CyberWire Daily - Olympic hacking, cryptojacking and other illicit coin mining. Ransomware updates. The curious case of an alleged kompromat buy. Bots turn to ticket scalping.
Episode Date: February 12, 2018In today's podcast we hear that the the Winter Olympics report ongoing hacking. Cryptojacker hits government websites in the UK, Australia, and the US. Engineers use a research institute's superco...mputer to mine Bitcoin in Sarov, Russia. The Equifax breach may be bigger and worse than hitherto believed. The Sacramento Bee deletes encrypted database rather than pay ransom. IBM patches Spectre and Meltdown. Emily Wilson from Terbium Labs offers a dark web scorecard on the 2018 Olympics and the 2018 elections, specifically addressing how matters stand in comparison with the last round of games and voting. The CIA says it was no way bilked by a proffered sale of kompromat. And bots scalp airline seats. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash n2k code N2K at checkout. That's joindelete.me.com slash N2K, code N2K.
The Winter Olympics report ongoing hacking.
CryptoJacker hits government websites in the UK, Australia, and the US.
Engineers use a Research Institute supercomputer to mine Bitcoin in Russia.
The Equifax breach may be bigger and worse than hitherto believed.
The Sacramento Bee deletes an encrypted database rather than pay the ransom.
IBM patches Spectre in Meltdown.
The CIA says it was no way built by a proffered sale of Compromat.
And bots scalp airline seats.
I'm Dave Bittner with your CyberWire summary for Monday, February 12, 2018.
Olympic officials have confirmed that the Winter Games' official website was hacked
during the opening ceremonies and remained unavailable for some 12 hours.
A PyeongChang 2018 spokesperson said the incident was a cyber attack
and suggested that they know who was responsible.
They will not yet offer any attribution, quote,
in line with best practice, end quote.
Tabloid speculation calls out the Russian mob
and discerns a conventional criminal motive,
but it's far too early to credit any snap judgment about cause and motivation.
The Russian Foreign Ministry has released a preemptive, more in sadness than anger, denial
that Russia has any involvement in Olympic hacking,
and that people should expect to hear the Westerners indulge their usual baseless accusations.
While the Olympic organizers have been working to restore security and service, expect to hear the Westerners indulge their usual baseless accusations.
While the Olympic organizers have been working to restore security and service, statements by officials seem to indicate that they regard the problem as ongoing.
Researchers over the weekend found crypto-jacking on government websites in the UK, the US,
and Australia.
The miner, CoinHive, was apparently introduced through an accessibility plugin,
BrowserLoud, developed by the British firm Texthelp. Texthelp confirmed that it was compromised
and that the mining code was injected into its software. Investigation is in progress.
This sort of code compromise is unusual in cryptojacking. The most common place one finds
cryptojacking script is on adult sites.
A Kihu360 NetLab investigation finds that nearly 50% of cryptojacking deployments
are on adult content sites. Not all problematic coin mining is done through cryptojacking.
Sometimes it's just insiders misusing their access to powerful machines. Russian police
have detained some engineers at the All-Russia Research Institute in Experimental Physics in Sarov
in connection with their use of their work supercomputer to mine coin.
The Russian Interfax news agency says the supercomputer they used was a big one,
big to the tune of one petaflop.
The institute's director described it as, quote,
an attempt to make unauthorized use of office computing capacity for personal purposes,
including for so-called crypto mining, end quote.
The wayward employees apparently were unaware that connecting the big machine to the Internet to mine coin would make security suspicious.
Oh, and they were mining Bitcoin, apparently, not our preferred altcoin, Voprcoin.
Anyway, the FSB has arrested some of these employees of the month in what sounds like a sitcom plot gone bad.
Speaking of sitcoms, Gennady Bukin was unavailable for comment.
Ukrainian police made a similar arrest Friday at a university in Lutsk.
Don't feel smug, though, Yankee.
That big Equifax data breach turns
out to have been worse, apparently, than originally believed. It was thought the 2017 breach exposed
names, dates of birth, driver's license numbers, credit card data, and addresses of about 143
million Americans. And that it did. But a U.S. Senate investigation may have turned up more data lost,
including email addresses, license state,
date of issue of those licenses, and tax identification numbers.
The Sacramento Bee newspaper has decided to delete
its legally obtained California voter database
rather than pay extortionists to decrypt it.
California officials say the personally identifiable information held for ransom,
and possibly copied for resale by the extortionists,
wasn't all that sensitive because it didn't include, for example, social security numbers,
but that seems a bit like whistling in the dark.
Even data short of fulls can be used for unpleasant criminal purposes.
Not all the ransomware news today is bad, however.
Here's some nice news indeed.
Belgian police have released decryption keys for Criackel ransomware on the NoMoreRansom site.
So bravo, Belgium.
IBM has issued patches for Spectre and Meltdown and warned of a Lotus Notes bug.
Tomorrow, of course, is Patch Tuesday,
and warned of a Lotus Notes bug.
Tomorrow, of course, is Patch Tuesday,
and observers think we may see an Adobe quarterly update as well as the usual Microsoft fixes.
The CIA says reports it gave $100,000 to a Russian informant
as a down payment on a million dollars promised
for discreditable compromise on President Trump are a lot of hooey.
That is, as Langley puts it, the reports are patently false.
Specifically, the agent denies that it was swindled.
Their statement, as reported by AFP, says,
The fictional story that CIA was bilked out of $100,000 is patently false.
The people swindled here were James Rison and Matt Rosenberg.
Rison and Rosenbergberg, end quote.
Rison and Rosenberg were the reporters for, respectively, the New York Times and The Intercept.
So to be clear, Langley denies it was cheated, and such a denial is consistent, as everyone will soon be pointing out,
with either a denial that they engaged in any such transaction, or denial that they were hoodwinked,
because maybe they got good value for whatever they paid, if they paid anything.
This very odd and still developing story derives mostly from reports in the Times and the Intercept.
The alleged transaction is said to be part of an operation to recover stolen classified
information, which is itself at least as odd as any alleged compromise.
We will refrain from speculation and watch whatever develops.
And finally, do bots grok supply and demand?
Some botmasters apparently do.
Security firm Distil Networks is bot hunting,
and it's doing so in the service of an industry that's being disrupted,
as the kids like to say, by online travel and pricing
services. Why bother with a travel agency if you can find the best pricing and most convenient
arrangements quickly online for yourself? So online travel services have disrupted the travel
agency. But wait, unscrupulous agents are said to be thinking, what if we could get bots to reserve
all the discounted seats on airline flights,
then scalp them?
You can hold a seat for 24 hours without paying for it.
The bots do that, then when the free day is up, they cancel and repeat.
Not everyone agrees this is a major problem,
but it is at least an interesting one,
and Distil wants travelers to be forewarned and forearmed.
still wants travelers to be.
Let's create the agent-first future together.
Head to salesforce.com slash careers to learn more.
Do you know the status of your compliance controls right now?
Like, right now. We know that real-time
visibility is critical for security, but when it comes to our GRC programs, we rely on point-in-time
checks. But get this, more than 8,000 companies like Atlassian and Quora have continuous visibility
into their controls with Vanta. Here's the gist. Vanta brings automation to evidence collection
across 30 frameworks,
like SOC 2 and ISO 27001.
They also centralize key workflows
like policies, access reviews, and reporting,
and helps you get security questionnaires
done five times faster with AI.
Now that's a new way to GRC. Get $1,000 off Vanta when you go to
vanta.com slash cyber. That's vanta.com slash cyber for $1,000 off.
And now, a message from Black Cloak.
Did you know the easiest way for cybercriminals to bypass your company's defenses is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform secures their personal devices, home networks, and connected lives. Because when executives are compromised at home, your company is at risk. In fact,
over one-third of new members discover they've already been breached. Protect your executives
and their families 24-7, 365, with Black Cloak. Learn more at blackcloak.io.
with Black Cloak.
Learn more at blackcloak.io.
And joining me once again is Emily Wilson.
She's the Director of Analysis at Terbium Labs.
Emily, welcome back.
We've got the Korean Winter Olympics underway,
and in addition to that,
we've got the 2018 election on the horizon.
These are both interesting events that you think provide opportunity
for us to do some comparisons.
I think these two events give us a chance to compare to similar events we saw a couple of years ago.
Back in 2016, we had the Rio Olympics, and we obviously had a pretty big presidential election here in the U.S.
So on the Olympics side, I think this is an interesting kind of regional comparison.
With Brazil, we saw a lot of personal information being leaked,
both from citizens and from government employees.
And that came out of a lot of new actors popping up,
a lot of economic unrest in Brazil leading up to the Olympics.
This was a big six-month campaign with a lot of information being leaked every day.
Korea, very different situation.
We're seeing different kinds of threats. We're seeing different kinds of threats.
We're seeing different kinds of actors involved, right?
This is a lot less on personal information leaking
and a lot more at the nation-state level.
Oh, interesting.
I remember also with Brazil,
we saw lots of warnings about carrying your personal devices,
you know, getting your credit card skimmed and things like that.
Yeah, and I think we've seen in a lot of reports and also just in some of the work that we do,
there's a growing community in South America for these kinds of concerns,
whether it's fraud or some of these more vandalism-style attacks.
I think we're just seeing different interests and different calculations in East Asia.
And how about the election?
The election is an interesting one because it is a midterm election, so we're probably not going to
see leaked information from delegates, for example, like we saw during the presidential election. Some
of these factors have been removed. But I'm curious to see as we get into these campaigns,
especially some of the more contested seats, are we going to see kind of as we get into these campaigns, especially some of the more
contested seats, are we going to see information being leaked about candidates and their families?
Are we going to see people leaking information about parties or maybe specific voters? We've
heard a lot in the past couple of years about voter databases being compromised. You know,
recently, just in the past month or so, we heard about another database in
California. I'm curious to see how all of this plays out and what we see kind of happening openly
and what we see behind the scenes. So what about this notion that when we talk about the Russians
interfering with the last presidential cycle, this notion that it really doesn't matter so much
what they're doing as the fact that they're doing it creates chaos and uncertainty.
I think there's a lot to be said for compromising trust in a system, whether that is the integrity of elections, whether that is the integrity of communications, the integrity of media sources.
I think it's not necessarily, to your point, what kind of chaos you create
so much as that you create chaos.
I think all of us, regardless of politics,
are going into this midterm election
with a few different things in mind,
maybe a few different expectations,
a few different biases,
and I think that changes the way these games are played.
Yeah, interesting times for sure.
All right, Emily Wilson, thanks for joining us.
Cyber threats are evolving every second, and staying ahead is more than just a challenge.
It's a necessity.
That's why we're thrilled to partner with ThreatLocker, a cybersecurity solution trusted by businesses worldwide.
ThreatLocker is a full suite of solutions designed to give you total control, stopping
unauthorized applications, securing sensitive data, and ensuring your organization runs
smoothly and securely.
Visit ThreatLocker.com today to see how a default deny approach can keep your company safe and compliant.
And that's the Cyber Wire.
For links to all of today's stories, check out our daily briefing at thecyberwire.com.
For links to all of today's stories, check out our daily briefing at thecyberwire.com. And for professionals and cybersecurity leaders who want to stay abreast of this rapidly evolving field, sign up for CyberWire Pro.
It'll save you time and keep you informed.
Listen for us on your Alexa smart speaker, too.
The CyberWire podcast is proudly produced in Maryland out of the startup studios of DataTribe, where they're co-building the next generation of cybersecurity teams and technologies. Our amazing CyberWire team is Elliot Peltzman, Puru Prakash, Stefan Vaziri, Kelsey Vaughn,
Tim Nodar, Joe Kerrigan, Carol Terrio, Ben Yellen, Nick Volecki, Gina Johnson, Bennett Moe, Chris Russell,
John Petrick, Jennifer Iben, Rick Howard, Peter Kilpie, and I'm Dave Bittner. Thanks for listening.
We'll see you back here tomorrow. solutions that are not only ambitious, but also practical and adaptable. That's where Domo's AI
and data products platform comes in. With Domo, you can channel AI and data into innovative uses
that deliver measurable impact. Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights, receive alerts, and act with ease through guided apps tailored to your role.
Data is hard. Domo is easy. Learn more at ai.domo.com. That's ai.domo.com.