CyberWire Daily - DISA data breach. More complaint against alleged GUR operations in Georgia. Trolls move from creation to curation. The UK deals with high-risk 5G vendors.
Episode Date: February 21, 2020The US Defense Information Agency discloses a data breach affecting personal information of up to two-hundred thousand individuals. More international reprobation for the alleged GRU hack of Georgian ...websites. Trolls move from creation to curation. Stalkerware data exposure. And a look at how the UK might actually implement its compromise position on high-risk 5G vendors. Joining us in studio, a surprise new addition to the CyberWire team, guest is Aisling MacRunnels from Synack on women in cyber. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2020/February/CyberWire_2020_02_21.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash N2K, code N2K.
The U.S. Defense Information Agency discloses a data breach
affecting personal information of up to 200,000 individuals.
More international reprobation of the alleged GRU hack of Georgian websites. breach affecting personal information of up to 200,000 individuals, more international
reprobation of the alleged GRU hack of Georgian websites, trolls move from creation to curation,
stalkerware data exposure, and a look at how the UK might actually implement its compromised
position on high-risk 5G vendors.
vendors. From the CyberWire studios at DataTribe, I'm Dave Bittner with your CyberWire summary for Friday, February 21st, 2020. The U.S. Defense Information Systems Agency, DISA, disclosed that
between May and July of 2019, one of its systems sustained a data breach that may have compromised personal data.
According to Fifth Domain, DISA wrote affected personnel, who may number up to 200,000,
that their names and social security numbers may have been compromised.
Which systems were breached is unclear, as is whether the incident was an attack or a data exposure.
as is whether the incident was an attack or a data exposure.
Reuters emphasizes that DISA provides telecommunications services to the White House and other high-level U.S. government organizations.
That's true, but possibly misleading, as DISA does far more than that.
It's a combat support agency whose mission is to
conduct Department of Defense Information Network operations for the joint warfighter.
Most service members, defense employees, and contractors touch DISA networks,
so this would appear to be a case of a breach of PII
as opposed to the penetration of sensitive executive branch networks.
Other countries have joined the U.S., the U.K., and Georgia
in condemning what they call a large-scale GRU defacement attack against Georgian websites last October, Fifth Domain and others report.
Naming and shaming are thought part of a broader effort to reinforce international norms of
conduct in cyberspace. Other allied governments, including governments with strong institutional
memories of Russian hybrid operations, like those of Estonia and the Czech Republic,
have also joined in the criticism of Moscow's operations against Georgia.
The Georgian operations were almost purely disruptive,
figurative sand in the metaphorical gears of civil society.
With that in mind, it's worth reviewing.
The Atlantic looks at Russian influence operations directed against the 2020 U.S. elections
and concludes that the Americans themselves are doing a good job of creating divisive content all on their own
and that the Russians seem to have moved from creation to curation.
It's impossible to resist the temptation to quote Pogo Possum on this.
We have met the enemy and he is us, as he famously said more than half a
century ago. There's enough ill will and paranoia in domestic production to leave the troll farms
of St. Petersburg with little to do beyond retweeting it. As the Atlantic observes, quote,
the U.S. doesn't need Russians to erode faith in its elections. One buggy app at the Iowa caucus
did that just fine.
Moscow remains interested in weakening American civil society and can be expected to continue its efforts along those lines,
but we may not see a revival of 2016-style hacking and creative disinformation.
Amplification and curation may well do it.
The Atlantic talked to Graham Brookie,
director of the Digital Forensic Research
Lab at the Atlantic Council, no relation to the Atlantic Magazine, by the way. They quote Brookie
as saying of Russia's Internet Research Agency, the highest profile troll farm of them all, that
at this point, quote, they could spike the football and say, mission accomplished, end quote. Maybe they will.
mission accomplished, end quote. Maybe they will. TechCrunch reports that KidsGuard, an app designed to monitor what children do with their phones, also spouses, employees, and so on, exfiltrates
data to a leaky Alibaba bucket. KidsGuard is a legal tool that, as its name implies,
is marketed to parents interested in keeping a handle on their wards and offspring's online shenanigans.
Its manufacturer, CleveGuard, says KidsGuard can access all the information on a targeted device,
and that includes real-time location, text messages, browser history, photos, videos, app activities, and recordings of phone calls.
The exposure of exfiltrated data seems to be the result of a misconfiguration
and not a deliberate choice on the vendor's part. Apps like KidsGuard have come to be known as
stalkerware for the relative ease with which they're repurposed to snoop on people who decidedly
aren't underage children. And finally, as the U.S. continues to try to persuade its allies that they should keep Huawei out of their 5G infrastructure,
the chief technology officer of Huawei's networking unit, Paul Scanlon,
told CNBC that the U.S. government would find it difficult to come up with companies that would be credible 5G alternatives to Huawei.
The U.S. has urged the U.K. and others to recognize and resist Huawei propaganda to the effect that the hardware giant is 5G deployment's indispensable company.
A decision by what the Register calls the Ministry of Fun suggests that the actual implementation of Britain's compromise position on Chinese manufacturers may be more restrictive than many had believed.
may be more restrictive than many had believed.
The Department for Digital, Culture, Media and Sport,
to give the Ministry of Fun its proper name,
has opened bidding on nine rural 5G pilots with a total value of £35 million.
In requesting proposals, the department said, however, that none of the winning projects or future projects from 5G Create
will use equipment from high-risk vendors. outlaw of Sherwood Forest and his stalwart man, robbing the rich to feed the poor,
ready to fight for king, for country, or for maiden fare.
Are you with me?
The specific nature of some of those products
is suggestive of how expansive the notion of core infrastructure is becoming.
They include water pollution control projects,
woodland and livestock remote monitoring,
and even an interactive system designed for
tourists visiting Sherwood Forest, specifically a virtual reality Robin Hood and his merry men.
That a VR Robin Hood would be too sensitive to allow Huawei in hints that the reality of the
UK's implementation of compromise restrictions on Huawei and other Chinese vendors won't be as far from the notoriously
harder American line as Washington fears. Unless, of course, Sherwood Forest is a bigger national
security deal than it appears to us over here. Sheriff of Nottingham, Prince John.
What was that passage in the movie? Why you speak treason? Fluently. Right. It's a way of life. You'll be solving customer challenges faster with agents,
winning with purpose, and showing the world what AI was meant to be.
Let's create the agent-first future together.
Head to salesforce.com slash careers to learn more.
Do you know the status of your compliance controls right now? Like, right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs, we rely on point-in-time checks. have continuous visibility into their controls with Vanta. Here's the gist.
Vanta brings automation to evidence collection across 30 frameworks,
like SOC 2 and ISO 27001.
They also centralize key workflows like policies, access reviews, and reporting,
and helps you get security questionnaires done five times faster with AI.
Now that's a new way to GRC.
Get $1,000 off Vanta when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1,000 off.
And now, a message from Black Cloak.
Did you know the easiest way for cybercriminals to bypass your company's defenses is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform
secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk.
In fact, over one-third of new members discover they've already been breached.
Protect your executives and their families 24-7, 365, with BlackCloak.
Learn more at blackcloak.io.
And it is my pleasure to welcome back to the studio.
In studio this time is Rick Howard, who regular Cyber Wire listeners will recognize.
Rick has joined us over the years.
For many years, you were the chief security officer at Palo Alto
Networks. That's right. And so thanks for letting me into the inner sanctum of the Syro. I've been
listening to it for years and now I get to see how it's really done. So it's pretty exciting for me.
Well, we're excited to have you here. And part of what we want to talk about today
is a little bit of a career journey that you've been on for the
past couple months. Bring us up to date. What's been going on? Well, as you said, I worked at
Palo Alto Networks. I was their chief security officer, and I was there for a good six years.
And I was talking to my wife about this earlier. I was 75% on the road. Wow. I didn't realize how
insane that was until I actually stopped and was like, oh, this is what normal people do.
You reintroduced yourself to your wife and family.
That's right.
I had dinner with my wife and walked my dogs.
Yeah, so it was enlightening that normal people have that kind of life.
So I had the opportunity to just kind of think about what I wanted to be when I grow up.
And I knew that I didn't just want to go and, you know, work for another corporation
just to make money. I've been doing this job, similar jobs for, geez, 25 years. And you may
notice I have some opinions about how to do stuff. Yeah, yeah, I noticed. So, and, you know, I could
either, you know, do what my traditional peers have done, which is, you know, consult or, you
know, go work on boards. But I'm looking for scale,
right? How do I transmit some of these ideas to, you know, to a larger audience? That's kind of
what I was thinking about. And so ultimately, the decision that you made, which I have to admit
benefits me personally, everyone here at the Cyber Wire and all of our listeners is, what is it,
Rick? I have taken a job starting today, as a matter of fact, to be the chief security officer
and senior fellow and chief analyst for the Cyber Wire.
Yes. It's been so hard to hold back the news that I knew the potential was that you'd be coming and joining our team.
And we're just so excited, pleased as punch for you to join us.
Of course, I looked it up,
you know, you and I met probably five years ago.
Is that right?
It's been five years ago.
Yeah, on the show floor at RSA,
we came and did an interview together.
Of course, when you were at Palo Alto
and I feel like we just hit it off
and have been doing these segments ever since.
We brought you on as a partner
and it's just been really great.
So to have you join our team here at the Cyber Wire, just really exciting for all of us here.
Well, you know, it's amazing.
I'm a big podcast guy.
I've been listening to podcasts before there were podcasts because I hate radio commercials,
right?
And so, and by the way, you may know this, but there are thousands of cybersecurity podcasts,
and most of them are not very good.
So over the years, I picked two that I listened to all the time. And the number one has been
the Cyber Wire. So when I was looking around as a lark, when I was over the Christmas break,
I sent you a note and said, hey, how about bringing me on as a podcast host? And then
it just kind of snowballed to this kind of opportunity. So I'm very excited.
Yeah. Yeah. Us too. Well, I mean, let's dig snowballed to this kind of opportunity. So I'm very excited. Yeah, yeah, us too.
Well, I mean, let's dig in a little bit for our audience.
I mean, what kinds of things are you hoping to do here as you join our team?
And we've got our sights set on having you have some shows of your own.
What sort of things do you have in mind?
I'm very interested in how the cybersecurity industry, I call the people that work there
network defenders, right?
And how we think about cybersecurity. It feels like we haven't really innovated in a very long time. We
have been incrementally improving cybersecurity, but not really disrupting cybersecurity.
So I'd like to think about those kinds of ideas, how to take a giant leap in how we do our job,
as opposed to just every day getting a little bit better. So those kinds of
things interest me a lot. Yeah. Well, I have to say, I'm sure everyone out there can hear my own
excitement here. It's great to have you aboard. I know you're excited too. I guess for the first
time I will say it, the CyberWire is Rick Howard. Excellent. Thanks for joining us. Thank you, sir.
Cyber threats are evolving every second, and staying ahead is more than just a challenge.
It's a necessity.
That's why we're thrilled to partner with ThreatLocker, a cybersecurity solution trusted by businesses worldwide.
ThreatLocker is a full suite of solutions designed to give you total control, stopping unauthorized applications, securing sensitive
data, and ensuring your organization runs smoothly and securely. Visit ThreatLocker.com today to see
how a default deny approach can keep your company safe and compliant.
My guest today is Aisling McRunnels. She's Chief Business Officer at SYNAC. She's also among a team of organizers of the Courageous Women's CISO Brunch, as well as a Women Only
Capture the Flag at the
upcoming RSA Conference in San Francisco. At SYNAC, we are the trusted leader in crowdsourced
security. That means we have a crowdsourced security testing platform that is based on
harnessing the best of artificial intelligence and human intelligence together to provide
the best possible results.
Now when you do that, you have to be able to harness the best and most brilliant humans
from a security perspective across the planet in order to be able to bring the diversity
of plots to the table to be able to test thoroughly.
What we found is that as we were harnessing researchers across the world, and we do so
from 80 different countries, we found that we were well represented culturally, but that
we were very underrepresented from a female perspective.
And we were very underrepresented from a female perspective. And so because of that, we've had for the last number of years, a focus on being able
to encourage more women to consider security as a career and encourage the women in security
to continue to play a ongoing vibrant role in participating very fully in the security ecosystem.
Well, let's talk about the brunch that you're going to be hosting at RSA. This is the Courageous
Women CISO Brunch. What can attendees expect? So this is, I think, the eighth one of these
that we've actually done across the country. And we've always had rave reviews. It's actually a pretty
lighthearted brunch where we have a group discussion about some of the challenges and
opportunities that we see in security today. Some of them are technical issues. Some of them
are more career oriented. In general, what we have found is that women are dramatically
underrepresented in security. As I mentioned, today we have only one in five women playing
a C-level role in the security industry. And it's even worse at the practitioner level,
believe it or not. And this is an industry that is right now struggling with a massive talent gap where we need to recruit just great people across the board.
And so women are very, very underrepresented in that group.
is a meeting that we hold regularly.
This one is a brunch where people can chat and encourage and empower each other
to be part of this community.
You know, when I've had conversations
with a variety of women in cybersecurity,
something that I've heard many times
is that there are conversations
that can take place at events like this
that just can't happen at mixed sex events where we have men
and women together, that by having women together, that opens up an avenue for conversations,
frankness and candor that would be difficult to have in a mixed environment.
Is that your experience as well? It actually is. We've had amazing sessions where, you know,
the feedback I've gotten before is tremendous. And I think it's exactly what you're saying, is that there's a lot
of different networking sessions in the security industry. Very few of them are focused in on women,
allowing women to speak in a way that's very comfortable to open up and ask for advice from
others in a comfortable, easy way.
Now, you're also organizing a Women Only Capture the Flag event.
Can you share some of the details on that one for us?
Yeah, absolutely.
Similarly, we find that from a researcher perspective,
again, we source researchers from 80 different countries across the world,
and yet the women only make up about 12% of that group. So given that
it should be closer to 50%, just massively underrepresented. Now, this one's really
interesting for me because a lot of people may not understand the life of a great ethical researcher. For us, we have a wonderful group of researchers,
many of whom are dads who work from home and have a great lifestyle because they're able to
participate in earning an income by working on the Synac platform and finding vulnerabilities for our clients.
And our clients are the government and some of the largest enterprises out there.
Now, these stay-at-home dads often can, like I said, work in a normal setting,
and they can work from wherever they live.
I think it's a shame that more women don't realize that this is a career that they can also participate in and that
being a great ethical hacker gives you an enormous amount of freedom to be able to earn an income
from wherever you live and to earn it on your own schedule in your own hours. So the Women Only
Capture the Flag again is an initiative to try and encourage women to be able to support each other in getting into this career and see each other, you know, see the great researchers that we have that are making a living here.
And hopefully that will motivate others.
This forum is really about women advocating for women, supporting women in a really positive way.
That's Aisling McRoneynolds from SYNAC.
And that's the Cyber Wire.
For links to all of today's stories,
check out our daily briefing at thecyberwire.com.
And for professionals and cybersecurity leaders who want to stay abreast of this rapidly evolving field, sign up for CyberWire Pro.
It'll save you time and keep you informed.
Listen for us on your Alexa smart speaker, too.
The CyberWire podcast is proudly produced in Maryland out of the startup studios of DataTribe, where they're co-building the next generation of cybersecurity teams and technologies.
where they're co-building the next generation of cybersecurity teams and technologies.
Our amazing CyberWire team is Elliot Peltzman, Puru Prakash,
Stefan Vaziri, Kelsey Vaughn, Tim Nodar, Joe Kerrigan, Carol Terrio, Ben Yellen, Nick Volecki, Gina Johnson, Bennett Moe, Chris Russell, John Petrick,
Jennifer Iben, Rick Howard, Peter Kilpie, and I'm Dave Bittner.
Thanks for listening. We'll see you back here tomorrow.
Your business needs AI solutions that are not only ambitious,
but also practical and adaptable.
That's where Domo's AI and data products platform comes in. With Domo, you can channel AI and data into innovative uses that deliver measurable
impact. Secure AI agents connect, prepare, and automate your data workflows, helping you gain
insights, receive alerts, and act with ease through guided apps tailored to your role.
receive alerts, and act with ease through guided apps tailored to your role.
Data is hard. Domo is easy.
Learn more at ai.domo.com.
That's ai.domo.com.