CyberWire Daily - Information operations respond to kinetic strikes. Dallas emergency sirens hacked. Alleged spam king arrested. Okta files its IPO.
Episode Date: April 10, 2017In today's podcast, we hear that US strikes against Syrian targets and harsh words for Assad are followed by apparent Russian information operations as bilateral tensions mount. Both WikiLeaks and the... Shadow Brokers resurfaced late last week. A light Patch Tuesday is foreseen, but observers expect a fix for a Microsoft Office zero-day being actively exploited. Okta files its anticipated IPO. Dallas emergency sirens were hacked early Saturday. The Johns Hopkins University’s Joe Carrigan discusses upcoming updates to the Waze GPS app. Kathleen Smith from cybersecjobs.com and clearedjobs.net joins us from the Women in Cybersecurity Conference. Spanish police collar the alleged "spam king." Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash n2k code N2K at checkout. That's joindelete.me.com slash N2K, code N2K.
U.S. strikes against Syrian targets and harsh words for Assad
are followed by apparent Russian information operations as bilateral tensions mount.
Both WikiLeaks and the shadow brokers resurfaced late last week, Dallas emergency sirens were
hacked early Saturday, and Spanish police collar the alleged spam king.
I'm Dave Bittner in Baltimore with your CyberWire summary for Monday, April 10, 2017.
Kinetic operations, again, have co-commitment information operations.
U.S. Tomahawk strikes hitting Syrian government installations in response to the Assad regime's use of chemical agents,
probably the lethal nerve agent sarin, against domestic and largely civilian targets.
The strikes and hardline U.S. rhetoric against Assad in the U.N. and elsewhere have strained U.S.-Russian relations,
and the information operations that have emerged in response have Russian fingerprints all over them.
The shadow brokers are back, this time with files they claim are NSA passwords.
The group resurfaced with unpleasant they claim are NSA passwords.
The group resurfaced with unpleasant things to say about U.S. President Trump,
the scriptwriter's broken English of their communique saying that they're no longer his supporters and that he's abandoned his base.
To quote them,
The shadow brokers voted for you.
The shadow brokers supports you.
The shadow brokers is losing faith in you.
Mr. Trump helping the
Shadowbrokers, helping you, is appearing you are abandoning your base, the movement, and the
peoples who's getting you elected, end quote. We leave out a great deal more that could have come
from, say, Pepe the Frog, but the tone is a shrill example of the fringiest alt-right themes. Oh,
and the Shadowbrokers also say they've taken an oath to protect
and defend against enemies foreign and domestic, which is of course a riff on the U.S. military
oath. So, President Trump has either fallen out of favor with the shadow brokers, presumably
Russian masters, or that he was never in that much favor to begin with. Motherboard, often in
communication with the brokers, has asked for clarification but received none. The shadow brokers again deny they have anything to do
with the Russian government, but essentially no one believes them. Edward Snowden, who knows
something about leaks and scandals, appears to think the shadow brokers might have overplayed
their hand. He tweeted Saturday that, quote, there's still so much here NSA should be
able to instantly identify where this set came from and how they lost it. If they can't, it's
a scandal, end quote. Al-Mazdar News, an outlet based in the UAE but generally regarded as closely
aligned with Syria's Assad regime, and thus a mouthpiece for Russian policy in the area,
claimed Friday it was the victim of a cyber attack that originated somewhere in the U.S.
No other sources appear to have taken notice of the allegation, so the claimed attack may
be disinformation.
At the end of last week, WikiLeaks issued another smaller tranche of what purport to
be CIA documents, but these don't arrive with the eclat that accompanied earlier releases.
They're generally being perceived as leaks intended simply to do damage to U.S. intelligence
services without the aura of whistleblowing that colored some earlier WikiLeaks dumps.
After all, people say, the CIA is in the business of collecting foreign intelligence,
and the dudgeon is too studied, too manufactured,
like Captain Renault's shock
at learning there's gambling in Casablanca.
Tomorrow is Patch Tuesday, and Microsoft will probably, observers think, issue a relatively
light set of fixes.
Among them, however, is expected to be a patch for an Office Zero day being actively exploited
in the wild.
Wrapping up our daily podcast coverage of the recent Women in Cybersecurity Conference,
today we hear from Kathleen Smith, Chief Marketing Officer for CyberSecJobs.com
and ClearedJobs.net. She shared her perspective as a recruiter on where prospective employees
should be focusing their efforts. If you understand the technical and can do the technical,
that's great. What's really needed right now are the people that understand the technical and can do the technical, that's great. What's really needed right now are
the people that understand the business, the people that can understand how to explain the
risk that is being presented to the company, how to gather the teams. Those skills are still very
important. So someone getting into the workforce, that's really great that you've got the
certifications. It's really great that you know maybe Python or Kali Linux or something like that.
But if you can't explain yourself to your manager,
you're going to have a problem moving on in your career.
So do take that time to do a Toastmasters,
to put together a presentation and go to a meetup.
Really work on your writing skills. to put together a presentation and go to a meetup.
Really work on your writing skills.
It's amazing how many people are not working on their writing skills.
I think the other thing is reverse recruiting.
This is a term that sort of popped up over the last year or so,
and many security managers are saying,
you know, I have recruiters that are helping me find talent, but recruiters aren't trained on what cybersecurity is. And I know a lot of people
are very frustrated with recruiters who don't understand the technical components, but maybe
take a step back and explain to a recruiter exactly what you do. Explain, you know, be,
instead of reverse engineering, reverse recruiting. This
is why you need me. These are the skills that I can bring to you. You have in this job description
these things that you need to do. You know, can we take this offline and do you really understand
what this is? Because I think we'll be able to make a difference in the workforce gap if we have job seekers who really are willing
to be patient and explain to recruiters you know you actually contacted me about
pen testing and that's not really what I do you know maybe take you know a little
pity on one out of every ten recruiters that gives you a bad approach and
explain to them do you know why this isn't going to work? And maybe, you know,
we can have a different kind of conversation. I do think that we're unfortunately being impacted
by buzzwords. And I've been part of many of the scholarship review community committees,
and I'm really concerned with the number of people who want to come into cybersecurity,
and they're doing it just because they see the buzzword.
Realize that if you're going to take on a career,
it has to be something that inspires and you're passionate about.
Don't go after a career just because it's on the headlines and it's a buzzword.
And they say that there's a skills gap.
I mean, there are many other industries that could use your talent,
and you would be much more happy.
So I was a little discouraged when I'd been part of several of the scholarship committees
and seeing people who submit an application, and their heart is just not in it.
Please don't do that to yourself, and please don't do that to the community.
That's Kathleen Smith from CyberSecJobs.com and ClearedJobs.net.
You can hear more from her in our upcoming CyberWire Women in Cybersecurity Conference Special Edition.
In industry news, Okta issues an IPO, the first major IPO in the cybersecurity sector this year.
The company seeks to raise $187 million at a unicorn's valuation of $1.5 billion.
Hackers set off emergency warning sirens in Dallas, Texas, early Saturday morning.
These are the sirens residents of the U.S. Atlantic and Pacific coasts tend to think of
as air raid sirens and regard as relics of the Second World War, if they think of them at all.
But in Tornado Alley, between the Appalachians and the Rockies,
they see serious and regular use in warning people that tornadoes are in the area
and that they should take cover, so this is far from a harmless prank.
The city shut down the sirens at about 1.20 a.m. Saturday,
and despite their best efforts to convince people there was no emergency,
the Dallas 911 system was flooded with calls to the extent that callers experienced waits as long as six minutes.
Dallas is investigating and has confirmed that it was a system compromise, not a mere glitch.
Whoever was responsible is believed to be in the Dallas area.
Spanish police have arrested the alleged spam king, Pyotr Lyevashov.
Spanish police have arrested the alleged spam king, Pyotr Lievyshov.
Mr. Lievyshov, a Russian national who operated under the nom de hack Pyotr Severa,
that is, Peter of the North, and was associated with the Kelahas botnet.
The St. Petersburg native is wanted practically everywhere, but especially in the U.S.
He was vacationing in Spain with his family.
Interestingly, Russian news outlet RT has suggested that Mr. Lievyshov is behind much of the election messaging the Russian government denies having anything to do with.
The U.S. Justice Department says it's interested in Mr. Lievyshov as a criminal, not as an agent of influence. Thank you. purpose, and showing the world what AI was meant to be. Let's create the agent-first future together. Head to salesforce.com slash careers to learn more.
Do you know the status of your compliance controls right now? Like, right now? We know
that real-time visibility is critical for security, but when it comes to our GRC programs, we rely on point-in-time checks.
But get this, more than 8,000 companies like Atlassian and Quora have continuous visibility into their controls with Vanta.
Here's the gist. Vanta brings automation to evidence collection across 30 frameworks, like SOC 2 and ISO 27001.
They also centralize key workflows like policies, access reviews, and reporting,
and helps you get security questionnaires done five times faster with AI.
Now that's a new way to GRC.
Get $1,000 off Vanta when you go to vanta.com slash cyber. That's vanta.com
slash cyber for $1,000 off.
In a darkly comedic look at motherhood and society's expectations, Academy Award-nominated Amy Adams stars as a passionate artist who puts her career on hold to stay home with her young son.
But her maternal instincts take a wild and surreal turn as she discovers the best yet fiercest part of herself.
Based on the acclaimed novel, Night Bitch is a thought-provoking and wickedly humorous film from Searchlight Pictures.
Stream Night Bitch January 24 only on Disney+. Nightbitch is a thought-provoking and wickedly humorous film from Searchlight Pictures.
Stream Nightbitch January 24 only on Disney+. Cyber threats are evolving every second, and staying ahead is more than just a challenge.
It's a necessity.
That's why we're thrilled to partner with ThreatLocker,
a cybersecurity solution trusted by businesses worldwide. ThreatLocker is a full suite of solutions designed to give you total control,
stopping unauthorized applications, securing sensitive data, and ensuring your organization
runs smoothly and securely. Visit ThreatLocker.com today to see how a default deny approach can keep
your company safe and compliant.
Joining me once again is Joe Kerrigan. He's from the Johns Hopkins University Information Security Institute.
Joe, you're familiar with the GPS navigational software Waze.
Yes, I myself am Waze royalty.
Waze is expanding.
They're joining the Smart Device Link Consortium,
which is a group that works with automakers and developers on open source protocols
for connecting smart devices to cars.
And so this means that the Waze app will be on your built-in screen on your car.
That's a good thing.
But the interesting thing about this is that it means that Waze will also be able to get
more data from the vehicle itself.
Right.
The app will have information to things like fuel levels, whether or not the wiper blades
are on, how hard you're applying the brakes.
And this all has very real and potentially beneficial outcomes.
If up ahead of me, a quarter of a mile, seven people who are Waze
users all slam on their brakes, something has happened, maybe Waze could in real time notify
me that there's a hazard on the road ahead. Or if I'm running low on gas, Waze can say,
you're running low on gas, do you want to find a gas station? But there are some privacy concerns,
like what's to say, hey, you're running low on gas. Why don't you go to my advertiser's gas station up here? Right, right. Well, and also I can imagine, you know, what
happens with insurance companies and potential litigation. You get in an accident and are they
going to subpoena the information? Yeah. Does this information become discoverable? Right.
I can definitely see that happening in a society as litigious as ours here in the States.
It was interesting. There's an
article in Wired about this, and they were interviewing someone who said that he thought
that every time consumers give up a little bit of their privacy, that he thought this would be
where they put their foot down. Right. No, they don't. No, no. We're so willing to just give up
whatever we want for the next loyalty program.
Then there's also the concern of how is this getting the information from the car?
It has to be using the cam bus somehow.
I like that the protocols are open source. So that means they're going to be able to be examined.
People are going to be able to assess them for security.
But anytime something gets access to the cam bus, you know, I'm not ready to panic here.
I'm not ready to say, ah, it's going to crash your car.
But I do remember that Charlie Miller and Chris Valasek
came into a Jeep and took over control of a Jeep
through the cam bus across the Wi-Fi access point on the car.
Yeah, attack surface area.
Again, we're talking about attack surface.
I don't know that this is going to be a real issue
because I think the app lives on your phone. Maybe the data is just going one way. I have no idea. I'm really not very knowledgeable
about this consortium or what their protocols look like. But it makes me a little curious,
I'll say. Well, I think it's the shape of things to come. It's that old saying that
if you're getting something for free, you're the product. Right. Exactly. That's exactly right.
All right. Joe Kerrigan, thanks for joining us.
My pleasure, Dave.
And now a message from Black Cloak. Did you know the easiest way for cyber criminals to
bypass your company's defenses is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk.
In fact, over one-third of new members discover they've already been breached. Protect your executives and their families 24-7,
365, with Black Cloak. Learn more at blackcloak.io.
And that's The Cyber Wire. We are proudly produced in Maryland by our talented team
of editors and producers.
I'm Dave Bittner. Thanks for listening.
Your business needs AI solutions that are not only ambitious, but also practical and adaptable.
That's where Domo's AI and data products platform comes in. With Domo, you can channel AI and data into innovative uses that deliver measurable impact. Secure AI agents connect, prepare,
and automate your data workflows, helping you gain insights, receive alerts, and act with ease through guided apps tailored to your role.
Data is hard. Domo is easy.
Learn more at ai.domo.com.
That's ai.domo.com.