CyberWire Daily - More updates on the Royal Canadian Mounted Police counterintelligence case. Australian elections and China’s interests. ISIS howls to the lone wolves. Ed Snowden would prefer Paris to Moscow.
Episode Date: September 17, 2019More notes on the RCMP espionage scandal. The CSE’s preliminary assessment sounds serious indeed, and Canadian intelligence services are trying to identify and contain the damage Cameron Ortis is al...leged to have done. And the other Four Eyes are doing so as well. Australia considered that a hacking incident early this spring may have been a Chinese effort to compromise election systems. ISIS is back online. And Mr. Snowden wouldn’t mind asylum in France. David Dufour from Webroot with thoughts on backups. Carole Theriault interviews ethical hacker Zoe Rose, who shares insights on entering the industry. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/September/CyberWire_2019_09_17.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash N2K, code N2K.
More notes on the RCMP espionage scandal.
The CSE's preliminary assessment sounds serious indeed,
and Canadian intelligence services are trying to identify and contain the damage Cameron Ortis is alleged to have done.
The other four eyes are doing so as well.
Australia considered that a hacking incident early this spring may have been a Chinese effort to compromise election systems.
ISIS is back online.
And Mr. Snowden wouldn't mind asylum in France.
From the CyberWire studios at DataTribe, I'm Dave Bittner with your CyberWire summary for Tuesday, September 17th, 2019.
The presumably now former Director General of the Royal Canadian Mounted Police National Intelligence Coordination
Centre, Cameron Ortis, had access to sensitive intelligence provided by Canada's Five Eyes
partners, Canadian officials now say. Mr. Ortis was indicted last week on charges of violating
the Information Security Act. The CBC reports that Canada's communication security establishment's preliminary assessment holds that
the damage done by the release of these reports and intelligence is high and potentially devastating.
Which sounds serious indeed.
The word high in the CSE's assessment is in all capital letters for emphasis.
Crown counsel is understandably not saying much, but prosecutors
did say, without going into too much detail, it is alleged he obtained, stored, and processed
sensitive information. The Crown believes, with the intent to communicate that information,
with people he shouldn't be communicating to. The CSE is the rough equivalent of the Australian
Signals Directorate, New Zealand's Government Communications Security Bureau, Britain's Government Communications Headquarters, and the American National Security Agency.
How much intelligence from the other eyes, Australia, New Zealand, the United Kingdom, and the United States, was compromised is unclear.
But the Washington Post observes that Canada is reckoned a net consumer of information,
receiving more than it gives. So Ottawa is concerned not only about its own counterintelligence
problems, but about the possibility of fallout on its key allies. As his job title suggests,
Mr. Ortiz was no small fish. He held an important position in Canadian intelligence,
and he had access to a great deal of sensitive information.
Global News reported that, quote,
Ortis had access to the following information,
identities of undercover Canadian police and undercover Canadian agents
operating domestically and abroad, end quote.
Again, it's not known how much of this is blown,
nor to whom it may have been blown, but the potential damage is indeed serious.
At the time of his arrest, among other official duties, Mr. Ortis is said to have been overseeing an investigation of Russian money laundering,
specifically a $230 million fraud scheme Sergei Magnitsky exposed in 2008. Magnitsky, a Russian tax advisor,
blew the whistle on the fraud, believed to have been run by senior Russian interior and tax
officials. He was arrested by Russian police and murdered in jail in 2009. The U.S. Magnitsky Act,
passed by Congress in 2012, is named in his honor and forbids those implicated in the
murder from entering the U.S. or using the U.S. banking system. Mr. Ortiz apparently approached
Phantom Secure Communications, a Vancouver firm whose CEO is now in a U.S. prison serving time
for offenses related to provision of encryption services to the Sinaloa drug cartel.
In June 2017, a joint investigation by the FBI, RCMP, and Australian Federal Police
resulted in the indictment of Phantom Secure executives in the U.S. District Court
for the Southern District of California.
The company's CEO, Vincent Ramos, was sentenced to nine years on May 28th of this year.
He's a Canadian citizen.
Four of his colleagues from Phantom Secure remain at large.
Evidence of Mr. Ortiz's contact with the company was discovered, the Globe and Mail reports,
on a laptop the FBI seized during its investigation of Phantom Secure.
The content of some emails, among other evidence,
prompted the investigation that resulted in his arrest. Canadian police completed their
investigation, according to reports, with a quiet search of Mr. Ortiz's condo last month.
A conviction on all counts could earn Mr. Ortiz a sentence of 37 years.
We should note that Phantom Secure Communications,
the company implicated in the FBI's case against those who helped the Sinaloa cartels
drug traffickers evade surveillance and wiretapping,
has no connection to the 2016 RSAC Innovation Sandbox winner, Phantom,
a cybersecurity company that's now owned by Splunk.
Many of us consider it important to provide mentorship, guidance, and inspiration
for the next generation of cybersecurity professionals.
How do we make sure the messages we're putting out there are the types of things they really need to hear?
Carol Terrio files this report.
So I dedicate a lot of time to educating people on how to be safer online through podcasts like this one, speaking at schools and events and so on.
Zoe Rose is an ethical hacker based in the UK, and she too is very involved in helping people be safer online.
I asked her about her experiences and what advice she had for young people, especially women who might want to get into the industry.
Here's Zoe Rose.
The reality is, I mean, if you look back, before there was all this technology in our lives,
and we were coding through, you know, sheets of paper that have holes punched in it.
But if you looked at it, these people, the majority of them were women.
If you watch the Hidden Figures movie, those women were the computers,
you know, they were the ones doing all the technical. So it's not really unique to women,
but I think it's more the cultural change of where we've made that assumption that it makes us
unique. And so I think identifying to young people that actually it does come naturally and you're not it's not going to be ridiculously challenging for you to get into it because you probably have a good understanding.
Do you feel that women are treated differently in the industry?
What I've noticed is in the beginning, I found it very challenging.
is in the beginning, I found it very challenging.
This is more than 10 years ago, mind you.
But I was told by one organization, they don't hire women because they're too distracting to men.
I've had, yeah, I know.
I told them to stop hiring children.
I've also had situations where I've had to block colleagues
and, you know, remove them from my life because they become very uncomfortable and I felt unsafe.
But what I've noticed was in those situations, And actually, finding organizations that aren't like that.
it actually quite a bit easier. And when I find an organization I potentially want to work for,
I look at how senior leadership, you know, approaches this.
So I don't know if it's easier now because I'm much more knowledgeable and secure and,
you know, know a lot more than I did 15, 20 years ago. My instincts say to me that the environment is changing for the good. And it is,
I think it's easier for women to get into the industry now than it may have been.
But at the same time, there's probably going to be new challenges now.
Definitely. So last year, I spoke in Sri Lanka. And what really stood out to me,
and the reason I bring this up is I presented, I think I called it, In the Life of an Ethical Hacker.
And afterwards, I got a lot of young men, school age to just about graduate.
And young men came up and they're like, oh, I'm going to be the most elite pen tester.
I'm going to be the coolest hacker.
And none of them talked about their skills or anything.
They just talked about how they're going to be super elite.
And then these two young women came up to me and they were like, you know what? Actually,
it was really cool hearing your talk because I never thought I'd be good enough to be a hacker
or I'd be good enough to be a programmer. I really thought that I just don't have the skill.
So I was talking to them about their experience. And my goodness, Carol, these two young ladies are more
advanced, more intelligent than I could ever dream to be. They were so skilled. It was
bloody impressive. And I was thinking about it after and I was like, looking at the males and how
confident they were that they were going to take over the world. Whereas these two young women, they were highly technical, but didn't think they were.
They were very intelligent, very hardworking, and yet they still worried that they wouldn't be good enough.
It is really refreshing to hear about young people that understand that in order to become really good at something,
it takes a lot of patience and work and skill.
And that's how you develop the skill
by just dedicating yourself to it.
I mean, my background is networking,
network architecture.
And then I went into network security
and then I went to cybersecurity.
So I admit that I've got gaps in my knowledge.
I mean, I was never a programmer
and I would never say I am.
And that to me is vital
because people will come to me and be like,
how can I be the best programmer come to me and be like,
how can I be the best programmer? And I'll be like, honestly, I'm not going to be the most effective person. So here's the people that you should speak to because they're brilliant.
I like what she says about women and technology having always been intertwined and that women
tend to really work on their skills before they get into the industry. This could just give them
a bit of edge.
This was Carol Terria for the Cyber Wire.
Australian officials were concerned that attacks on parliament and three major political parties,
now generally thought to have been conducted by China,
also aimed at compromising state and territorial election systems,
the Australian Broadcasting Corporation reports.
The several electoral commissions were asked to investigate whether they'd been penetrated
and to let Canberra know what they found.
In all cases, the report says, the findings were negative.
They had not been hacked.
The Islamic State, ISIS, which has for some time been hidden from view,
has resurfaced online with messages urging adherents to establish new bases of operation in Southeast Asia
and howling for any lone wolves who might be listening to do whatever they can to free ISIS detainees from whatever jails, prisons, or camps that are holding them.
And finally, in the midst of other Edward Snowden news that's come out this week
as the bad boy of the sysadmin world talks to people about his forthcoming memoir,
is this nugget.
The AP says Ed Snowden would rather receive asylum in France than Russia.
Well, we would too if it came down to it, but...
Asylum? In France?
Take a number, Ed.
Asylum in France?
Take a number, Ed. You'll be solving customer challenges faster with agents, winning with purpose, and showing the world what AI was meant to be.
Let's create the agent-first future together.
Head to salesforce.com slash careers to learn more.
Do you know the status of your compliance controls right now?
Like, right now.
Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks.
But get this.
More than 8,000 companies like Atlassian and Quora have continuous visibility into their controls with Vanta.
Here's the gist.
Vanta brings automation to
evidence collection across 30 frameworks, like SOC 2 and ISO 27001. They also centralize key
workflows like policies, access reviews, and reporting, and helps you get security questionnaires done five times faster with AI. Now that's a new way to GRC. Get $1,000 off Vanta
when you go to vanta.com slash cyber. That's vanta.com slash cyber for $1,000 off.
And now, a message from Black Cloak.
Did you know the easiest way for cyber criminals to bypass your company's defenses is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform
secures their personal devices, home networks, and connected
lives. Because when executives are compromised at home, your company is at risk. In fact, over
one-third of new members discover they've already been breached. Protect your executives and their
families 24-7, 365 with Black Cloak. Learn more at blackcloak.io.
with Black Cloak. Learn more at blackcloak.io.
And I'm pleased to be joined once again by David DeFore. He's the Vice President of Engineering and Cybersecurity at Webroot. David, it's always great to have you back. I wanted to touch today
on file backups and some of the nuances and how people define backups and what's the difference
between backups and syncing
and things like that. Great to be back, David. And, you know, this is literally for the past
three years, one of my hot button topics. If any of your listeners ever find me at a conference
and they want to watch me, you know, fall over, just bring up this topic and it makes me pass out
because we do it. I cannot talk about this enough. It's so important. Fundamentally, file syncing. This is when you're using your OneDrive or your iCloud or Dropbox,
and these are all amazing, wonderful products, and I use them heavily. And what they do is they
keep my data synchronized across my machines. And one of the most beautiful things they do
is when one of my machines dies or I drop it, you know, in a lake and it's no longer usable.
I know my data is in the cloud.
I can go to the store, buy a new computer and bring my data down.
Folks like you and me, David, we remember the good old days back in the 90s when you bought a new computer and it'd take you four days to get your data over, right?
Yeah, yeah, yeah.
four days to get your data over right yeah yeah yeah i do that but that synchronization process and because you can buy a new computer and get your data onto that machine quickly that process
has people thinking oh my data is backed up the problem with that is one instance of your data
exists and you're able to get to it from many devices. And my point in this, a proper backup is,
whether it's online or offline,
is something that is iterative.
You can roll back to different versions.
You are able to pull it down or pull it out of a drawer
because you did it on a disk and put it in a machine
and get your information back.
Again, a lot of the services today
are doing a really good job of protecting your information back. Again, a lot of the services today are doing a really good job
of protecting your information, et cetera.
But what happens if you get corrupted data,
and that corrupted data then syncs to all your machines?
Guess what?
You don't have a backup,
you have a bunch of synced up corrupted data.
I think for a lot of people, probably myself included,
at some point along the way,
you learn that lesson the hard way.
You do, because all of a sudden, and this is a very extreme case, it's possible it doesn't
happen that often, but it's possible your local folder gets hacked, ransomware encrypts all that
data, that data syncs up to the cloud, and what you thought was a backup is no longer a backup.
It's just a synchronized bunch of ransomware data so that's
an extreme case but david that's not the only case a more common case is you know you're a big uh
photo taker i know you're taking those selfies all the time on your iphone david because the world
is true the world would be a lesser place without them i can't i can't deny that yes but what
happens when you fill up that synchronization folder and that data is no longer synchronizing,
but you're not paying attention to it.
You're just click and ignore, click and ignore.
Your sync folder's full.
And all of a sudden, the important information that's on one machine is lost.
You don't have it anymore.
This is, again, why it's another example of why proper backups are so critical, especially
for businesses.
But individuals should think
about it as well. Now, what about this notion that I hear from folks in the backup game that
one is none, that one backup is not sufficient? If something's important to me, I need to have it in
at least two places aside from the original. I could not agree more. I do believe in online
backup technology. I think it's great, but you're absolutely right.
One is none. I'm a huge proponent of backing up your data, having it in that synchronized
place as well. But being in the industry I'm in, one of the biggest things I believe in is if it's
something you cannot lose, it is so important to you. Your life will be over if you lose it.
Put it on hard media and put it in a drawer somewhere. That is the best way to
have data backed up. So that external hard drive, that external flash drive, whatever it is, just
keep that copy disconnected from the main system. That's exactly right. You don't want hackers
getting to it. Right. Yeah. Have that high impedance air gap, right? Exactly.
All right.
Well, as always, David DeFore, thanks for joining us.
Hey, great being here, David.
Cyber threats are evolving every second, and staying ahead is more than just a challenge.
It's a necessity.
That's why we're thrilled to partner with ThreatLocker, a cybersecurity solution trusted by businesses worldwide.
ThreatLocker is a full suite of solutions designed to give you total control,
stopping unauthorized applications, securing sensitive data,
and ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today
to see how a default-deny approach
can keep your company safe and compliant.
And that's the Cyber Wire.
For links to all of today's stories, check out our daily briefing at thecyberwire.com.
And for professionals and cybersecurity leaders who want to stay abreast of this rapidly evolving field, sign up for Cyber Wire Pro.
It'll save you time and keep you informed.
Listen for us on your Alexa smart speaker, too.
The Cyber Wire podcast is proudly produced in Maryland out of the startup studios of DataTribe,
where they're co-building the next generation
of cybersecurity teams and technologies.
Our amazing Cyber Wire team is
Elliot Peltzman, Puru Prakash,
Stefan Vaziri, Kelsey Vaughn,
Tim Nodar, Joe Kerrigan,
Carol Terrio, Ben Yellen, Nick Volecki,
Gina Johnson, Bennett Moe, Chris Russell,
John Petrick, Jennifer Iben,
Rick Howard, Peter Kilpie,
and I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow.
Your business needs AI solutions that are not only ambitious, but also practical and adaptable.
That's where Domo's AI and data products platform comes in. With Domo, you can channel AI and data into innovative uses that deliver measurable impact.
Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights, receive alerts, and act with ease through guided apps tailored to your role.
Data is hard. Domo is easy.
Learn more at ai.domo.com.
That's ai.domo.com.