CyberWire Daily - DNI warns of cyber threats. Russo-US summit. Mueller investigation and indictments. Huawei agonists. Congress reconsiders ZTE reinstatement. Kaspersky receives no emergency ban relief.
Episode Date: July 16, 2018DNI says "warning lights are blinking red" over cyber threats. Election interference remains a risk despite lower than expected levels of threat activity. Presidents Trump and Putin meet in Helsinki. ...Notes on the Mueller investigation and the GRU indictments. Huawei, under suspicion over African cyberespionage, is said to be excluded from participation in Australian 5G buildout. Congress may reimpose ban on ZTE. Kaspersky fails to win emergency injunction against US sanctions. Ben Yelin from UMD CHHS, weighing in on the indictments of the Russians. For links to all of the stories mentioned in this podcast, visit our daily news brief on our web page. https://thecyberwire.com/issues/issues2018/July/CyberWire_2018_07_16.html Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash n2k code N2K at checkout. That's joindelete.me.com slash N2K, code N2K.
DNI says warning lights are blinking red over cyber threats.
Election interference remains a risk despite lower thanthan-expected levels of threat activity.
Presidents Trump and Putin meet in Helsinki.
Notes on the Mueller investigation
and the GRU indictments.
Huawei, under suspicion over African cyber espionage,
is said to be excluded from participation
in the Australian 5G build-out.
Congress may reimpose the ban on ZTE.
And Kaspersky fails to win an emergency injunction
against U.S. sanctions.
From the CyberWire studios at DataTribe, I'm Dave Bittner with your CyberWire summary for
Monday, July 16, 2018.
U.S. Director of National Intelligence Dan Coats said Friday that warning lights are blinking red
with respect to imminent cyber attacks against the U.S. by Russia, China, Iran, and North Korea.
Coats spoke shortly after the Department of Justice publicly released its indictment
of 12 Russian officers of the GRU Military Intelligence Service.
Coates did not suggest that a major act of kinetic terror was in the offing,
but he did tell meetings at the Hudson Institute that there were persistent, pervasive threats to disrupt American society.
These are not, he contended, limited to influence operations, still less to direct hacking of
elections, but that they extend to the real possibility of attacks on critical infrastructure.
He alluded, in particular, to threats the energy and financial sectors face.
The DNI's warning lights blinking red metaphor, of course, harkens back to the retrospective
assessment of the months before al-Qaeda's 9-11 terror attacks
U.S. intelligence and security services were uneasy then
It seemed that something was in the works
But what it was, how it would happen
And where it would take place were obscure
Until their tragic revelation that morning in September 2001
While Russian activity directed against U.S. midterm elections seems to be
relatively less intense than it was during the 2016 presidential election, U.S. Secretary of
Homeland Security Nielsen warned state election officials Saturday that this particular threat
was by no means over and done with, and that they needed to look to election security and avail
themselves of the tools available to bucket up.
Presidents Trump and Putin met in Helsinki, Finland today.
The meetings began with one-on-one sessions, interpreters accepted, of course.
Each president will have at least one translator on hand.
This initial session ran long and was followed by larger meetings at which both leaders were accompanied by advisers.
This was apparently both presidents' preference and made some observers uneasy, mostly in the United States,
where people with some experience of seeing Mr. Putin operate note that he's capable of specious persuasion
and express the hope that Mr. Trump would be wary during their discussions.
The topics discussed are known to have included trade, China, Islamist terrorism, the Syrian
Civil War, and nuclear arms control.
President Trump, as expected, brought up the indictment, which many in Congress wanted
brought up firmly and frankly.
President Trump did ask about Fancy Bear's capers,
and as expected, Mr. Putin flatly denied everything. The Russian denials are reminiscent
of those issued over the Novichok nerve agent attacks in England. We didn't do it,
and you should show us all of your evidence, which we'd be happy to evaluate.
The two presidents did discuss the formation of a joint cybersecurity working group
and, while acknowledging significant remaining differences, described the talks as productive
and that they considered themselves competitors, but in a good way. Further accounts of the summit
are expected to emerge over the course of the week. The summit, of course, took place in the shadow of Friday's
indictments of 12 GRU officers for their involvement in various aspects of a conspiracy
to commit hacking, fraud, and money laundering in the course of Russia's attempts to disrupt
the 2016 U.S. elections. Special Counsel Robert Mueller charges that the GRU hacked U.S. political
targets, mostly the Democratic
National Committee and the Clinton campaign, during the 2016 election cycle. The members
of Fancy Bear are said to have accomplished their intrusion through spear phishing,
and both DCLeaks and Guccifer 2.0 are alleged to be Russian false identities.
The indictment also touches on money laundering. The GRU operators are alleged to
have mined Bitcoin to pay for their infrastructure in a deniable and unobtrusive way.
So far, the investigation has not announced any American cooperation with the Russian operations.
That would, of course, be of paramount interest. Observers speculate that the
special counsel will wrap up the investigation by
the end of this summer. Since the GRU proved itself adept, in the special counsel's view,
at running various fictitious personae, some are looking for other instances of that organization's
use of misdirection in the form of catfish, sock puppets, and other front organizations.
U.S. Senators Gardner, a Republican of Colorado, and Wyden, a Democrat of Oregon, have asked
the Department of Justice to determine whether the cyber caliphate was also a Russian false
flag operation.
The cyber caliphate, which represented itself as an online wing of the Islamic State, drew
considerable notoriety for threats it made against the
families of U.S. military service members, threats that figure prominently among the
senator's questions.
Huawei, long under scrutiny in the West as a potential security threat, has also long
denied that it's anything of the kind.
But that claim is looking shakier amid revelations that the company may have been involved in several incidents of espionage.
The French news outlet Le Monde reports that Huawei seems to have been involved in a major Chinese espionage campaign against the African Union.
The company's devices have apparently been used to collect and exfiltrate data from the union's headquarters in Addis Ababa, Ethiopia.
The African Union's current headquarters, which opened in 2012,
was constructed and equipped by China as a, quote,
gift of China to friends of Africa, end quote.
In 2017, African Union IT personnel noticed that their servers were reporting back
between midnight and 2 a.m. each night to unknown servers located in Shanghai.
Complaints of espionage from Addis Ababa and denials of the same from Beijing
have been swapped for some time,
but renewed consideration of the incident has done Huawei no favors elsewhere.
Australia's government, for one, is said to have decided to exclude Huawei
from that country's build-out of its 5G infrastructure.
The U.S. Congress hasn't forgotten ZTE, another Chinese device manufacturer,
and is considering including sanctions against that company in the upcoming defense authorization bill.
Another company facing harsh U.S. scrutiny, Kaspersky Lab,
Another company facing harsh U.S. scrutiny, Kaspersky Lab,
which many in Congress and the intelligence community regard as dangerously close to Russian security services,
failed in its Friday attempt to get a U.S. Court of Appeals to issue an emergency injunction against a ban on Kaspersky products within the federal government.
The company is disappointed, but plans to continue its challenge to the ban's constitutionality.
Calling all sellers.
Salesforce is hiring account executives to join us on the cutting edge of technology.
Here, innovation isn't a buzzword.
It's a way of life.
You'll be solving customer challenges faster with agents,
winning with purpose, and showing the world what AI was meant to be.
Let's create the agent-first future together.
Head to salesforce.com slash careers to learn more.
Do you know the status of your compliance controls right now? Like, right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs, we rely on point-in-time checks. have continuous visibility into their controls with Vanta. Here's the gist.
Vanta brings automation to evidence collection across 30 frameworks,
like SOC 2 and ISO 27001.
They also centralize key workflows like policies, access reviews, and reporting,
and helps you get security questionnaires done five times faster with AI.
Now that's a new way to GRC.
Get $1,000 off Vanta when you go to vanta.com slash cyber. That's vanta.com slash cyber for $1,000 off.
And now, a message from Black Cloak.
Did you know the easiest way for cybercriminals to bypass your company's defenses is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform
secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk.
In fact, over one-third of new members discover they've already been breached.
Protect your executives and their families 24-7, 365, with BlackCloak.
Learn more at blackcloak.io.
And joining me once again is Ben Yellen. He's a senior law and policy analyst at the University
of Maryland Center for Health and Homeland Security. Ben, welcome back. Thanks for jumping
in with us here. Last Friday, we had the news of this indictment of 12 Russian military intelligence officials.
We've covered the news side of this, so I think we have a good handle on the nuts and bolts of what's going on operationally here.
But I'm curious in your take on it. What do you think it tells us, first of all, the scale and scope of the operation, how widespread it was, how extensive it was, how technologically advanced it was.
I also think it hints at the involvement of certain unindicted U.S. persons.
And it does that one of, so Guccifer 2.0, which was the username that was used by the Russian conspirators to release information to third parties, most notably WikiLeaks.
They received an email from a congressional candidate asking for stolen information on one of their opponents.
And we have no information on who that congressional candidate is.
And there are a number of such mentions of U.S. persons.
They mentioned someone, and I think based on news reports, we think it is Roger Stone,
a longtime associate of President Trump, but somebody who was communicating regularly
with the Russian co-conspirators,
the ones who were indicted, who were falsely claiming to be this Guccifer 2.0 Ukrainian
lone, you know, hacktivist.
So, you know, that's something I'm certainly watching out for, is that we've established
that there has been a crime committed.
That's been established in the indictment.
That's been established in identifying the names of these conspirators.
But we have hints that there was some sort of involvement by U.S. persons.
And that leads me to believe that there are going to be, if not future indictments,
at least part of the Mueller report will be the involvement of U.S. persons in this criminal scheme.
How much, if anything, do you think we should read into the timing of this? This was released as President Trump was heading off to meet one-on-one with
Putin. So that's a great question. You know, a lot of people, because Bob Mueller has this sort of
mythic persona, you know, he doesn't leak. He's very meticulous in laying out the facts.
He doesn't showboat. He doesn't give press conferences. I think it
leads a lot of us to think that he's some sort of genius, that everything he does is purposeful,
is part of some sort of four-dimensional chess activity. I'm not so sure about that.
It is certainly interesting to me that this was released ahead of President Trump's meeting with
Vladimir Putin. I don't think there's any evidence to the effect that this was released ahead of President Trump's meeting with Vladimir Putin. I don't think
there's any evidence to the effect that it was that Robert Mueller handed down these indictments
purposefully at this moment because of that summit. And in fact, it seems like President
Trump was informed of them earlier in the week, certainly before the whole congressional hearing
with Peter Strzok, the former FBI agent, and before he even ventured overseas.
It does, however, it's sort of a power play from Mueller to a certain extent in saying,
I don't care that you are meeting with President Putin next week.
We're not stopping this investigation.
In fact, it's ramping up.
We're not going to be beholden to your claims of this being fake news.
Where we see evidence of criminal conduct, we're going to prosecute it. And we're going to do it
whether that has an effect on the diplomatic relations you're trying to establish personally
with President Putin or not. So I think we can certainly read something into that.
Special Counsel Mueller is not going to be bullied.
He's not going to be intimidated into abandoning this investigation.
And I think that's certainly something we can read into.
So based on what you've read from the indictment, do you think we're more or less likely to see criminal conspiracy charges involving Americans?
I think we're more likely to see them.
I mean, I think this is how Mueller is building the case. First, you establish the crime,
then you establish various U.S. persons as conspirators in this crime. What we don't
know is to the extent that people who are part of Trump's inner circles are going to be charged
with these conspiracies. Certainly, there was nothing in the indictment that related to people within President Trump's inner circle.
So you can read the tea leaves on the individuals mentioned in the indictments.
You know, I didn't see anything on Jared Kushner or Donald Trump Jr.
The types of individuals who were talked about in this indictment, Roger Stone in particular, are sort of on the peripheral of the Trump orbit.
But just because they weren't mentioned in the
indictment that, you know, we're not going to see further charges. I think what we're seeing here
is that special counsel Mueller is laying the groundwork. He wants to prove that there was this
extensive criminal conspiracy to hack into the DNC, into the Democratic Congressional
Campaign Committee, and to Hillary Clinton's campaign
advisors' emails, prove that crimes were committed under the Computer Fraud and Abuse Act, and then
slowly start to make connections as to how involved American entities were conspiring to
commit this crime. And I certainly think we see sort of the groundlings of that in the indictment
with the mention of various U.S. persons. The other thing that really piqued my interest is that I think they're referred to as
Organization One in the indictment, but we all know based on news reports that it's actually
referring to WikiLeaks. And WikiLeaks had coordinated very closely with these Russian
agents prior to the Democratic National Convention, saying, you know, if you have any Hillary
related emails, specifically in relation to Bernie Sanders, we'd like them released now
ahead of the Democratic Convention. And as we know, those emails were released, and it caused
a lot of consternation and chaos at the convention. What puzzles me is whether these Russian agents would have known independently that there would be that sort of commotion at the Democratic National Convention if these emails were released.
either within their inner circle or more on the periphery, provided intelligence to these hackers or potentially to WikiLeaks saying, you know, this would be a good time to release those emails.
They're going into the convention. We would love to see a show of disunity among Democrats. We'd
like to see doubts being sowed in the mind of Bernie Sanders supporters as to the legitimacy
of this nomination. I think you can sort of see
at least the broad outlines of that in the indictment, just based on the fact that
we know these Russian intelligence agents were communicating with WikiLeaks,
specifically about the timing of when to release these incriminating emails.
So I think, you know, there's certainly something to read into that.
All right. Well, obviously, stay tuned. More to come, right?
Yeah, I do not think we're at the end of the story. I mean, obviously,
there have been some whispers in the last several months that, you know, maybe Mueller didn't have
anything on actual quote-unquote collusion, but he was going to make some sort of allegations of
obstruction of justice. So I think these indictments, at least for me, lead in the other direction,
that it's still a very open question as to whether U.S. persons affiliated with the Trump campaign
were part of this large criminal conspiracy to steal information.
And I think now that we've established the scope of that conspiracy,
I think there are some very open questions as to who participated in it
in the United States. All right. Well, as always, Ben Yellen, thanks for joining us. Thank you.
Cyber threats are evolving every second, and staying ahead is more than just a challenge.
It's a necessity. That's
why we're thrilled to partner with ThreatLocker, a cybersecurity solution trusted by businesses
worldwide. ThreatLocker is a full suite of solutions designed to give you total control,
stopping unauthorized applications, securing sensitive data, and ensuring your organization runs smoothly and securely. Visit ThreatLocker.com
today to see how a default deny approach can keep your company safe and compliant.
And that's the Cyber Wire.
For links to all of today's stories, check out our daily briefing at thecyberwire.com.
And for professionals and cybersecurity leaders who want to stay abreast of this rapidly evolving field, sign up for Cyber Wire Pro.
It'll save you time and keep you informed.
Listen for us on your Alexa smart speaker, too.
Listen for us on your Alexa smart speaker too.
The CyberWire podcast is proudly produced in Maryland out of the startup studios of DataTribe,
where they're co-building the next generation
of cybersecurity teams and technologies.
Our amazing CyberWire team is Elliot Peltzman,
Puru Prakash, Stefan Vaziri, Kelsey Vaughn,
Tim Nodar, Joe Kerrigan, Carol Terrio, Ben Yellen,
Nick Volecki, Gina Johnson, Bennett Moe, Chris Russell,
John Petrick, Jennifer Iben, Rick Howard, Peter Kilpie, and I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow.
Your business needs AI solutions that are not only ambitious, but also practical. Thank you. measurable impact. Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights, receive alerts, and act with ease through guided apps tailored to your