CyberWire Daily - Daily: xDedic, Guccifer 2.0...but what really knocks us out is those cheap sunglasses.
Episode Date: June 16, 2016In today's podcast we look at developments in the Panama Papers case. A "lone hacker" going by "Guccifer 2.0" claims the DNC hack, but CrowdStrike stands by its attribution to Russian intelligence. In...vestigators look at Orlando shooter Mateen's online history. Anonymous hits ISIS in cyberspace, and so does US JTF-Ares. xDedic is the latest black market: it deals in server access. Telegram denies being vulnerable. Admins complain about one of Microsoft's June patches. Quintessence Lab's Vikram Sharma tells us about quantum key encryption. And we hear from Wandera's Michael Covington about the true cost of buying cheap sunglasses online. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K. stay home with her young son. But her maternal instincts take a wild and surreal turn as she
discovers the best yet fiercest part of herself. Based on the acclaimed novel, Night Bitch is a
thought-provoking and wickedly humorous film from Searchlight Pictures. Stream Night Bitch January
24 only on Disney+.
Hey everybody, Dave here. Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try DeleteMe.
I have to say, DeleteMe is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners, today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k
at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash N2K, code N2K.
Swiss authorities make a collar in the Panama Papers case.
Guccifer 2.0 claims he hacked the Democratic National Committee.
Investigation into the Orlando shootings looks at Omar Mateen's online activities.
Anonymous hits ISIS, both discriminately and indiscriminately.
U.S. JTF Arras conducts cyber operations in theater against ISIS.
Exdedic is the newest corner of the black market, where people are buying cheap access to servers.
Telegram may not be vulnerable
after all. Patch Tuesday notes and how to buy cheap sunglasses.
I'm Dave Bittner in Baltimore with your Cyber Wire summary for Thursday, June 16, 2016.
First, a quick follow-up on the long-running Panama Papers case. Swiss police
have made an arrest. They've collared an IT staffer who worked in Mossack Fonseco's Geneva
offices. The man they detained, however, apparently isn't the person who released the stolen documents.
Bastian Obermeier, the reporter with Le Temps who worked on breaking the story of the arrest,
has tweeted, quote, according to our information, the Mossack Fonseco IT person arrested in Geneva
is not Panama Papers source John Doe, end quote.
Someone calling himself, herself, or themselves Guccifer 2.0
claims responsibility for the DNC hack and dumps a couple hundred pages
of apparent Democratic Party opposition research on presumptive Republican
U.S. presidential nominee Donald Trump.
Guccifer 2.0 is not to be confused with the original Guccifer, henceforth perhaps to be
called Guccifer 1.0, who of course is preparing to begin the sabbatical with the Federal Bureau
of Prisons. His guilty plea in the other cases earned him. The new Guccifer not only released
the DNC's Trump dossier as a sign of his bona fides, but also said that he or
she or they has delivered a large quantity of stolen material to Gawker and WikiLeaks.
Guccifer version 2 also takes some verbal shots at CrowdStrike, saying the company's talk of
fancy bear and cozy bear is sloppy nonsense, an indicator of poor quality work. CrowdStrike,
for its part, stands by its attribution.
It's worth noting that incidents like this tend to be complex and can have more than one actor involved, as may, for example, have been the case with the Sony hack. The PDFs of opposition
research documents posted by Gawker, for example, contain error messages in Russian,
complete with Cyrillic characters, at broken links. This, of course, doesn't mean that Russian intelligence services were involved,
but it does suggest some passage through Russian networks.
In any case, more documents will probably be forthcoming.
Guccifer 2.0 also says that he or she got access to Hillary Clinton's servers.
We'll continue to follow the story.
Turning to investigation of the massacre in Orlando,
U.S. investigators have turned up more online jihadist rhetoric posted by the story. Turning to investigation of the massacre in Orlando, U.S. investigators have turned up
more online jihadist rhetoric posted by the shooter.
U.S. Senator Ron Johnson, a Republican from Wisconsin,
who chairs the Senate Homeland Security Committee,
has sent a letter to Facebook asking for information
about Omar Mateen's interactions
on the social media platform.
The senator's letter quotes one post in particular.
Quote,
America and Russia stop bombing the Islamic State.
I pledge my allegiance to Abu Bakr al-Baghdadi.
May Allah accept me.
End quote.
The FBI continues to interview Mateen's widow
and others close to the shooter.
In the larger conflict with ISIS,
a Berlin court has sentenced an imam
to two and a half years for online
incitement and recruitment. The U.S. talks a bit more about its joint task force, ARIS,
which is running cyber support for tactical operations against ISIS in the caliphate's
claimed territories. A U.S. Defense Department spokesman told the Voice of America, in essence,
that JTF ARIS is pursuing a quite conventional electronic warfare targeting approach to ISIS in cyberspace.
Sometimes you watch, sometimes you listen, and sometimes you disrupt.
How social providers should interact with problematic or controversial users remains a vexed question.
Various anonymous operators are trolling ISIS-sympathizing Twitter accounts
with salacious images and alternative text.
Anonymous is also said to have hit the Internet Archive, home of the Wayback Machine,
with a denial-of-service attack and apparent protest against the persistence of ISIS-themed material held therein.
And the father of one of the victims murdered in ISIS's November Paris massacre
has brought a suit in the U.S. District Court for the Northern District of California against Facebook, Google, and Twitter, alleging that they were culpably
responsible for permitting the Islamic State to recruit members and inspire attacks.
We learned yesterday that a new hot item on the cyber-black market was server access,
which can be had for as little as $6, or what will get you a movie ticket on Tuesdays at the Bowtie Cinema
just outside of Annapolis Junction, or so we're told. Kaspersky Lab has issued a report on the
forum where that access is being traded. It's called Exdetic, and it's run by Russian-speaking
operators. We also heard reports earlier this week that Iranian researchers had found a serious
vulnerability in the messaging service Telegram. Telegram has since called the alleged bug bogus. Connoisseurs of Iranian hacking will
be interested to learn that two of the researchers are among the seven Iranians under U.S. indictment
for attacks on the Bowman Street Dam and various financial sector targets. We've heard quite a bit
recently about point-of-sale breaches, with Wendy's being among the more prominent corporate victims.
But of course, the best-known method of paycard fraud is online shopping.
So we put on a pair of cheap sunglasses and spoke with Wanderra's Michael Covington about insecure online merchants they discovered some of their clients were using.
What caught our attention is that we saw data leakage. We saw data leakage of sensitive information, email address, username, password, credit card number,
along with expiration date, mailing address, et cetera.
So when we started seeing that type of data leaking, i.e. it wasn't being encrypted by the app or the web service that was being accessed,
we decided to do a little investigation.
We wanted to know a little bit more about the app that was being used,
the websites that were being accessed,
and that's when we found out that it was actually counterfeit goods
that were being sold on the website.
The online merchants highlighted in the report were selling knockoff sunglasses,
those ads we've all seen for highly discounted Ray-Bans or Oakleys.
But Covington says their research turned up a number of reasons for these leaky websites.
You know, it's interesting.
We've seen a number of different activities taking place on these sites that we've investigated.
First and foremost, there are scam sites.
So there are sites that are made to look as though they're selling a legitimate product or service.
And at the end of the day, what they're really trying to do is steal your money,
steal your identity, and they're not going to ship you the good on the other side.
So those are really the more fraudulent websites.
I think, though, and you see this in the report that we put out,
that there are also sites out there that are, I'm going to call them legitimate businesses,
where they are there to make a profit, to sell items,
and to actually ship them to people when they're purchased.
But they're fake products.
They're knockoffs.
They're things that are being sold to unsuspecting shoppers or people who are trying to save a buck.
I also think that there's another category of site out there, and it's a low-budget site,
a site that just hasn't spent a lot of money on infrastructure.
They're trying to do as much volume in sales
and minimal investment being made on the infrastructure side.
Those guys just aren't investing in security,
so they're not spending the time protecting the data that they're collecting.
Wanderer's report is a good reminder to be vigilant
with your sensitive data when shopping online.
Make sure that if you're parting with sensitive information
that it is being encrypted as it's being transmitted from your device to the service and that the service that
you're doing business with is actually who you think it is. And you can do some basic things
there like looking at the URL, reading the about page, just making sure that the general cues on
the website match up with what makes sense given the transaction that you're trying to accomplish
there. At an enterprise level, Covington suggests that if you see these kinds
of risky transactions happening on your network, take it seriously and use it as an opportunity to
educate your employees. There's some behavior that we can see from end users that may be reflective
of bad decision making, risky behavior like visiting a scam website where you're providing
sensitive information and it's not being encrypted. I think that's indicative of your online habits in
general. And so if you're an admin at a large company and you're seeing this type of activity
from a particular user, that type of user probably just needs some training. You want to get them
into a room, spend some time with them, showing them the best practices on how to actually engage in an online world, make sure that they're protecting
themselves as well as the corporate secrets that they're being trusted with. That's Michael
Covington from Wondera. You can read the report on their website. Observers think the bad tunnel
patch is the most important Windows fix on Patch Tuesday. Admins who have applied Microsoft's June fixes are complaining that one of them, MS16-072, exposes group policy settings.
Researchers find flaws in Cisco's small business Wi-Fi routers, but Cisco says it will patch these issues next quarter.
Legal observers think the apparent failure of the Compliance with Court
Orders Act of 2016 to gain traction in the U.S. Congress is good news for encryption. We spoke
with Dr. Vikram Sharma from Quintessence Labs about a technical topic of some importance to
the future of encryption, quantum key distribution. We'll hear from him after the break.
Finally, a Maryland gentleman, currently a guest of the governor a few blocks away from our studios, has been charged with fraud.
He passed the credit card information belonging to a corrections officer's wife to a colleague who then applied that information to various purchases.
The gentleman in question, Mr. Dante Small, was accommodated by the governor last October. He had fled from a traffic stop, crashed a barrier at Fort Meade,
and was found the next day hiding in a storm drain on the post.
Kudos to Mr. Small for having selected a secure hideout, we suppose.
Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks.
But get this. More than 8,000 companies like Atlassian and Quora
have continuous visibility into their controls with Vanta.
Here's the gist. Vanta brings automation to evidence collection across 30 frameworks, like SOC 2 and ISO 27001.
They also centralize key workflows like policies, access reviews, and reporting,
and helps you get security
questionnaires done five times faster with AI. Now that's a new way to GRC. Get $1,000 off Vanta
when you go to vanta.com slash cyber. That's vanta.com slash cyber for $1,000 off. That's why we're thrilled to partner with ThreatLocker, a cybersecurity solution trusted by businesses worldwide.
ThreatLocker is a full suite of solutions designed to give you total control,
stopping unauthorized applications, securing sensitive data, and ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today to see how a default deny approach can keep your company safe and compliant.
And joining me once again is Dr. Vikram Sharma.
He's from Quintessence Labs, one of our academic and research partners.
Dr. Sharma, you know, we've spoken previously about quantum technology.
It's an area where you all are doing a lot of research there at Quintessence.
And we touched on quantum key distribution.
I was wondering if you could dig a little deeper into what exactly is quantum key distribution.
Well, quantum key distribution is a mechanism of transporting encryption keys securely between two locations.
of transporting encryption keys securely between two locations.
And in this particular instance,
it applies to using light to transport these keys very securely, optical comms.
In its earliest incarnation,
what had been done was single photons of light were polarized or spun in a particular way.
So vertical could be a one and a horizontal zero
sent between two locations.
And if anybody tried to intercept those photons in flight,
they would disturb the spin
and therefore reveal the eavesdropping.
What Quintessence Labs has been doing
is taking the same principles
but applying it to a highly tuned
laser. And hundreds of millions, billions of times per second, we modulate very small signals
at the quantum level, like doing AM and FM onto the laser. And similar to the single photon model,
if there's any act of eavesdropping on this optical signal while it's being transported over, say, optic fiber, that eavesdropping will be revealed.
So it's sort of that old scientific principle about how the observation of something can change the state of it, correct?
That's exactly right, Dave.
It's a corollary of Heisenberg's uncertainty principle, if you look at something at the quantum level,
your act of observation disturbs it in a measurable way.
All right, fascinating stuff.
Dr. Vikram Sharma, thanks for joining us.
And now, a message from Black Cloak.
Did you know the easiest way for cybercriminals to bypass your company's defenses
is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform
secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk.
In fact, over one-third of
new members discover they've already been breached. Protect your executives and their families 24-7,
365, with Black Cloak. Learn more at blackcloak.io.
And that's The Cyber Wire.
We are proudly produced in Maryland by our talented team of editors and producers.
I'm Dave Bittner. Thanks for listening. Thank you.