CyberWire Daily - Piling on sanctions. The disinformation-as-a-service black market. Technological sovereignty through R&D investment? Ransomware continues to rise. NSA’s new Cybersecurity Directorate.
Episode Date: October 1, 2019The oligarch behind the St. Petersburg troll farm is sanctioned, again. Recorded Future looks at disinformation and finds there’s a functioning private sector market for it. The European Union seems... likely to pursue technological sovereignty, at least to the tune of some R&D investment. Ransomware attacks against US state and local governments have been trending up, and that trend is likely to continue. And NSA has its new Cybersecurity Directorate. Joe Carrigan from JHU ISI on Microsoft no longer trusting built-in encryption on hard drives. Carole Theriault speaks with Simon Rodway from Entersekt about Facebook’s Libra and how it may effect traditional banks. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_01.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash N2K, code N2K.
The oligarch behind the St. Petersburg troll farm is sanctioned, again.
Recorded Future looks at disinformation and finds there's a functioning private sector market for it. The European Union seems likely to pursue technological sovereignty,
at least to the tune of some R&D investment. Ransomware attacks against U.S. state and local
governments have been trending up, and that trend is likely to continue.
And NSA has its new Cybersecurity Directorate.
And NSA has its new Cybersecurity Directorate.
From the CyberWire studios at DataTribe, I'm Dave Bittner with your CyberWire summary for Tuesday, October 1st, 2019.
The oligarch behind the Internet Research Agency that worked its influence mischief from St. Petersburg has come under new sanctions imposed by the U.S. Treasury Department.
Yevgeny Prigozhin is variously described as a founder,
financer, or owner of the troll farm,
and he's a wealthy guy indeed.
More on this later.
We tend to think of disinformation as something states do,
and indeed the word comes from a Russian word,
дезинформация.
It was defined in the old Soviet encyclopedia,
but the practice didn't fall out of use when Soviet power went the way of the dodo at the end of the Cold War.
The Russian security organs have long been world leaders in the practice.
But there are also purely criminal use cases for disinformation,
as a recorded future study concludes.
Much of it takes the form of garish and dishonest advertising and apple polishing,
and there's enough demand to sustain a disinformation-as-a-service market.
Bulk social media campaigns are prominent offerings.
The gangs offer services that range from what most of us would call shady PR tactics, like placing stories in both legitimate and dodgy online outlets through creating social media campaigns
crafted to avoid triggering the content controls networks have put in place to limit such activity.
It would appear from Recorded Future's experiment that disinformation as a service is fast, affordable, and arguably effective.
that disinformation as a service is fast, affordable, and arguably effective.
The researchers created a fictitious company,
which their report calls the Tyrell Corporation,
and then contacted two competing disinformation specialists in the Russian-speaking underground to pull together competing campaigns,
one pro and the other anti-Tyrell.
The salesmen of the two groups, which Recorded Future calls Raskolnikov and Dr. Zhivago,
were highly professional, patient, and apparently easy to work with.
They also offered clear pricing, and they delivered on their end of the deal.
Of the two, Dr. Zhivago was the more experienced and sophisticated,
but both delivered the content with novelistic flair.
Odiat amo, I hate and I love, said the old-time European poet,
and the more things change, the more they stay the same, as another old European saying has it.
An internal EU policy document from the European Commission's Directorate General for Communications
Networks, Content and Technology has leaked and shows the EU as being of two minds with respect to foreign
technology. It wants foreign technology, and for foreign, here, read Chinese and American,
but it fears them as well. The leaked document recommends an urgent initiative for technological
sovereignty, Bloomberg reports. An EU spokesman emailed Bloomberg to say simply,
we don't comment on leaks, but the word on the street is that the 23-page document, itself a chapter in a larger briefing book, says,
quote, Europe's position and influence in global markets will be eroded,
affecting European leadership and jeopardizing our technological sovereignty in key industrial strategic value chains.
Quote, it's thought to represent the thinking of Ursula von der Leyen, who assumes the presidency
of the European Commission next month.
Technological sovereignty was a major plank of President-elect von der Leyen's campaign,
but she herself, of course, will not have the authority to mandate it by decree.
That decree would have to come from the European Parliament, but the leaked proposal represents an influential line of thinking.
Two companies particularly mentioned in dispatches are Apple and Huawei, and the prescription for making Europe great again is, for the most part, greater investment in R&D.
Among the many observations on trends out today is one from Emsisoft.
on trends out today is one from Emsisoft. More than 600 government entities in the U.S., mostly state and local organizations, have been hit with ransomware this year,
and Emsisoft thinks it's going to get worse. Politico grouses that legislators are either
out of ideas or indisposed to act, and a HelpNet security op-ed argues for collective defense as
local government's best option. Facebook can't seem to keep themselves out of the news these days,
and most of the news about Facebook lately has arguably not been good for Facebook.
But one of their initiatives to become a major player in online cryptocurrency
has been flying a bit under the radar.
Our own Carol Terrio has this report.
Facebook, despite being hammered on privacy and ethical issues for the last year or more,
seems to be foraging ahead with new digital adventures without hardly a limp in its step.
And one of these recent forays is Facebook's new cryptocurrency called Libra or Libra.
The idea is that Libra would launch in early 2020 and that Libra would
dramatically improve the way in which people send and receive money online. Well, that is what
Facebook say at least. So I invited Simon Rodway from Intersect to help us understand what Facebook
is trying to do here and get him to look into the crystal ball and see what he thinks the impact
will be on our financial lives. Simon, tell me, what do you
think Facebook Libra is going to do? Is it going to rock the financial foundations as we know it?
Well, it's a very interesting question to ask. Things are not always what they seem. And I think
in this particular case with Facebook specifically, and with the Libra project, it's sensible to look a little bit deeper
than what is first perceived. All Libra is, is an aspirational vision. The vision of Libra is really
to develop a safe, secure and low cost way for people to move money effectively. We've seen for such a long time that the remittance market is a very expensive
market for, in effect, the poorer in our society, where people want to move money to send to their
family and they have to pay a hell of amount to do it. The reality is what Libra is trying to do in the way that it's being
presented is to try and address that particular gap. And I think with that in mind, I can only
applaud it at this point. Whether it's successful is a different matter. There are a lot of reasons
why that might not be the case. Libra is just one driver in this particular
space. There are others. We can look at the likes of the startup banks that we see who are also
looking at cross-currency, cross-border payments and saying, okay, we can do that better.
Okay. So let's say I'm a target market for something like Facebook Libra.
What are the things I want to ask before I dive in and start using it as a currency?
They always go to the place of fear.
This is change.
This is something different.
What should I be afraid of?
And because it's got the Facebook stamp on it, obviously, in our mind mind we can think of various events that have
taken place in recent months and years where we think do we really want to
trust Facebook with all of this information the reality is that we call
this Facebook Libra but it's not Facebook not directly anyway Facebook is
one member in an association where the association will
manage this network yes Facebook were the conceiving body they were the the
organization that put forward the developers that built out the Libra
framework so the fear that we have which is do I really want to trust my personal
identifiable information to an organization that has got a track record of not really looking after that well?
A pretty justifiable fear, I would say.
Absolutely, without a doubt.
The question then I would ask is, what information are they capturing?
What information is Facebook themselves capturing?
capturing what information is Facebook themselves capturing they won't get access to the the Libra network directly in that it is it's a node based network
so there are a number of different parties that will play and there because
it's based on blockchain blockchain is an immutable structure it can't be
changed it can't be tampered with it can't be altered and therefore there's very little that Facebook themselves can
actually do with that where Facebook will win and could win is when we talk
about Calibra the wallet solution that will be delivered by Facebook in actual
fact it's going to be headed up by David Marcus, who will look to deliver a wallet
solution for Libra, which people will then use. And typically their argument there is
the 2.3 billion Facebook users they have will use a Calibra wallet, which will allow them to
exchange Libra coin over the Libra network. Right. And that is where there may be some
security issues. That's where you're seeing that. That's the area you're thinking,
let's pay attention to that. The question needs to be asked.
Well, Simon Rodway, you've educated me today. Thank you very much for coming on the show and
making the time to speak with us. This was Carol Theriault for the Cyber Wire.
NSA has launched its new Cybersecurity Directorate today.
Its first director, Ann Neuberger, is quoted in the Washington Post as saying,
The mission of the organization is to prevent and eradicate threats.
Our focus is going to be on operationalizing intelligence.
So welcome to the world, Cybersecurity Directorate, and may you get off to a good start.
We return for a moment to the case of the sanctioned oligarch.
As we mentioned earlier, he's been sanctioned before.
What's left to sanction, one might wonder.
The same question came up with recent new sanctions imposed on North Korea's Lazarus Group.
At some point, aren't you just chasing your tail?
Not necessarily, and if you look at the details of the sanctions, you can see the point.
Yevgeny Progozin has indeed been sanctioned before,
but this time his yachts and private jets are specifically named.
He may find it difficult to ride them into non-Russian ports of call, Fifth Domain notes.
No place to buy diesel, no landing rights, and so on.
Thinking of dropping anchor and calling
the harbormaster at Barcelona or Port Adriano? Perhaps it's no longer such a good idea. Or maybe
you're in the Black Sea, say dropping hook at Novorossiysk. Like it's not Saint-Tropez, but
there's a wine tour open to the public and maybe you could visit the monument to the sailors' wives,
enjoy some oysters, things like that.
Or maybe you're up in the White Sea,
where you could take a peek at the Byelomorsk Museum of Local Lore.
That's tough to beat.
The point of this is not to make fun of Russian local attractions,
and we Americans have no call to throw stones through our own glasshouse
of roadside attractions, like the world's largest ball of string,
or Ripley's Believe It or Not.
The point is that owners of mega-yachts and private jets
want to strut their stuff on a fashionable stage.
Consider this.
If you're bombing around the U.S. eastern seaboard
in your nicely loaded Gulfstream,
you want to be able to touch down at JFK
and disport yourself on Park Avenue,
or maybe even land at Palm Beach International and
then chill at Mar-a-Lago. You don't want to be confined to landing at Teterboro and hoping
they've got some soft-shell crabs at Tracy's Nine Mile House on the Hackensack River.
But Mr. Pergozan is now confined to the Eurasian equivalent of just that.
We're fans of Teterboro and South Hackensack, but trust us, nice as they can be,
they're not places you go to be seen on the red carpet. Maybe you think that's punishment enough,
but think further. Yachts and jets are standing temptations, specifically to pride, envy,
and avarice. They can gnaw at you. Suppose the itch gets so great that you decide you've just got to sail your yacht into a nice place,
maybe like the misleadingly named Mosquito Creek Marina on the Esplanade in North Vancouver.
Step ashore incautiously and blammo, extradition, here we come.
And that is why the feds aren't just chasing their tails.
aren't just chasing their tails. faster with agents, winning with purpose, and showing the world what AI was meant to be.
Let's create the agent-first future together. Head to salesforce.com slash careers to learn more.
Do you know the status of your compliance controls right now? Like, right now. We know that real-time visibility is critical for security, but when it comes to our GRC programs, we rely on point-in-time checks. But get this,
more than 8,000 companies like Atlassian and Quora have continuous visibility into their controls
with Vanta. Here's the gist. Vanta brings automation to evidence collection across 30
frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies,
access reviews, and reporting, and helps you get security questionnaires done five times faster
with AI. Now that's a new way to GRC. Get $1,000 off Vanta when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1,000 off.
And now a message from Black Cloak.
Did you know the easiest way for cybercriminals to bypass your company's defenses
is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform
secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk.
In fact, over one-third of new members discover they've already been breached.
Protect your executives and their families 24-7, 365, with Black Cloak.
Learn more at blackcloak.io.
And joining me once again is Joe Kerrigan.
He's from the Johns Hopkins University Information Security Institute
and also my co-host over on the Hacking Humans podcast.
Joe, great to have you back.
Dave, it's always great to be here.
I had something brought to our attention.
This is thanks to the Swift on Security Twitter feed.
Which is a great Twitter account.
Quite popular, quite popular.
I follow it.
And they pointed out that Microsoft has made some changes
when it comes to trusting the encryption on SSD drives.
Right.
Unpack this for us.
So when you have BitLocker, when you enact it,
and the drive reported that it could encrypt the data itself.
Previously, it looks like Microsoft would trust the drive and say, okay, we'll let you
handle the encryption.
So the hard drive itself had the capability built in to encrypt the data on the hard drive.
Right.
Well, Microsoft has found that's not always the case, that a lot of times there's quality
issues with that.
There's an article in here that Swift on Security links to
that points to Samsung devices.
Right, they had issues with firmware and I think hard-coded passwords.
Right, yeah, hard-coded keys, I think, was what the issue was.
What's happening here is now Microsoft is saying,
all right, manufacturers, we just don't trust you anymore,
and we want to keep our users safe, so we
are going to use CPU-based encryption to encrypt the data on the hard drive.
It's a shame that Microsoft has to do this, but I think that Microsoft has to do this.
Right?
Right.
Right.
It should be the case, rather, that Microsoft doesn't have to do this, and that these drives
actually properly encrypt the data so that when the data is stolen by physically stealing a laptop, which
happens frequently, that that data is protected while it's at rest.
Right.
Somebody can't take the hard drive out, hose it up to another machine and suck the data
off of it.
Pull the data off of it.
Yep.
I suppose part of this is the CPUs themselves have gotten to the point where
this isn't any sort of big impediment for them to be able to do a high level of encryption on the
fly. It's not really going to slow things down anymore. Right. And once they start using a
symmetric encryption algorithm, that's pretty fast. It's not a slow algorithm. So really,
they're taking this out of the hands
of the hard drive manufacturers saying, okay, we're not sure we can trust them, but you can
trust us. Correct. I mean, Microsoft is saying, we know we can trust us. Right. Should we trust
them? I think we can. I think Microsoft's doing a lot better job in security than they did, say,
15 years ago. I think they've really woken up and smelled the coffee.
I think they did that a long time ago, I should say.
You know, it would be better to have this encryption at the hardware level, right?
And it would be faster and better all around.
But if you can't be certain of the vendor's implementation of it, this is Microsoft doing
what any good company would do.
Microsoft, you got to remember, they don't have the advantage that Apple has.
They don't control any of the hardware on the computers that run their operating system.
So they have to do this.
Apple can say, that hard drive's not going into our computer.
But Microsoft cannot say that.
Yeah, it's an interesting point because Apple has, I believe they call it the T2 chip, which comes on some of their newer systems that, and one of its jobs is to take
care of on-the-fly encryption. Right. Is it a trusted platform module? I believe so. Okay.
So like you say, but Apple knows they have the hardware and the software. Microsoft has to be
able to run anywhere. That's correct. Yeah. Yeah. It's a big difference. All right. Well,
Joe Kerrigan, thanks for joining us.
My pleasure, Dave.
Cyber threats are evolving every second,
and staying ahead is more than just a challenge.
It's a necessity.
That's why we're thrilled to partner with ThreatLocker,
a cybersecurity solution trusted by businesses worldwide.
ThreatLocker is a full suite of solutions designed to give you total control,
stopping unauthorized applications, securing sensitive data,
and ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today to see how a default deny approach can keep your company safe
and compliant.
And that's the Cyber Wire. For links to all of today's stories, check out our daily briefing
at thecyberwire.com.
And for professionals and cybersecurity leaders
who want to stay abreast of this rapidly evolving field,
sign up for Cyber Wire Pro.
It'll save you time and keep you informed.
Listen for us on your Alexa smart speaker, too.
The Cyber Wire podcast is proudly produced in Maryland
out of the startup studios of DataTribe,
where they're co-building the next generation
of cybersecurity teams and technologies.
Our amazing CyberWire team is Elliot Peltzman,
Puru Prakash, Stefan Vaziri, Kelsey Vaughn,
Tim Nodar, Joe Kerrigan, Carol Terrio, Ben Yellen,
Nick Volecki, Gina Johnson, Bennett Moe, Chris Russell,
John Petrick, Jennifer Iben, Rick Howard, Peter Kilpie,
and I'm Dave Bittner.
Thanks for listening. We'll see you back here tomorrow.
Your business needs AI solutions that are not only ambitious, but also practical and adaptable.
That's where Domo's AI and data products platform comes in.
With Domo, you can channel AI and data into innovative uses that deliver measurable impact.
Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights, receive alerts, and act with ease through guided apps
tailored to your role. Data is hard. Domo is easy. Learn more at ai.domo.com. That's ai.domo.com.