CyberWire Daily - Iran says it stopped a cyber espionage campaign by China’s APT27. India closes the Internet in two states. Ransomware in Louisiana and New Jersey. National Security Letters.
Episode Date: December 16, 2019Iran says it’s foiled a cyber espionage campaign mounted by APT27, a Chinese threat group. The Indian government responds to protests over a citizenship law in two states by sending in troops and cu...tting off the Internet in those states. The City of New Orleans sustains what appears to be a ransomware attack. So does a New Jersey healthcare network. And three Senators would like credit bureaus to tell them what the FBI is asking for. Joe Carrigan from JHU ISI on Twitter’s proposal to shift to open standards. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/December/CyberWire_2019_12_16.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash n2k code N2K at checkout. That's joindelete.me.com slash N2K, code N2K.
Iran says it's foiled a cyber espionage campaign mounted by APT27, a Chinese threat group.
The Indian government responds to protest over a citizenship law in two states
by sending in troops and cutting off the Internet in those states.
The city of New Orleans sustains what appears to be a ransomware attack.
So does a New Jersey health care network.
And three senators would like credit bureaus to tell them what the FBI is asking for.
what the FBI is asking for. From the Cyber Wire studios at Data Tribe, I'm Dave Bittner with your Cyber Wire summary for Monday, December 16th, 2019. Multiple reports say that Iran's government
has indicated that it succeeded in fending off another cyber attack. Tehran is again being
tight-lipped about the incident,
beyond saying that it successfully defended itself
and that the target was electronic government systems.
There's been some a priori speculation about the usual adversaries in the press,
including the BBC, but as the BBC itself points out,
Iran's telecommunications minister was more specific,
saying that the attack used tools associated with APT-27, a Chinese threat group.
According to MITRE, APT-27 is a group that's been active since 2010
and that has, for the most part, devoted its attention to targets in aerospace,
government, defense, technology, energy, and manufacturing.
It's also associated with the names Emissary Panda, Bronze Union, Iron Tiger, and Lucky Mouse.
The Islamic Republic news agency quotes the ministry as characterizing the attack as foreign spying,
espionage organized by a foreign state,
and that the hostile campaign was stopped by the country's domestic firewall,
Dezfa, that is, Digital Fortress.
The telecommunications ministry had earlier this year mentioned
that Dezfa had been installed to protect Iran's Siemens-manufactured industrial control systems,
but this incident appears so far to have been espionage as opposed to sabotage.
It's of course possible that the APT 27 tracks were misdirection, but in any case,
Tehran wasn't shy about mentioning the circumstantial evidence in its public discussions,
and for now, at least signs point to China. A new Indian citizenship law has been met with
widespread protests in the states of Assam and Meghalaya. The law offers an accelerated track to citizenship for members of non-Muslim religious groups,
mostly Hindus, Sikhs, and Christians,
who had fled what the law characterizes as religious persecution
in the Muslim-majority neighboring states of Afghanistan, Pakistan, and Bangladesh.
The large Muslim minority in the states has tended to perceive the law as anti-Muslim.
The Indian government has substantially blocked the internet in the two states
with a view to preventing incitement and online organization of protests.
Around midday Friday, more cyber attacks hit Louisiana.
The city of New Orleans was most prominently affected by what Bleeping Computer says
has been tentatively identified as, again, riot ransomware.
CNN reports that the city declared a state of emergency and disconnected systems from the Internet as a precautionary measure.
Emergency services are said to have been unaffected, and City Hall is open for business today,
as New Orleans officials now characterize the effects of the attack, WBRZ says,
as minimal. Some courts have postponed their operations due to the incident, but New Orleans
did say that none of their data had been lost or held for ransom. Leaping Computer notes that if
Ryuk was present, it seems likely that Emotet and Trickbot, its usual companions, were also in the affected networks
as well. In addition to New Orleans, there are reports in WBRZ that sheriff's offices in three
Louisiana parishes were also subjected to an attack at the end of last week. It's unclear
whether these attacks are related, and little more information has been available. It's not
just Louisiana. A more familiar target of ransomware,
a health care provider where threats to clinical data in particular are always taken seriously,
surfaced in New Jersey at the end of the week. Hackensack Meridian Health, New Jersey's largest
hospital health network, disclosed Friday that it had been afflicted by ransomware for five days,
forcing postponement of about
100 elective surgeries.
Hackensack Meridian got out from under the attack by paying the ransom and said in its
statement that it carried cyber insurance against this sort of eventuality.
The health system also said that it was working with the FBI and other authorities and that
it was speaking with cybersecurity and forensic experts.
Some of those experts advised the system to delay its disclosure. Hackensack Meridian did not say how much it had
paid in ransom. Harper's has a long story in its current issue devoted to online murder-for-hire
markets, which it traces to assassination prediction markets that emerged in cypherpunk and anarchist circles in the 1990s.
The stories are lurid and disturbing, but actual violence seems much more the exception than the
rule. Those who run the hitman job board seem more interested in extracting money from both
frightened prospective victims and from gullible but bloodthirsty buyers. And finally, it appears that the FBI has been demanding large quantities of personal data from credit bureaus.
The requests for data come in the form of national security letters.
Since 2015, companies receiving such letters have been permitted to request that they be able to disclose them,
and a number of tech companies have done so.
But the credit bureaus apparently haven't,
and a number of tech companies have done so.
But the credit bureaus apparently haven't,
and so three senators, Republican Rand Paul and Democrats Elizabeth Warren and Ron Wyden, have asked Equifax, Experian, and TransUnion, why not?
The senators wrote, quote,
Because your company holds so much potentially sensitive data on so many Americans
and collects this information without obtaining consent from these individuals,
you have a responsibility to be transparent about how you handle that data. Unfortunately,
your company has not provided information to policymakers or the public about the type or
the number of disclosures that you have made to the FBI. End quote. They'd like an answer by December 27th.
They'd like an answer by December 27th.
Calling all sellers.
Salesforce is hiring account executives to join us on the cutting edge of technology.
Here, innovation isn't a buzzword.
It's a way of life.
You'll be solving customer challenges faster with agents, winning with purpose, and showing the world what AI was meant to be. Let's create the agent-first future together. Head to salesforce.com slash careers
to learn more. Do you know the status of your compliance controls right now? Like, right now?
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks. But get this,
more than 8,000 companies like Atlassian and Quora have continuous visibility into their controls
with Vanta. Here's the gist. Vanta brings automation to evidence collection across 30
frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies,
access reviews, and reporting, and helps you get security questionnaires done five times faster
with AI. Now that's a new way to GRC. Get $1,000 off Vanta when you go to vanta.com
slash cyber. That's vanta.com slash cyber for $1,000 off.
And now, a message from Black Cloak.
Did you know the easiest way for cybercriminals to bypass your company's defenses is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk.
In fact, over one-third of new members discover they've already been breached.
Protect your executives and their families 24-7, 365, with Black Cloak.
Learn more at blackcloak.io.
And joining me once again is Joe Kerrigan.
He's from the Johns Hopkins University Information Security Institute,
also my co-host on the Hacking Humans podcast.
Joe, great to have you back.
Hi, Dave.
Interesting story from ZDNet. This is Twitter Proposes Open Social Network Standard,
a story by Stephen J. Von Nichols.
What's going on here with Twitter?
Well, this is coming directly from Jack Dorsey, it looks like.
Yeah.
And he wants to change the way Twitter operates.
And he's looking at a new technology, and he's going to call it Blue Sky,
even though he doesn't know what that is yet, it looks like.
Okay.
But it's to be an open and decentralized standard for social media.
I don't know what that means in terms of developing something new.
There are already open and decentralized standards for social media like Mastodon.
Yeah.
And the article actually talks about Mastodon and some others I hadn't heard of.
Like apparently Mozilla has created some kind of standard as well.
hadn't heard of. Like apparently Mozilla has created some kind of standard as well. Diaspora and the World Wide Web Consortium, the W3C, has a system they call Activity Pub or a standard they
call Activity Pub. So I don't know what Twitter is trying to do here other than maybe change the
way they operate internally. What does Twitter hope to achieve by shifting to something using an open
decentralized standard rather than what they have now? They have four reasons that they list out in
this article. One of them is a real true problem is that centralized enforcement of global abuse
and misleading information is very difficult to do and it doesn't really scale. So if you
decentralize Twitter, then it might be easier to get rid of fake news.
It would be harder to inject fake news into a system, right,
because it's decentralized.
You don't have one point where you can do it.
That's a good idea.
Point two in this article is very salient to me,
and I'm just going to read it verbatim.
It says,
The value of social media is shifting away from content hosting
and removal towards recommendation algorithms directing one's attention. Unfortunately, these algorithms are typically proprietary
and one can't choose or build alternatives. Right. Now, you were on Grumpy Old Geeks two
weeks ago or a week ago talking about how bad Facebook has gotten for you. Right. And you and
I were talking just before this, we started recording this, and I was making the same complaints you were, that Facebook is terrible.
When I scroll through it, I see the same three or four things.
It used to be good.
It used to be everything that my friends on Facebook posted would show up on my timeline.
But now it's driven and censored by an algorithm that I don't have any control over.
And I don't see what may or may not interest me.
I don't get to pick it.
Right?
Yeah, and you can't directly go in
and tweak the settings to get the things that you want.
There's very little filtering available.
I will say this, on my Twitter account,
I've gone in and I've set muted words
to Republican, Democrat, Trump, Pelosi,
and impeachment, right?
And my Twitter experience has gotten tons better.
It's all puppies.
Right, exactly. Because I don't get my political news from social media at all. I believe it's a
toxic environment for political news. It's not a good place to get your political news.
It's just not a conducive environment to that kind of discussion.
All right, well, bringing it back around. So in theory, this would allow you to the option of using alternative or your own algorithms to decide. To curate your own feed,
hopefully. That's what that, and that I'm all on board with. Okay. The third point here is that
existing social media incentives lead to attention being focused on these very controversial topics,
right? Because it's all about getting your eyes on the page.
Getting those clicks.
Right.
And getting those clicks.
So it tends to lead to things that are emotional and get you either the dopamine hit or the
rage hit, you know, whatever it is that you're going for.
And if you can control that and eliminate that, then social media, in my opinion, will
become a lot better.
Now, here's the point that they're talking about that I'm not on board with 100%. Okay. Okay. I'm not on board with it all. Okay. Twitter says that
new technologies have emerged that make the decentralized approach more viable. And then
the first thing they say is blockchain points to a series of decentralized solutions. And that's
true. Blockchain is a great decentralized solution. The problem with that
is that blockchains tend to be immutable, right? Once I put something on a blockchain,
I can't take it off. That's why Bitcoin runs on blockchain, right? Is because it's a database
that has a permanent record and it's a public record. I don't want something I tweeted 10 years
from now or 20 years from now being deemed culturally inappropriate.
Right.
Yeah.
As time has shifted.
Yeah.
And social values have shifted.
This has happened to people numerous times and caused great deals of difficulty for people.
Yeah.
If Twitter goes to a blockchain, I'm afraid I'm out.
Yeah.
I'm afraid that's it for me.
But, I mean, if you put something out there anyway, even though you can delete it, it doesn't keep anyone else from capturing it or screen capturing it.
That's correct.
That's correct.
The internet's forever, Joe.
The internet is forever.
Like everybody says, what does deleted mean?
It may not mean deleted.
It may mean that there's a flag in a database called deleted, and that's set to one,
which means that we don't show it anymore.
Yeah.
But we still have it.
I guess the other thing I'm curious about here is how is this not against Twitter's
own self-interest?
If they're making their money on those clicks, on those eyeballs, on your attention, Twitter's
a public company.
What do the shareholders think of a shift like this?
I don't know.
That's a good question.
It does seem like it's operating against their own interests
and the interests of their shareholders.
But I think that by acting
in the interest of their customers,
they may be doing something like Apple does.
When somebody says,
we should exploit our user data,
Tim Cook says to that person,
you should sell your Apple stock.
Right.
Right?
Yeah.
Because we're not doing that.
How interesting that
that sort of attitude
is an outlier these days. Right. Well, I think
the hope is that what Jack Dorsey is hoping is that that will differentiate them in the marketplace.
And I've already found Twitter to be a more acceptable social media platform for me,
based solely on the level of granularity I can apply to what I see. Also, the fact that what I see is essentially
just a stream from the people I follow. It's not curated by some algorithm. And if I don't
want to see something, I can mute a word and not see it. I can't do that on Facebook.
Yeah. Yeah. Well, Jack Dorsey acknowledges that this is a long-term project. This isn't
going to happen overnight or even's not going to happen overnight. Probably in the next few years.
He's going to be building a team
of about five people, he says,
to work on this.
I guess I applaud the effort.
I think it's good that people
are exploring these sorts of things.
If it is a good faith effort
and not just PR or something like that,
it's good that we explore these things.
I think there's no question
we've got some problems, right?
I would agree 100%.
We've got some real problems with social media.
I think there are serious cultural problems that are happening.
Yeah.
All right.
Well, we'll keep an eye on it.
It's certainly interesting to watch.
Joe Kerrigan, thanks for joining us.
My pleasure, Dave.
Cyber threats are evolving every second, and staying ahead is more than just a challenge. Thank you. designed to give you total control, stopping unauthorized applications, securing sensitive data, and ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today to see how a default-deny approach
can keep your company safe and compliant. The Cyber Wire rest of this rapidly evolving field, sign up for CyberWire Pro. It'll save you time and keep you
informed. Listen for us on your Alexa smart speaker too. The CyberWire podcast is proudly produced in
Maryland out of the startup studios of DataTribe, where they're co-building the next generation of
cybersecurity teams and technologies. Our amazing CyberWire team is Elliot Peltzman, Puru Prakash,
Stefan Vaziri, Kelsey Vaughn, Tim Nodar, Joe Kerrigan, Carol Terrio, Ben Yellen, Nick Valecki, Thanks for listening.
We'll see you back here tomorrow. Thank you. Domo is easy. Learn more at ai.domo.com. That's ai.domo.com.