CyberWire Daily - Qatar accuses UAE of disinformation, hacking campaign. Other international cyberconflict. Ransomware and clickfraud in one campaign. Banking credential-stealing malware vs. Macs.
Episode Date: July 17, 2017In today's podcast we hear that Qatar has accused the United Arab Emirates of a hacking and disinformation campaign—the UAE deny it. Russia's Foreign Ministry says it was hacked. Russia-experts i...n the US said to be receiving unwelcome attention from possible state intelligence services. Deterrence and confidence building measures remain works in progress in cyberspace. Ransomware and click-fraud combined in a single criminal campaign. Macs attacked by banking credential stealing malware. Johns Hopkins' Joe Carrigan reviews educational options for aspiring cyber security pros. Twitter bots driving traffic to dodgy adult sites. And Ashley Madison proposes a settlement for its 2015 breach. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash n2k code N2K at checkout. That's joindelete.me.com slash N2K, code N2K.
Qatar accuses the United Arab Emirates of a hacking and disinformation campaign.
Russia's foreign ministry says it was hacked.
Russia experts in the U.S.
are said to be receiving unwelcome attention from possible state intelligence services.
Deterrence and confidence-building measures remain works in progress in cyberspace.
Ransomware and click fraud are combined in a single criminal campaign. Macs are attacked
by banking credential-stealing malware. Twitter bots are driving traffic to dodgy adult sites.
And Ashley Madison proposes a settlement for its 2015 breach.
I'm Dave Bittner in Baltimore with your CyberWire summary for Monday, July 17, 2017.
The Washington Post is citing anonymous sources within the U.S. intelligence community
in a report claiming that the United Arab Emirates was responsible for hacking Qatari news and information sources
with fake stories expressing sympathy for Iran, Israel, and ISIS.
The FBI, which assisted Cutter's investigation, had earlier attributed the attack to Russian actors,
possibly criminals, freelancers, or hired guns.
The incident involved clear disinformation and had serious diplomatic effects.
On May 24th of this year, hackers took over the feed of the Qatar news agency
and disseminated stories that attributed strongly pro-Iranian and pro-Zionist statements to Qatari leaders.
There's an obvious degree of implausibility of any Arab leader holding such essentially incompatible views,
but the planted remarks were incendiary enough to exacerbate tensions between Qatar and its Arab neighbors,
especially such other members of the Gulf Cooperation Council as Saudi Arabia and the United Arab Emirates.
This resulted in a diplomatic rupture and an ongoing
regional crisis that has, among other things, seriously impeded U.S. efforts to intervene
against ISIS and the Assad regime in Syria's multi-partite civil war. Thus seems a clear
case of disinformation, black propaganda disseminated in cyberspace. While the FBI
initially attributed the operation to
Russian operators, the Post's anonymous sources are telling it that UAE authorities discussed
the operation on May 23, the day before it took place. Those same sources say the attacks
originated specifically in Abu Dhabi and that it's unclear whether they were carried out by
the government directly, by contractors, or by some other hired third party.
Qatar has denounced the United Arab Emirates, citing the Post's story as unequivocally
proving that this hacking crime took place.
They characterize the incident as a violation of international law.
The United Arab Emirates denies any involvement in the hacking and disinformation and insists the real story is Qatar's sympathy for terrorist organizations.
At the root of the tensions among the Gulf states lie divergent views about a proper role for the Muslim Brotherhood
and the legitimate sources of Islamic temporal authority in the region.
Qatar has said Saudi Arabia and the UAE feel themselves threatened by Qatar's relative liberalism,
a distinction perhaps more visible from within the three monarchies than it is from without.
The story is developing. We'll be following it over the course of the week.
Russia's foreign ministry said Friday that it had been the victim of a protracted and damaging cyber attack.
The ministry says its email servers were
hacked with grave consequences. The attacks are said to have taken place last month and originated
in Hungary and Iran. But a lot of other countries are mentioned in dispatches. China, India, the
European Union, and especially the U.S. The Moscow Times cited a ministry spokeswoman who said that, quote,
88% of all visits to the foreign ministry's site were cyber villains with US IP addresses, end quote.
There are also reports of doxing attempts, some successful, against online accounts of US experts on Russia,
which are seen as potential battle space preparation for ongoing information operations.
No attribution, but Russian intelligence services are suspected.
The presumed goal is the preemptive discrediting of potentially unsympathetic experts
during future confrontations in cyberspace.
Such confrontations seem inevitable.
The possibility of Russo-American cooperation against cyber threats
briefly floated by U.S. President Trump at the end of the G20 meetings is long gone and lasted less than a day,
but the U.S. unsurprisingly remains open to negotiations that might build confidence and reduce tension in cyberspace.
The model for such efforts would be Cold War-era arms control regimes, or at least that's the working model
most people thinking about the matter appear to bring with them. Such agreements would also seem
to depend upon the emergence of some reliable model of deterrence, which is also in its infancy.
A number of states are taking public steps toward increasing their cyber capability.
Japan is the most recent power to announce such a move, and the U.S. is beginning
the long-planned process of separating Cyber Command from the National Security Agency.
Turning to conventional cybercrime, Nemucod AES ransomware and Covter click fraud exploits are
being distributed in the wild by a common campaign. The SANS Institute's Internet Storm
Center says that it's noticed an uptick
in spam carrying malicious zip archives, with JavaScript files designed to download and install
both Nemucode AES ransomware and Covter click fraud malware on Windows PCs.
Checkpoint reports a campaign against Mac systems that uses certificates to bypass Mac Gatekeeper.
a campaign against Mac systems that uses certificates to bypass Mac Gatekeeper.
The malware, OS10 slash Dock, is distributed in a phishing campaign.
Its goal seems to be theft of banking credentials.
Social media security firm ZeroFox has been tracking Twitter bots luring people,
men only, the reports say, with adult-themed tweets that link them back to dating sites owned by De Niro Marketing,
the same company that Spambots drove traffic to earlier this year.
ZeroFox has been keeping an eye on this since February.
The company says they think the bot controllers are probably affiliates of De Niro and not De Niro itself.
And finally, you're probably familiar with the hanky-panky brokers at Ashley Madison,
only through legitimate research, of course. Well, Ashley Madison was breached in 2015,
with some 37 million records on customers exposed in the incident. A hacking group calling itself
the Impact Team threatened to release the illicitly obtained information unless Ashley
Madison shut down, and when the service refused to do so, the hackers made good on their threat,
with sad consequences that allegedly included incidents of blackmail and possibly at least one suicide.
The Adultery Facilitation Service has reached a proposed settlement with its affected customers.
The total it's proposing is $11,200,000 in compensation.
Ashley Madison denies any wrongdoing,
but says it wishes to avoid the expense,
inconvenience, and uncertainty of protracted litigation.
Calling all sellers.
Salesforce is hiring account executives
to join us on the cutting edge of technology.
Here, innovation isn't a buzzword. It's a way of life.
You'll be solving customer challenges faster with agents, winning with purpose, and showing the world what AI was meant to be.
Let's create the agent-first future together.
Head to salesforce.com slash careers to learn more.
Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs,
we rely on point-in-time checks.
But get this.
More than 8,000 companies like Atlassian and Quora have continuous visibility into their controls with Vanta.
Here's the gist.
Vanta brings automation to evidence collection across 30 frameworks like SOC 2 and ISO 27001.
They also centralize key workflows like policies, access reviews, and reporting,
and helps you get security questionnaires done five times faster with AI.
Now that's a new way to GRC.
Get $1,000 off Vanta when you go to vanta.com slash cyber.
That's vanta.com slash cyber, that's Vanta.com slash cyber for a thousand dollars off.
In a darkly comedic look at motherhood and society's expectations,
Academy Award nominated Amy Adams stars as a passionate artist who puts her
career on hold to stay home with her young son.
But her maternal instincts take a wild and surreal turn as she discovers the best yet fiercest part of herself.
Based on the acclaimed novel, Night Bitch is a thought-provoking and wickedly humorous film from Searchlight Pictures.
Stream Night Bitch January 24 only on Disney+.
And now, a message from Black Cloak.
Did you know the easiest way for cybercriminals to bypass your company's defenses is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk.
In fact, over one-third of new members discover they've already been breached.
Protect your executives and their families 24-7, 365, with Black Cloak. Learn more at blackcloak.io.
Joining me once again is Joe Kerrigan. He's from the Johns Hopkins University Information
Security Institute. Joe, welcome back. Thanks, Dave.
I wanted to talk today about jobs. And we have this ongoing jobs overage, too many jobs, not enough people to fill them.
It's a big problem.
And you all, obviously Johns Hopkins, a well-respected university, you all are kind of on the front lines with that.
Right.
Trying to get people prepared.
We are involved with a couple of large efforts.
One is the National Initiative for Cybersecurity Education.
That's run out of NIST. It's nice. It was something that President Obama established. We also are involved
with the Centers for Academic Excellence, which is run out of the NSA. And it's a program for
academic institutions at various levels of education to carry the certification as a
Center of Academic Excellence recognized by the NSA. and you apply for this. I work closely with some people at the NSA to try to get some of these
applications approved, particularly at the two-year institution level. We're talking about
community colleges that have cybersecurity programs. We're a four-year institution with
a master's degree program, so I work on the two-year applications, so there's no conflict
of interest. I'm not keeping other people out of the marketplace.
Right, right.
You're not competing for the same students who will be.
Sure, sure.
Exactly.
We also work with Hagerstown Community College.
We have a class every year, once during the fall.
It's coming up again this fall.
I was just in a meeting with that, where we go out and we talk to the students there.
They're just learning about some of the research projects that we do.
And one of the things I tell the students when I teach my one class there, it's just
one lecture that I give, is there's lots of different things you can do in the field. So
if you go to a two-year institution, you can immediately leave a two-year institution and
get into the cybersecurity field, or you can transfer into a four-year institution,
then go into the cybersecurity field. Or you can go into an advanced degree, get a master's degree, or even a PhD.
Generally, I've talked with our executive director, Tony DeBura, and other faculty. They like to see,
they think that it's better to get a computer science advanced degree with a focus in security,
particularly if you're going for a PhD. For a master's degree, we have the MSSI degree,
and there are other degrees available from other institutions
that are focused in cybersecurity as well.
But you don't need all that.
If you just are a high school graduate,
I'm not saying that these things are bad.
Of course, they're great if you get the PhD and the master's degree.
But if you're just a high school graduate
and don't have time or funds to get even into a community college,
then there is a certification called Security Plus.
TIAA, I think, is the organization that offers that.
And that's the minimum requirement to work on a federal contract
where you're doing any kind of network administration.
And the demand is so high.
The demand is so high.
There's no shortage of opportunities for people who want to get in the field.
I mean, we are desperate to get qualified people out there in the field.
That's right.
It's a great opportunity to get in.
All right.
Good information.
Joe Kerrigan, thanks for joining us.
My pleasure.
Cyber threats are evolving every second, and staying ahead is more than just a challenge.
It's a necessity.
That's why we're thrilled to partner with ThreatLocker, a cybersecurity solution trusted by businesses worldwide.
ThreatLocker is a full suite of solutions designed to give you total control, stopping unauthorized applications, securing sensitive data, and ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today to see how a default-deny approach can keep your company safe
and compliant.
And that's The Cyber Wire. We are proudly produced in Maryland by our talented team of editors and producers.
I'm Dave Bittner. Thanks for listening.
Thank you. into innovative uses that deliver measurable impact. Secure AI agents connect, prepare,
and automate your data workflows,
helping you gain insights, receive alerts,
and act with ease through guided apps tailored to your role.
Data is hard.
Domo is easy.
Learn more at ai.domo.com. That's ai.domo.com.