CyberWire Daily - Disney+ credentials hacked. Kudankulam reassurance. Chinese, Iranian documents leak. Iran and Venezuela restrict Internet access. Russia proposes Internet control treaty. Hacktivist notes.
Episode Date: November 18, 2019Disney+ credentials already on sale in the black market souks. India reassures nuclear power partners that the Kudankulam incident didn’t compromise safety. Documents pertaining to Chinese and Irani...an security operations leak. Internet restrictions go into force in Iran and Venezuela. Russia offers an Internet control treaty at the UN. The Lizard Squad might be back, and Phineas Fisher has also resurfaced. And happy birthday, CISA. Joe Carrigan from JHU ISI on the NICE conference. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/November/CyberWire_2019_11_18.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash n2k code N2K at checkout. That's joindelete.me.com slash N2K, code N2K.
Disney Plus credentials are already on sale in the black market.
India reassures nuclear power partners that the Kundan-Kulam incident didn't compromise
safety. Documents pertaining to Chinese and Iranian security operations leak. Internet
restrictions go into force in Iran and Venezuela. Russia offers an internet control treaty at the
UN. The lizard squad might be back and Phineas Fisher has also resurfaced. And happy birthday, Sissa. From the Cyber Wire studios at DataTribe,
I'm Dave Bittner with your Cyber Wire summary for Monday, November 18th, 2019.
We open with some depressing but foreseeable news from the cybercriminal underworld.
Disney launched its Disney Plus video streaming service last Tuesday,
hours after the debut.
Hackers were already offering compromised user account credentials
in various dark web markets.
They're said to be selling for just $3 to $11,
a ZDNet investigation reports.
India has reassured its Russian partners that the cyber incident at the Kudankulam nuclear
power station did not affect safety or operations, the Hindustan Times reports.
Atom-stroy export is assisting with construction at Kudankulam, which when complete will have
six Russian-supplied Viver-1000 reactors.
The two countries have also cooperated on the installation's security.
The New York Times has published a large set of leaked classified documents
outlining Chinese surveillance and detention of its Muslim Uyghurs minority.
The repression has been particularly severe in the Xinjiang province.
This was a conventional leak, apparently from within the Chinese government,
and that there was a leak at all suggests that party discipline
may be shakier than it's often thought to be.
Many of the measures the government is taking are directed at Uyghur university students
and aim to persuade them that detained relatives are safe
and that they, the students, should be grateful for the detentions.
Foreign policy says that much of the surveillance technology used in Xinjiang is being built
into the smart cities component of the Belt and Road Initiative.
Authorities in Kazakhstan, Kyrgyzstan, and Uzbekistan are said to be particularly interested
in cooperating with Beijing.
The second set of leaked material exposes Iran's role in fomenting domestic unrest in Iraq.
Much of Tehran's activity has taken the form of long-term, patient,
cultivation of agents and deployment of influence,
of a kind long practiced in espionage.
The Revolutionary Guard's Quds Force is said to have taken a leading role in Iraqi operations.
Facing its own domestic unrest, Tehran has also begun restricting access to the internet within
Iran, Wired, TechCrunch and other outlets say. The proximate cause of the problems the regime
is facing in the streets is Tehran's decision to increase the price of gasoline by 50 percent.
The NGO NetBlocks, which maps government-produced outages, calls the blackout
near total, with connectivity down to between 5 and 7 percent of normal levels. The AP reports
that the government's principal aim of cutting off internet access has been to inhibit street
violence by depriving protesters of their customary means of communication and organization.
protesters of their customary means of communication and organization.
NetBlocks also reports that Venezuela's government restricted access to Twitter, Facebook, Instagram and YouTube on Saturday.
The targeted restrictions were also intended to prevent protesters from organizing and
communicating before anticipated demonstrations advocating democratic elections and the replacement
of the Chavista regime in Caracas.
The U.S. opposes a Russian-led cybercrime treaty proposed in the U.N. on the grounds that the pact
would solidify authoritarian control over the Internet, The Washington Post reports. The measure
is expected to come up for a vote today. A European diplomat speaking to The Post on condition of
anonymity offers what The Post characterizes as a representative take on the measure.
Quote,
The big picture is that Russia and China are seeking to establish a set of global norms that support their view of how the Internet and information should be controlled.
They're using every means they can in the UN and elsewhere to promote that.
This is not about cybercrime.
This is about who controls the Internet.
Russia is offering the treaty, which has the name
Countering the Use of Information and Communications Technologies for Criminal Purposes,
as an alternative to the Budapest Convention,
which since 2001 has been ratified by 64 countries,
including the US, Japan, and all but two of the EU's member states.
The draft contains a good deal of what the Post calls
unobjectionable statements about the rise in digital crimes
and their impact on the stability of critical infrastructure.
But it's clearly aimed at building out Internet sovereignty
in ways that would criminalize much ordinary online activity.
The resolution's sponsors include, beside Russia, China, North Korea, Myanmar, Nicaragua, Syria, Cambodia, Venezuela, and Belarus.
Where's Iran, one asks?
If the techno-libertarians of Tehran aren't co-sponsoring, what does that say about the likely effect of the treaty?
Two names from the quasi-hacktivist fringes have resurfaced.
The first is the Lizard Squad. Remember them?
Someone claiming to represent the squad told the Independent
that his group was behind the failed DDoS attack on the UK's Labour Party.
The Lizard Squad, which said it had disbanded in 2014,
but whose name has surfaced episodically since,
is best known for low-grade distributed denial-of-service attacks against online games
and a failed extortion attempt involving a search for non-existent intimate photographs of singer Taylor Swift.
These are a fair representation of the group's seriousness of purpose.
But, of course, while the action against Labour did show the imperfect execution of the old's seriousness of purpose. But of course, while the action against
labor did show the imperfect execution of the old Lizard Squad, it's entirely possible that the act
was the work of some other individual or group. Anarchist collectives have no very rigorous forms
of organization, modes of operation, or intellectual property, and the Lizard Squad's name and logo may
easily have been appropriated by some other threat actor.
It's simple enough to tweet with an emblem of a high-living lizard
dressed vaguely the way Eustace Twilley appears on the New Yorker's masthead,
only with more of a stoner aspect to the lizard's demeanor than we ever saw in Mr. Twilley.
But maybe that's just the way lizards look,
because the living's hard out there among the reptiles.
In any case, the Labor Party has reassured its members and others that the attack failed,
there was no breach, and the party lost no data in the incident.
The other blast from the past came in the form of an announcement from Phineas Fisher,
who is offering a bounty of $100,000, that's $100,000 U.S. currency,
but payable naturally in Bitcoin or Monero, in exchange for hacks of capitalist expropriators.
The social change-minded cybercriminal calls his initiative the Hacktivist Bug Hunting Program.
He offers, as examples of worthy targets, South American mining and livestock companies,
and that activists they particularly dislike, the oil services company Halliburton.
Weiss notes that the purse was apparently filled by cyber robbery.
Mr. Fisher's whereabouts are unknown, but they're of interest to any number of law enforcement organizations worldwide.
While there was at one time suspicion that Phineas Fisher was a sock puppet for Russian intelligence,
consensus in the U.S., at least, is that he probably is the hacktivist he represents himself to be.
And finally, CISA, the U.S. Department of Homeland Security's Cybersecurity and Infrastructure Security Agency,
marked the first anniversary of its formation
on Saturday. Many happy returns to Director Krebs and his crew.
Calling all sellers. Salesforce is hiring account executives to join us on the cutting edge of
technology. Here, innovation isn't a buzzword. It's a way of life. You'll be solving customer
challenges faster with agents, winning with purpose, and showing the world what AI was
meant to be. Let's create the agent-first future together. Head to salesforce.com slash careers
to learn more. Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks.
But get this.
More than 8,000 companies like Atlassian and Quora
have continuous visibility into their controls with Vanta.
Here's the gist.
Vanta brings automation to evidence collection across 30 frameworks, like SOC 2 and ISO 27001.
They also centralize key workflows like policies, access reviews, and reporting,
and helps you get security questionnaires done
five times faster with AI.
Now that's a new way to GRC.
Get $1,000 off Vanta
when you go to vanta.com slash cyber.
That's vanta.com slash cyber
for $1,000 off.
And now, a message from Black Cloak.
Did you know the easiest way for cybercriminals to bypass your company's defenses
is by targeting your executives and their families at home?
Black Cloak's award-winning
digital executive protection platform secures their personal devices, Thank you. And joining me once again is Joe Kerrigan.
He's from the Johns Hopkins University Information Security Institute, and he is also my co-host on the Hacking Humans podcast.
Joe, it's great to have you back.
Hi, Dave.
Through the magic of pre-recording, as we air this segment, you are actually attending
the NICE conference.
Right.
Give us a rundown.
First of all, what is that conference?
Well, it's a NICE conference.
It sounds like it.
It's in the name.
Right.
NICE is actually the National Initiative for Cybersecurity Education. And
it's a program out of the National Institute of Standards and Technology, NIST. Yeah. So NICE
was started in 2009 by President Obama, based on some previous work by President Bush called the
Comprehensive National Cybersecurity Initiative. And it focuses on educating people to get them
into the cybersecurity workforce.
That's really what the purpose of the NICE program is.
I see.
And so you head out there representing Johns Hopkins.
Yep.
And so what is in it for Hopkins as an organization to participate?
We are actually there to contribute our input there.
We have a Master's of Science in Security Informatics.
It's a 20-year-old program. So we're
there representing education or being part of the educational voice in the room. Can you give us a
sense for the organization of the event itself? If someone attends there, what can they expect to
find? Well, it's typical conference fair, right? It's got keynote speakers, usually pretty good
keynote speakers. Last year, the closing keynote was from,
I can't remember the guy's name, but he was from McAfee, talking about the things I've talked about
here before about how the cybersecurity skills gap is in part a courage gap on the part of
companies. This year, there'll be a keynote from somebody from NIST. Of course, during the
keynotes, there are breakout sessions where you can go to individual talks and things. And in fact,
breakout sessions where you can go to individual talks and things. And in fact, this is where I first picked up on some ideas on how to run our CTF programs at the Information Security Institute.
So we have our students participate in these programs, and it's actually pretty important
for their skills, to build their skills for it. And this semester, we've had students participate
in three of these, and one team has actually made it to the finals in the Maryland Cyber Challenge.
We're happy with that.
So that's one of the things we get out of it.
But they talk about a whole mess of different things here that are relevant to industry, academia, and government.
So really an opportunity for folks who are on the educational side of things to get together, exchange best practices, ideas, and so forth.
Yep, and then to talk to other people across different sectors like industry and government.
All right, well, it is the NICE conference.
Safe travels.
Thank you.
I hope you get a lot out of it, and we'll see you back here when you get back.
Joe Kerrigan, thanks for joining us.
My pleasure. solution trusted by businesses worldwide. ThreatLocker is a full suite of solutions
designed to give you total control, stopping unauthorized applications, securing sensitive
data, and ensuring your organization runs smoothly and securely. Visit ThreatLocker.com today to see
how a default deny approach can keep your company safe and compliant.
And that's the Cyber Wire. For links to all of today's stories, check out our daily briefing at thecyberwire.com. And for professionals and cybersecurity leaders who want to stay abreast Thank you. next generation of cybersecurity teams and technologies. Our amazing CyberWire team is Elliot Peltzman,
Puru Prakash, Stefan Vaziri, Kelsey Vaughn,
Tim Nodar, Joe Kerrigan, Carol Terrio, Ben Yellen,
Nick Volecki, Gina Johnson, Bennett Moe, Chris Russell,
John Petrick, Jennifer Iben, Rick Howard, Peter Kilpie,
and I'm Dave Bittner. Thanks for listening.
We'll see you back here tomorrow.
Your business needs AI solutions that are not only ambitious, but also practical and adaptable.
That's where Domo's AI and data products platform comes in. Thank you. act with ease through guided apps tailored to your role. Data is hard. Domo is easy.
Learn more at ai.domo.com. That's ai.domo.com.