CyberWire Daily - Qatar—provocation, and disinformation online. Influence operations move from doxing to disinformation. 2FA still a good idea. Former FBI Director Comey testifies. And assume the boss is watching.
Episode Date: June 8, 2017In today's podcast, we hear that Qatar remains in bad odor with its neighbors over a recent online provocation. (Russia denies any involvement.) Anomali talks about influence operations, especially wi...th respect to elections, where they may be moving from doxing to disinformation. Leaks about election hacking shouldn't turn you off to multifactor authentication—it's not the technology; it's us. Former FBI Director Comey testifies before the Senate Intelligence Committee. Level 3 Communications' Dale Drew review health care security stats. Drew Paik from Authentic8 shares vacation traveling tips. And a lesson from the NSA leak arrest: assume the boss is watching. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash n2k code N2K at checkout. That's joindelete.me.com slash N2K, code N2K.
Qatar remains in bad odor with its neighbors over a recent online provocation.
Russia denies any involvement.
And Amali talks about influence operations, especially with respect to elections,
where they may be moving from doxing to disinformation.
Leaks about election hacking shouldn't turn you off to multi-factor authentication.
It's not the technology, it's us.
Former FBI Director Comey testifies before the Senate Intelligence Committee,
and a lesson from the NSA leak arrest.
Assume the boss is watching.
I'm Dave Bittner in Baltimore with your Cyber Wire summary for Thursday, June 8, 2017.
The hacking of the Qatar news agency with broadcast and Twitter content that represented
that country's government as sympathetic with both Israel and Iran, has opened a wide rift between Qatar and its neighboring
members of the Gulf Cooperation Council. Several of its neighbors, including Bahrain, Saudi Arabia,
Yemen, and the United Arab Emirates, have suspended diplomatic relations with Qatar.
In the United Arab Emirates, this has taken the severe form, severe for an online
political crime, of a law that could punish expression of agreement with or support for
Qatar in social media with up to 15 years in prison. So if you find yourself in Dubai,
think twice before hitting like or thumbs up or retweet. The law took effect yesterday.
In this context, putative Iranian sympathies
are probably the most serious offense. Sunni Saudi Arabia and its Arab allies in the Gulf
have long been at loggerheads with Shiite Iran over where regional power would reside.
The present incident began on May 23 with hoaxed broadcast news and a coordinated Twitter campaign.
Qatar has stood out somewhat from other states in the region
for its financial support of terrorist groups in Libya and Syria,
for its closeness with both the Muslim Brotherhood and Hamas,
and, by Arabian Gulf standards,
for its relatively less chilly relationships with Iran.
According to Motherboard, which cites anonymous security industry sources,
the news agency's content management system is weakly defended,
and hacking it would have been a relatively simple matter.
Who might be behind the hacking is a matter of dispute.
Here are the leading theories, in descending order of probability.
First, the Russian government did it.
Qatar is host to important U.S. bases in the region,
and disrupting security and military collaboration among the U.S. and the the region, and disrupting security and military collaboration
among the U.S. and the Gulf's Arab nations would tend to serve Russian interests.
This theory appears to be favored by the U.S. intelligence community.
The FBI is said to have personnel on the ground in Qatar assisting investigation.
Second, Russian criminals did it.
The style of the hijacking is said to be a little brassy, even for Fancy Bear in her brassiest moments, but in other respects it resembles some of Fancy's
prancing, and there has long been pervasive interpenetration of Russian intelligence
services and criminal elements. How the criminals would have gained from the hack is unspecified.
Third, the Saudis hired someone, maybe Russian hoods, to do it, presumably out of
their animus towards a difficult neighbor. This theory verges on the paranoid, but stranger things
have happened. If we had to bet, we'd take door number one. It's only fair to say that Russian
authorities have denied with some heat that they had anything to do with it. In any event, U.S.
President Trump has walked back his initial
serves-them-right reaction to the diplomatic rift
and has been making increasing efforts to pacify the parties in the dispute.
If the Russians indeed are responsible,
this would indicate a strategic shift away from simply doxing,
what some WAGs last year called enforced transparency,
and toward outright disinformation
and provocation. We spoke this morning with Travis Farrell of the security firm Animali,
and a lead investigator in producing that company's report, Election Security in an
Information Age, released this week. Farrell noted that in the 2016 U.S. presidential election,
the authenticity of the emails taken from the
Democratic National Committee and released online wasn't seriously questioned. By the time the same
threat actors worked their way into this year's French presidential election, they had begun to
fabricate some of the more scurrilous material released about Emmanuel Macron, that election's
ultimate winner. Farrell also noted that Macron's campaign on March was better prepared than the
U.S. DNC to counter such disinformation. They expected it. They established honeypots and
other time-wasting diversions for attackers, and they were quick to denounce false rumors.
In the elections currently being held in the United Kingdom, where results are expected later
tonight, there have been reports of a large and active campaign of sock puppetry
mounted on behalf of the Labour Party's leader, Jeremy Corbyn.
Farall thinks it's possible that we are seeing a strategic shift
in Russian influence operations away from leaking
and into classic black propaganda and front operations,
tuned and updated for an online world
where disinformation faces very low barriers to entry.
Here in the U.S., the kids are getting out of school,
and many families are getting ready for summer vacation.
Drew Pack is from Authenticate, a supplier of secure virtual browser technology,
and he warns travelers to be extra cautious while away from home.
Travelers are our prime targets, whether it's for personal or for business,
because all data has some value. Travelers also have less control and fewer defenses protecting
them. So, you know, they don't own the internet connection. They don't control the network.
Sometimes they don't even own the device, you know, like if they're using a computer in a hotel business center, for example. So criminals, they want the data because they can use it, or they can sell it,
or they can hold it hostage, and they can make money from all of these different exploits.
So is this a matter of people on vacation sort of bumbling into situations where they might not
be secure, or is it a matter of the bad guys
actually seeking out people who might be traveling? I think it's a little bit of both.
You know, you might have criminals who are targeting specific hotels or resorts, which
happens all the time with their point-of-sale infections. You might also have just general
purpose infections with malware that spread far and wide,
and that's just hitting people everywhere, as many people as possible,
because the more people you infect, the higher the chances that you're going to get some information
you can actually use and sell and make money off of.
So what kinds of things should people do to protect themselves?
There's just a couple of basic things.
People have heard this over and over again, but it bears repeating. One, you can keep everything updated and backed
up. That includes the operating system, the device itself. Your web browser is the number
one target for hackers and exploits. Any kind of dedicated apps, even on your phone, your mobile apps, those should be
updated on a regular basis. This can help limit any damage. The second thing is if you think about
your internet connection like sending a postcard, would you write something sensitive like your
social security number on a postcard? Probably not. So just remember that public Wi-Fi is
basically like sending a postcard. It's
trivial to compromise. And I think the third thing is to always use an encrypted connection
when you're on the internet. So that might be a VPN, a virtual private network that you have to
set up yourself, or it could be a dedicated app that helps encrypt all your data. Connecting to a Wi-Fi hotspot is like
sending a postcard. Then encrypting your data is like putting it in an envelope and sending it.
So it gives you a little bit more protection. And of course, you know, really, you're on vacation.
Unplug, right? Just give it a break. Yeah, you should be spending time with your family instead of online. That's Drew Pack from Authenticate.
Former FBI Director Comey testified this morning before the U.S. Senate Intelligence Committee.
His testimony was wide-ranging and avoiding matters touching on current investigations
and on sensitive matters that would be addressed later in a closed session.
But he was clear on one thing.
He has little doubt the Russians attempted to influence U.S. elections sensitive matters that would be addressed later in a closed session. But he was clear on one thing.
He has little doubt the Russians attempted to influence U.S. elections and that this is a very serious matter indeed.
And finally, the story of alleged NSA leaker reality winner,
now in custody in Georgia facing charges of violating 18 U.S.C. Section 793-E,
has one lesson for anyone who uses IT in their workplace.
Don't assume that the boss can't watch what you're up to.
It took the FBI just four days from when The Intercept sought to authenticate the leaked documents
to interview Ms. Winner and take her into custody.
So the mills of justice proverbially grind slowly,
but this time they were more like a blender on high speed. buzzword. It's a way of life. You'll be solving customer challenges faster with agents, winning
with purpose, and showing the world what AI was meant to be. Let's create the agent-first future
together. Head to salesforce.com slash careers to learn more.
Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks.
But get this.
More than 8,000 companies like Atlassian and Quora
have continuous visibility into their controls with Vanta.
Here's the gist. Vanta brings automation to evidence collection across 30 frameworks, like SOC 2 and ISO 27001.
They also centralize key workflows like policies, access reviews, and reporting,
and helps you get security questionnaires done five times faster with AI.
Now that's a new way to GRC.
Get $1,000 off Vanta when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1,000 off. In a darkly comedic look at motherhood and society's expectations,
Academy Award-nominated Amy Adams stars as a passionate artist
who puts her career on hold to stay home with her young son.
But her maternal instincts take a wild and surreal turn
as she discovers the best yet fiercest part of herself.
Based on the acclaimed novel, Night Bitch is a thought-provoking and wickedly humorous film from Searchlight
Pictures. Stream Night Bitch January 24 only on Disney+.
And now a message from Black Cloak. Did you know the easiest way for cyber criminals to bypass your company's
defenses is by targeting your executives and their families at home? Black Cloak's award-winning
digital executive protection platform secures their personal devices, home networks, and connected
lives. Because when executives are compromised at home, your company is at risk. In fact, over
one-third of new members discover
they've already been breached. Protect your executives and their families 24-7, 365,
with Black Cloak. Learn more at blackcloak.io.
And I'm pleased to be joined once again by Dale Drew.
He's the chief security officer at Level 3 Communications.
Dale, welcome back.
Certainly the state of health care security is top of mind for a lot of people,
and you wanted to share some statistics from a recent report.
Yeah, so there was a recent study released by HIMSS on sort of the increase in volume and sophistication of security breaches against the healthcare industry.
And what this really sort of talked about was the bad guys are beginning to commoditize your healthcare profile for the purposes of selling that information online.
And so a number of attacks are being more and more oriented toward the healthcare environment
and really taking that industry by surprise and sort of the shock and awe approach.
Some of the key takeaways from that study, which I found to be pretty interesting,
were that the employee still becomes the single largest source of threat. About 80% of the respondents said that
employee security awareness was sort of the largest loophole with regards to attacks. And
that's everything from employees clicking on phishing emails that gain access to the healthcare
environment, answering social engineering phone calls, and responding with things like names and passwords or other
assets to get in. They also said that about 97% of them said that uptime was of greatest
importance to them, which means that we are seeing a pretty significant, I think it's third
in the ranking of industries that are being targeted by DDoS attacks. And so when the bad guys can't steal
identity information, they begin to extort the healthcare industry by launching DDoS extortion
attacks and attempting to gain money out of those enterprises. And I'd say the last thing that I
thought was surprising is a lot of the healthcare companies still rely on fairly traditional
security techniques to be
able to protect themselves. And this is everything from trying to protect remote access using fairly
basic controls, names and passwords. About 85% rely purely on education and awareness,
and 75% rely on outside consultants to be able to direct them on how to control their
systems. And while I've got nothing against outside consultants, I think that bringing in
outside parties needs to provide sort of a point in time view of how to improve your in-house
security program, not being the sort of the sole focus point for it.
All right. Interesting stuff. Dale Drew, thanks for joining us.
Cyber threats are evolving every second and staying ahead is more than just a challenge. It's a necessity. That's why we're thrilled to partner with ThreatLocker,
a cybersecurity solution trusted by businesses worldwide.
ThreatLocker is a full suite of solutions designed to give you total control,
stopping unauthorized applications, securing sensitive data,
and ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today to see how a default-deny approach can keep your company safe and securely. Visit ThreatLocker.com today to see how a default deny approach can keep your
company safe and compliant. And that's the Cyber Wire. We are proudly produced in Maryland by our
talented team of editors and producers.
I'm Dave Bittner. Thanks for listening.
Your business needs AI solutions that are not only ambitious, but also practical and adaptable.
That's where Domo's AI and data products platform comes in.
With Domo, you can channel AI and data into innovative uses that deliver measurable impact.
Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights, receive alerts,
and act with ease through guided apps tailored to your role.
Data is hard. Domo is easy.
Learn more at ai.domo.com.
That's ai.domo.com.