CyberWire Daily - Huawei and the Five Eyes. Report on Russian trolling finds fluency in American. Boomstortion scammers turn to new threats. PewDiePie followers hack printers, again.
Episode Date: December 17, 2018In today’s podcast, we hear that the Five Eyes agreed to contain Huawei’s potential for espionage. Huawei and ZTE both continue their charm offensive to convince international customers it’s saf...e to use their gear. Senate commissioned report on Russian influence operations finds the St. Petersburg troll farmers “fluent in American trolling.” Boomstortion scammers now threaten acid attacks. PewDiePie followers—again—hack printers, but this time they say it’s for the public good. Justin Harvey from Accenture on M&A targets and resilience. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2018/November/CyberWire_2018_12_17.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash n2k code N2K at checkout. That's joindelete.me.com slash N2K, code N2K.
The Five Eyes coordinate to contain Huawei's potential for espionage.
Huawei and ZTE both continue their charm offensive
to convince international
customers it's safe to use their gear. The Senate-commissioned report on Russian influence
operations finds the St. Petersburg troll farmers fluent in American trolling. Boomstortion
scammers now threaten acid attacks. And PewDiePie followers, again, hack printers, but this time
they say it's for the public good.
From the CyberWire studios at DataTribe, I'm Dave Bittner with your CyberWire summary for Monday, December 17th, 2018.
The Five Eyes are said to have agreed this July during a SIGINT summit in Canada
that Huawei represented a threat that would need to be contained.
The governments view the company with varying degrees of alarm.
The US and Australia have taken a generally hard line, the UK a relatively softer one,
but their consensus is that the company's potential to collect intelligence on behalf of Chinese services is troubling. That line is hardening in the UK as well, as members of parliament call on the
government to conduct an inquiry into how using Huawei equipment might place British critical
infrastructure at risk. Huawei continues to lose partners in Europe, as both BT in the UK and
Deutsche Telekom in Germany shy away from the Chinese
hardware manufacturer on security grounds. Huawei has said it's determined to do whatever it takes
to allay security concerns. Huawei CFO Meng Wazhou is still in Vancouver, awaiting the outcome of
hearings that could see her extradited to the United States, where she faces charges related to fraudulent evasion of sanctions against Iran.
Chinese authorities confirmed over the weekend
that they have indeed detained two Canadian nationals
on suspicion of endangering national security.
Those arrests are widely seen as retaliation for Canada's detention of Ms. Meng.
Huawei's smaller rival ZTE is in a similar position,
also troubled by security concerns and suspicion of evading international sanctions.
In an effort to shore up its business and reassure potential customers
that its equipment is safe to use,
the company has engaged former U.S. Senator and vice presidential candidate Joseph Lieberman
to lead what ZTE calls an independent security audit of the firm's products.
A report on Russian information operations commissioned by the U.S. Senate Intelligence Committee
was released this morning.
The study focuses on the Internet Research Agency's output
and confirms the St. Petersburg troll farm's opportunism and cultural fluency.
Wired says the study is also bad news for both Facebook and Google,
since it suggests the two companies dissembled in their responses to congressional inquiries.
The report was produced by New Knowledge, a brand protection firm that specializes in
deflecting disinformation pushed
across social media. Their report was based, according to Wired, on a review of 10.4 million
tweets, 1,100 YouTube videos, 116,000 Instagram posts, and 61,500 unique Facebook posts published
from 2015 through 2017. That's not an exhaustive sample, but it's a large one.
They found that the Internet Research Agency was fluent in American trolling,
very far from the stereotypical crude propaganda, often in broken English, that some still imagine.
For their part, lawmakers in Russia's Duma are urging enactment of closer controls over the Internet and Russians' access to it.
This is being framed as a response to an increasingly aggressive U.S. posture in cyberspace.
That their response is tighter censorship suggests an appreciation of the risk propaganda poses to closed societies as much as open ones.
opposes to closed societies as much as open ones. You do find the stereotypically crude come-ons,
obvious non-native speaking English, of course, in criminal enterprises, and that's unlikely to change in the near future. One such campaign is fishing in British waters this month,
with badly written emails inviting the recipient to please explore your payroll down the page.
Your Christmas Day bonus gift is $2.86. This month wage will be paid usually before Christmas.
Texts like that pretty much screams don't click the link, but alas, some probably will.
The link offered goes to a file on Google Docs that contains a malicious payload.
on Google Docs that contains a malicious payload.
The boomstortion scammers who made false bomb threats across much of the English-speaking world last week
haven't really scored.
Graham Cluley calls the folks behind the caper cockwombles.
And so far, they've pulled in chicken feed,
no more than a couple of bucks,
which seems a sorry return on even their low-level investment,
and far, far short of the $20,000 a pop they were asking.
They're also turning to a new bogus threat, acid attacks.
None of this is funny, of course,
but it's also in all likelihood not a serious threat.
That sound you hear, oh cockwombles,
is the approach of the police with blood in their eye.
This sort of genius doesn't tend to remain at large for long.
Finally, for your consideration, it's long been a truism that the sleazier precincts of YouTube,
the backwater carnival midways and geek shows infested by those we've curiously come to call YouTube stars,
are as unedifying as they are strangely attractive to a certain kind of follower.
One of the stars, a kind of Howard Stern of the Internet,
only without the maturity and sensitivity of Mr. Stern, is PewDiePie.
Mr. Pie's followers made some noise a couple weeks ago
by hacking unprotected networked printers
to spit out messages encouraging everyone to follow Mr. Pi.
Late last week, they returned, but this time around, they come with a more high-minded purpose.
They're still hijacking printers, only now they say they're not trying, say, to encourage you to
take the Tide Pod Challenge. So eating laundry detergent isn't the goal. Rather, they say they're
hacking printers to raise security awareness. So actually they say they're hacking printers to raise security
awareness. So actually now, they're a force for good. Our apologies to Mr. Pi's followers for
underestimating them. Maybe. But somehow, we don't think this latest caper will earn them
the service learning credits they're hoping for. Stay in school, kids. challenges faster with agents, winning with purpose, and showing the world what AI was meant
to be. Let's create the agent-first future together. Head to salesforce.com slash careers to learn more.
Do you know the status of your compliance controls right now? Like, right now. We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks. But get this,
more than 8,000 companies like Atlassian and Quora have continuous visibility into their controls
with Vanta. Here's the gist. Vanta brings automation to evidence collection across 30
frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies,
access reviews, and reporting, and helps you get security questionnaires done five times faster
with AI. Now that's a new way to GRC. Get $1,000 off Vanta when you go to
vanta.com slash cyber. That's vanta.com slash cyber for $1,000 off.
And now, a message from Black Cloak.
Did you know the easiest way for cyber criminals to bypass your company's defenses is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform
secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk.
In fact, over one-third of new members discover they've already been breached.
Protect your executives and their families 24-7, 365, with Black Cloak.
Learn more at blackcloak.io.
And I'm pleased to be joined once again by Justin Harvey.
He's the Global Incident Response Leader at Accenture.
Justin, it's great to have you back.
Today, I wanted to touch on mergers and acquisitions targets
and how you go about assessing their cyber resilience.
What can you share with us?
So companies are not appropriately evaluating
the risks of the companies they're buying in many cases. A small data point here, Dave,
and that is global and U.S. merger and acquisition activity has hit an all-time high here in the
first half of 2018. And we're seeing the same thing amongst our clients here at Accenture.
And one of the things that has historically been looked at from a risk perspective
of companies that are going to be acquired is how much money or how much effort needs to be
poured into to shore up the to-be-acquired company's infrastructure to be at the same
level of the mother company.
But it's not only about how much money you have to pour in to bring it up to speed, but
it's also about the latent risks that may already be lurking within the network or system.
So it's essential that the buyer be able to perform essentially a cyber resilience diagnostic against that to-be-acquired company to be able to look at things like the cyber hygiene of the systems and workstations, the ability for their security operations or incident responders to perform their jobs?
The next one would be, are there latent threats or indicators of compromise or indicators of attack that are already present in the environment?
And clearly, when you buy an acquired company, I would say probably 80% of the time,
you're going to want to connect their network to yours in order to
speed productivity, in order to increase the security of your communications. And then you
want to start merging the user directories. Clearly, you want the same email addresses and
the same usernames across the enterprise. But that in itself comes with some risk.
There could be adversaries that have been present in that network that then can ride that highway that has now been connected between the organization and the acquired.
And we've also been working a lot with our clients to make sure that during the due diligence process, we can not only give them an estimate or help them better budget how much it's going to cost to bring up their level of resilience or their cyber resilience, but also let them know, has there been any threat activity in the network? Or even maybe it's not even in their network.
been any threat activity in the network, or even maybe it's not even in their network.
Perhaps the dark web has remnants of customer records or personal data that has been leaked from that organization, which could be a liability in the future. So our iDefense team has been able
to build some content and build some capabilities to bring those risks surfaced to the buyer.
Now, how often does this bubble up and become a roadblock, a speed bump to a mergers and
acquisition process? Well, typically, unless there is a large-scale loss of customer records
or cardholder data or PHI, it typically becomes a blip on the screen of the company
acquiring the other company. So it does weigh into the financials. But to my knowledge, I've
never seen an organization say, we're not going to purchase you because you have latent threats or
a low cyber resilience maturity. It just factors into the overall price.
And perhaps it can even impact the price that has been negotiated with the organization.
I see.
All right, Justin Harvey, thanks for joining us.
Thank you.
Thank you. ThreatLocker is a full suite of solutions designed to give you total control, stopping unauthorized applications, securing sensitive data, and ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today to see how a default-deny approach can keep your company safe and compliant. And that's the Cyber Wire.
For links to all of today's stories, check out our daily briefing at thecyberwire.com. And for professionals and cybersecurity leaders who want to stay abreast of this rapidly evolving field, sign up for Cyber Wire Pro.
It'll save you time and keep you informed. Listen for us on your Alexa smart speaker too. The CyberWire podcast is
proudly produced in Maryland out of the startup studios of DataTribe, where they're co-building
the next generation of cybersecurity teams and technologies. Our amazing CyberWire team is
Elliot Peltzman, Puru Prakash, Stefan Vaziri, Kelsey Vaughn, Tim Nodar, Joe Kerrigan,
Carol Terrio, Ben Yellen, Nick Volecki, Gina Johnson, Bennett Moe, Chris Russell, John Petrick,
Jennifer Iben, Rick Howard, Peter Kilpie, and I'm Dave Bittner. Thanks for listening. We'll see you
back here tomorrow. Thank you. hard. Domo is easy. Learn more at ai.domo.com. That's ai.domo.com.