CyberWire Daily - Korean-language phishing targets interest in the Winter Olympics. Unrest continues in Iran. Meltdown and Spectre updates. Aadhaar security. Admiral Rogers will retire this spring from NSA.
Episode Date: January 8, 2018In today's podcast we hear that someone is phishing for hockey enthusiasts during the run-up to the Winter Olympics. Continued unrest in Iran, with more arrests. More on Meltdown and Spectre, as most... experts agree you should apply the mitigations being offered. Intel receives much hostile scrutiny over the chip bugs, but other vendor's processes are affected, too. India says Aadhaar is secure, but many aren't so sure. Admiral Rogers will retire as NSA Director this spring. Ben Yelin from UMD CHHS on legislation to enable hacking back, ACDC, the Active Cyber Defense Certainty act. Marcus Hutchins' attorneys want his confession to involvement with Kronos thrown out. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash N2K, code N2K.
Fishing for hockey enthusiasts during the run-up to the Winter Olympics.
Continued unrest in Iran with more arrests.
More on Meltdown Inspector, as most experts agree you should apply the mitigations being offered. Thanks for watching. as NSA director this spring, and Marcus Hitchens' attorneys want his confession to involvement with Kronos thrown out.
I'm Dave Bittner with your CyberWire summary
for Monday, January 8, 2018.
In the run-up to next month's Winter Olympics
to be held in PyeongChang, South Korea,
the first significant hacking campaign directed at those interested in the Games has surfaced. Researchers at McAfee
discovered the campaign, which uses phishing emails to spread malicious code in the form of
an attached Korean language text document. McAfee doesn't offer any attribution of the attack,
but they do think that the operation looks like the work of a nation-state.
of the attack, but they do think that the operation looks like the work of a nation-state.
In response to a question we sent to them, they said,
attribution is difficult and technical analysis alone does not provide enough data to definitively say what group is behind this attack.
What we can determine from looking at past attacks is this campaign has the hallmarks
of a nation-state attacker, given their ability to adopt a technique
that was released into the security community, weaponizing and using it to carry out an attack. Other Olympics have experienced associated cyberattacks, notably the 2016 Rio Games.
Most were criminal in motivation, although there were fancy bear sightings during the online retaliation
against anti-doping groups and other
country's athletes when exposure of Russian drug cheating induced the Games officials to kick
Russian competitors out of the Olympics. That retaliation took the form of doxing. The criminal
hacking was more along the lines of what's being seen in Korea now, fishing and water-holing
attacks against people interested in the Games. More attacks can be expected as the Pyeongchang Olympics approach.
Unrest continues in Iran, as do government attempts to control information.
Former President Mahmoud Ahmadinejad, no westernizing reformer by any account,
is said to have been arrested for fomenting dissent.
It was Ahmadinejad's election in 2009 that sparked
the last significant public unrest in Iran. At that time, the protesters claimed Ahmadinejad
stole the election. This time around, dissent is aimed at alleged corruption the protesters
see as stunting the economy and stifling civil society. Admiral Michael Rogers Friday announced his intention to retire from his post as NSA director
this spring.
He presided over an extensive reorganization of the agency, not the least of which was
the splitting of Cyber Command into a distinct organization.
A successor has not yet been named.
Remediation of Meltdown Inspector, which if you care to follow MIT's technology review,
you can call collectively Chipmageddon, continues. Spectre is now clearly known to affect essentially
all chips, not just Intel's, but Intel continues to bear the brunt of hostile scrutiny, including
class action lawsuits the plaintiffs bar quickly and predictably initiated at the end of last week.
lawsuits the plaintiffs' bar quickly and predictably initiated at the end of last week,
CRN reports that one of those suits argues as follows, quote,
Intel has been aware of a material defect in its microchips that leaves its customers susceptible to unauthorized access by hackers. Intel knew of the material defect in its microchips
and intentionally chose not to disclose the defect to its customers. Intel's material defect can be patched,
but patched computers, smartphones, and devices suffer reduced performance.
One widely noted fact that has poor optics for Intel
is the CEO's sale of a large quantity of stock,
just shy of half of his unrestricted holdings,
which reduced those holdings to the 250,000 share minimum
prescribed in Intel's executive stock ownership guidelines, as described in recent proxy statements.
The Wall Street Journal has noted that the sale represents a deviation from the CEO's
previous patterns of incremental sales.
Intel has said that the sales were executed in a prearranged trading program established
in October and that they were unrelated to knowledge of the then undisclosed Meltdown Inspector vulnerabilities.
Such prearranged programs are indeed proper and consistent with SEC rules,
but of course they themselves cannot be established on the basis of material non-public information.
Thus, it seems that CEO Brian Kurzanich, to have traded innocently, was either unaware of the chip flaws or unaware that their disclosure would have a material effect on Intel's stock prices.
Despite concerns over incompatibilities between a patched Microsoft Windows 10 and a number of antivirus products, and despite widespread fear of slower performance, most experts are advising enterprises
and individuals to apply the fixes. Intel discounts the effect of mitigations on speed,
and Motherboard reassures gamers that they'll still be fast enough to crush noobs.
Windows Security Center now controls the way users manage security on their Windows devices.
The problems that have cropped up integrating antivirus software
into the patched version of Windows 10 appear to come down to this.
Antivirus software producers have to pre-validate any Microsoft patch
and set a flag that they are compatible.
Otherwise, Windows Security Center will block the update
because it cannot verify the currently installed antivirus product's compatibility.
People using the latest versions of products from major antivirus vendors are for the most part fine,
since those vendors and versions should be compatible and up-to-date with the latest changes in Windows Security Center.
Older versions of common security software and some products from off-the-beaten-track, however,
may pose problems of the kind the security community is a-twitter and a-tweeting about.
Here are some other bad optics.
India's government, while continuing to maintain that its Athar National Identification Database remains secure,
is said to be working on prosecution of the reporter
whose investigative work broke the story last week that the database had been pwned
and could be bought on the dark web at fire sale bargain basement prices.
In other news from the world of crime and punishment, Equifax has said it will comply
with New York State's request for information on the breach the credit bureau sustained last year.
New York wants to know what Equifax intends to do to make New Yorkers whole, after around 8.4 million of them had credit information exposed in the breach.
And Marcus Hutchins says he didn't do it.
At first, Mr. Hutchins was the inadvertent hero who accidentally found and tripped WannaCry's kill switch,
and later, the guy arrested by the FBI on charges of being behind the Kronos banking trojan.
But his lawyers say he didn't do it. Didn't do Kronos, that is.
Presumably, he still did the WannaCry stop.
In an argument that anyone who has seen TV will recognize,
Mr. Hutchins' lawyer says that his confession was coerced.
The FBI picked Mr. Hutchins up at McCarran Airport on his way out of Black Hat and DEFCON,
and they knew, the defense says, that Mr. Hutchins was both sleep-deprived and intoxicated,
as so many flying out of McCarran are wont to be.
As computing quotes in their statement, quote,
the defense intends to argue that the government coerced Mr. Hutchins,
who was sleep-deprived and intoxicated, to talk, end quote.
And besides, counsel for Mr. Hutchins says, the G-men also failed to properly Mirandize him.
The hope is that the judge will say, as the judges on Law & Order so often do,
Sorry, Counselor, but the confession is out. Calling all sellers. Salesforce is hiring account executives to join us on the cutting edge of technology. Here, innovation isn't a buzzword. It's a way of life. You'll be solving customer
challenges faster with agents, winning with purpose, and showing the world what AI was meant Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks.
But get this.
More than 8,000 companies like Atlassian and Quora
have continuous visibility into their controls with Vanta.
Here's the gist.
Vanta brings automation to evidence collection across 30 frameworks,
like SOC 2 and ISO 27001.
They also centralize key workflows like policies, access reviews, and reporting,
and helps you get security questionnaires done five times faster with AI.
Now that's a new way to GRC.
Get $1,000 off Vanta when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1,000 off.
And now, a message from Black Cloak.
Did you know the easiest way for cybercriminals to bypass your company's defenses
is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform
secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home,
your company is at risk. In fact, over one-third of new members discover they've already been
breached. Protect your executives and their families 24-7, 365, with Black Cloak. Learn more
at blackcloak.io. And I'm pleased to be joined once again by ben yellen he's a senior law and policy analyst
at the university of maryland center for health and homeland security ben welcome back we saw
recently that uh some representatives bipartisan uh representation has introduced uh what is a bill
about hacking back and this is not without a little bit of controversy.
Sure.
This is an idea that's been around quite a while.
The bill, which was introduced by Tom Graves, a Republican from Georgia, and Kirsten Sinema, a Democrat from Arizona who's actually running for the Senate.
So she's putting her trying to put her name on a piece of legislation.
It's called the Active Cyber Defense Certainty Act, which is an acronym to ACDC, one of the silliest acronyms I've seen on legislation in a long time.
But putting that aside, the bill provides an exception to the Computer Fraud and Abuse Act.
Under that act, generally, it is a crime to access a foreign network for any reason to get material. This law would provide
an exception that you can access another network if it is part of what's called an active defense.
So basically the real world equivalent is if somebody were to come into your house, rob you,
take some of your materials, some of your papers, some of your valuables.
What this legislation would do in the physical realm if it existed would be to grant you an
exception to burglary and robbery laws and allow you to go to that person's house who stole your
stuff and to take it. Obviously, it seems kind of more radical when we make an analogy in the
physical realm. It's basically allowing you to commit a crime as long as you're doing so for what we call defensive purposes because somebody
has attacked you first. I think what critics would say is this sort of opens up a Pandora's box. We
could have incidents where companies plant evidence that information from their own servers has been stolen so that they can have recourse,
some sort of excuse to hack into somebody else's network and take information that ostensibly was stolen from them.
And I think that's a very bad incentive structure.
Really, I think this article noted there aren't many advocates of this approach.
I think they mentioned a former lawyer with the Bush administration named Mr. Baker, Assistant Security Secretary under President Bush,
has been an advocate for this. But it's an idea that kind of keeps popping back up,
and it's certainly not without controversy. Yeah, it's odd because, like you say,
nobody's really asking for this. And even the provisions within the bill are quite vague in terms of what you
can and cannot do. It just seems like asking for trouble. Yeah, I mean, they try and put all sorts
of provisions in the act to limit its most extreme application. For instance, have language advising
defenders to exercise, quote, extreme caution. But without specifically defining those words, you just open the floodgates for potential abuse, potential fraud, using this defense against
charges from the Computer Fraud and Abuse Act as a pretext to commit cyber crimes. And I just think
that would be opening some sort of dangerous precedent. And usually we would see the industry
groups line up behind a
piece of legislation like this, and that's usually what motivates members of Congress.
But as you said, I mean, there just really is no industry support here,
which is why it's so vexing that this idea keeps popping up. I think the author of this article,
and many of us are sort of stumped as to why it keeps getting reintroduced in Congress.
Well, I guess we can agree that if it does pass,
you and I will both be thunderstruck.
Absolutely.
We can say that for a number of things,
but we've both been wrong in the past,
so maybe we'll be proven wrong again.
All right. Ben Yellen, thanks for joining us.
Thanks, Dan.
Cyber threats are evolving every second,
and staying ahead is more than just a challenge.
It's a necessity.
That's why we're thrilled to partner with ThreatLocker,
a cybersecurity solution trusted by businesses worldwide.
ThreatLocker is a full suite of solutions designed to give you total control,
stopping unauthorized applications, securing sensitive data,
and ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today to see how a default-deny approach
can keep your company safe and compliant.
And that's The Cyber Wire.
For links to all of today's stories, check out our daily briefing at thecyberwire.com. And for professionals and cybersecurity leaders who want to stay abreast of this rapidly evolving field, sign up for Cyber Wire Pro.
It'll save you time and keep you informed.
Listen for us on your Alexa smart speaker too
The Cyber Wire podcast is proudly produced in Maryland
out of the startup studios of DataTribe
where they're co-building the next generation
of cybersecurity teams and technologies
Our amazing Cyber Wire team is
Elliot Peltzman, Puru Prakash, Stefan Vaziri
Kelsey Vaughn, Tim Nodar, Joe Kerrigan
Carol Terrio, Ben Yellen, Nick Valecki
Gina Johnson, Bennett Moe, Chris Russell John Petrick, Jennifer Iben, Rick Howard Thanks for listening.
We'll see you back here tomorrow. Thank you. and data into innovative uses that deliver measurable impact. Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights, receive alerts,
and act with ease through guided apps tailored to your role.
Data is hard. Domo is easy.
Learn more at ai.domo.com.
That's ai.domo.com.