CyberWire Daily - Julian Assange is out of the embassy and in custody. Pyongyang’s HOPLIGHT. Operations SneakyPastes. Incident response planning blues. High school jam.
Episode Date: April 11, 2019Julian Assange is out of the Ecuadoran embassy and in British custody. He’s been found guilty of bail jumping, and will face extradition to the US on charges related to conspiracy to release classif...ied material. Hidden Cobra is back with a new Trojan: “HOPLIGHT.” Kaspersky describes Operation SneakyPastes. IBM Security finds organizations don’t exercise incident response plans. Two New Jersey high school boys are in trouble for jamming Secaucus High’s wi-fi. Jonathan Katz from UMD with his response to a skeptical critique of quantum computing. Guest is Maurice Singleton from Vidsys on the convergence of IoT security devices and IT security. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/April/CyberWire_2019_04_11.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash n2k code N2K at checkout. That's joindelete.me.com slash N2K, code N2K.
Julian Assange is out of the Ecuadorian embassy and in British custody.
He's been found guilty of bail jumping and will face extradition to the U.S.
on charges related to conspiracy
to release classified material.
Hidden Cobra is back with a new Trojan, Hoplite.
Kaspersky describes Operation Sneaky Pastes.
IBM security finds organizations
don't exercise incident response plans.
And two New Jersey high school boys
are in trouble for jamming Secaucus High's Wi-Fi.
From the CyberWire studios at DataTribe, I'm Dave Bittner with your CyberWire summary for Thursday,
April 11th, 2019. The big story today is about WikiLeaks founder Julian Assange. Ecuador ejected him from
its London embassy early this morning, citing repeated violations to international conventions
and daily life protocols. The international conventions Ecuador says he violated involve
abuse of their hospitality to engage in actions Ecuador says are designed to undermine its government.
The complaint about daily life protocols involves ways in which the embassy staff
increasingly found Mr. Assange a pain to live with during his seven years in residence.
The years have no doubt been difficult ones in certain respects.
That's what Mr. Assange's colleagues at WikiLeaks say.
Confinement, lack of sun,
few visitors, and so on. And indeed, he didn't look good when London police escorted him in
handcuffs from the embassy grounds. He now sports a big St. Nicholas-style white beard, for one
thing. But then he is older, and time is the fire in which all of us burn. He gamely smiled for the cameras and gave the reporters a big thumbs up,
and he also held a copy of Gore Vidal's History of the National Security State.
Mr. Assange was arrested by the Metropolitan Police for bail jumping.
Homeland Secretary Sajid Javid tweeted,
I can confirm Julian Assange is now in police custody and rightly facing justice in the UK.
Other official British reaction has been equally starchy.
Foreign Secretary Jeremy Hunt said,
The big legal problem Mr. Assange faces isn't just a bail-skipping beef,
the kind of thing that might be resolved on reality TV by Dog the Bounty Hunter.
Nor is it likely to be his now-closed dust-up with Sweden's legal system,
although that one was a more serious matter.
He had faced sexual assault charges in Sweden.
These have been dropped, but could be reopened if Swedish authorities found cause to do
so. Mr. Assange says that the whole thing was a frame-up anyway, probably an American honey trap.
It was the prospect of facing Swedish justice, however, that led him to the UK and the Embassy
of Ecuador in 2012. More serious still, and more likely, is the prospect of being extradited to the United States.
It has long been thought, based on an apparently inadvertent failure to fully redact a related indictment,
that Mr. Assange would be charged in the U.S.
That's now confirmed.
The U.S. Justice Department unsealed an indictment shortly after Ecuador showed Mr. Assange the door.
He's charged with one count of conspiracy to release classified information.
The alleged conspiracy was with former U.S. Army Specialist Bradley, now Chelsea, Manning.
Justice says that if convicted, Mr. Assange could face five years in prison.
For now, it's just the one charge, but the Justice Department is indicating that more could well be added.
He faced his first hearing at a Westminster magistrate's court,
where District Judge Michael Snow threw the book and some tough love at him for skipping out on bail.
The defense claimed that the face of WikiLeaks hadn't had a fair hearing to begin with,
but Judge Snow was having none of it.
The judge said, quote,
Mr. Assange's behavior is that of a narcissist who cannot get beyond his own selfish interests.
He hasn't come close to establishing reasonable excuse, end quote.
Thus a quick finding of guilty.
Mr. Assange will remain in custody until sentencing at some later time in the Southwark Crown Court.
He could face up to a year's detention at Her Majesty's pleasure.
He'll also remain in custody through the extradition hearing
that will decide whether he's turned over to the U.S. for trial there.
Reporters present in court noted that Mr. Assange
continued to read Mr. Vidal's history of the national security state
while he waited for his lawyers to show up.
Russia's government denounced the arrest as a strangling freedom,
and it must be conceded that on that topic at least Moscow speaks from deep and direct experience.
But perhaps it's only fair to regard the Kremlin's concern as a disinterested commitment to personal liberty and journalistic rights,
since Russia has said it has nothing to do with WikiLeaks.
Mr. Assange's other supporters object to the arrest as illegal, seeing him as a journalist
and transparency activist, whose arrest represents an assault on journalism itself.
The story is rapidly developing. We'll continue to follow it as it does.
Turning to other matters, CISA, the Department of Homeland Security's Cybersecurity and
Infrastructure Security Agency, has issued a joint Homeland Security-FBI malware analysis
report on the Hoplite Trojan, which is attributed to North Korea's Hidden Cobra, also known
as the Lazarus Group.
It's in use around the world, the report says,
and isn't focused on any restricted set of targets.
It also uses a proxy app to obscure its connections with its command and control server.
The report says Hoplite is a fairly powerful backdoor trojan.
Some say this is a time of accelerating convergence in cybersecurity,
with increasing opportunities to combine signals from different sources
for a clearer picture of what's going on.
Maurice Singleton is a founding member of security firm VidSys,
where they're seeing the intersection of physical and IT security.
We're talking about video surveillance.
We're talking about technologies such as social media information in real time, as a matter of fact.
We're talking about RSS feeds where folks are constantly plugging in, getting real-time updates about what's going on in and around their environments.
And from, again, various different sources, cell phone data, computer data, sensor data, smart information coming from sensors that are part of building management systems, temperature sensors, for example, flood sensors for monitoring the rain and even sensors monitoring chemicals in the air. All of this information is now being flown into one central source where you have folks that need to determine, is this real or is this false?
Can you give me an example of how in the real world this would play out?
Is there a situation where having this blend of information really puts you in a better position?
Let's take a use case where in a global security operations center, there are monitors out in the environment for chemical detection. One of those sensors might go off, right, which may indicate
that something's happening, or it could be a fault, right? And so if you have that sensor go off,
happening, or it could be a false, right? And so if you have that sensor go off, the user can quickly have the video presented in the area to determine, is there any activity that might lend itself to
verify validating that this is a real situation or incident that's occurring? So they get multiple
aspects of what's happening. At the same time, they might get a phone call that says,
hey, someone's not feeling well. And again, it could be in the vicinity of where that
chemical detection went off. So now they have more data that adds to the validity and verification
of that particular incident that's been reported to them.
So, I mean, you could track things like social media chatter that
people are talking about an incident online as well? There you go. Exactly. So people now are on their
smartphones going, hey, wait a minute, I just saw, you know, someone that looks to be in distress.
I myself might be feeling some effects of not feeling well. You may have chatter on, you know,
the public safety radios that's now, you's now where folks are being dispatched, first
responders. Again, all of that information is relevant to that particular situation,
that incident at the time, that now could be brought in to get better situational awareness
and also contribute to the response and actions that need to be taken.
And do you find that this is an area where folks are lagging? Do people tend to think of
physical security as physical security and IT as IT? No, actually, we're really starting
to see the uptake in that convergence, right? Because again, you have your physical security
folks, you have your IT folks. And while they may have separate missions and separate roles and
responsibilities, they are starting to see
those touch points where, you know, there are incidents that are basically joint incidents
in their environment.
Cyber attacks, for example, cannot just be, you know, related to someone trying to hack
into a computer, for example.
It could be someone trying to violate a space as well, right? So there comes that
convergence of that information being part of the same response that needs to be taken to address it.
That's Maurice Singleton from VIDCIS.
Kaspersky, which yesterday described the activities of Taj Mahal, now describes an
operation by the politically motivated Gaza
cyber gang Group One. Kaspersky calls the operation sneaky pastes. This operation is
rated as far less sophisticated than anything seen in Taj Mahal, but potential victims,
most of them in and around Israel and the Palestinian territories, should be alert for
the spear phishing the group is said to employ.
Kaspersky Lab summarizes the principal target set as embassies, government entities, education,
media outlets, journalists, activists, political parties or personnel, health care and banking.
Finland's election results reporting system sustained a denial of service attack this week.
Authorities are investigating, but there is so far no attribution.
Finland votes this Sunday.
Denial-of-service would affect the reporting of results by the press,
and probably not vote tallies themselves.
Still, Finnish authorities are concerned about maintaining public confidence in the election.
There's widespread agreement that incident response plans are a security essential. It's therefore dispiriting that an IBM security study should find that over
half of the organizations that have such plans never get around to exercising them.
And finally, a couple of teenagers in New Jersey are in big trouble with the law for jamming the Wi-Fi at Secaucus High School.
Our North Jersey desk, by the way, insists that we use the old school local pronunciation Secaucus,
as opposed to the trendy Secaucus, favored by recent arrivals who lack knowledge but do watch football games over at the Meadowlands.
Anywho, the Secaucus Utes, both freshmen at Secaucus High, were running a
Wi-Fi jamming on-demand service, apparently with the dual motive of helping out some of their bros
and girlfriends who would have rather not taken exams and, of course, getting some lulls. The two
unnamed boys will appear at family court in Jersey City at some undetermined future date to give an
account of themselves.
The attack was a DDoS.
They would flood the school's Wi-Fi routers to render service inaccessible.
NJ.com talked to a junior girl in a position to know who told them on background,
quote, he was doing it to get out of tests and stuff like that.
One of the boys was also doing it for his friend so she wouldn't have to take a test during the class.
It was a big prank, really.
End quote.
Hey, students, leave those Wi-Fis alone.
And if you're listening to us in Hudson County, New Jersey, we'd just like to close with,
Go Patriots! Calling all sellers. Salesforce is hiring account executives to join us on the cutting edge of technology.
Here, innovation isn't a buzzword.
It's a way of life.
You'll be solving customer challenges faster with agents,
winning with purpose, and showing the world what AI was meant to be.
Let's create the agent-first future together.
Head to salesforce.com slash
careers to learn more. Do you know the status of your compliance controls right now? Like,
right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs, we rely on point-in-time checks.
But get this.
More than 8,000 companies like Atlassian and Quora have continuous visibility into their controls with Vanta.
Here's the gist.
Vanta brings automation to evidence collection across 30 frameworks, like SOC 2 and ISO 27001. Thank you. $1,000 off Vanta when you go to vanta.com slash cyber. That's vanta.com slash cyber for $1,000 off.
And now a message from Black Cloak. Did you know the easiest way for cybercriminals to bypass your company's defenses
is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform
secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk.
In fact, over one-third of
new members discover they've already been breached. Protect your executives and their families 24-7,
365, with Black Cloak. Learn more at blackcloak.io.
And joining me once again is Jonathan Katz.
He's a professor of computer science at the University of Maryland
and also director of the Maryland Cybersecurity Center.
Jonathan, it's great to have you back.
I saw an article from the IEEE Spectrum publication.
This was written by Mikhail Diakonov,
and it's called The Case Against Quantum Computing.
The proposed strategy relies on manipulating with high precision an unimaginably huge number of variables.
And I think this gentleman admits that he's kind of in the minority with his pessimism here.
What do you make of this?
Well, I think we know there's a lot of excitement about quantum computing.
And it's been studied, at least from a theoretical point of view, for a couple of decades now.
And people are excited or maybe even worried about it from a cybersecurity point of view for a couple of decades now. And people are excited or maybe even worried about it from a cybersecurity point of view, because we know that as soon as a general purpose,
large scale quantum computers are built, they would be able to break all the public key
cryptography that's currently being used on the Internet. So that would be certainly quite
devastating. And there are a lot of people now trying to experimentally realize quantum computers,
not only within academia, but also within industry.
Now, I take his article. I can appreciate where he's coming from. I think it's certainly worth
having some skepticism here. But I think he's really being overly pessimistic. To say that
it can never possibly be realized seems a bit extreme. Certainly, it may take longer than people
think. But there seems to be no fundamental physical reason why we shouldn't be able to build these quantum computers.
Yeah, you know, I hear folks saying that on the optimistic side it could be five to ten years.
And then I heard other people say, you know, it's kind of like that joke about fusion energy, that it's always 20 years away no matter when you ask.
That's right.
Somewhere in between there?
away no matter when you ask. Do you think it's somewhere in between there?
Well, actually, I just gave a talk where I said somewhat jokingly that the best case scenario from the point of view of research would be if it's five years away for the next 20 years,
because then you can keep on getting funded for working in the area.
There you go.
I mean, what I will say is that it's very unclear what the timeline is. I was actually
just recently part of a team that was working on putting together a white paper to actually try to come up with some concrete estimates for how long we think it would take to build a quantum computer capable of, say, factoring the numbers that are being used for modern public key cryptography.
And really, at the end of the day, the result was we just don't know. A lot of the theoretical work that's being done doesn't take
into account various real-world constants and real-world constraints that people would have to
consider in building a quantum computer. And so fundamentally, we just don't quite know yet how
these things are going to behave when you start building them in the real world. Now, as I said,
people are starting to build smaller-scale quantum computers. Google and Microsoft have shown examples of this.
And I think that's why the research is important.
The goal of the research is to exactly see what happens when you start building these things.
And the other thing I like to think about always is a quote, actually, or an observation, I should say, made by Scott Aronson that he's made repeatedly,
is that if there's some fundamental
reason that we aren't aware of yet for why quantum computers cannot be built, then that would
represent an advance in our understanding of physics. That would mean that there's something
about quantum physics that we currently don't understand. And so from that point of view,
it would kind of be a win either way. Either we learn something new about physics or we can build
these quantum computers. But as I said earlier, there seems to be no fundamental reason why we can't. It seems to be just an
engineering task at this point. And what is the threshold by which you all consider a quantum
computer to be a practical thing and not just something to be running in a lab? Well, it depends
on what you're trying to do. So there are these quantum computers that are already being commercially produced, for example, by the D-Wave company, which I saw was mentioned in the article.
Now, that computer is not what some people would call a true quantum computer.
It's relying on certain aspects of quantum machinery, but not others.
And so in particular, it doesn't allow you to break modern public key crypto, but it does allow you to solve other problems.
And so, again, it kind of depends on what exactly you're looking to do with the quantum
computer.
If you're looking to attack public key cryptography, then you need a certain number of qubits to
be able to run this algorithm called Shor's algorithm.
Again, if that's your only goal, then that would be what you're trying to optimize for.
Time will tell, right?
Jonathan Katz, thanks for joining us.
Thank you.
Cyber threats are evolving every second, and staying ahead is more than just a challenge.
It's a necessity.
That's why we're thrilled to partner with ThreatLocker,
a cybersecurity solution trusted by businesses worldwide.
ThreatLocker is a full suite of solutions designed to give you total control, stopping unauthorized applications, securing sensitive data,
and ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today to see how a default-deny approach
can keep your company safe and compliant.
And that's the CyberWire. For links to all of today's stories, check out our daily briefing at thecyberwire.com. And for professionals and cybersecurity leaders
who want to stay abreast of this rapidly evolving field,
sign up for CyberWire Pro.
It'll save you time and keep you informed.
Listen for us on your Alexa smart speaker, too.
The CyberWire podcast is proudly produced in Maryland
out of the startup studios of DataTribe,
where they're co-building the next generation
of cybersecurity teams and technologies.
Our amazing CyberWire team is Elliot Peltzman, Puru Prakash,
Stefan Vaziri, Kelsey Vaughn, Tim Nodar, Joe Kerrigan, Carol Terrio, Ben Yellen,
Nick Volecki, Gina Johnson, Bennett Moe, Chris Russell, John Petrick,
Jennifer Iben, Rick Howard, Peter Kilpie, and I'm Dave Bittner.
Thanks for listening. We'll see you back here tomorrow. ambitious, but also practical and adaptable. That's where Domo's AI and data products platform
comes in. With Domo, you can channel AI and data into innovative uses that deliver measurable
impact. Secure AI agents connect, prepare, and automate your data workflows, helping you gain
insights, receive alerts, and act with ease through guided apps tailored to your role.
Receive alerts and act with ease through guided apps tailored to your role.
Data is hard.
Domo is easy.
Learn more at ai.domo.com.
That's ai.domo.com.