CyberWire Daily - ISIS claims responsibility for inspiring attacks in London. More are expected during Ramadan. Hacks roil Middle Eastern diplomatic waters. Ransomware updates. Indian investigates possible aircraft hacking.
Episode Date: June 5, 2017In today's podcast, we hear that ISIS has claimed responsibility for Saturday's terror attacks in London. The UK reacts with strong words against terrorist safe spaces online. The Prime Minister wants... restrictions on end-to-end encryption and a very hard line against extremist messaging. Hacking has diplomatic consequences for Bahrain, Qatar, and the United Arab Emirates. India investigates a possible cyberattack against a fighter aircraft. Dr. Charles Clancy from VA Tech's Hume Center on the FCC's approach to consumer privacy. Ransomware purveyors also selling stolen data. EternalBlue exploits remain active. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash n2k code N2K at checkout. That's joindelete.me.com slash N2K, code N2K.
ISIS claims responsibility for Saturday's terror attacks in London.
The UK reacts with strong words against terrorist safe spaces online.
The Prime Minister
wants restrictions on end-to-end encryption and a very hard line against extremist messaging.
Hacking has diplomatic consequences for Bahrain, Qatar and the United Arab Emirates. India
investigates a possible cyber attack against a fighter aircraft. Ransomware purveyors are
also selling stolen data and eternal Blue exploits remain active.
I'm Dave Bittner in Baltimore with your CyberWire summary for Monday, June 5, 2017.
ISIS had called for jihad during Ramadan, and sadly, terror returned to the UK this Saturday evening. ISIS was quick to claim credit, and in fact, its various online publications have called for car and knife attacks on civilians of the Crusader nations.
UK Prime Minister May yesterday, in an enough-is-enough speech delivered at 10 Downing Street,
exoriated internet and social media providers for giving terrorists a safe space to recruit and inspire.
She called for a purge of extremism in general and radical Islamism, in particular from cyberspace.
The Prime Minister also advocated restricting the widespread availability of strong end-to-end encryption.
Police are rounding up a suspected network for the attackers who drove into pedestrians on London Bridge and at Borough Market,
then dismounted and slashed bystanders with knives.
At least seven victims are reported dead and 48 injured.
Police shot three attackers dead.
Authorities continue to comb jihadist networks and media for clues.
They had made 12 arrests by Sunday evening.
The London attacks appear, unfortunately, to be additional instances of action by Sunday evening. The London attacks appear unfortunately to be additional
instances of action by known wolves. One of the London Bridge terrorists had been reported to
police some time ago for his efforts to radicalize children. Police, security and public safety
agencies worldwide moved to heightened alert. ISIS newspaper Al-Naba's Thursday issue had promised
more attacks would be coming to the UK.
Attacks have picked up during Ramadan, the Islamic holy month,
which is expected to end June 25th, with the sighting of the waxing crescent moon.
Afghan police arrested a prospective suicide bomber believed ready to target a funeral.
Afghan authorities say they have evidence that jihadist support networks afflicting that
country are based in neighboring Pakistan. The Manchester terror bombing had already prompted
more discussion in the UK about restricting encryption. Prime Minister May's Sunday reaction
to the London attacks indicates that this will become a government priority.
Apart from vandalism and defacement of soft target websites, the terrorist threat
in cyberspace has mostly manifested itself in information operations, not proper cyber attacks.
The web affords extremists a propaganda, recruitment, and inspiration channel with
very low barriers to entry. Countering those information operations assumes greater urgency
after a massacre. Responses usually take the form of blocking, tighter surveillance, or counter-messaging.
Blocking tends to strike public opinion as the most promising first response,
but attempts by social media providers to filter content have shown blocking to be problematic.
Not only does it seem practically impossible to disentangle interdicting extremist messaging from more obviously objectionable forms of censorship, but it's also just a lot harder
than it looks.
In Pakistan, to take one country's experience, more than 40 banned extremist groups operate
with impunity on Facebook.
And it's not just Facebook.
People game and hijack Twitter, too, and that can have significant implications for information operations.
On May 24, Qatar news agency QNA published remarks favorable to Israel and Iran.
QNA and the Qatar government say they were hacked and the remarks were a fabrication and provocation.
But this morning, members of the Gulf Cooperation Council, Saudi Arabia, the United Arab Emirates,
Bahrain and Egypt severed diplomatic relations with Qatar.
On Saturday, Bahrain's foreign ministry saw its own Twitter account hijacked by hacktivists
protesting Bahrain's crackdown on opposition groups.
A group calling itself Global Leaks has told the Daily Beast
it will soon release hacked emails belonging to the United Arab Emirates ambassador to the U.S.
GlobalLeaks says the emails show attempts to manipulate public opinion in ways that are not to the U.S. advantage.
As governments are targeted by phishing attacks, particularly in the run-up to elections or other sensitive periods,
they may wish to devote close attention to the security of their web apps.
periods, they may wish to devote close attention to the security of their web apps.
NetSparker's CEO, Farah Mavituna, told us in an email that while government personnel and political campaign workers undoubtedly would benefit from training to recognize phishing,
we also should incentivize more secure web application development.
He argued, quote, there should be legal consequences of insecure web applications,
especially in this day and age when everything is being shifted to web-based applications and services,
or as everyone knows it, the cloud, end quote.
In a disturbing development touching Internet of Things security,
the Indian Air Force has convened a court of inquiry to investigate the crash of one of its Russian-built Sukhoi-30 fighters on May 23.
It's disturbing because there seems to be a real possibility that a cyber attack on the
aircraft's avionics may have contributed to bringing down the aircraft. One login disclosed
a data breach last week, possibly compromising multiple passwords its users stored with the
service. Experts still recommend password managers,
but they're getting queasy over the possibility that such tools
can constitute a dangerous single point of failure.
The WannaCry ransomware may have largely run its destructive course,
but the eternal blue exploits used to distribute the ransomware
are still very much out there.
FireEye reports that they're also being
used to distribute the Ghost Rat Windows Trojan, and there are other reports of odd probes suggesting
various threat actors may be seeking to use the leaked exploits to establish persistence in a wide
range of networks, presumably in the service of some future campaign. Finally, researchers at
Heimdall Security
have found evidence that the purveyors of JAF ransomware
have gone beyond extortion
and are selling victims' data in dark web markets.
Another reason, as if any more were needed,
not to trust the word of cybercriminals
when they hold you up for ransom.
Calling all sellers. Salesforce is hiring account executives Thank you. Winning with purpose and showing the world what AI was meant to be. Let's create the agent-first future together.
Head to salesforce.com slash careers to learn more.
Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security, but when it comes to our
GRC programs, we rely on point-in-time checks. But get this, more than 8,000 companies like
Atlassian and Quora have continuous visibility into their controls with Vanta. Here's the gist,
Vanta brings automation to evidence collection across 30 frameworks, like SOC 2 and ISO 27001.
They also centralize key workflows like policies, access reviews, and reporting,
and helps you get security questionnaires done five times faster with AI.
Now that's a new way to GRC.
Get $1,000 off Vanta when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1,000 off.
In a darkly comedic look at motherhood and society's expectations,
Academy Award-nominated Amy Adams stars as a passionate artist In a darkly comedic look at motherhood and society's expectations,
Academy Award-nominated Amy Adams stars as a passionate artist who puts her career on hold to stay home with her young son.
But her maternal instincts take a wild and surreal turn
as she discovers the best yet fiercest part of herself.
Based on the acclaimed novel, Night Bitch is a thought-provoking
and wickedly humorous film from Searchlight Pictures.
Stream Night Bitch January 24 only on Disney+.
Cyber threats are evolving every second, and staying ahead is more than just a challenge.
It's a necessity.
That's why we're thrilled to partner with ThreatLocker, the cybersecurity solution trusted by businesses worldwide.
ThreatLocker is a full suite of solutions designed to give you total control,
stopping unauthorized applications, securing sensitive data,
and ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today to see how a default-deny approach
can keep your company safe and compliant.
And I'm pleased to be joined once again by Dr. Charles Clancy.
He's the director of the Hume Center for National Security and Technology at Virginia Tech. Dr. Clancy, welcome back. You know, we've seen recently this story about
the FCC rolling back privacy regulations for ISPs, but there's an aspect of this that
you say is being underreported. Indeed. So much of the current reporting around the rollback of the FCC privacy regulations by Congress has focused on the privacy aspect in particular.
So for those that haven't been following the debate that closely, there's basically two fundamental philosophies in how consumer data should be protected. And the FCC's approach that they came out with in October of last year
basically said that all consumers had to opt in for their things like browsing history and
other online activity to be shared with third parties. Whereas the Federal Trade Commission,
the FTC, has essentially had the philosophy that subscribers need to opt out. Both groups agree
that personally identifiable
information, things like social security numbers, medical history, and credit cards, all of that
needs to be protected regardless. But it's all this sort of lower tier kind of activity that
would be of interest to advertisers that is in debate, with the FTC having this opt-out approach
and the FCC proposing an opt-in approach. And this sort of ran its course and ultimately ended in Congress
deciding to roll back the FCC's provisions in favor of the FTC's provisions. And I think it'll
be interesting to see where this goes. The FCC and FCC have both agreed that they need to come
together to come up with some common framework and advance that in such a way that it uniformly
affects both the telecommunications broadband providers and the service providers like Google and Amazon and Facebook. But in particular,
the part I wanted to talk about was another part of that same FCC order that was actually rolled
back a month earlier. Right after the administration switchover, there's a portion of the original FCC
order that covered cybersecurity regulations.
And in particular, it was going to require that broadband providers do things like do breach notification and inform the FCC if they've been hacked.
And right now, publicly traded companies have to report when they've been breached to shareholders, but only significant breaches.
to report when they've been breached to shareholders, but only significant breaches.
And so there's a lot of breaches that the members of the board of these companies decide don't quite pass the threshold because it would have an adverse impact on stock price.
Also, lots of smaller internet service providers have no breach notification requirements at all.
So currently, telephony operators have to provide a notification to the FCC whenever
there's an outage of telephony service. But there's kind of this loophole where large telecommunications providers only have to
report major breaches so they can elect to define things as not major, and the small non-publicly
traded ISPs don't have to report intrusions at all. So this would have changed that and required
mandatory reporting to the FCC of breaches.
It also had an entire set of provisions around deployment of risk-based management frameworks
for cyber protection, things like the NIST cybersecurity framework that we've all been
hearing about over the last couple of years within telecommunications critical infrastructure
sectors. And sort of behind the scenes, the FCC used a provision that allows an individual bureau
to stay a portion of a larger order without having to go back to the full committee for vote.
And in March of this past, March 2017, the Wireline Competition Bureau actually stayed
the cybersecurity regulations that were in this order. So not only have we seen a rollback of privacy, which has
debatable impact, I'd say across the entire sector, there's also been this cybersecurity
regulatory rollback as well. All right, Dr. Charles Clancy, thanks for joining us.
And now a message from Black Cloak.
Did you know the easiest way for cybercriminals to bypass your company's defenses is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform
secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk.
In fact, over one-third of new members discover they've already been breached.
Protect your executives and their families 24-7, 365 with Black Cloak. Learn more at blackcloak.io.
And that's The Cyber Wire. We are proudly produced in Maryland by our talented team of editors and producers.
I'm Dave Bittner. Thanks for listening.
Thank you. With Domo, you can channel AI and data into innovative uses that deliver measurable impact.
Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights, receive alerts, and act with ease through guided apps tailored to your role. Data is hard. Domo is easy.
Learn more at ai.domo.com.
That's ai.domo.com. That's ai.domo.com.