CyberWire Daily - Huawei agonistes. Hacktivism is way down. New EU sanctions regime. Facebook goes after more coordinated inauthenticity. Salesforce still fixing its fix. OGuser hacked.
Episode Date: May 20, 2019Huawei is on the US Entity List, and US exporters have been quick to notice and cut the Shenzhen company off. Security concerns are now expected to shift to the undersea cable market. Hacktivism seems... to have gone into eclipse. The EU enacts a sanctions regime to deter election hacking. Facebook shutters inauthentic accounts targeting African politics. Salesforce is restoring service after an unhappy upgrade. OGuser forum hacked. And don’t worry about a hacker draft. Jonathan Katz from UMD on encryption for better security at border crossings. Tamika Smith reports on the Baltimore City government ransomware situation. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/May/CyberWire_2019_05_20.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash N2K, code N2K.
Huawei is on the U.S. entity list, and U.S. exporters have been quick to notice.
Security concerns are now expected to shift to the undersea cable market. Hacktivism seems to have gone into eclipse. The EU enacts a sanctions
regime to deter election hacking. Facebook shutters inauthentic accounts targeting African
politics. Salesforce is restoring service after an unhappy upgrade. The OG user forum
has been hacked. And don't worry about a hacker draft.
From the CyberWire studios at DataTribe, I'm Dave Bittner with your CyberWire summary for Monday, May 20th, 2019.
Huawei is now on the U.S. entity list, which means that U.S. companies will need a special license from the Bureau of Industry and Security to do business with them.
Another of U.S. chip companies, including Qualcomm and Intel, have stopped deliveries of chips to Huawei.
Huawei anticipated this rainy day, and the company has stockpiled a year's worth of U.S. goods necessary to sustain production.
piled a year's worth of U.S. goods necessary to sustain production.
The stockpiling would make most sense if Huawei is betting that U.S. sanctions will be relatively short-lived,
as they were in the case of ZTE's near-death experience in 2018, when the company was pulled back from the brink by a U.S. agreement to levy a big fine, extract some promises, and call it bygones.
But it remains to be seen whether Huawei's tenure on the entity
list will be a short-term trade negotiation ploy or something more enduring. Equally or more serious
consequences are expected from Google's weekend suspension of Huawei's Android license. Huawei
immediately loses access to Android updates and new versions of its devices will no longer have access to Gmail
or the Play Store. The loss of these licenses will not be mitigated by stockpiling, and recall that
the Android ecosystem is very important to Huawei. Huawei has been active in public denouncing the
sanctions as one would expect, and arguing that the U.S. needs Huawei as much as Huawei needs the Americans.
The company points out that it's a big customer of U.S. tech firms, including those that have just cut Shenzhen off.
For all these difficulties, Huawei hasn't been idle in another market where it's likely
to bang up against security issues.
The company sees its near-term future in the undersea cable market, and it's either laying
or upgrading some
100 such cables. It's worth noting that a proposed Huawei cable to the Solomon Islands brought the
company into an early open conflict with Australia. Last June, it was decided that Huawei wouldn't get
the business, and that was due to Australian objections and some Australian competition.
It was that cable incident that stiffened the Australian government's security concerns about Huawei.
Of the three traditional groupings of threat actors, criminals, hacktivists, and nation-states,
one, hacktivists, seems to have gone into eclipse.
IBM's X-Force looked at hacktivist actions that were credibly disclosed and publicly reported,
and in which, quote,
a specific group claimed responsibility for the incident
and where there is quantifiable damage to the victim, end quote.
They found a nearly 95% drop in such attacks since 2015.
In fact, none have taken place in 2019.
X-Force is inclined to think this is more quiescence than disappearance,
and that hacktivism could reappear under the right conditions, but there seems to be trends that make this unlikely.
More effective law enforcement, the arrest of some hacktivist leaders, and a lack of consensus about the causes hacktivists ought to take up are obstacles to a resurgence.
The third observation is particularly interesting.
The third observation is particularly interesting.
Activist groups tend to be both anarchic and governed by consensus, which creates a natural tension.
As causes drift or expand, consensus tends to dissipate.
The city of Baltimore continues to struggle through the ransomware infestation it sustained recently.
The Cyber Wire's Tamika Smith has an update.
Baltimore city government is the latest to be hit by a ransomware attack.
They joined Atlanta, Orange County in North Carolina, and Washington County in Pennsylvania,
among the municipalities to be hit in the past year and a half. Crippling phone systems,
hospital records, and any documents of value, all for mostly one cause, get paid.
Roughly $3.6 million is what victims reported loss to the FBI last year.
That tally was created by the Internet Crimes Complaint Center. So that's an interesting number.
Ransomware, I think for any incident response company or threat research company or the FBI,
it's a very difficult problem to scope.
Special Agent Adam Lawson works with the FBI Cyber Division in the Major Cyber Crimes Unit.
He explains that the IC3 report only shows what is submitted to their center.
He says they know that number is significantly higher.
Center. He says they know that number is significantly higher. You know, that does not take into account loss of business, wages, files, getting new equipment. It doesn't take
into account any third-party remediation services hired by a victim. Ransomware attacks are costly and cripple basic services. On WBAL's TV11,
Baltimore area resident Darius Johnson and his family were preparing to celebrate the purchase
of a new home. Not any longer. Now all they can do is wait. Our loan and getting our loan locked,
our rate locked in. It's just so many things that are up in the air right now that we don't know
what's going to happen with all of it.
This time, local officials confirmed the ransomware strain was Robin Hood.
Early reports say this is a dangerous new strain of hidden terror ransomware being sent by an unknown hacker collective.
Attacks like the one on Baltimore City are growing increasingly common.
FBI Special Agent Lawson says it's affecting the public and private sectors.
FBI Special Agent Lawson says it's affecting the public and private sectors.
We're seeing a larger number of companies or city governments, municipalities, things like that.
We're seeing larger numbers in that arena of victims.
And we're also seeing higher ransom demands of those victims.
After a ransomware attack, it could take weeks or months to rebuild the system. Ben Yellen, who's a regular on the Cyber Wire, says prevention
needs to be the first step. First of all, I should say that most of the work in preventing damage
from a ransomware attack, unfortunately for Baltimore City, comes before the attack hits.
And that's having continuity of operations plans so
that you know exactly how you can resume your essential functions. He's a senior law and policy
analyst at the University of Maryland for Health and Homeland Security. He says prevention can be
creative too. If the absolute worst comes to pass and that you have a crippling ransomware attack
where the network goes down for an extended period of time.
You even have a plan to devolve some of your agency's functions to another institution.
Baltimore officials and the FBI are being cautious about how they're working to resolve this ransomware attack.
One thing remains clear.
They have a choice to make, pay the ransom or restore the systems from a backup or from scratch.
In the meantime,
pressure is mounting for residents like Daris Johnson and his family who depend on the city services. This is becoming a new reality for cities and municipalities around the country.
They're bracing themselves for a cyber war against the new age criminal, technologically savvy and
boundaryless. For the Cyber Wire, I'm Tameka Smith.
And joining me now in studio is Tameka Smith. Tameka, welcome. And so bring us up to date.
First of all, how long has Baltimore been dealing with this ransomware attack?
May 7th is the first day that officials basically came out and said they were
going to shut down the services. And this word came from Mayor Bernard Young.
And so where do things stand now?
What's up and running and what's not?
Here's what's interesting.
Many of the services were impacted, including real estate services, health care services,
and even something as small as being able to pay a water bill.
As of right now, the city is being able to do limited services when
it comes to real estate, and the real estate industry is helping along with this push.
Right now, anyone buying a home in Baltimore can obtain certificates showing that there are
no liens on property so that they will be able to get insurance on their homes.
Now, Baltimore's been keeping information pretty close to the vest throughout
this. Have they opened up any word on how they're planning on dealing with this? Are they going to
pay the ransom? Are they restoring from backups? Anything coming out of the city? During the
weekend, there was some word that the mayor may be buckling down a little bit to pay the ransom,
but nothing official. As of right now, the FBI is mum on how they want to move forward,
and that's totally understandable. All right, Tamika Smith, thanks for joining us.
At the end of last week, the European Union enacted a sweeping sanctions regime
that it hopes will impose serious and swift consequences on organizations or individuals
found responsible for cyber attacks against the EU and its allies.
The penalties are principally travel bans and asset freezes.
The EU hopes the measure will have some deterrent effect against any who would interfere with this week's elections,
which conclude this Sunday.
Facebook has shut down accounts allegedly run by Israeli political marketing firm Archimedes Group
for coordinated inauthenticity.
A total of 65 Facebook accounts, 161 pages, 23 groups, 12 events, and four Instagram accounts
were closed.
The operation has apparently been going on for some time beneath whatever radar is being
used in Menlo Park.
Facebook says more than $800,000 has been spent on advertising associated with these accounts since 2012.
That's about $114,000 a year, since we have a calculator and you might not, especially if you're listening while you're driving.
Targets were in various African nations, and the goal was evidently political manipulation.
A number of the pages taken down supported or denigrated particular candidates and parties,
misrepresented themselves as new organizations,
or posted material claiming to have leaked from various political actors.
The Archimedes Group seems to be a hired gun in all of this.
The inauthenticity was detected in the usual ways,
implausible geolocation, linguistic goofs, and so on.
ways, implausible geolocation, linguistic goofs, and so on.
A script error in Salesforce's Pardot service affected customers beginning Friday.
Service is currently under restoration.
An upgrade changed Salesforce's production environment in such a fashion to break permission settings in customer accounts.
So, for example, any employee in a given company might have both read and write
access to documents the company did not intend for such wide distribution.
OG Users, a popular forum that, despite its bland self-description, traded digital contraband,
was hacked by other criminals. The data taken are said to include usernames, MD5-hashed passwords, emails, IP addresses, source code, website data, and private messages.
How does the site describe itself?
As a community-driven online marketplace forum of virtual goods.
We host a marketplace for OG gamer tags, Instagram accounts, Kik, and much more.
That's how they wrote it.
A lot of the community's drivers would appear to be gamers
and low-level skids out for a quick buck and some virtual street cred.
Krebs on Security describes them simply as an account hijacking forum.
Scare headlines in CSO and elsewhere suggest that the U.S. Selective Service System,
that is, the draft, gone since 1973, might someday return. One presumed goal of a
revived draft would be to enable the U.S. military to conscript hackers. But hackers?
We wouldn't sweat this one. The Orioles are likely to contend for a pennant this year than you are
to receive greetings from the president. Cyber services are the sort of thing that the government
contracts for. And anyway, think about it.
It's relatively easy for a sergeant to keep an eye on three or so unwilling conscripts
to make sure they don't foul up while they're cleaning the grease trap at the mess hall.
Keeping an eye on the sort of creative incompetence a disaffected coder might bring is another matter altogether.
But if you've decided you really must devote worry to this because you've decided to
overlook more probable disasters, like contracting cobalt beer syndrome at Granny's Fourth of July
picnic, or an asteroid strike, or being selected by the Grey Aliens for your superior genetic
potential, or you're simply a country Joe and the Fish re-enactor, or a member of an Arlo Guthrie
cover band, and we understand there are a lot of you out there, why then book your ticket to Canada before it's too late? Just make sure the expiration
date is something around the end of the 22nd century.
Calling all sellers. Salesforce is hiring account executives to join us on the cutting edge of
technology. Here, innovation isn't a buzzword. It's a way of life. You'll be solving customer
challenges faster with agents, winning with purpose, and showing the world what AI was
meant to be. Let's create the agent-first future together. Head to salesforce.com slash careers
to learn more.
Do you know the status of your compliance controls right now? Like, right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs,
we rely on point-in-time checks. But get this, more than 8,000 companies like
Atlassian and Quora have continuous visibility into their controls with Vanta. Here's the gist.
Vanta brings automation to evidence collection across 30 frameworks like SOC 2 and ISO 27001.
They also centralize key workflows
like policies, access reviews, and reporting,
and helps you get security questionnaires done
five times faster with AI.
Now that's a new way to GRC.
Get $1,000 off Vanta
when you go to vanta.com slash cyber.
That's vanta.com slash cyber
for $1,000 off.
And now a message from Black Cloak. Did you know the easiest way for cyber criminals to bypass your
company's defenses is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk.
In fact, over one-third of new members discover they've already been breached. Protect your executives and their families 24-7, 365, with Black Cloak. Learn more at blackcloak.io.
And I'm pleased to be joined once again by Jonathan Katz.
He's a professor of computer science at the University of Maryland.
He's also director of the Maryland Cybersecurity Center.
Jonathan, it's great to have you back.
I saw an article come by from The Record, and this was about researchers at University of Waterloo who are working on an app that would help protect people's privacy at the border.
What are they working on here? Well, people are concerned about reporters
or other people who may have important files on their laptop or on their phones that they don't
want other people to gain access to, including border security officials. And of course, you can
try to encrypt the data on your laptop or on your phone. But then there's the concern that when you
stopped at the border and they identify these encrypted files on your device, they may ask you
for the password or the key that's needed to unlock that device.
And so people have been trying to come up with different sort of solutions that would address
this potential event. And so what these researchers have proposed is an idea where you would
essentially use a password or use a cryptographic key to encrypt your files, but then you wouldn't
even know the key yourself.
You would basically send it either to another individual
or some set of individuals who would all need to be compromised
in order to get access to your device.
And even if these border officials were to ask you for the password,
you fundamentally would not be able to give it to them
because you don't know it yourself.
Yeah, and one of the interesting things about this that caught my eye
was that it seemed as though you can sort of split up the password among a group of people, and you would need a certain number of them to be able to unlock your information.
That's right. This is a basic idea called threshold cryptography that has been researched actually for a couple of decades.
But now these researchers are trying to put it into practice and use it for protecting encrypted files on people's devices.
So it's a compelling case here. Are there any drawbacks?
Well, I think that I've seen some other approaches that try to hide the presence
of encrypted files on someone's device altogether. And I think that can be potentially a better
approach because the issue with this one is that even though it's true that you won't be able to
give up the password and so the border officials will not be able to get access to your files, they will become suspicious,
right? They will observe that you have these encrypted files on your device. They're going
to know that you're refusing to give up your password. That's very likely to make them detain
you and potentially then investigate you further and try to understand why it is that you're not
giving up the information about these files. So I'm a little bit suspicious overall about how well this will play out in practice and how many people would be willing
then to be detained rather than either give up the files or come up with some other mechanism
for dealing with it. Yeah, it's interesting. Also, sort of bringing your friends into this,
or your colleagues as well, that it could, I don't know, cause a headache for them.
Yeah, well, there was an interesting comment in the article.
They were saying that this is for people who would rather not,
essentially, rather not give up their files than give up the password after being tortured.
Now, you know, the funny, or I shouldn't say funny,
but the thing about that is if you're being tortured,
you might actually prefer to give up your password rather than tell them,
well, I don't have it, just continue torturing me, right?
So, you know, like I said, there are
some physical assumptions, you know, assumptions that they're
making about the real world and about how people
prefer to operate in the real world
that may not be true for most people.
Yeah, no, it's an interesting edge
case, I suppose.
Alright, well, as always, Jonathan Katz, thanks for joining
us. Great, thanks. Always a pleasure.
Cyber threats are evolving every second and staying ahead is more than just a challenge. It's a necessity. That's why we're thrilled to partner
with ThreatLocker, a cybersecurity solution trusted by businesses worldwide. ThreatLocker
is a full suite of solutions designed to give you total control,
stopping unauthorized applications, securing sensitive data, and ensuring your organization
runs smoothly and securely. Visit ThreatLocker.com today to see how a default deny approach can keep
your company safe and compliant.
And that's the Cyber Wire.
For links to all of today's stories,
check out our daily briefing at thecyberwire.com.
And for professionals and cybersecurity leaders who want to stay
abreast of this rapidly evolving field, sign up for CyberWire Pro.
It'll save you time and keep you informed.
Listen for us on your Alexa smart speaker, too.
The CyberWire podcast is proudly produced in Maryland out of the startup studios of DataTribe, where they're co-building the next generation of cybersecurity teams and technologies.
cybersecurity teams and technologies.
Our amazing CyberWire team is Elliot Peltzman, Puru Prakash,
Stefan Vaziri, Kelsey Vaughn,
Tim Nodar, Joe Kerrigan, Carol Terrio,
Ben Yellen, Nick Volecki,
Gina Johnson, Bennett Moe, Chris Russell,
John Petrick, Jennifer Iben,
Rick Howard, Peter Kilpie, and I'm Dave
Bittner. Thanks for listening.
We'll see you back here tomorrow.
Your business needs AI solutions that are not only ambitious, but also practical and adaptable.
That's where Domo's AI and data products platform comes in. With Domo,
you can channel AI and data into innovative uses that deliver measurable impact. Secure AI agents connect, prepare, and automate your data workflows, helping you gain insights, receive alerts,
and act with ease through guided apps tailored to your role. Data is hard. Domo is easy.
Learn more at ai.domo.com.
That's ai.domo.com.