CyberWire Daily - Daily & Week in Review: TeslaCrypt says "sorry, here's the key." 50-cent-ers troll China.
Episode Date: May 20, 2016In today's podcast, we follow moves to upgrade US Cyber Command to a Unified Combatant Command. We follow developments in Operation Groundbait, Phineas Phisher's latest, and the discovery of China's 5...0-cent-ers. Conficker is still out and active eight years after patching We take a look at industry news, and hear about how TeslaCrypt may be closing up shop. Our expert today is Accenture Labs' Malek Ben Salem who discusses semantic technology for cyber defense. We'll also hear from historian and author Abby Smith Rumsey who'll talk about her book, “When We are No More: How Digital Memory Memory Will Shape Our Future." Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K. stay home with her young son. But her maternal instincts take a wild and surreal turn as she
discovers the best yet fiercest part of herself. Based on the acclaimed novel, Night Bitch is a
thought-provoking and wickedly humorous film from Searchlight Pictures. Stream Night Bitch January
24 only on Disney+.
Hey everybody, Dave here. Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try DeleteMe.
I have to say, DeleteMe is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners, today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k
at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash n2k code N2K at checkout. That's joindelete.me.com slash N2K, code N2K.
The U.S. Congress wants to upgrade Cyber Command status to a unified combatant command.
Phineas Fish takes on police in Catalonia.
U.S. researchers find a big piecework sweatshop for social media trolling in China.
Operation Groundbait chums eastern Ukraine's cyber waters.
Conflictor's still around.
Cyber stocks get some investor love this week.
And Tesla Crips operators say sorry and promise to close up shop.
Yeah, we're surprised too.
But on the other hand, the crooks do seem to have given ESET their keys.
I'm Dave Bittner in Baltimore with your Cyber Wire summary
and week in review for Friday, May 20, 2016.
In the U.S., Cyber Command appears destined,
at least if the House of Representatives has its way,
to be elevated to status as a unified combatant command,
a bill making it so passed the House at midweek as part of the National Defense Authorization Act.
The White House has threatened to veto the legislation on other grounds.
Unified combatant commands in the American defense establishment
represent the highest operational levels, answering directly to the National Command Authority. They draw upon more than one military service. Such commands are
either geographical, like European Command or Central Command, or functional, like Strategic
Command or Special Operations Command. Cyber Command would be a functional command. It currently
falls under U.S. Strategic Command. Some members of Congress believe that Cyber Command's growing importance warrants separating it from NSA, with whom it shares a leader.
Yesterday, at DCOI 2016, we heard Admiral Michael Rogers, who leads both NSA and Cyber Command, respond to questions about the proposed change in his organization's status.
about the proposed change in his organization's status.
He said, of course, that it wasn't his call,
and made all the expected right noises about the change not affecting his command's missions or its readiness to cooperate with all of its partners.
Operation Groundbait continues to chum for influential fishermen in eastern Ukraine.
Its target seems to be, generally speaking, separatist and pro-Russian.
But one shouldn't be too quick with attribution.
Hybrid war is rarely obvious, and who's doing the chumming remains to be seen. ESET is tracking the campaign.
Phineas Fisher, who just pilfered a Bitcoin trove which he donated to Kurdish anti-capitalists in
Syria, remains on the hacktivist stage. He's taking on the Catalan police with an expose of their alleged
brutality. He's also said to have taken down a police union server with some data destruction
reported. The attack against Catalonian law enforcement is available for your inspection.
Mr. Fisher has posted it online. We're used to associating information operations in social
media with ISIS, but don't overlook the Chinese
government. A study by U.S. researchers at Harvard, Stanford, and the University of California, San
Diego describes a massive propaganda campaign in social media. About 488 million posts are pumped
out annually in support of government information goals. The operation is organized and compensated
as piecework.
The operators are called the 50 Centers because they're thought to be paid 50 cents a post.
As is consistent with China's inward-looking tendencies, the 50 Centers principally address a domestic as opposed to an international audience. You may recall Conficker, an old
worm Microsoft stamped on back in 2008.
But it's back, or rather, it never really left.
Checkpoint says Configure was implicated in one out of every six identifiable attacks in April 2016.
It's also teaching a few object lessons.
First, an exploit doesn't have to be a zero day to work.
Anything that works is just fine with attackers. They're not artists, after all.
Second, as we're learning today at the Jailbreak Security Summit, there are a lot of embedded devices that work with older Windows instances, and Configure remains a nuisance in the Internet of Things.
And third, Configure's persistence underlines yet again the importance of patching.
It was, after all, patched more than eight years ago, and it's still an irritant.
Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security, but when it comes to our GRC programs, we rely on point-in-time checks.
But get this, more than 8,000 companies like Atlassian and Quora have continuous visibility
into their controls with Vanta. Here's the gist. Vanta brings automation to evidence collection
across 30 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies,
access reviews, and reporting, and helps you get security questionnaires done five times
faster with AI. Now that's a new way to GRC. Get $1,000 off Vanta when you go to
vanta.com slash cyber. That's vanta.com slash cyber for $1,000 off.
Cyber threats are evolving every second, and staying ahead is more than just a challenge.
It's a necessity.
That's why we're thrilled to partner with ThreatLocker,
a cybersecurity solution trusted by businesses worldwide.
ThreatLocker is a full suite of solutions designed to give you total control,
stopping unauthorized applications, securing sensitive data,
and ensuring your organization runs smoothly and securely. Visit ThreatLocker.com
today to see how a default deny approach can keep your company safe and compliant.
Joining me is Malek Ben-Salem. She's the R&D manager for security at Accenture Technology
Labs, one of our academic and research partners. Malek, I know an area of research for you is the use of semantic technologies for cyber defense. Take us through, what do you mean when you're talking about semantic technologies? its main characteristic is that it encodes meaning separately from data and from content.
You know, known technologies are ontologies that are implemented in the OWL language, for example,
where you define entities and concepts and then link them to data to give that data meaning.
data to give that data meaning. This is different from the traditional IT approach where data itself carries its meaning and its relationship embedded within. We're using that semantic meaning to
enrich the data that we collect, say through a SIM tool or any security appliance, we can use those semantic technologies, particularly
ontologies, to annotate the data and enrich it so that an expert system can be used to
reason about the data.
So it can identify what the data means and it can automatically correlate and link that data.
And at a next step, it can reason about the data.
For example, as it sees several security events, it may be able to infer the progression of an attack and be able to follow how the attacker is moving, what techniques it's using,
what step in the attack progression it is at,
and then be able to predict what would be the next attack step.
All right, Malik Ben Salem, thanks for joining us.
And now, a message from Black Cloak.
Did you know the easiest way for cybercriminals to bypass your company's defenses
is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform
secures their personal devices, home networks, and connected lives.
Because when executives are
compromised at home, your company is at risk. In fact, over one-third of new members discover
they've already been breached. Protect your executives and their families 24-7, 365,
with Black Cloak. Learn more at blackcloak.io.
blackcloak.io.
In industry news, this week saw a lightening of investors' moods after recent week's downbeat news and bearish security share performance. Cisco surprised observers, Barron's prominently
among those observers, by reporting much better than expected earnings and issuing optimistic
guidance. It's particularly noteworthy that the networking giant's security business made
a clear contribution to its strong results. Analysts are characterizing Cisco's security
network as a hedge against IT sector headwinds. Stock tipsters are now talking about depressed
share prices and other industry bellwethers like FireEye, Symantec, and Palo Alto as representing
buying opportunities. There's much chatter about going long. This is
probably a good time to remind everyone that we are not, I repeat not, offering investment advice.
Please apply all appropriate disclaimers about risk, etc. Did I mention that the Cyber Wire
doesn't offer investment advice? There's also some M&A news. KeyW moves closer to selling off
its Hexis commercial security subsidiary
as KeyW sharpens its focus on government security markets. The buyer will be an undisclosed private
equity firm. Investigations suggest that a Bangladesh bank official's compromised computer
was used in the SWIFT-related hack. The Bank of England tells UK financial institutions
to buck up the security of their interactions with SWIFT.
In the U.S., the Securities and Exchange Commission gave the financial sector a stern talking-to at a Reuters convened summit.
Too many firms, the SEC says, are sloppy with respect to cybersecurity, and some of their biggest risks lie in cyberspace.
biggest risks lie in cyberspace. Another regulatory body, the U.S. Commodity Futures Trading Commission,
said yesterday that it plans to issue rules on cybersecurity, automated trading, and positions limits later this year. The new rules will be issued pursuant to Dodd-Frank financial reform
legislation. And finally, ransomware continues to hold its place as the principal cyber threat
to businesses. The Microsoft Malware Protection Center says that the U.S., Canada, and Italy are the countries
most affected. But some good news has arrived from Bratislava. ESET took a direct approach
and asked Tesla Crypt's proprietors for their encryption key. To everyone's surprise,
except possibly ESET's, the Tesla Crypt hoods not only handed over the key, but also said they were
sorry and said they were closing up shop. One may doubt the remorse, but the key at least seems
genuine. So again, bravo ESET.
My guest today is author and historian Abby Smith Rumsey. Her latest book is When We Are No More, How Digital Memory Shapes Our Future.
The book explores human memory from prehistory to the present,
from pictures painted on cave walls to today,
with all the world's knowledge available in an instant on our mobile devices. Abby Smith-Rumsey spoke to me from her
home in San Francisco. We talked about the history of data technology, privacy, what responsibility
we have as cybersecurity professionals to be good stewards of the world's data, our culture's
digital memory, in our personal and professional lives. I began our conversation by asking her to describe what prompted her to write the book.
Well, I'm a historian, and I'm writing about why it is that at times like this,
when we're sort of creating more and more information,
it's harder for us to keep that information,
to create a really robust historical record, both for present and future generations.
I talk about some of the technical issues about why digital information is harder to maintain,
to capture robust samples of, and to maintain for long periods of time.
But I also talk about the risk that that poses if we don't solve the problem.
And it's not just a risk to present generations, but also to
future generations to lose the past. It's easy for us to experience a sense of information overload.
Rumsey says, historically speaking, this feeling is nothing new. With each major innovation in
information technology, going back to the invention of the cuneiform and the papyrus,
and in particular, the printing revolution of the 1400s, that in the beginning, people,
when they glommed on to a new technology, were in a wild sort of experimental optimistic phase
where they used it a lot without having in place any way to deal with the consequences of producing, for example, so many books, as happened in the 15 and 1600s.
The kind of shock that people have with the amount of information available digitally is actually very well documented,
having been experienced by people in the first couple of generations of print.
You know, that sort of emotional and sort of cognitive disjunction
of having too much information. You have this kind of vertigo because you can't quite figure out
what's important and what isn't important to pay attention to.
One of the challenges with digital technology, of course, is how quickly things become obsolete.
We don't have the luxury of being able to look at digital information the way we've been looking at books.
We can't just burn a CD, put it on a shelf, and wait for 100 years
and expect somebody to be able to pull that CD off the shelf
and look at it and determine what its long-term value has turned out to be.
We have to actually capture that information, preserve it now.
Anything that is in a code that
can only be read by a machine will not endure. Whatever records we leave behind have to be
eye legible, have to be read by the human eye. But no, anything stored on magnetic tape or in
magnetic means, anything stored on computers that can't be read by eyes but only by machines,
we could lose all of that and not be
able to retrieve it. It's difficult to know what's going to prove valuable to future generations.
History has shown that sometimes there's important information hidden within the most mundane of
archives. The British Naval Museum, in fact, has a vast collection of mariners' logbooks from its
years on the high seas as the empire
that ruled the waves each one is a log book written by hand on board ship that
has in detail and in very particular hand it records everything that happens
on the court in the course of a day on a ship and it reads actually like a very
boring almanac about the birds that are seen and the temperatures and the size of the waves and
so on and so forth. So they've been able to scan this material and they've created a database.
And now scientists are studying oceans and atmospheres and changes in weather and flora
and fauna and things like that that are so important to climate science, they're now looking at these centuries of data about ocean conditions. These old logbooks are kind of like this goldmine of information
for the study of climate change. And incidentally, nobody in the 18th or 19th century thought that
logbooks would be valuable to study climate change because nobody at that time imagined that human beings
were changing the climate of the globe. And what about us? I asked Abby Smith-Rumsey about the role
of cybersecurity professionals in preserving our future. Well, I think their role is incredibly
valuable. Just having taken on this very complicated technical task of trying to secure
data into the future when we know that the world in which they are operating,
technically, hardware, software, et cetera, is always changing.
I hope that they, in their capacity as private citizens,
actually join the chorus of citizens who are demanding that our politicians
pay a lot more attention to settling some of these issues around digital security,
about protecting national security and privacy at the same time. This is a dynamic kind of balance
that needs to be in place, but it needs to be negotiated and renegotiated constantly.
And somehow in this political cycle, we seem to be talking about everything but these important
issues. So it's really difficult that we operate, and cybersecurity people in particular operate,
in a world in which these policies are not dealt with forthrightly.
And what about the future? We're sure to make some mistakes along the way, but Rumsey remains hopeful.
As an historian, I remain optimistic that we may go through a lot of losses.
We have a lot to learn,
and we learn best through by making mistakes. But in the end, we will actually master memory in the
digital age as well. The short-term losses will be acute and very regrettable. We could lose a lot
that we really want to keep until we figure out how to master these systems of memory. And I think
it's even more important that those of us who are living through this transition
document the kinds of things that we're going through,
exactly how we feel about this transition,
so that in the future people will have a record to how the world they live in
passed through this time of great turbulence
and note the things that might not have survived into the future.
That's author and historian Abby Smith Rumsey.
Her book is When We Are No More, How Digital Memory Shapes Our Future.
If you're in the Washington, D.C. area,
she'll be leading a discussion and book signing
at the Library of Congress on Tuesday, May 24th at noon.
And that's The Cyber Wire.
We are proudly produced in Maryland by our talented team of editors and producers.
I'm Dave Bittner.
Thanks for listening. Thank you. With Domo, you can channel AI and data into innovative uses that deliver measurable impact.
Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights, receive alerts, and act with ease through guided apps tailored to your role.
Data is hard. Domo is easy.
Learn more at ai.domo.com.
That's ai.domo.com