CyberWire Daily - France braces for election hacking. Ukrainian utility says December blackouts were hacker-induced. Finding "Fruitfly." Tracking Mirai's master.
Episode Date: January 19, 2017France prepares for election hacking. Ukrenergo [yook-REN-air-go] acknowledges its electrical service was hacked. Malwarebytes reports on Fruitfly, malware swarming about biomedical research facilitie...s. Krebs believes he's found the author of Mirai. Anonymous says it's going to dox US President-elect Trump. Ben Yelin reviews your rights to privacy at the border. Nir Giller from CyberX addresses the false sense of security when it comes to ICS. And the RSA Conference announces the finalists in the Innovation Sandbox. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash n2k code N2K at checkout. That's joindelete.me.com slash N2K, code N2K.
France prepares for election hacking.
Ukraine Air Go acknowledges its electrical service was hacked.
Malwarebytes reports on Fruitfly, malware swarming
around biomedical research facilities. Krebs believes he's found the author of Mirai. Anonymous
says it's going to dox U.S. President-elect Trump. And the RSA conference announces the finalists in
the Innovation Sandbox. I'm Dave Bittner in Baltimore with your Cyber Wire summary for Thursday, January 19, 2017.
France continues to prepare for election hacking.
ANSI, the country's national information system security agency,
has warned political parties and others to expect attempts on their networks.
So far, one political movement, En Marche, led by former socialist Emmanuel Macron,
now running as an independent, has acknowledged being hacked.
The major parties so far have nothing to report.
ANSI's responsibilities include securing the vote at the polling places,
and as the electorate's choices are transmitted through regional prefectures
to the Ministry of the Interior for their final official tally.
The leading suspect against which ANSI and the Ministry of Defense are warning would be, of course, Russia.
Farther east, Ukrainergo, the electrical utility that supplies Kiev,
confirmed to Reuters that last month's power outages were indeed the result of a cyberattack.
Reuters that last month's power outages were indeed the result of a cyber attack.
The utility found that workstations and SCADA systems connected to the major North substation came under external influence.
Ukrainer Go declined to attribute the attack to any particular actor.
Speculation, again, of course, has pointed to Russia.
But they did say, quote, the analysis of the impact of symptoms on the initial data of these systems indicates a premeditated and multi-level invasion, end quote.
Security of industrial control systems remains a matter of much concern.
We spoke with Nir Giler of CyberX, who believes that a false sense of security still surrounds industrial control systems.
People might have the perception of security by obscurity. industrial control systems. No one has the inner workings or the documentation of the actual software, hardware.
It might mean that the attacker cannot attack these devices.
And that's security by obscurity.
It has never been proven to be successful.
Obscurity is something that with enough resources, you can always bypass and figure out what you need to figure out as an attacker and get your way.
So I think that this is something that needs to be very well understood within industrial environments because it seems that there are a lot of proprietary technologies, although as time passes by, more and more people relate to the concept that attackers can attack proprietary protocols and systems.
We see examples more and more frequently.
And so I believe that in order to actually protect an industrial environment, you need the ultimate answer is that you need detection. You need a solution which is capable very efficiently and very wisely to do detection within the industrial environment.
And you need to do so continuously.
continuously. Because if you have a firewall that's separating between the IT and the OT environment, it doesn't mean that you won't get attacked. There's a very good probability
that the firewall will be bypassed. You as an asset owner of the industrial environment, the OT environment, you need to remember that cybersecurity
is all about risks. And you need to have the right system put in and the right methodology
to make sure that you are continuously protected, because you will get attacked,
whether it's a highly targeted or a simple attack, but
the network will be attacked.
And you need the tools in place to make sure that you have detection.
And once an attack will be detected, you will be able to take the right actions in order
to mitigate the incident.
That's Nir Giller from CyberX.
Security researchers at the firm Malwarebytes report finding malicious code used in targeted
attacks against biomedical research centers.
The malware affects primarily macOS, but Linux systems are also thought vulnerable.
Apple is calling the code FruitFly.
It's multifunctional.
It takes screen captures, accesses webcams,
and enables attackers to take remote control of an endpoint.
Sophisticated, yet with an oddly retro approach to persistence,
FruitFly is thought to have circulated undetected for several years.
Malwarebytes speculates that its highly targeted character helped it evade notice.
Krebs on Security investigates Anna Senpai, as Mirai's creator has come to be known,
tracking her or him or them through Minecraft and Rutgers. Krebs names names, and if we follow him,
we can safely call Anna Senpai him. Krebs notes that Mirai, the botnet herding malware that took down his site and other services,
most famously OVH in France and Dyn in the United States last autumn, had ancestors.
Its forebears went by Bashlight, Gaffgit, Cubot, Ramitin, and Torlis.
In 2014, hoods calling themselves Leldos amused themselves by taking down Minecraft
servers using variants of this ancestor code. The takedowns weren't pure vandalism. Rather,
they appear to have been gambits in the highly competitive Minecraft DDoS protection industry.
A California security firm, ProxyPipe, which specializes in protecting Minecraft servers,
came under effective 300 gigabyte per second distributed denial of service attack in June of 2014.
ProxyPipe believes that it was being harassed by competitors, very small one or a few person outfits run by teenagers.
The report is worth reading in full at KrebsOnSecurity.com.
KrebsOnSecurity.com.
As the U.S. prepares to inaugurate President-elect Trump tomorrow,
the anarcho-hacktivist collective resurfaces to tell Mr. Trump that he will regret the next four years.
The threat appears to amount to a promise that they'll dox the new president vigorously,
something Anonymous began saying at roughly the time Trump announced his candidacy.
As you would expect, the Cyber Wire will be providing special coverage of this year's RSA conference in San Francisco.
The meetings run from the 13th to the 17th of February,
and that's less than a month away, so it's time to start anticipating.
The conference has announced the finalists in its innovation sandbox.
There's a complete listing of all of the finalists on our website,
thecyberwire.com, in today's daily briefing. Congratulations and good complete listing of all of the finalists on our website, thecyberwire.com,
in today's daily briefing. Congratulations and good luck to them all. We look forward
to seeing them on the cutting edge of technology. Here, innovation isn't a buzzword.
It's a way of life.
You'll be solving customer challenges faster with agents,
winning with purpose,
and showing the world what AI was meant to be.
Let's create the agent-first future together.
Head to salesforce.com slash careers to learn more.
Do you know the status of your compliance controls right now?
Like, right now?
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks.
But get this.
More than 8,000 companies like Atlassian and Quora have continuous visibility
into their controls with Vanta. Here's the gist. Vanta brings automation to evidence collection
across 30 frameworks like SOC 2 and ISO 27001. They also centralize key workflows like policies,
access reviews, and reporting, and helps you get security questionnaires done five times faster with AI.
Now that's a new way to GRC.
Get $1,000 off Vanta when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1, dollars off. who puts her career on hold to stay home with her young son. But her maternal instincts take a wild and surreal turn
as she discovers the best yet fiercest part of herself.
Based on the acclaimed novel,
Night Bitch is a thought-provoking and wickedly humorous film
from Searchlight Pictures.
Stream Night Bitch January 24 only on Disney+.
Cyber threats are evolving every second, and staying ahead is more than just a challenge. us. designed to give you total control, stopping unauthorized applications, securing sensitive
data, and ensuring your organization runs smoothly and securely. Visit ThreatLocker.com today to see
how a default-deny approach can keep your company safe and compliant.
Joining me once again is Ben Yellen.
He's a senior law and policy analyst at the University of Maryland Center for Health and Homeland Security.
Ben saw an interesting article come by in the Columbia Journalism Review.
There's a journalist named Ed Oh, and he had some trouble at the United States border.
He is a Canadian citizen, and on his way over the border into the United States, a place he's been many times, he had a pretty significant search. Give us some of the details
of this. Sure. So Ed O. was trying to cover the North Dakota protests, the protests over that
pipeline that's going through Native American territory. So he was trying to board a flight
in Vancouver, and when he was going through customs, without any sort of individualized suspicion, the
customs agents interrogated him for six hours, looked through his materials, required him
to open his electronic devices, even though they had been encrypted.
Even though this sort of rings alarm bells for all of us, this seems very unjust.
It is constitutional.
The border sort of has a
special quality to it from a constitutional perspective. The Supreme Court has held that
there is an exception to the warrant requirements under the Fourth Amendment search and seizure
requirements for special needs searches. Help me understand that, Ben, because it seems to me that
now Mr. O is a Canadian citizen, but it seems to me that now Mr. O is a Canadian citizen,
but it seems to me that as a citizen of the United States, if I come to the border of our country and I have a valid passport,
it would strike me that the moment that that passport is accepted and that border agent verifies that I am a United States citizen,
that my constitutional rights should kick into place. But that's not the case?
Yeah, so the Supreme Court has held otherwise.
should kick into place, but that's not the case? Yeah, so the Supreme Court has held otherwise.
They basically determined that even though in some cases where normally a warrant would be required,
normally the Fourth Amendment rights would be invoked, for some sort of public policy reason,
the government should be able to conduct warrantless searches. It's really an exception to the general rule, but it's something that's very established in Supreme Court jurisprudence.
So the best example of this are sobriety checkpoints.
When you're driving and you get pulled over at a sobriety checkpoint, there's no individualized suspicion that you yourself have been drinking and driving.
They're checking everyone.
But the Supreme Court has allowed that because there's a compelling public policy interest in freeing the roads from drunk drivers.
That's a public policy interest that we've carved out from Fourth Amendment jurisprudence. So
again, this is something that's constitutionally troubling, at least to me, but it is very well
established in constitutional jurisprudence. So where does it stand in terms of being a U.S.
citizen? If I'm at the border and I'm coming back into the United States from a vacation in Canada or Mexico or
Europe or wherever, and I have my laptop on my phone and the border agent says to me, you know,
we want to take a look at your electronic devices, which should my response be? Well, your response
should be citing a case called United States v. Cotterman. And this was a case that was decided
in the Ninth Circuit Court of Appeals,
generally a court that's very favorable to civil liberties challenges.
And they held that the United States border police
or law enforcement at the border
cannot examine your electronic storage devices
without a reason for suspicion.
And this is a holding that has weakened
the general border search exception to the Fourth Amendment that we've discussed. Reasonable suspicion is a standard
that's used in other areas of law enforcement. I think it's somewhere somewhat short of probable
cause that somebody is committing a crime. But you still have to have a reason to suspect that
there's something untoward on this electronic device. So this decision has
been appealed to the United States Supreme Court. So far, the Supreme Court has not taken up the
case. This opinion is controlling law. So if you're at the border and you don't want to reveal
your electronic information to a forensic examination, cite United States v. Cotterman. You might get some confused looks
from your border agents, but you would have good legal recourse. All right,
Ben Yellen, good information as always. Thanks for joining us.
And now a message from Black Cloak. Did you know the easiest way for cyber criminals to bypass your company's
defenses is by targeting your executives and their families at home? Black Cloak's award-winning
digital executive protection platform secures their personal devices, home networks, and connected
lives. Because when executives are compromised at home, your company is at risk. In fact, over
one-third of new members discover
they've already been breached. Protect your executives and their families 24-7, 365,
with Black Cloak. Learn more at blackcloak.io.
And that's The Cyber Wire.
We are proudly produced in Maryland by our talented team of editors and producers.
I'm Dave Bittner. Thanks for listening.
Thank you. measurable impact. Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights, receive alerts, and act with ease through guided apps tailored to your