CyberWire Daily - Presidential authorization for US Cyber Command action. DPRK hacking and internal regime dynamics. TrickBot’s developers. Cybercriminals in the dock.
Episode Date: July 13, 2020President Trump says he authorized US Cyber Command’s retaliation against Russia’s Internet Research Agency for midterm election meddling. North Korean financially motivated hacking as a sign of i...nternal power dynamics. TrickBot accidentally deploys a new module. TikTok, privacy, and security. LinkedIn hacker convicted. Justin Harvey from Accenture on what should and shouldn’t go in emails. Our guest is Matt Davey from 1password on the under-celebrated role of IT in the work from home transition. And advice to alleged criminals on the lam: give ‘em a low silhouette. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/9/134 Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the CyberWire Network, powered by N2K.
Calling all sellers.
Salesforce is hiring account executives to join us on the cutting edge of technology.
Here, innovation isn't a buzzword.
It's a way of life.
You'll be solving customer challenges faster with agents, winning with purpose,
and showing the world what AI was meant to be. Let's create the agent-first future together.
Head to salesforce.com slash careers to learn more. Hey everybody, Dave here. Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected. Thank you. Now at a special discount for our listeners. Today, get 20% off your Delete Me plan
when you go to joindeleteme.com slash N2K
and use promo code N2K at checkout.
The only way to get 20% off
is to go to joindeleteme.com slash N2K
and enter code N2K at checkout.
That's joindeleteme.com slash n2k, code n2k.
President Trump says he authorized U.S. Cyber Command's retaliation against Russia's Internet Research Agency for midterm election meddling.
North Korean financially motivated hacking as a sign of internal power dynamics.
TrickBot accidentally deploys a new module.
TikTok privacy and security.
Tax fraud increases as Wednesday's
U.S. filing deadline approaches.
A LinkedIn hacker's been convicted.
Justin Harvey from Accenture
on what should and shouldn't go in emails.
Our guest is Matt Davey from 1Password
on the under-celebrated role of IT
in the work-from-home transition
and advice to alleged criminals on the lam.
Give them a low silhouette.
From the CyberWire studios at DataTribe,
I'm Dave Bittner with your CyberWire summary
for Monday, July 13th, 2020.
U.S. President Trump said in an interview
with the Washington Post published late Friday
that he had authorized a U.S. Cyber Command response
to Russian interference in the 2018 midterm elections.
The Post had reported on the cyber operation in February 2019,
sourcing the story to unnamed U.S. officials.
But this is the first time the president has claimed direct involvement.
The attack knocked the Internet Research Agency offline
in a demonstration intended, it was said at the time,
to show the Russian government that cyber operations,
particularly influence operations, would not be cost-free.
The New York Times says the 2018 operation was intended as both a deterrent
and a realistic test of U.S. capabilities against an actual adversary.
The Telegraph reviews North Korean financially motivated hacking,
including LinkedIn phishing and cryptocurrency fraud,
and notes its opportunistic and indiscriminate character.
The Washington Times says the increase in Pyongyang's cyber-op tempo
coincides with the rising influence of Kim Yo-jong, sister of DPRK leader Kim Jong-un.
Researchers at Advanced Intelligence describe some curious trick-bot behavior.
A test version of a password-stealing
module appears to have been mistakenly deployed. The malware was up and prematurely warning people
that they'd been infected. The researchers think the gaffe is a sign that TrickBot's masters are
outsourcing at least some of their development. Amazon told its employees to delete TikTok
Friday morning, but then withdrew the order as an error, the Wall Street Journal reports.
The first email that went out said,
Due to security risks, the TikTok app is no longer permitted on mobile devices that access Amazon email.
If you have TikTok on your device, you must remove it by 10 July to retain mobile access to Amazon email.
At this time, using TikTok from your Amazon laptop browser is allowed. you must remove it by 10 July to retain mobile access to Amazon email.
At this time, using TikTok from your Amazon laptop browser is allowed.
In what appeared to be a striking corporate about-face,
the company later that day said it was in fact just a simple mistake.
Quote, this morning's email to some of our employees was sent in error. There is no change to our policies right now with regard to TikTok,
an Amazon representative said later Friday. There was no further comment.
Whatever was going on over at Amazon, TikTok has come in for criticism for its security and
privacy, some well-founded, some spurious, and others a simple consequence of the company's
Chinese ownership and what that entails for its relationship with
the Chinese government. The U.S. Department of Defense has told service members to avoid using
the app, but Amazon's apparent ban was apparently just a mistake. The Telegraph has a long and
interesting exclusive on TikTok's sister company, Douyin, which operates within China. Doin has apparently been using facial recognition software
to monitor users' apparent ages, perhaps to identify foreigners using the platform,
and assigning safety ratings that score users for upholding public order and good customs.
These practices service from the corporate parent both Doin and TikTok share, ByteDance.
from the corporate parent both Doyen and TikTok share, ByteDance.
TikTok has already been banned in India and is facing close scrutiny of its implications for privacy and security
in both the UK and the US.
The company gave what The Telegraph characterized as evasive answers
to questions about whether it followed the same policies as Doyen.
For example, TikTok takes the safety of our younger users seriously, and so on.
But TikTok did say, quote,
TikTok has never provided user data to the Chinese government, nor would we if asked to do so, end quote.
Matt Davey is chief operations optimist at password manager firm 1Password.
Chief Operations Optimist at password manager firm 1Password.
He maintains that the role of IT in the COVID-19 work-from-home transition is under-celebrated and deserves a bit more spotlight.
You know, we've been remote for a long time, 15 years now.
And so what we really wanted to learn was kind of the other side of this
and the transformation that both the IT team and the
rest of the company have to do when they move to remote.
So it was really for our own understanding as well as interest in this kind of topic
and helping others understand it.
And what sort of things did you discover here?
Yeah, all kinds of things.
First of all, just 1% were actually primarily remote workers before COVID-19,
but now 59% are actually favorable towards working from home.
So that was interesting by itself,
that we're more in the small percentage than we thought we were.
And then the other one, which is the real kind of finding
in the title of our blog post,
is that the IT teams involved have kind of
absolutely done a wonderful job of kind of scaling this upheaval.
And 89% of people that answered this
had zero criticism of their company's IT team,
which I think is amazing.
That's interesting.
Any insights on what I would probably think is a surprising number to come back to?
Yeah, I think it does well because I think a lot of companies are relaxing their rules slightly.
46% of SMBs report relaxing some security protocols
and requirements, and 19% of the large firms
are reporting that as well.
So I think that goes to help it.
Also, it shows that the real core security rules that you have might be different
from the day-to-day ones. And picking and choosing and making sure that someone follows
the core rules might actually help when moving to remote.
Do you have any thoughts on what we could see?
I'm thinking that many organizations have, as you've mentioned,
relaxed rules during this pandemic.
I wonder what the melding of those two things are going to be as perhaps people continue to work from home.
Will the organization say,
okay, we're going to have to dial in more of these rules again
and adjust to this new reality?
Absolutely. I think there'll be a lot of adjusting.
I think some of the tools that are core to our organization
are going to change.
The more tools that you bring about
that engender remote working,
I think are going to be huge.
And passing all those throughout your organization
are going to take time, time that we just haven't had at the moment.
It just seems to be one thing after the other
that the companies have to deal with at the moment.
That's Matt Davey from 1Password.
Yevgeny Nikolin was convicted Friday of breaching internal networks
at LinkedIn, Dropbox, and Formspring in 2012
and of then selling the service's user databases on the black market.
ZDNet reports that he took a total of 117 million user records from LinkedIn,
information on 68 million Dropbox users, and 30 million details on Formspring users.
He was arrested in October 2016 while vacationing in Prague
and was held in response to a U.S.-issued Interpol Red Notice
prompted by criminal complaints the three companies had filed in 2015.
In the summer of 2017, Czech authorities extradited Mr. Nikolin to the U.S.
Mr. Nikolin's time in custody was marked by a fractious refusal to cooperate not only with the government,
but with his own defense counsel.
He did meet with Russian consular officers, again, without his defense counsel being present,
but what they discussed is unknown.
He was also in trouble while being held in jail for sometimes violent and disruptive behavior.
It took the jury slightly less than six hours Friday to reach a unanimous guilty verdict, in trouble while being held in jail for sometimes violent and disruptive behavior.
It took the jury slightly less than six hours Friday to reach a unanimous guilty verdict,
Cyberscoop reports. That conviction came as something of a surprise given the strong criticisms the presiding U.S. federal judge made of the prosecution's case last week,
deriding it as not only boring but also frequently irrelevant.
deriding it as not only boring but also frequently irrelevant.
Mumbo-jumbo and a dry hole were among the warmer expressions the judge used,
according to Law 360.
The jurors apparently found it neither.
Mr. Nicolin is expected to be sentenced on September 22nd.
And finally, what did Ray Hushpuppi do to draw the attention of law enforcement agencies in the U.S. and the United Arab Emirates?
Mr. Hushpuppey says he's a real estate magnate and that dealing in property is the source of his apparently considerable wealth.
The U.S. Justice Department, which now has him in custody after extradition from the UAE, says he made his fortune in business email compromise. The source of Mr.
Hushpuppi's income will receive plenty of consideration at his eventual trial,
as Australia's Nine News reports. But Mr. Hushpuppi was not just a quiet alleged crook.
He was an influencer with lots of social media and email accounts, and a digital exhaust that,
were it made visible, would look something like
what you'd see from a very badly maintained diesel. Go look up coal rollers. Advice to
malefactors, and remember, Mr. Hushpuppi is still just an alleged malefactor and entitled to the
presumption of innocence. If you want to stay out of the slammer, stay inconspicuous. It's hard, we know.
You want to wave the shopping bags around,
or to take an earlier alleged Russian gangster's example,
pose in your tracksuit with your exotic pet ocelot?
Come on, a little modesty is just good policy.
Transat Policy. Yes! Yes! Yes! With savings of up to 40% on Transat South packages, it's easy to say, so long to winter.
Visit Transat.com or contact your Marlin travel professional for details. Conditions apply.
Air Transat. Travel moves us.
Do you know the status of your compliance controls right now, like right now. We know that real-time visibility
is critical for security, but when it comes to our GRC programs, we rely on point-in-time checks.
But get this, more than 8,000 companies like Atlassian and Quora have continuous visibility
into their controls with Vanta. Here's the gist. Vanta brings automation to evidence collection
across 30 frameworks,
like SOC 2 and ISO 27001.
They also centralize key workflows
like policies, access reviews, and reporting,
and helps you get security questionnaires done
five times faster with AI.
Now that's a new way to GRC. Get $1,000 off Vanta when you go to
vanta.com slash cyber. That's vanta.com slash cyber for $1,000 off.
And now, a message from Black Cloak.
Did you know the easiest way for cybercriminals to bypass your company's defenses is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform
secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk.
In fact, over one-third of new members discover they've already been breached.
Protect your executives and their families 24-7, 365, with Black Cloak.
Learn more at blackcloak.io.
And joining me once again is Justin Harvey. He is the Global Incident Response Leader at Accenture.
Justin, it is always great to have you back. I wanted to do a little check-in with you today
about best practices when it comes to emails and the types of things that we should be putting in
and things we should be leaving out. What can you share with us? Well, what I can share with you is it's different from
every organization. It's also different for the intended recipient for the communication of
secure information. Inside of your enterprise, it's generally considered within your company,
within your email system, that it's okay to email sensitive
information like a social security number or a bank routing information number or a government
ID number, let's say. And for the most part, I think the communication of a couple pieces of
information back and forth in, let's say, a Microsoft Exchange system is relatively secure.
Yes, administrators can probably open up your email
and see that, but you trust your email administrators not to do things like that.
The game changes, though, when you are emailing information across the internet. And there are
various standards and practices to securely transmit email.
But the fact of the matter is,
your email might be able to be intercepted at some point between step A,
which is you sending the email,
and step Z, for instance,
when the company, your recipient gets it,
because it's got to be routed through a lot of places
and it goes over the network.
And when you are communicating via SMTP, Simple Mail Transport Protocol, there could be hop sites that don't encrypt end-to-end.
We're getting better as a community, but there's no guarantee that your information is going to get there in a secure manner.
is going to get there in a secure manner.
There's also another thing to think about when you are sending this information to a third party
about how you're going to package this up.
And really to get around being intercepted
between point A and point Z,
a great way to do that is to create a document,
either a spreadsheet or a Word document
or even a text file that has this sensitive information,
then zip it so you're already getting compression on top of that. So if you have a big spreadsheet,
10 meg spreadsheet, maybe it goes down to one meg. And then also encrypt and put a password
on that zip file. And that's going to do a couple things. And of course, I recommend picking a great
password, a long password on there that you're going to deliver out of band to the recipient.
Don't send an encrypted zip to someone and then the following email say, this is the password for that.
Right.
It's like leaving a sign on your front door that says key under mat.
Exactly.
So what you want to do is you want to zip it up.
You want to pick a great password, and then you also probably want to rename the.zip to.something else like.txt or.xxx, whatever you want to do. zip file, it might cause problems because advanced threat protection email systems will actually try
to open up that zip and we'll see that it's a zip and we'll start to try to operate on it.
So if you can just rename that extension, that'll help it get to its intended recipient.
When you're dealing internally though, if you need to send some information,
some sense of information to someone across the company, then the best course of action is probably use the system built in to do encryption and signing and maybe even mark things as do not forward.
send stuff, you're pasting in sensitive information and sending it off to someone.
The first thing is that if you don't market as secure or market as private or market as confidential, then it makes it a lot easier later on, either next week, next year, or
in a decade, if that email has been saved off, it can then be subject to e-discovery and to a lot of
different type of legal recourses if it does come out. But if you did market as do not forward,
did market it as encryption and signed and confidential, it might have a better shot
at being more secure over time. You know, I remember decades ago hearing the advice that basically said,
don't put anything in an email that you wouldn't put on a postcard. Does that advice still hold?
Well, I would say yes and no. I think it is a great axiom to focus on. But a lot of times when
you're dealing in, like in this pandemic, we have to send a lot
of stuff via email that we normally wouldn't. Clearly, if it's inappropriate, if you're
doing something off color or something that would violate HR, clearly don't do that. But if it gets
really down to, if it gets down to something that could be potentially legally sensitive,
that should be your warning to be
like, okay, maybe we should involve our general counsel, add them to the CC line. And that way
you can use, put at the top of your email, privileged and confidential client attorney
privilege. I see. Yeah. Interesting. All right. Well, good advice, Justin Harvey. Thanks for
joining us. Thank you.
Cyber threats are evolving every second, and staying ahead is more than just a challenge. It's a necessity. That's why we're thrilled to partner with ThreatLocker,
a cybersecurity solution trusted by businesses worldwide. ThreatLocker, a cybersecurity solution trusted by businesses worldwide.
ThreatLocker is a full suite of solutions designed to give you total control, stopping unauthorized applications, securing sensitive data,
and ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today to see how a default-deny approach can keep your company safe and compliant. stories, check out our daily briefing at thecyberwire.com. And for professionals and cybersecurity leaders who want to stay abreast of this rapidly evolving field, sign up for CyberWire
Pro. It'll save you time and keep you informed. Listen for us on your Alexa smart speaker too.
The CyberWire podcast is proudly produced in Maryland out of the startup studios of DataTribe,
where they're co-building the next generation of cybersecurity teams and technologies.
where they're co-building the next generation of cybersecurity teams and technologies.
Our amazing CyberWire team is Elliot Peltzman, Puru Prakash,
Stefan Vaziri, Kelsey Vaughn, Tim Nodar, Joe Kerrigan,
Carol Terrio, Ben Yellen, Nick Volecki, Gina Johnson, Bennett Moe,
Chris Russell, John Petrick, Jennifer Iben, Rick Howard, Peter Kilpie,
and I'm Dave Bittner.
Thanks for listening. We'll see you back here tomorrow. Your business needs AI solutions
that are not only ambitious,
but also practical and adaptable.
That's where Domo's AI and data products platform comes in.
With Domo, you can channel AI and data into innovative uses that deliver measurable impact.
Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights, receive alerts, and act with ease through guided apps tailored to your role.
Data is hard. Domo is easy. Learn more at ai.domo.com. That's ai.domo.com.