CyberWire Daily - Glitches, not attacks or takedowns. Tracing Gray Energy and Zebrocy back to their servers. US Army tactical cyber operations. Venezuela crisis. Bellingcat and OSINT. Roger Stone arrested.
Episode Date: January 25, 2019In today’s podcast, we hear that two potential cyberattacks now look like glitches. Gray Energy and Zebrocy look as if they’re close enough to be, if not the same threat actor, at least first co...usins. The US Army pushes significant cyber capability to a tactical level. Venezuela’s crisis may provide the next occasion for Russian information operations. How Bellingcat exposes info operations. Special Counsel Mueller secures the indictment and arrest of Roger Stone. And leave the Nest alone. Dr. Charles Clancy from the Hume Center at VA Tech on confusing marketing claims from AT&T with regard to 5G cellular technology. Guest is P. W. Singer, author of the book LikeWar, the Weaponization of Social Media. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/January/CyberWire_2019_01_25.html  Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash n2k code N2K at checkout. That's joindelete.me.com slash N2K, code N2K.
Two potential cyberattacks now look like glitches instead.
Gray Energy and Zebrosi look as though they're close enough to be,
if not the same
threat actor, at least first cousins. The U.S. Army pushes significant cyber capability to a
tactical level. Venezuela's crisis may provide the next occasion for Russian information operations.
We'll look at how Bellingcat exposes info operations. Special Counsel Mueller secures
the indictment and arrest of Roger Stone. Author P.W. Singer joins us to discuss his book Like War, the weaponization of social media.
And leave the nest alone.
From the Cyber Wire studios at Data Tribe, I'm Dave Bittner with your Cyber Wire summary for Friday, January 25th, 2019.
Two apparent, or at least potential, cyber attacks or government actions that surfaced this week now appear to be the result of technical glitches.
In what's by far the larger of the two, Microsoft's Bing search engine was blocked in China yesterday which prompted speculation in many quarters
that this amounted to another brick in the Great Firewall
a riposte in a sharpening Sino-American trade war and so on
But Bloomberg reports that service has been restored
and that the outage was due to a technical mistake
Redmond itself has been quiet about the incident
saying only that service was
back and that such things do happen. The second incident, a widespread outage of the criminal
justice secure email, widely used by barristers in Wales and England, has now been determined by
the Ministry of Justice to have been an accident, a glitch, and not the result of a cyber attack.
The system went down a week ago,
and a number of trials have been delayed. Full restoration is expected next week,
but the system has of today partially recovered.
Kaspersky reports that Russian threat actors Grey Energy and Zabrosy, one of the GRU group
Fancy Bear's Paws, share tools and techniques.
Grey Energy is generally regarded as the successor to Black Energy,
best known for its role in attacks that took down geographically confined
but still significant sections of Ukraine's power grid.
Zabrosi, seen as an avatar of Sophocene,
has mostly been active in government networks around Europe, the Middle East, and Asia.
Kaspersky has found that the groups used the same servers at the same times and serviced some of the
same targets. The story is an interesting one in that it illustrates some of the difficulty in
fixing the identity of threat actors, even after one has glimpsed them. It's not quite metaphysics,
except insofar as org charts have a
metaphysical tendency, but it does suggest again that attribution and tracking of threat actors
is a complicated matter. Military cyber-operational capabilities are fast developing into tactical
realities. The U.S. Army is establishing two organizations built around the 17th and 41st Field Artillery Brigades to, as Breaking Defense puts it,
hack, jam, sense, and shoot.
Hacking and jamming increasingly go together as cyber operations and electronic warfare continue to converge.
Sensing is a natural and necessary for both electronic and kinetic attack.
as a natural and necessary for both electronic and kinetic attack.
The shooting would be done for the most part by rockets,
specifically HIMARS high-mobility artillery rocket systems.
The hacking and jamming would be the work of Battalion Strength Intelligence,
Information, Cyber, Electronic Warfare, and Space Detachments, one per brigade, inevitably to be known by their acronym I2CEWS. The organizations are a serious
sign that the U.S., at least, is prepared to delegate significant cyber capability down to
surprisingly low tactical levels. One of the new detachments is now operational with the 17th Field
Artillery Brigade at Combined Base Lewis-McChord in Washington State. The other is destined for the 41st Field Artillery Brigade,
formerly the Bobenhausen, but now re-established at Grafenwehr, Germany.
These are by no means the national assets one usually thinks of
when considering cyber capabilities.
And when you get to Graf, cyber warriors, bring your galoshes.
The mud there is famous.
Since information campaigns can be expected to follow great power and regional tensions, watch Venezuela.
Russia has warned the U.S. against military intervention in the failed Shavista state, NBC News reports.
Venezuela is Russia's strategic partner, Deputy Foreign Minister Ryabkov said,
and deposition of President Maduro, quote, would shake the foundations of the development model
which we see in Latin America, end quote. The U.S., joined by the U.K. and others,
has expressed strong support for opposition leader Juan Guaido's constitutional claim
to enacting presidency.
The U.S. has expressed its intention to put as much diplomatic and economic pressure as it can
on President Maduro's regime, widely regarded as having retained power fraudulently. There's
little evidence of interest in Washington's part on military intervention, but Moscow squints and says it can see it.
It's striking that Russian statements find much to praise in Venezuela's development model.
Bellingcat seems to have had success in countering Moscow's and others' information operations.
Foreign Policy interviews the citizen journalists,
who got their initial funding through a Kickstarter campaign,
and discusses how they were able to geolocate ISIS demonstrators,
expose the GRU agents behind the Novichok attacks in Salisbury,
and point out that alleged gun camera footage showing U.S. atrocities in the Middle East was actually just screenshots from a first-person shooter game.
Bellingcat has done some very nice work with open-source
intelligence, and their founder, Elliot Higgins, points out the core challenge of anyone involved
in such work. Higgins says, quote, getting a balance between being obsessive enough and not
also crazy is rather difficult, end quote. It can also be difficult to get open-source
intelligence, OSINT, taken seriously, since there's a perennial temptation among many, and intelligence professionals are no different, to confuse cost with value.
And OSINT can be a bargain.
Microsoft President Bradley Smith is again urging the U.S. to publicly adhere to the Paris call for norms with respect to conduct in cyberspace.
If official statements from Paris and Lille over the last week and a half are any indication,
the Paris call may be more operationally supple than the earnest executives from Redmond may wish.
The FBI arrested Roger Stone, former advisor to U.S. President Trump in Florida early this morning,
pursuant to an indictment obtained by special counsel Robert Mueller.
Mr. Stone has been charged with seven process crimes,
including obstruction of an official proceeding,
witness tampering, and five counts of making false statements.
The indictment doesn't allege that he conspired with WikiLeaks,
Julian Assange, or others, as the president notes,
but rather that he was not candid about his interest in learning about whatever dirt they
may have had on the Clinton campaign. Finally, a person who goes by the nom-de-hack SideFX,
that's SideFX spelled S-Y-D-E-F-X, has been using credential stuffing attacks to take over Nest Home security systems.
He's asked his victims, or rather, as Mr. Effects would put it, since he sees himself as a white hat,
those he's helping to realize that their systems aren't so secure, to subscribe to, wait for it,
PewDiePie on the YouTube. Again with the PewDiePie. Mr. Effects told Motherboard he's been doing this so he can land a job as an ethical hacker
and presumably to provide a public benefit.
Kids, look, if you want to be an ethical hacker, start with the ethical part.
That little inner Jiminy Cricket will probably tell you, oh, not to force your way into uncooperating systems
or to scare them by talking to them
through their home monitors. Here, innovation isn't a buzzword. It's a way of life. You'll be solving customer challenges faster with agents,
winning with purpose, and showing the world what AI was meant to be.
Let's create the agent-first future together.
Head to salesforce.com slash careers to learn more.
Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks.
But get this.
More than 8,000 companies like Atlassian and Quora
have continuous visibility into their controls with Vanta.
Here's the gist.
Vanta brings automation to evidence collection across 30 frameworks, like SOC 2 and ISO 27001.
They also centralize key workflows like policies, access reviews, and reporting,
and helps you get security questionnaires done five times faster
with AI. Now that's a new way to GRC. Get $1,000 off Vanta when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1,000 off. And now a message from Black Cloak. Did you know the easiest way for cyber criminals to bypass
your company's defenses is by targeting your executives and their families at home? Black
Cloak's award-winning digital executive protection platform
secures their personal devices,
home networks, and connected lives.
Because when executives are compromised at home,
your company is at risk.
In fact, over one-third of new members
discover they've already been breached.
Protect your executives and their families
24-7, 365 with Black Cloak.
Learn more at blackcloak.io.
And joining me once again is Dr. Charles Clancy.
He's the director of the Hume Center for National Security and Technology at Virginia Tech.
Dr. Clancy, welcome back.
I saw some stories pop up, actually a little bit of controversy here,
about AT&T announcing that, I guess, more of a marketing campaign than anything else.
So they're releasing some technology, some upgrades to their network that they're calling 5G evolution.
It's caused some folks to raise some eyebrows here.
Can you shed some light on it? What's going on here? Sure. In fact, notably, T-Mobile released
a video on Twitter showing taking a sticker that said 9G and putting it in the upper corner of one their phones as a jab at AT&T's 5G evolution. So anytime there's a new generation of cell phone
technology, there's a big marketing campaign to try and each carrier trying to outflank each other
in the media. We saw the same thing with the transition from 3G to 4G, where you had commercials
for both AT&T and Verizon, both indicating they offered the nation's strongest or fastest or most coverage at 4G.
And at the time, Verizon had upgraded their 3G network to make it have speeds approaching 4G.
Meanwhile, AT&T had begun deploying actual LTE technology, and that's why we have the differentiation between 4G and 4G LTE.
Essentially, we're seeing the same thing now with 5G.
5G is an actual standard.
It's called New Radio.
So 5G New Radio is the actual signaling format. It's about 50% faster than the 4G signaling, but you can still use the same 4G
signaling, but with many of the features of 5G, where you would basically be able to band together
multiple chunks of spectrum in order to get the data rates higher. So essentially what AT&T is
offering is under pristine conditions, you could see 5G speeds on this network, but it's really
all built out of 4G building blocks. I see. And so the notion here is that we'll start seeing some phones that have that 5G logo up in
the corner, despite the fact that the underpinnings are still going to be 4G technology?
So that's a good question. In fact, the carriers last time around went to the ITU,
which is part of the UN, and actually had the definition of 4G changed
so that they could legally call it 4G.
We actually saw the same thing with 3G technology, where GSM Edge service was reclassified as
a 3G technology, even though it was based on 2G.
And it was specifically to try and meet those marketing criteria.
And the ITU actually sets these thresholds. So it'll be interesting to see if the ITU is willing to
call this 5G and whether this is something that then becomes more ubiquitous. But it's all really
part of this incremental change and upgrade of technologies that ultimately is going to lead
to nationwide 5G. Yeah. So buyer beware. Just make sure what you think you're getting
is what you're actually going to be getting out there.
And keep in mind that right now
there is no production 5G service.
There's a lot of trials underway,
and I expect that within the first half of 2019
we'll start to see real 5G commercial service,
but it's not quite there yet.
All right, Dr. Charles Clancy, thanks for joining us.
Thanks a lot.
Cyber threats are evolving every second, and staying ahead is more than just a challenge.
It's a necessity.
That's why we're thrilled to partner with ThreatLocker, a cybersecurity solution trusted by businesses worldwide.
ThreatLocker is a full suite of solutions designed to give you total control, stopping unauthorized applications,
securing sensitive data, and ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today to see how a default deny approach can keep your company safe and compliant.
My guest today is Peter W. Singer.
He's a strategist at New America and author of the book Like War,
The Weaponization
of Social Media, along with his co-author Emerson Booking. Mr. Singer is author of a number of books
on both conventional and cyber warfare and was named one of the top 100 most influential people
in defense issues by Defense News. He joined us from his office in Washington, D.C.
He joined us from his office in Washington, D.C.
So we started this project almost five years ago, and there was a series of seemingly kind of new breakpoints. But actually now, in retrospect, they signified a new normal.
And they were everything from, for example, you had the first what was called Twitter war that played out where Israel and Hamas had one of their sort of regular conflicts.
And there was a series of days of airstrikes and the like, and it kind of ended inconclusively on the ground.
But alongside it, for the first time, you had these online what we now call battles, but basically debates going back and forth as to what was happening,
literally millions of messages. And what was interesting about it was not just that you had these messages going back and forth, but that the vast majority of the messages claiming what was
happening on the ground, who was in the right and wrong, were being pushed by people physically
outside the region. And what was even more notable
than the fact that, you know, you could, for example, weigh in on this conflict, even though
you might be, you know, checking Twitter on the subway and the way to work, is that actually the
ebb and flow of the conflict had real world consequences. They later found that essentially whichever side was winning, so to speak, in the
trends online, it shaped the both pace and location of the airstrikes by over 50 percent.
What was essentially happening is that the Israeli generals and politicians were watching the maps,
but also watching their Twitter feed, which now, of course,
you know, seems normal. Another example about five years back was we had a group of terrorists
seize a shopping mall in Kenya, and the government tried to shut down communication and reporting
about what was happening. And the result was that the terrorists who were on social media became the primary source for the world on their act of terrorism. So actually, we fed into
the very goal of terrorism, which is, you know, to drive the message and it's to drive fear viral.
But what was, again, interesting is the terrorists realized that because they own the narrative,
again interesting is the terrorists realized that because they own the narrative they also didn't have to tell the truth online you know again sort of a seemingly obvious realization but um you know
this is where we're at and then finally you had a policy change uh in the u.s military which allowed
deploying service members to afghanistan uh to use and Twitter. And so for the first time,
you had people on the battlefield able to friend their enemy. And in turn, their enemy, the Taliban,
could not just friend and stalk and track and communicate with them, but could equally reach
out and connect to everything from family members,
friends, journalists back home, you name it.
And so you had this kind of connection point.
So all of these things were a spark for us to start the book project.
And then we started to explore essentially how social media was being used in war zones
around the world.
But very quickly, that widened.
If you're looking at, for instance, Iraq and Syria, the rise of ISIS, it becomes a
story of terrorism. If you're looking at terrorism, you have a cross with things like the drug war in
Mexico, and we started to look at how drug cartels were using it. Then we began to look at, hold it,
Chicago gangs. If you're looking at how it was used in places like Russia and Ukraine, very quickly moved into American domestic politics.
And so the project was essentially trying to explore just what's going on here in this new form of online conflict
that, as we talk about it, is not about hacking of computers on the network,
sort of the classic definition of cyber war,
on the network, sort of the classic definition of cyber war, but rather hacking the people on social networks by driving ideas viral, what we call a like war.
You know, there's no shortage of, you know, breathless reporting and headlines that these
networks are going to be the end of us.
It's going to lead to the downfall of democracy and, you know and the way we communicate and our freedoms are at risk.
Do you think that there's something to that?
I guess what I'm getting at is how accurate do you think those warnings are?
How concerned should we be as we head forward?
It's a technology that can be used for massive good and massive evil. Guess
what? Like every other technology in the past. So if you think of, for instance, the radio,
Goebbels talked about how his rough quote was, talking about the rise of the Nazi party,
how his rough quote was, talking about the rise of the Nazi party, the top propagandist of it said, we couldn't have done it without the radio. Of course, the radio also allowed FDR's famous
fireside chats that mobilized the free world against the Nazis. The radio also created
new forms of shared entertainment.
So we've been through these kind of sea changes before.
What we need to recognize is social media is on that level.
And we've seen it empower new actors who've used it for evil and for good.
A couple of things, though, that are important about that. The first is,
I think right now, we feel so negative about it, largely because of how positive we felt
about it just a couple years ago. You know, just a couple years ago, there was this just crazy level
of techno optimism. You know, it's everything from the arab spring and oh
social media has a quote liberating power and you know uh dictatorships are on their way out
uh to you know facebook has a um uh motto that it's pushing out um that back then uh it's men
as a positive now it feels kind of creepy where they're pushing, quote, the more we connect, the better it gets. Think about that now, how that sounds. No, the more we connect, the more we connect. And we've seen the good and the bad of it. But you have this kind of crazy level of techno-optimism, and now we're feeling sort of the second side of it. The other aspect
is that essentially part of why it feels so bad is that we've not understood these new rules of
the game. And so essentially the bad actors, whether it's Russian disinformation warriors to
trolls and conspiracy theorists, they've been the ones that have understood these rules. And so they've
been manipulating their way into a level of success that they wouldn't have otherwise achieved. And so
it's up to us to learn these new rules to be able to push back against it. And that's what the book
project was about, is trying to help us all understand, you know, what are these rules of the
game? That's Peter W. Singer.
He's author of the book Like War, The Weaponization of Social Media,
along with his co-author, Emerson Brooking.
There is a lot more to our conversation.
You can find it over on our Patreon page.
That's patreon.com slash the Cyber Wire.
For links to all of today's stories, check out our daily briefing at thecyberwire.com.
And for professionals and cybersecurity leaders who want to stay abreast of this rapidly evolving field, sign up for Cyber Wire Pro.
It'll save you time and keep you informed.
Listen for us on your Alexa smart speaker, too.
The CyberWire podcast is proudly produced in Maryland out of the startup studios of
DataTribe, where they're co-building the next generation of cybersecurity teams and
technologies.
Our amazing CyberWire team is Elliot Peltzman, Puru Prakash, Stefan Vaziri, Kelsey Vaughn,
Tim Nodar, Joe Kerrigan, Carol Terrio, Ben Yellen, Nick Vilecki, Gina Johnson, Bennett Thanks for listening.
We'll see you back here tomorrow. Thank you. With Domo, you can channel AI and data into innovative uses that deliver measurable impact.
Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights, receive alerts, and act with ease through guided apps tailored to your role.
Data is hard. Domo is easy.
Learn more at ai.domo.com.
That's ai.domo.com