waking up and going, wow, this is a problem. Then on top of
this, we have the Olympics coming in four years. And so this is definitely raising priority on cybersecurity and risk and security in general. So these things are
definitely of interest because you can't grow domestic innovations and companies overnight.
And so I think there is that vacuum and that's an opportunity for other countries and people.
Many consider Japan to be relatively insulated from cyber attacks,
in part due to the language barrier,
but recent attacks like Operation Dust Storm
have highlighted the global nature of criminal cyber activities.
The first generation would say that Japan is an island
and therefore we're inherently protected.
And obviously that doesn't hold true in an ICT-connected world
where Internet tears down these borders.
The second generation would say that, oh, hackers couldn't read Japanese.
It's really no longer true because at its core, coding is coding.
To make matters worse, in Japan, you have this rapidly aging society.
And so this kind of society is really gullible to social hacking, other issues.
And so you see that once you could get past the first layer on many of these things,
you have a very rich populace that is really old and not very IT-sophisticated.
And so it's lucrative from a criminal standpoint if you can get into this.
And again, language is actually not that huge a hurdle.
And so these areas I try to really emphasize companies in going that, you know, security through authentication is not really something
that one should get their company on. That's William Saito, special advisor to the Prime
Minister of Japan. In other hacking news, Cyber Reason reports finding a version of the Windows
based Purit adware affecting Macs. OS X Purit, as Cyber Reason
calls the new strain, has so far mostly served up benign, if unwanted, ads, but the researchers warn
that the adware has the potential to evolve into a significant attack vector. Right now it infects
Macs, creates a proxy server, and inserts advertising into web pages, but Cyber Reason
has said the adware could easily be adapted to install a key
logger or other data theft and exfiltration tools. Samples of OS X PURIT have been carried
by bogus Adobe Flash updates and by other compromised files. Speaking of Adobe, they
issued their promised emergency patch for Flash Player yesterday for Windows, Macintosh, Linux,
and Chrome OS. The Magnitude Exploit Kit is actively exploiting Flash Player yesterday for Windows, Macintosh, Linux, and Chrome OS. The Magnitude Exploit Kit is
actively exploiting Flash Player in the wild, so all users would be advised to update with the
actual patch, not a bogus one, as soon as possible. Server ransomware is among the malware being
distributed through this zero day. Ars Technica looks at other ransomware incidents and glumly
notes that this form of attack now offers criminals an easy payday.
Sure, the victims don't always pay up. MedStar, for example, didn't.
But the crime is still a very low-risk, high-reward proposition.
Some $24 million are said to have been paid to ransomware purveyors by their victims in 2015,
and most observers expect the figure to rise.
U.S. federal authorities are now firmly
on record as advising against paying cyber ransom. Security researcher David Longnecker
reports that the Ares surfboard cable modem, SB6141 model, is vulnerable to reboot attacks.
A firmware patch is expected for the widely used modem, but it's not available yet.
In a darkly comedic look at motherhood and society's expectations, Academy Award-nominated Amy Adams stars as a passionate artist who puts her career on hold to stay home with her young
son. But her maternal instincts take a wild and surreal turn as she discovers the
best yet fiercest part of herself. Based on the acclaimed novel, Night Bitch is a thought-provoking
and wickedly humorous film from Searchlight Pictures. Stream Night Bitch January 24 only on Disney+.
Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks.
But get this.
More than 8,000 companies like Atlassian and Quora
have continuous visibility into their controls with Vanta.
Here's the gist.
Vanta brings automation to evidence collection
across 30 frameworks,
like SOC 2 and ISO 27001.
They also centralize key workflows
like policies, access reviews, and reporting,
and helps you get security questionnaires done
five times faster with AI. Now that's a new
way to GRC. Get $1,000 off Vanta when you go to vanta.com slash cyber. That's vanta.com slash cyber
for $1,000 off. Thank you. solution trusted by businesses worldwide. ThreatLocker is a full suite of solutions
designed to give you total control, stopping unauthorized applications, securing sensitive
data, and ensuring your organization runs smoothly and securely. Visit ThreatLocker.com today to see
how a default deny approach can keep your company safe and compliant.
Joining me is Jonathan Katz. He's a professor of computer science at the University of Maryland, and he's also director of the Maryland Cybersecurity Center, one of our academic and
research partners. Jonathan, I was at a conference recently, and one of the presenters was talking about fully homomorphic encryption. I have to
admit it was a little bit over my head, but I thought to myself, I know who I can ask about
this and also have him share it with our listeners. Fully homomorphic encryption, what is it?
Well, fully homomorphic encryption is really fascinating. It's been one of the holy grails,
as it were, of cryptography since the 1970s. And for a long time, it was unclear whether any sort of fully homomorphic encryption scheme
could even exist. And it wasn't until a breakthrough by Craig Gentry a few years ago
that the cryptographic community even thought that such a thing would be possible.
Can you give us a description of how it works?
Well, at a high level, what fully homomorphic encryption allows you to do is to compute on encrypted data.
So the basic idea is that I can take some data, I can encrypt it and send it to you.
You can then perform a set of operations on the ciphertext that I send you and compute anything you like about the underlying encrypted data all the time without learning anything about what's been encrypted,
and then send it back to me at which point I can decrypt and recover the answer.
So this basically, among other things, allows me to outsource computation
to you and to get back a result without violating my privacy, the privacy of my data at all.
Are there any drawbacks?
Well, the problem is that right now the schemes we know of are inefficient to the point of being completely impractical.
And the overhead that's introduced by fully homomorphic encryption is several orders of magnitude over the underlying computation itself.
Nevertheless, researchers continue to work on it, and we can hope that within a few years or maybe a decade,
we'll see systems that bring down this overhead to something much closer to practical.
All right, interesting stuff. Jonathan Katz, thanks for joining us.
And now a message from Black Cloak. Did you know the easiest way for cyber criminals to bypass your
company's defenses is by targeting your executives and
their families at home. Black Cloak's award-winning digital executive protection platform secures
their personal devices, home networks, and connected lives. Because when executives are
compromised at home, your company is at risk. In fact, over one-third of new members discover
they've already been breached. Protect your executives and their families 24-7, 365, with Black Cloak.
Learn more at blackcloak.io.
Industry news is mixed.
On the good news side, KeyW lands a five-year, $152 million cybersecurity training contract with an unnamed U.S. customer,
and the company moves closer to the long-prepared sale of its Hexis unit.
Dell and EMC, as they prepare for their upcoming merger,
are also divesting themselves of several units,
including cyber
player SecureWorks, whose initial public offering is expected later this month.
On the less-than-good-news side, several big tech companies are expected to go through a cycle of
layoffs this year. While this is an IT story as opposed to a specifically cyber story,
the sectors overlap enough to make layoff predictions interesting. Here's how Information Week sees it.
VMware is expected to shed 10-15% of its employees,
Symantec 15%, Yahoo 30%, EMC 15-20%, Cisco 20%,
HP 30%, Microsoft 15%, Oracle 20%,
Hewlett-Packard Enterprise 30%, and IBM 25%.
Two observations are in order.
First, these figures represent informed analyst conclusions, not firm corporate announcements,
so the news may turn out to be much better, or alas, somewhat worse, than predicted.
Second, should the layoffs occur, other companies should recognize that there's a lot of solid talent
that's now back on the market and hire accordingly. After all, we hear there's a shortage of cybersecurity workers
out there, right? We attended the Cybersecurity Risk Management 360 yesterday. You'll find a
summary of the proceedings on our website, thecyberwire.com, but we wanted to share a few
aphorisms the speakers left with us. On risk, quote, people think it's
never going to happen to them. Until an event occurs, we have a hard time getting their attention,
end quote. On insurance, quote, you buy property insurance, why not cyber insurance? A cyber attack
is more likely than a fire, end quote. On the quantification of risk, quote, it's important
to communicate costs to small businesses, the cost of insurance
and the cost of potential incidents, end quote. And finally, on change. Quote, the number one
thing that drives change is customers. If you lose a customer because you don't have adequate
security, you've lost money, end quote. And finally, a gentleman in Oklahoma City is looking
at 10 years in prison for various forms of illicit online harassment of a security researcher who helped put one of his fellow hackers behind bars back in 2009.
The two hackers, Handles Coax and Ghost Exodus, were members of what they styled the Electronic Tribulation Army, or ETA.
That's electronic with a final K if you're keeping score at home. Mr. Coax sought to
avenge Mr. Exodus's 2009 arrest with various online capers that include masked and behoodied
videos of himself. But perhaps the real blame for Mr. Exodus's arrest should be laid at the 2009
video he posted to YouTube, featuring himself uploading malware to a former employer's system, accomplished
to the tune of the Mission Impossible theme. So here's some free advice to the hacktivist
underground. Pick your battles, and when you fight them, don't feel you need to go the full
good morning Mr. Phelps. After all, nothing on the internet self-destructs in five seconds.
And that's The Cyber Wire.
We are proudly produced in Maryland by our talented team of editors and producers.
I'm Dave Bittner. Thanks for
listening. Thank you. comes in. With Domo, you can channel AI and data into innovative uses that deliver measurable
impact. Secure AI agents connect, prepare, and automate your data workflows, helping you gain
insights, receive alerts, and act with ease through guided apps tailored to your role.
Data is hard. Domo is easy. Learn more at ai.domo.com.
That's ai.domo.com.