CyberWire Daily - Influence operations in Ukraine’s elections. Australian hacks look more like China’s work. Huawei and the 5G future. Objectionable content in comments. DrainerNot. No more soldier-selfies in Russia.
Episode Date: February 22, 2019In today’s podcast, we hear that Kiev says it’s found complex, large-scale Russian influence operations in Ukraine’s presidential election. Australian investigators are said to be closer to conc...luding that recent hacking attempts were the work of Chinese intelligence services. There’s also plenty of ordinary crime to go around. Huawei continues its charm and affordability offensive. User comments drive advertisers away from YouTube. DrainerBot sucks power from phones. And Russia outlaws soldier-selfies. Ben Yelin from UMD CHHS about a lawsuit involving a man refusing to unlock his phone at the U.S. border. Guest is Linda Burger from NSA with information on their Technology Transfer Program. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/February/CyberWire_2019_02_22.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash n2k code N2K at checkout. That's joindelete.me.com slash N2K, code N2K.
Kiev alleges complex large-scale Russian influence operations in Ukraine's presidential election.
Australian investigators are said to be closer to concluding that recent hacking attempts Thanks for watching. Linda Berger is here to tell us about the NSA's technology transfer program, DrainerBot sucks power from phones, and Russia outlaws soldier selfies.
From the CyberWire studios at DataTribe, I'm Dave Bittner with your CyberWire summary for Friday, February 22, 2019.
for Friday, February 22, 2019.
Kiev's SBU security service has charged Russia with organizing a large influence campaign
to secure election of its preferred candidate
in Ukraine's upcoming presidential election.
Which candidate Moscow favors isn't specified,
but the methods used cover everything
from state-of-the-art information operations and troll farming
to the kind of ground-game bribery and get-out-the-vote hustle
an early 20th century Chicago ward healer would immediately recognize.
Passing out holiday turkeys in the 10th ward, that sort of thing,
plus inauthentic online persona, hacking, and so on.
The Sydney Morning Herald reports that investigators are closer to singling
out Chinese intelligence services as responsible for attempts to gain access to Australian
parliamentary and political party systems. The attempts are thought to be consistent with
Beijing's long-term goal of gaining insight into the Five Eyes intelligence products and operations.
A preliminary attribution by the cyber
company ReSecurity, discussed yesterday in the Wall Street Journal, cited Iran's Mabna Institute
as the likeliest suspect in the incident. The Mabna Institute has been indicted by the U.S.
for cyber attacks against American enterprises, and ReSecurity thinks the activities reported
and observed around Australian targets
seem to follow techniques Mabna has used in the past.
Thus, the hints pointing to China would amount to a false flag operation.
But this seems unlikely.
The evidence publicly cited is circumstantial and ambiguous at best,
including documents retrieved from a cloud server that may or may not have been used by the hackers.
Sources close to the investigation dismiss suggestions of Iranian involvement as far-fetched.
They can't yet speak on the record, but the anonymists in this case seem pretty certain that the attacks are traceable back to Beijing.
The investigation continues, and signs still point to China.
continues, and signs still point to China. Canada's communications security establishment has said it's working with its Australian counterparts to investigate the incident.
The episode has increased tensions between China and Australia.
A wave of other attacks disclosed in Australia seem more straightforwardly criminal in their
motivation. Ransomware has afflicted a number of targets over the past few
months, including the Melbourne Heart Group, which is a cardiac care practice, the large corporate
superannuation fund Telstra Super, and the Roman Catholic Archdiocese of Melbourne. These are being
read as the work of organized criminal gangs. The attack on Toyota's Australian operations is a more
mixed case. Employees were locked out of the systems for several days.
Media coverage in Australia has tended to bracket this incident
with the attempts against Parliament and political parties,
but that may amount to little more than a circumstantial association of ideas.
But that case remains a more open one.
To return to security concerns about Chinese operations,
U.S. Secretary of State Pompeo has cautioned allies that the presence of Huawei in their
infrastructure would make the U.S. wary of sharing intelligence with them. Huawei isn't out of the
woods yet, and the Americans would still love to talk to the company's CFO, currently detained in
Canada, but the tide seems now to have begun running against U.S. efforts
to convince other countries to exclude Huawei from their 5G networks.
Huawei's lower cost, general reliability, and good enough devices
may be too attractive for the telecom sector to forego.
It's not classically disruptive technology,
since it's not displacing an entire family of technology
the way, for example, digital imaging replaced film.
It's rather a case of offering commodity equipment at competitive prices.
European telecommunications operators have generally opposed a ban on Huawei, so have carriers that serve rural U.S. markets.
They, too, like cheap, reliable, and good-enough gear.
Britain's National Cyber Security Centre's dance with Huawei continues. On the one hand,
the company is regarded as presenting a risk to U.K. networks, but on the other hand,
it believes that risk may be manageable. In any case, NCSC hasn't reached a public decision yet.
Its full report on telecom security is due out in March. In the meantime, NCSC boss
Martin tells British telcos to up their security game. Huawei itself continues its pricey charm
offensive, promising to invest billions in security and associated confidence-building
measures. The company will probably face its toughest sledding in the U.S. and Australia,
where strong signs of renewed Chinese espionage have put security officials on their guard.
An op-ed in Forbes notes that 5G security touches control systems as well as IT devices.
In fact, its biggest impact may be precisely on the Internet of Things.
Should 5G technologies be widely open to hostile manipulation,
the damage to be feared might well prove to be as kinetic as it is informational.
This week saw renewed calls for online platforms, especially social networks,
to do more to control harmful content. The parliamentary report on fake news took Facebook
harshly to task in the UK, and Facebook and other big tech firms are getting letters from members of the U.S. Congress this week as well.
Congress is asking about children's safety and public health, always a reliable entering wedge for regulation.
One hitherto largely overlooked form of content, user comments, drew close attention this week from advertisers.
form of content, user comments, drew close attention this week from advertisers. Some large companies, including AT&T, Nestle, and Hasbro, are considering pulling their advertising
from YouTube, unless the Google-owned platform can guarantee that their ads wouldn't appear
alongside objectionable content. This is a far taller order than one might think.
Even filtering adult content is harder than it seems, but moderating
comments for signs of objectionable use is tougher still. There are increasing signs that people are
making bad use of perfectly innocent videos of children to offer lewd commentary and suggestions
for going to particular points in the videos. Again, the videos themselves are usually innocent
in intent and generally innocent in content too by any rational interpretation.
But comment sections don't excel at rational interpretation.
The devil here is in the details, and the details are in the comments.
If your phone seems to be losing its charge much faster than it ought to, Oracle may have a diagnosis.
Its researchers have discovered an ad fraud scheme
they're calling Drainerbot that sucks prodigious amounts of both power and data.
Finally, we mentioned earlier this week the results of a NATO exercise in which troops were
socially engineered by red teams egging them on into doing stuff they shouldn't via social media.
Russia had a similar but different concern,
operational security lapses enabled by social media. If people aren't supposed to know you're
in the Donets, then you shouldn't take a selfie in front of a welcome to the Donets sign and post
it to Instagram where mama and babushka can enjoy it. The rest of the world will see it too.
Similarly, if your government has assured the world your forces aren't using cluster munitions in Syria,
that thumbs-up shot of you loading such munitions into an Su-25's hardpoints is probably unhelpful to the cause.
So now there's a law in Russia designed to make it a crime to do this kind of thing.
How well that will work on a group of soldiers who are, after all,
essentially teenagers, remains to be seen. Tell it to the Marines. It can be hard enough to keep
Terminal Lance from charging his Samsung phone by connecting it to Sipernet.
Calling all sellers. Salesforce is hiring account executives to join us on the cutting edge of technology.
Here, innovation isn't a buzzword. It's a way of life.
You'll be solving customer challenges faster with agents, winning with purpose, and showing the world what AI was meant to be.
Let's create the agent-first future together.
Head to salesforce.com slash careers to learn more.
Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs,
we rely on point-in-time checks.
But get this.
More than 8,000 companies like Atlassian and Quora have continuous visibility into their controls with Vanta.
Here's the gist.
Vanta brings automation to evidence collection across 30 frameworks like SOC 2 and ISO 27001.
They also centralize key workflows like policies, access reviews, and reporting,
and helps you get security questionnaires done five times faster with AI.
Now that's a new way to GRC.
Get $1,000 off Vanta when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1,000 off.
And now, a message from Black Cloak.
Did you know the easiest way for cyber criminals
to bypass your company's defenses
is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk.
In fact, over one-third of new members discover they've already been
breached. Protect your executives and their families 24-7, 365 with Black Cloak. Learn more
at blackcloak.io. And joining me once again is Ben Yellenllen he's a senior law and policy analyst at the university
of maryland center for health and homeland security ben great to have you back uh an
article from ars technica this is written by cyrus farivar who has been a guest on our show before
the uh title here is man sues feds after being detained for refusing to unlock his phone at
airport what prompted this what's going on here?
So this is an individual who was flying outbound
from Los Angeles International Airport to Saudi Arabia.
He was actually going on his Hajj,
the Muslim religious pilgrimage.
This occurred at the beginning of 2017.
And this individual, Haissam,
I'm probably pronouncing this incorrectly, but Alsharkawi,
was pulled out of a security line by Customs and Border Patrol agents. They started to question
him about where he was going, what he was doing. And he became very frustrated with that line of
questioning and said, do I need a lawyer to answer these questions?
Now, that led the Customs and Border Patrol agents to become more suspicious, and they decided that simply by asking that question, it justified additional searches. So they searched his stuff
and came across his cellular phone, which the individual refused to unlock, refused to share. Eventually, under
pressure from Customs and Border Patrol agents, he did unlock his phone simply to sort of get out of
what was a difficult situation. So he sued them on constitutional grounds, on violating his First,
Fourth, and Fifth Amendment rights. And this gets at really a broader problem,
which are these border searches. So we've talked about on this podcast before, there is an
exception to the Fourth Amendment as it relates to the searches of digital devices at the border,
because this goes beyond the traditional law enforcement justification, i.e. we're trying to catch a criminal in the commission of a crime.
Courts have held that the government is justified in conducting these searches, even if they don't have a warrant.
Basically, because we need to protect our national security, the integrity of our borders.
What's interesting about this case is that most of the previous cases involved people
who were entering the United States. This involved an individual who was traveling abroad.
So this is a U.S. citizen, right?
This is a U.S. citizen who's traveling abroad, who's actually leaving the country.
And that's why I don't think the special needs justification is applicable here. The reason we have the special need is because we want to know who's coming into our country and whether they're going to do us harm.
That's the stated justification for having a border search exception to the Fourth Amendment.
But that seemingly would not apply when the individual is a U.S. citizen who's actually leaving the country.
If they want to inspect his device when he came back, even as a U.S. citizen and is actually leaving the country. If they want to inspect his
device when he came back, even as a U.S. citizen, I think you could justify that under the border
search exception. But you certainly couldn't justify it when he's taking an outbound flight.
And one of the reasons I think this issue has become more prevalent is we're starting to learn
about the extent to which the Department of Homeland Security is engaged in data mining based on their border searches. The Office of the
Inspector General at the Department of Homeland Security released a report recently, and they said
that though customs officials are required to expunge data that they don't need to use in
national security or criminal
investigations, that data is very frequently not expunged. And as a result, Department of Homeland
Security has and maintains a database of digital information collected as part of routine border
searches. And, you know, I think this is something that rubs a lot of people the wrong way,
because there is this Fourth Amendment exception that means that there are a lot of border searches,
according to Customs and Border Patrol. More than 29,000 travelers in 2017 who came across
our borders, whether they're U.S. citizens or non-U.S. persons have their devices searched. And the fact that we are going against DHS protocol
and retaining this information, I think presents a major civil liberties threat.
And I think that's the threat that this individual in the Los Angeles case is trying to get at with
his lawsuit. All right. Well, Ben Yellen, as always, thanks for enlightening us on the details of these sorts of things. Thanks for joining us.
Thank you very much. Staying ahead is more than just a challenge. It's a necessity. That's why we're thrilled to partner with ThreatLocker,
the cybersecurity solution trusted by businesses worldwide.
ThreatLocker is a full suite of solutions designed to give you total control,
stopping unauthorized applications, securing sensitive data,
and ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today to see how a default
deny approach can keep your company safe and compliant.
My guest today is Linda Berger. She's director of the Technology Transfer Program at the NSA, the National Security Agency.
Her team is tasked with creating partnerships between government and the private sector
to license government patents and enable the use of scientific breakthroughs and technical advances to boost economic growth.
Linda Berger joined us at our studios in Maryland.
boost economic growth. Linda Berger joined us at our studios in Maryland. Technology transfer is a government-wide initiative to return dividends to the American taxpayer for the research and
development investment that the government makes annually. At the NSA tech transfer program, we have
four main ways that we engage in technology transfer for the agency. And a big part of it is building partnerships.
And we do that with industry, academia, other government agencies. And the first one I'll
talk about is something that started at NSA that we do on our own TTSAs or technology transfer
sharing agreements. And that's when we share at no charge with other government agencies,
technologies or capabilities that were developed at NSA for mission use that can be used broadly across the government. Taxpayers already funded
them. We want to make sure that the government has best in breed capabilities. And so we share
those readily with other government organizations. So again, that's tech transfer sharing agreements.
Patent license agreements are what we highlight when we're out talking to the public because we
want to have businesses to work with to commercialize technologies, to move them from the lab to the market space.
Patent license agreements are where the federal government has patented technology and ownership in that technology, and we license it to companies so that they can commercialize it because the government is not in the business of commercializing technologies.
We need commercial partners to do that.
So that's patent license agreements or PLAs. Government is not in the business of commercializing technologies. We need commercial partners to do that.
So that's patent license agreements or PLAs.
Another one that's a very agile, powerful tool for the federal government is CRADAs.
And those are Cooperative Research and Development Agreements.
Those are so much fun. There's an Army attorney in tech transfer who says you can build a battleship with CRADA.
attorney in tech transfer who says you can build a battleship with CREDA, that it's really about broad research and development partnerships between the government and one or more non-federal
groups or entities. And we are solving hard problems together. So it's not an acquisition
contract where we're funding you to go find a solution to something, but we need to solve
whatever that hard problem is together,
and both parties are coming together shoulder to shoulder,
and we're applying.
We might be applying facilities.
We may have a certain kind of facility, we the government,
and the company might be putting in their subject matter expertise,
and we might be adding subject matter expertise,
and we work to advance science and solve problems together in Kratos.
For the government, it's always about things we care about from a mission perspective.
And for the companies, they get insight into the government space and what our unique challenges are when they partner with us in that way.
The other type of agreement that I want to mention are EPAs, or Education Partnership Agreements.
And those are where the government can engage with academic institutions, K-12 and beyond,
colleges, universities, such that we can help develop the workforce big picture that we need
to hire at some future point in time. Now, give me an idea of what the ranges of organizations
that you're looking to engage with here. Is it everybody from startups to big organizations?
Absolutely. We will work with companies that haven't even started yet,
but they're thinking about starting up and we'll become part of that group that helps them launch
and come into life around NSA technology, if that's where they are. We will work with mid-sized
companies. We'll work with large international corporations. We do have a preference per tech
transfer legislation to work with small companies. Manufacturing of any device that's licensed from a federal lab has to be substantially manufactured in the U.S.
So there are some limitations per the law.
However, we will work with anyone.
We will structure deals to try to get to yes with any company that we're across the table from.
Do you find that I'm thinking particularly for smaller companies, I would imagine that there
could be a bit of an intimidation factor that people might hesitate to reach out, but that
shouldn't be the case. I appreciate your saying that, and I appreciate your giving us the
opportunity to be here today to share information about technology transfer and how it doesn't have
to be scary. The idea that a company needs to be able to have advanced research to differentiate
their product in the marketplace. They can either do it themselves or they can license it from any
federal lab. From us specifically, we try to be very approachable on our website, which is
nsa.gov forward slash tech transfer. We have a portfolio online with over 100 technologies
available for licensing. That, again, is at the same website. You find what you want. You talk to us about it. We'll negotiate terms. You have to put in a
business plan. That's, again, by law to license any federal technology. You have to submit a
technology development plan. We have a partner through the DOD that can help you do that for
free. It's already Pentagon-funded through TechLink. I'd like to believe we try to make it as easy as possible for our partners to get to yes.
Can you give us an idea of sort of the scope of the patents that are available, the types of things that you have in your portfolio?
Sure.
So we have four categories in the portfolio based on what people ask us for.
Cyber, number one, right?
And that's our largest portfolio percentage in the portfolio.
Internet of Things, mobility, and data science. So these are the four main categories that we've
separated our technologies into. We have network routing protocols. We have a technology in
flexible integrated circuit manufacture. So think smart clothing, things like that.
That could be an application space for this.
Oh, I see. So we have a
technology that we're
highlighting this year on removable,
on the detection of
removable devices like
SIM cards or SD chips. Think
about on your digital camera, you've got
those chips that come in and out on your phone.
You've got a SIM card that uniquely identifies your phone.
We have a technology that will identify if they've been removed in an unauthorized fashion and when and in coordination with what other activities.
So all for digital forensics activities, so you can tell what happened when on your device.
And it even works for virtual SIM cards.
That's one of our hot technologies this year that we're looking to license.
So there's just a number of areas.
One more thing that I want to make sure
that we touch on that we haven't talked about yet
is you don't need a clearance
to license technology from us.
So there's always the chicken and egg
of contracting with the IC,
with the intelligence community.
Well, you do not need to be
in the system of award management,
the federal acquisition database.
You don't have to be registered there.
You don't have to have selected your NAICS codes.
That's not a thing for us, right?
So this is not acquisition activity.
It's technology transfer activity.
So it's normal business-to-business negotiations.
Now, yes, we have the statutory things we have to get through, but you don't need the clearance to come talk to us.
It's okay.
We have an 800 number.
We have that 800 number.
We have that at the website and on our materials.
You know, there's an email alias.
Come, you know, the techtransfer at NSA.gov that you can contact us and we'll start engaging.
And, you know, we're trying to be as accessible as possible.
That's Linda Berger. She's the director of the Technology Transfer Program at the National Security Agency.
And that's the Cyber Wire.
For links to all of today's stories, check out our daily briefing at thecyberwire.com.
And for professionals and cybersecurity leaders who want to stay abreast
of this rapidly evolving field, sign up for CyberWire Pro. It'll save you time and keep you
informed. Listen for us on your Alexa smart speaker too. The CyberWire podcast is proudly produced in
Maryland out of the startup studios of DataTribe, where they're co-building the next generation of
cybersecurity teams and technologies. Our amazing CyberWire team is Elliot Peltzman,
Puru Prakash, Stefan Vaziri, Kelsey Vaughn,
Tim Nodar, Joe Kerrigan, Carol Terrio, Ben Yellen,
Nick Volecki, Gina Johnson, Bennett Moe, Chris Russell,
John Petrick, Jennifer Iben, Rick Howard, Peter Kilpie,
and I'm Dave Bittner.
Thanks for listening. We'll see you back here tomorrow.
Your business needs AI solutions that are not only ambitious, but also practical and adaptable.
That's where Domo's AI and data products platform comes in.
With Domo, you can channel AI and data into innovative uses that deliver measurable impact.
Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights, receive alerts,
and act with ease through guided apps tailored to your role. Data is hard. Domo is easy.
Learn more at ai.domo.com.
That's ai.domo.com.