CyberWire Daily - Daily & Week in Review: US sifts ISIS recruiting files. Black market economics. Should leakers curate?
Episode Date: July 29, 2016In today’s podcast we hear some preliminary news about ISIS information operations as expressed in captured files. Hacktivists experience remorse and debate doxing ethics. We review the speculation ...about the DNC hack and note that another Democratic Party campaign organization may also have been compromised. State-sponsored hacking is driving enterprises to seek help from security companies. The University of Maryland's Jonathan Katz tells us about post-quantum encryption, and Daniel Ennis, former NTOC Director at NSA and currently Executive Director of the University of Maryland Global initiative on Cyber, shares his thoughts on his time with the agency, and the need for cooperation in cybersecurity by government, universities, and industry. Pokémon trainers are still going where they shouldn’t. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K. stay home with her young son. But her maternal instincts take a wild and surreal turn as she
discovers the best yet fiercest part of herself. Based on the acclaimed novel, Night Bitch is a
thought-provoking and wickedly humorous film from Searchlight Pictures. Stream Night Bitch January
24 only on Disney+.
Hey everybody, Dave here. Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try DeleteMe.
I have to say, DeleteMe is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners, today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k
at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash N2K, code N2K.
Insight into the terrorist group's information operations.
Hacktivists argue over the ethics of doxing.
The contending moralists are Edward Snowden and Julian Assange.
Investigation into the DNC hack continues,
and a fresh investigation opens into the possible compromise of the Democratic Congressional Campaign Committee.
North Korea seems to be after online shopping credentials,
a lot of them, in South Korea.
State-sponsored hacking is seen as driving the security market,
and if you're looking for a Pokemon to train, here South Korea. State-sponsored hacking is seen as driving the security market.
And if you're looking for a Pokemon to train, here's some news you can use.
In the course of your search, don't climb the fence at Fort Meade.
I'm Dave Bittner in Baltimore with your CyberWire summary for Friday, July 29, 2016.
The U.S. is sifting through a considerable volume of material on ISIS online activities.
The caliphate's information operations have been largely devoted to inspiration and recruiting,
particularly the exploitation of recorded murder as propaganda of the deed.
What can be learned from ISIS's captured records will become clearer over coming weeks.
In other respects, this has been a week of doxing, dominated, of course, by the release of material obtained from the U.S. Democratic National Committee.
The leaks brought down DNC Chair Debbie Wasserman Schultz and prompted Republican nominee Donald
Trump to suggest the Russians, presumably the people behind the hack, might release
the emails Democratic nominee Hillary Clinton deleted from her private server after her tenure as Secretary of State ended.
So, all of this has prompted some soul-searching in the hacktivist community.
The Internet Archive, with some hacktivist concurrence, took down files posted with a
view to exposing alleged repression in Turkey, but it's difficult to contain such information
once it's out.
The files, inducing
some retrospective hacktivist regrets, included a great deal of personal information about ordinary
Turkish citizens. Kind of everything went wrong, one of the hacktivists involved told Motherboard.
The emails WikiLeaks dumped from the Democratic National Committee also contained personal
information, mostly about donors to the party. WikiLeaks
regrets nothing, but some people nominally aligned with them do. Edward Snowden, for one,
while approving of WikiLeaks' devotion to openness and transparency, thinks they shouldn't be so
resistant to, quote, even modest curation, end quote. WikiLeaks tweeted back, quote,
opportunism won't earn you a pardon from Clinton and curation is not censorship of ruling party cash flows,
and included, with some appearance of snark, a link to the Wikipedia article on digital curation,
which defines it as selection, preservation, maintenance, collection and archiving of digital assets.
We note, by the way, that Mr. Snowden is currently living in Russia.
Reaction to this intramural hacktivist dispute has been mixed,
some lining up with Snowden, others with WikiLeaks.
Sympathy for the WikiLeaks position seems prompted mostly by the news
that the FBI has opened another investigation,
this into the hacking of the Democratic Congressional Campaign Committee.
WikiLeaks sympathizers see criticism of the group
as objectively aligned with opponents of transparency.
The FBI is said to have warned the Clinton campaign of a possible compromise back in March,
at about the same time the DNC realized someone was in its servers.
Experts continue to point out that people should draw the lesson that encryption is worth the trouble.
Did we mention that Edward Snowden is currently resident in Russia?
This leads, naturally, to the question of who's behind the WikiLeaks documents,
and most observers, led by security companies CrowdStrike and FireEye, have concluded that
Russian intelligence services, the FSB, also known as Cozy Bear, and the GRU, aka Fancy Bear,
were responsible for the long-running compromise of DNC networks.
They, then, would have been the ones providing the documents to WikiLeaks.
This consensus, however, is not without its dissenters.
Thai Global's Jeffrey Carr, for one, points out the circumstantial quality of the evidence
on display.
Forensic evidence is usually circumstantial, however much of it may accumulate.
Guccifer 2.0's claims to be both responsible for the hacking and no kind of Russian at
all, for example, were undermined in part by tags found in the leaked document's metadata,
including the name in Cyrillic Felix Edmundich, the first name and patronymic of Felix Edmundovich
Dzerzhinsky, founder of the Soviet security services under Lenin.
Why, skeptics ask, would a spy tag files like that?
This would be like the FBI tagging files used in a honeypot, J. Edgar.
Not impossible, but questionable tradecraft.
Assuming that this persuasive, but still partially unsettled attribution is correct,
what could the motive have been?
FireEye finds it interesting
that a government is willing to make routine use of criminal channels and techniques.
They also think it likely that Russia's government wanted to be caught. They wanted to show that they
could hack U.S. targets with impunity. CrowdStrike isn't buying this. What intelligence service,
they ask in effect, wants to see an operation blown, and they think the Russians, the GRU in
particular, got caught because they were clumsy. Other states seem unashamed to engage in cybercrime.
North Korea, for example, is back in the news as South Korean investigators report that the
DPRK has stolen some 10 million online shopping credentials. There's much discussion of a need
for cooperation in cybersecurity by government, universities, and industry.
We spoke with Daniel Ennis, former NTAC Director at NSA,
and currently Executive Director of the University of Maryland Global Initiative on Cyber.
He joined us in our studio in Baltimore, and I started our conversation by asking him about his experience at NSA.
So, take us through the Threat Operations Center.
What is the mission of the center?
What are they there to do?
Well, the primary mission is to understand
what is in the foreign intelligence space relative to cyber
and actually help the protection of U.S. national security systems
by translating that and working with elements across the NSA
and across the U.S. government
in providing information assurance and defensive insights that might help protect those systems.
And who are you partnering with?
What are your relationships with industry?
Well, that's the cyberspace that we all live in, the cyber context that we all live in,
that we all live in, the cyber context that we all live in,
principally working with the FBI and DHS because they have authorities to help in the United States context,
but more importantly, across a broader spectrum than that, working with the private sector,
working with industry groups ultimately, working with entities that have been penetrated,
and for whatever reason the U.S. government believes that we ought to help them.
I mean, at the end of the day, when you start talking about cyber,
well, my principal role was to, or our principal role was to help protect national security systems.
Ultimately, when you have threats against the financial sector or other sectors,
and NSA has relevance in that space, it's incumbent upon us to figure out how to help.
When you look at the various threats that affect both the United States and on a global
level, in your opinion, where does cyber rank?
Where does it fit in?
Well, so, I mean, first of all, you have to look at the context that we're in the United
States or the world, right? We live on a digital platform. I mean, and the commerce and everything
we do in the United States is on the internet. We as a nation are one of the most vulnerable
to cyber attacks, to cyber intrusions, because we are so tied to the internet. I think that if I had
to just sort of create a construct, I mean,
certainly counterterrorism and issues associated with terrorism take top priority because the
concern about physical threats to U.S. persons and our allies. Certainly counterproliferation,
given the, you know, how problems in that space could create issues that we all would want to avoid.
But I would put it right up there because of the cyber piece.
I would put it right up there in parallel with those mission sets
because we are so vulnerable as a country, and it is such a part of our future.
When you looked at our capabilities as a nation in terms of defending ourselves, in terms of being able to handle these cyber threats,
what were some of the areas where you thought this is an area where we've got it under control versus this is an area that might keep me up at night?
Well, I mean, again, everything's relative.
I mean, again, everything's relative.
So I thought we had relative strength in the space at NSA and its primary role of protecting U.S. Department of Defense systems
and ultimately helping others in protection of the national security systems.
That said, given the wide open nature of the Internet
and given essentially how both the nation states and and criminal
elements have proffered and prospered in this space i think we're massively vulnerable across
all the spectrum and so i think that we have strength in our knowledge we have strength in
our capability um we even have strength in and in our knowledge as how we apply defensive measures to protect systems.
But there's such a huge vulnerability and such huge gaps, and we talk about new zero days being created every day that make whatever element that you might refer to vulnerable.
I think that in that space, we just have a huge way ahead, a huge mountain to climb if we're going
to actually secure systems. I mean, it doesn't go unnoticed that our information assurance
organization at NSA had come out with, in many instances, you know, hey, these are the top 10
things you should do to protect yourself. But even in that space, most entities aren't even
taking the most basic steps to do that. So it's not just
that the vulnerability is there. It's that even when you represent that you understand how you
could make yourself less vulnerable, how you can close off the possible vectors of attack that
you might face, most people aren't doing it. So when people think of the NSA, I think there's this popular almost sort of Hollywood version of what the NSA is and what the NSA does.
How do you think the public's perception of the NSA aligns with the reality of what the NSA actually does on a day-by-day basis?
Well, I think you hit it.
There's probably a Hollywood version.
You know, if I go to see a James Bond movie, I want to see bells and whistles, right?
And I think that in some instances people kind of want to see that but obviously the reality is much different I think there's also a part of this context is some of the Snowden
insights that were provided which by the way clearly I I think he got that a lot wrong. NSA is an incredibly technically proficient agency,
and I think what we would want them to know,
and I'm retired but still love the place,
what I would want the people to know is that they actually follow the rule of law,
that, in fact, they at great pains strive to follow the rule of law.
great pains strive to follow the rule of law. We have an incredibly robust process, incredibly robust leadership, whose job it is every day is to make sure that we are following that rule of law.
I think if you checked with some of the civil libertarians that were a part of the process,
the review process after some of the Snowden information came out, they will tell you that, you know, if they had a surprise, it was just how much emphasis and how much just true,
pure process that NSA places on ensuring that they follow that rule of law. And I think that
people would be surprised how much time and how much emphasis is actually spent on making sure
that they get that right. Do you actually have a big dimly lit room that looks like NASA Mission Control with lots of big screens?
There actually is. There is an ops floor. There's a couple of them.
Yes, you do have those places, and you do have, because there is a 24-7 mission.
So anytime you have a 24-7 mission, you're going to have a room that actually is geared to that. And so
people turn the lights down because it actually is a better working environment in that space.
And you have the boards where people are looking at. In some instances, those are eye candy,
but in some instances, they actually provide relevance to people who are coming in and
looking at the board. But you have those rooms where people are working 24-7 and it does look
that sort of Star Wars type of, okay, this is the op center.
Daniel Ennis, thanks so much for joining us today.
Okay, thank you.
That's Daniel Ennis, former NTAC director at NSA and currently executive director of the University of Maryland Global Initiative on Cyber.
We'll have an extended version of my interview with Mr. Ennis next week on our website.
Do you know the status of your compliance controls right now? Like, right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs,
we rely on point-in-time checks. But get this, more than 8,000 companies like
Atlassian and Quora have continuous visibility into their controls with Vanta. Here's the gist.
Vanta brings automation to evidence collection across 30 frameworks, like SOC 2 and ISO 27001.
They also centralize key workflows
like policies, access reviews, and reporting
and helps you get security questionnaires done
five times faster with AI.
Now that's a new way to GRC.
Get $1,000 off Vanta
when you go to vanta.com slash cyber.
That's vanta.com slash cyber
for $1,000 off.
Cyber threats are evolving every second,
and staying ahead is more than just a challenge.
It's a necessity.
That's why we're thrilled to partner with ThreatLocker,
a cybersecurity solution trusted by businesses worldwide.
ThreatLocker is a full suite of solutions designed to give you total control,
stopping unauthorized applications, securing sensitive data,
and ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today to see how a default-deny approach can keep your company
safe and compliant.
Joining me once again is Jonathan Katz.
He's the director of the Maryland Cybersecurity Center and a professor of computer science
at the University of Maryland.
Jonathan, we saw a recent blog post from Google about research they're doing, work they're Director of the Maryland Cybersecurity Center and a professor of computer science at the University of Maryland.
Jonathan, we saw a recent blog post from Google about research they're doing, work they're doing on post-quantum cryptography.
Why is quantum computing important?
Why is this notion of post-quantum cryptography important for encryption? A lot of people are now worried about the potential for advances in quantum computing.
And as many of our listeners may know, quantum computers would actually be able to break
all the public-key cryptography that's currently used on the internet. So even if you're not
worried about a potential quantum computer existing today, if you're concerned about
long-term security of your communications, you might be concerned about a quantum computer even coming into existence 10 years from now.
So this new class of our so-called post-quantum crypto systems
is exactly meant to be secure even against a quantum computer.
And so it relies on new mathematical techniques beyond the ones that are currently being used today.
And would this affect current techniques for encryption?
Is this sort of a backwards compatible kind of thing?
Yeah, so the way Google has done it,
first of all, they're only doing it on some limited number of connections,
and they're really just doing it for, as you said, research purposes
to kind of test the efficiency of the new protocol.
And they've done it in such a way, actually,
that it doesn't downgrade the security of any existing connections,
and the reason is because what they're doing
is actually running the existing key exchange protocol in parallel with a post-quantum key exchange protocol.
And so in the best case, it gives you better security. And even in the worst case,
it doesn't downgrade the security beyond what's already available.
All right, Jonathan Katz, thanks for joining us.
And now, a message from Black Cloak.
Did you know the easiest way for cybercriminals to bypass your company's defenses is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform
secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk.
In fact, over one-third of new members discover they've already been breached.
Protect your executives and their families 24-7, 365, with Black Cloak.
Learn more at blackcloak.io.
Learn more at blackcloak.io.
State-sponsored cyberattacks are inducing more enterprises to turn to security vendors for protection.
The Washington Post sees some of the beneficiaries of this trend as Silance, ThreatConnect, FireEye, Palantir, and CrowdStrike, and there are surely many others.
That said, security stocks have shown mixed results recently, and persistent rumors that FireEye may be a takeover target reappeared this week. The Motley Fool notes that such rumors have been good for FireEye's share price, and speculates that possible suitors include Symantec,
IBM, and Cisco. Finally, we'd like to end this week with some advice that should go without
saying, but apparently doesn't. You don't really need to be told, Pokemon trainers, that you shouldn't pursue Pokemon into dangerous, sensitive,
or restricted areas like memorials or nuclear reactors. Or for that matter, NSA headquarters.
Apparently some of you do. The Odenton Severn Patch, the hyper-local news service for the
southeast gate at Fort Meade, ran a notice asking people not to catch them
all on Fort Meade.
So please, restrain yourselves.
If you're in the area, however, you might wander up to Annapolis Junction and track
Pokemon around the National Cryptologic Museum and enjoy the exhibits while you're there.
There's no advice from Langley about Pokemon, so maybe it's okay to chase them there, but
we're sure the trainers would welcome some guidance.
So come on, CIA, give them the word. The truth shall make them free.
We're pretty sure we read something like that down your way.
And that's the Cyber Wire. We are proudly produced in Maryland by our talented team of editors and producers. I'm Dave Bittner. Thanks for listening. Your business needs AI solutions that are not only ambitious, but also practical and adaptable.
That's where Domo's AI and data products platform comes in.
With Domo, you can channel AI and data into innovative uses that deliver measurable impact.
Secure AI agents connect, prepare, and automate your data workflows, helping you gain insights, receive alerts,
and act with ease through guided apps
tailored to your role.
Data is hard.
Domo is easy.
Learn more at ai.domo.com.
That's ai.domo.com.