CyberWire Daily - Daily & Week in Review: Brexit beats Bremain. Cyber combat support. The usual ransomware.
Episode Date: June 24, 2016In today's podcast we discuss the implications of Brexit, and we talk with someone whose researchers predicted it from social media analytics. GhostSquad strikes, apparently, for ISIS, and LizardSquad... DDoSes Overwatch for the lulz. Some old threats come back (some never really left). US Cyber Command is operational against ISIS. The importance of low-power WAN for the IoT. State Department email investigation continues. Malek Ben Salem from Accenture Technology Labs tells us about Software Defined Security. Daniel Mayer from Expert System explains how they predicted the UK vote, and Matthew Knight from Bastille Networks shares his research into low-power wide area networks. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K. stay home with her young son. But her maternal instincts take a wild and surreal turn as she
discovers the best yet fiercest part of herself. Based on the acclaimed novel, Night Bitch is a
thought-provoking and wickedly humorous film from Searchlight Pictures. Stream Night Bitch January
24 only on Disney+.
Hey everybody, Dave here. Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try DeleteMe.
I have to say, DeleteMe is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners, today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k
at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash n2k code N2K at checkout. That's joindelete.me.com slash N2K, code N2K.
UK voters take their country out of the EU.
Who predicted Brexit and how when the smart money was on Bremain?
Fancy Bear and Cozy Bear don't look like a lone hacker, but they do strike one oppo researcher as lazy bear.
Ghost Squad goes after the U.S. military, and U.S. Cyber Command goes after ISIS.
Ransomware continues to pursue businesses and individuals.
Some old threats return, Conficker among them.
Investigations into U.S. State Department emails continue, enabling technologies for the IOT, and, and, keep calm and carry on.
I'm Dave Bittner in Baltimore with your CyberWire summary and week in review for Friday, June 24,
2016. The big news today is, as we expected, that the UK voted yesterday to exit the European Union.
The vote means that Prime Minister Cameron's government will be out by October at the latest.
The decision to leave the EU will have far-reaching policy and market implications for cybersecurity as well.
We'll talk a bit later with the CEO of Expert System, the company whose research into social media trends called the vote for Brexit
when most other prediction markets, even the betting shops, had the smart money on Bromain.
In that other political story on this side of the pond,
consensus is firming up that the DNC wasn't hacked by a lone hacktivist.
Signs still point to Moscow.
A former DNC researcher thinks Fancy Bear and Cozy Bear don't know much about opposition research.
He would make Lazy Bear the third bear in this story.
Ghost Squad hacktivists, largely associated with anonymous operations like Op Icarus against governments and banks,
offers ISIS support by releasing a database containing personal data of U.S. military personnel.
This support is at least objective, if not actually coordinated, and some observers regard
the list as effectively another ISIS hit list.
Hackreid said the data looks legit.
The release comes as U.S. Cyber Command takes an increasingly active combat support role
against ISIS.
46 of the command's mission support teams are reported to be fully operational, 59 are
at initial operational capability, and there are another 28 still to be organized.
They're currently supporting U.S. Central Command in its operations against ISIS.
Some observers of that effort recommend that anti-ISIS information operations against the
self-proclaimed caliphate's online echo chamber
be specific, granular, and tightly crafted for its audience. An expert from the International
Center for the Study of Radicalization, the ICSR, at King's College in London recently
characterized the members of that audience as, quote, what we call the cheerleaders and fanboys
and wannabes, people who aren't actually members of ISIS,
who aren't actually in Syria,
but are essentially freelance supporters,
often based in the West.
They are the ones who are giving the group its online oomph.
End quote.
In the world of cybercrime proper,
Neutrino is serving cryptex to visitors of anime site Jakanime.
The campaign mostly affects users in Latin America, particularly in Mexico.
Ransomware remains the most worrisome form of cybercrime affecting enterprises,
but older threats persist too.
Lizard Squad may have subjected another gaming site to a DDoS attack.
This time the affected game is, for no discernible reason, Overwatch.
The venerable Conficker remains the
number one malware family. The Neku's botnet, used to spread Drydex and Locky, is back after
a three-week hiatus. We attended the Cyber 7.0 conference this week and a report is up on our
website. The conference was concerned primarily with the Internet of Things and critical
infrastructure. Today we have as our guest someone who will tell us about a key enabling IoT technology,
low-power wide-area networks.
Matthew Knight is a security researcher with Bastille Networks.
He recently gave a presentation on low-power wide-area networks at the Jailbreak Security Summit.
Currently we have 25 billion devices connected to the Internet in some way,
and they project that by 2020 there are going to be 50 billion devices connected to the internet in some way. And they project that by
2020, there are going to be 50 billion devices connected to the internet in some way. Some of
the buzzier things that you'll hear about in the media today are the quote-unquote IoT devices.
You're talking about your smart refrigerators, your smart door lock, all these different IP
cameras, things that would survey your home. On the more industrial side, you have some SCADA applications. That's
like industrial control, tracking. You might have like vehicle fleet monitoring as an example of a
wide range roaming application. You know, today, a number of those devices are connected
via wires. You know, you have power, of course, but when I say connected, I'm referring to
Ethernet. But a lot of them are wireless, too. And, you know, we're talking about things like cellular devices, which, you know, ultimately wind up getting into the Internet in some way.
When we look at that 50 billion in 2020, fewer and fewer of those devices are going to be wired every year.
So we're seeing this broad proliferation of wireless networks that are standard ones like Wi-Fi and cellular, but also some new emerging
less standard technologies. On the industrial side, many devices connect using the older 2G
cellular network. It's cheap and offers wide coverage, but its days are numbered.
2G has kind of worked its way in as this very popular interface for a number of these IoT
applications. However, AT&T and a number of the
other domestic 2G carriers have announced that they're sunsetting those networks at the end of
this year. They want to repurpose that spectrum for some of their more modern technologies. The
2G standard is very old at this point. So they're going to be turning those towers off and using
them for something else. This opens up opportunities for low-powered wide-area networks.
The best way to describe it is it's just like cellular data service, but optimized for IoT
and low-bandwidth applications. So when I say it's just like cellular data service,
it's a very similar network architecture. You have a network of base stations. In LPWAN
terminology, they're often called gateways. And then you have
end nodes that connect directly to that network of gateways via this wireless interface.
LPWANs have the advantage of enjoying much lower startup costs,
in large part due to the type of RF spectrum they use.
Cellular base stations operate on restricted spectrum. You have to own the rights to operate on it in order to legally transmit, and the FCC regulates that.
Now, there exist a number of pieces of spectrum that are referred to as ISM spectrum.
It stands for industrial, scientific, and medical, if I am getting that acronym correct.
That is what is referred to as unlicensed spectrum.
what is referred to as unlicensed spectrum. Basically what that means is you're allowed to transmit it so long as you're abiding by certain rules and principles without having
a dedicated use license from the FCC. And that's the sort of thing that Wi-Fi and Bluetooth,
those are all in the 2.4 gigahertz ISM band. And when you go to Best Buy and buy a router,
you don't have to immediately send off to the FCC for permission to use it. It's compliant with the
FCC's ISM rules, so you're
allowed to just take it out of the box and plug it in and emit. These low-power, wide-area network
technologies that are gaining the most steam all operate in the ISM bands, which means that in
order to become a network operator, you do not need to own a spectrum license, which is really
profound because that takes out an enormous cost of putting up a network. Of course, there's a downside to using unlicensed spectrum.
It can be crowded and noisy with lots of interference.
Not only is there the potential for it, it's virtually guaranteed
that you're going to have all sorts of collisions and all sorts of interference in these unlicensed bands.
And the way that they address that is through their Phi layer technology.
And the way that they address that is through their PHY layer technology.
They've designed the PHY that is the lowest level, the lowest definition of the electrical specification to be very resilient to interference.
So they have a number of very interesting technologies there that give it a very strong leak budget.
That is its ability to extract signal from noisy channels and also contributes to its range. As manufacturers bring LP-WAN products to market,
some of their performance claims are quite impressive. There's one LP-WAN called Sigfox
that advertises 10 years on a single AA battery, which is quite dramatic. I haven't tested that,
but that's what they're
claiming. And in terms of range, LoRa, the technology that I've spent a bit of time looking
at, advertises up to 13.6 miles. So the performance is pretty dramatic. Of course, the way they get
that performance is by trading on other aspects. Both of these protocols are fairly low data rate,
and they're designed to duty cycle very aggressively.
That means they're designed to sleep for the vast majority of their lifetime.
Matthew Knight says there's a lot of excitement and innovation going on in the space, including some unconventional applications.
Actually, I was at an event recently, and I met a guy who was developing LoRa-connected rat traps.
Those are exactly what it sounds like.
They're devices that would go in your wall and try to take care of a pest problem.
But he wanted to know if they were being effective or not.
So now whenever it catches a rat, it will send a message up over LoRa and let them know.
As a security researcher, Knight is interested in potential vulnerabilities of these systems. Some of these low-power wide area networks are
uplink only, meaning they can only send messages up and they can't receive messages down.
And one of the effects of that means that they cannot wirelessly receive firmware.
So if there's a bug that they're deployed with, they will have that until somebody physically
goes there and either updates it manually or replaces the device.
So there is the opportunity for some of these vulnerable devices to become entrenched for quite a long time.
That's Matthew Knight from Bastille Networks.
He recently gave a presentation on LP WANs at the Jailbreak Security Summit.
You can download his slides from that presentation at the Jailbreak Security Summit. You can download his slides from that presentation at the Jailbreak website.
Investigation into email security at the U.S. State Department continues
as more emails come to light revealing the department's temporary lowering of its spam filters
to enable its networks to receive email from former Secretary Clinton's private server.
The former secretary's concern, as expressed in contemporary emails, was to avoid
any risk of the personal being accessible. perfect pairing for your game time. When Miller Lite set out to brew a light beer, they had to
choose great taste or 90 calories per can. They chose both because they knew the best part of beer
is the beer. Your game time tastes like Miller time. Learn more at MillerLite.ca. Must be legal drinking age.
Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks.
But get this.
More than 8,000 companies, like Atlassian and and Quora have continuous visibility into their controls with Vanta.
Here's the gist. Vanta brings automation to evidence collection across 30 frameworks, like SOC 2 and ISO 27001.
They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done five times faster with AI. Now that's a new way to GRC.
Get $1,000 off Vanta when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1,000 off. That's why we're thrilled to partner with ThreatLocker, the cybersecurity solution trusted by businesses worldwide.
ThreatLocker is a full suite of solutions designed to give you total control,
stopping unauthorized applications, securing sensitive data,
and ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today to see how a default-deny approach
can keep your company safe and compliant.
And I'm pleased to be joined once again by Malek Ben-Salem.
She's the R&D manager for security at Accenture Technology Labs.
Malek, I know something you wanted to share with us was your take on software-defined security. What can you tell us about that? Correct. Let me start by saying why we need
software-defined security. Then I'll talk about what is software-defined security as an approach.
Recently, we've seen a new move or a significant move by companies transforming their IT infrastructure into software-defined infrastructure.
And that includes software-defined networking, software-defined storage,
server virtualization, or what is known as software-defined computing,
basically creating software-defined data centers.
What this enables is that everything is provisioned,
controlled, configured through software, which makes their
IT environments very dynamic and
agile. That in and of itself creates
new security challenges. Security
analysts cannot keep up with the rate of change
in the IT infrastructure environment.
And that is why we need a new security management mechanism.
And this is where software-defined security comes in.
Software-defined security basically is a new approach
for security management
that abstracts the security management from the actual physical attributes of security controls.
Through this abstraction, it makes security controls independent from the underlying security appliances or hardware.
And it makes security management more dynamic, more easily handled by security analysts.
So is this a matter of sort of setting up automation to be able to keep up with the velocity of what's happening on a software-defined network?
Is it that sort of thing?
Yes, absolutely.
Automation is absolutely one piece of it,
but it's not just automation.
It's also providing more scalability,
decreasing the complexity of the security management
so that you can create services for certain security functions
that are independent of the hardware, let's say a
firewalling service. Regardless of the firewall that you have deployed within your infrastructure,
all you need to configure is that firewalling service, which would be applied to all of your
firewalls underneath, or an intrusion detection service.
All of your security policies can be implemented at the software level,
regardless of the underlying security appliances that you have within your infrastructure.
Malek Ben-Salem, thanks for joining us.
And now a message from Black Cloak.
Did you know the easiest way for cybercriminals to bypass your company's defenses
is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform
secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk.
In fact, over one-third of new members discover they've already been breached.
Protect your executives and their families 24-7, 365, with Black Cloak.
Learn more at blackcloak.io.
at blackcloak.io.
Returning to the Brexit vote,
not only has the pound sterling plummeted in international currency markets,
but stock markets in Britain, Europe, and the U.S.
are also taking a beating
as investors and speculators are spooked
by the Brexit's many unknowns.
For the cyber sector,
few expect many, if any, changes in British cyber policy.
There are concerns, shared with the larger tech sector, about the labor market.
Brexit is expected to make labor less mobile and more expensive than it had been.
Most prediction markets had been confident that British voters would cast their ballot to remain in the EU.
That obviously didn't happen, and the betting shops in particular are working to explain how the smart money might have backed the wrong horse.
It seems to have been either a case of counting money more than heads,
more money was placed on Bremain, but more punters went for Brexit,
or else just one of those cases in which the long shot won.
And here in Baltimore, we've seen that happen at Pimlico from time to time.
We did hear from some people before the vote, however, who did get the prediction right.
And since they did so through social media analytics, their work is of some cyber significance.
Expert System, working with researchers at the University of Aberdeen,
called the election for Brexit to us on Wednesday.
Expert System CEO Daniel Mayer joins us to tell us what they saw and how they analyzed it.
In this case, we're using a particular cognitive computing technology called text analytics
to process social media.
This technology recognizes concepts that are expressed in text and it recognizes meaning.
and it recognizes meaning. And what that boils down to is that it enables the computer to understand what we as humans are expressing. So for this particular study, we analyzed something
like 50,000 tweets. I think in this case, we were maybe a bit lucky that some of the segments of the population that are using Twitter maybe were
not as well represented in other instances. And I'm thinking particularly of the younger
parts of the population. And also perhaps you could imagine that some of the most disenfranchised
are maybe a bit more vocal on social media. So that could account for some of the most disenfranchised are maybe a bit more vocal on social media.
So that could account for some of the differences in signals that you get from social media on one hand
and maybe through other methods.
That's Daniel Mayer from Expert System.
They've published the results of their analytics on their website
and invite researchers and collaborators to take a look.
Finally, our best wishes to our friends, colleagues, and listeners in the United Kingdom.
Whatever the future looks like outside the EU, we trust you'll cope and thrive.
And that's The Cyber Wire.
We are proudly produced in Maryland by our talented team of editors and producers.
I'm Dave Bittner. Thanks for listening.
Your business needs AI solutions that are not only ambitious, Thank you. Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights, receive alerts, and act with ease through guided apps tailored to your role.
Data is hard. Domo is easy.
Learn more at ai.domo.com.
That's ai.domo.com.