CyberWire Daily - Report leaked on Russian influence operations (alleged leaker in custody). ISIS continues inspiration; anarchist groups said to follow same playbook. The DarkOverlord is back.
Episode Date: June 6, 2017In today's podcast we hear about a leaked report describing eleventh-hour Russian influence operations during last year's US elections. An alleged leaker is already charged and in custody. The UK's in...vestigation into last weekend's terror attacks continues, online as well as in physical space. Apple hints it's helping out. The attackers seem to have been known to authorities. In its continuing campaign of online inspiration, ISIS claims responsibility for the destruction of a church in the Philippines and a lethal standoff in Australia. Violent anarchist groups seem to be following the ISIS playbook in cyberspace. Some thoughts on wolves. Rick Howard from Palo Alto Networks on government cloud deployment. Andrea Little Limbago from Endgame has results from a survey on Americans’ perceptions of the US government’s cybersecurity capabilities. And the DarkOverlord is back. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash n2k code N2K at checkout. That's joindelete.me.com slash N2K, code N2K.
A leaked report describes 11th hour Russian influence operations
during last year's U.S. elections.
An alleged leaker is already charged and in custody.
The U.K.'s investigation into last week's terror attacks
continues online as well as in physical space.
Apple hints it's helping out.
The attackers seem to have been known to authorities.
In its continuing campaign of online inspiration,
ISIS claims responsibility for the destruction of a church in the Philippines
and a lethal standoff in Australia.
Violent anarchist groups seem to be following
the ISIS playbook in cyberspace, some thoughts on wolves, and the Dark Overlord is back.
I'm Dave Bittner in Baltimore with your CyberWire summary for Tuesday, June 6, 2017.
There's been another leak of a highly classified NSA report,
but in this case, an alleged leaker has already been taken into custody and charged.
Late yesterday, The Intercept published a document taken from an NSA study
of Russian influence operations targeting the U.S. elections.
It's noteworthy in that it indicates that such operations continued,
apparently unabated, well after the
former administration's naming and shaming of Russian intelligence services and U.S. President
Obama's cut-it-out-or-else warning to Russian President Putin. An alleged leaker has already
been taken into custody and charged. The U.S. Department of Justice announced yesterday that
on Saturday the FBI interviewed and arrested a 25-year-old U.S. Air Force veteran,
Reality Lee Winner, who since leaving the service in February had been employed in the state of
Georgia by federal contractor Pluribus International. The Justice Department says she'd been charged
with removing classified material from a government facility and mailing it to a news outlet in violation of 18 U.S.C. Section 739-E.
She is alleged to have printed and removed the classified report from a secure facility less than a month ago on May 9th.
Authorities learned of the leak last week when a news organization, unnamed in reports but presumably The Intercept,
began asking questions about the material.
The Intercept has refused to name its source,
and in any case, it's likely they received the material anonymously.
Internal evidence in the document itself,
including printer dots and evidence that it had been folded,
suggested to FBI investigators that the leaked report had been physically printed.
This narrowed the search down rapidly, and Ms. Winner was questioned and taken into custody on June 4th.
The story is, of course, developing, and we'll continue to follow it here.
For many of us following the goings-on of the security world, Russia has certainly been top of mind lately. The folks at Endgame were curious to know about the general public's
perceptions of Russia and the ability of the U.S. to defend against them,
so they surveyed over 2,000 people to try to find out.
Andrea Little-Limbago is chief social scientist at Endgame.
Over half of Americans are concerned about influence within,
the Russian influence within the White House.
And then it also had the aspect on insider threat as well as a key concern.
That's something that often gets overlooked when focusing on some of these things,
and that manifests itself as well.
There's the aspect of feeling that Russia is a bigger threat now than it was during the cold war which on the one hand isn't terribly surprising you know it if we had taken
the survey a few years ago say right after opm i'm sure many would say that china was the biggest
threat so what happens with a lot of these cases is that whatever the the most recent you know it's
sort of a cognitive bias where the most recent events remain the ones
that are overestimated as far as the likelihood. So we don't have school kids doing duck and cover
exercises, you know, like they did in the Cold War. So it seemed, I'm glad you mentioned that.
It seemed to me perhaps a little cognitive bias, a little disconnect, you know, a fuzzy memory of
what the actual fear was during the Cold War. That's my interpretation of it as well, absolutely.
And, you know, if all of a sudden we had, you know, if North Korea,
you know, if there was another Sony, an event similar to Sony,
North Korea could very well be the one that pops up.
So on the one hand, that's why it's important to do these surveys
at some sort of temporal consistency to see how it changes over time.
And that's where you get a lot of insight.
at some sort of temporal consistency to see how it changes over time.
And that's where you get a lot of insight.
So it's useful for this one timestamp to see how the public feels now.
Also, if we were to gauge a little further and dive deeper into their understanding of what the Cold War was actually like and so forth,
I'm sure some different analyses would pop out of that as well.
Another interesting thing is that even during the Cold War, towards the end, when there was a little bit more of a detente,
Japan actually was the number one threat for Americans towards the very end of the Cold War.
Public perception and sort of the reality don't always go hand in hand.
Yeah, to that point, there's an interesting statistic in the report. The question was, do you think Russia hacked the 2016 U.S. election?
And people came up pretty evenly split with their response to that.
Right. And I think that is pretty indicative of just how divided our country is right now along party lines.
It's one of those things that gets at the information that people are consuming and reinforcing people's own biases.
And that's what we tend to, you know, everyone tends to read the stuff that reinforces their own perception.
And so it is, you know, we're still a very divided country right now, I think, and that's that's what we tend to you know everyone tends to read the stuff that reinforces their own perception and so it is you know we're still we're a very divided country right now i think and that that's reflected in the survey you know one of my one of my
your recent pet peeves is you know if you ask about you what's it even mean to have an election
hacked you know on the one hand you know the dnc and the d triple c you know they actually had a
cyber attack a computer network attack um but that's different than the information operations
uh like it, similar to what
we just saw in the French election. You know, I think it was intentionally left as a broad question,
but it's one of those things that I think as we move forward, we need to be more specific with the
words. And it's not just semantics. I think it has good implications on how we as a country
respond to those things. How you respond to a cyber attack, which could be part of an information
operation, may be different than how we respond to information operations that may or may not have a cyber attack associated with them.
That's Andrea Little-Limbago from Endgame.
The full report is on the blog section of their website.
It's called A Majority of Americans Think Russia is More Dangerous Now Than During the Cold War.
The UK terrorists appear to have been very well-known wolves indeed,
one of them even having appeared on a television documentary about radicalization
and having been in close association with an extremist British Muslim cleric
long known to authorities.
Apple's CEO Tim Cook hinted yesterday that his company had supplied investigators
with metadata relevant to the suspects' activities online,
and British authorities
continue to follow the attacker's spore to possible collaborators and enablers.
ISIS continues its efforts to inspire, posting video online of the caliphate's soldiers destroying
a church in the Philippines.
The terrorist group has also claimed responsibility for a murderous standoff in Melbourne, Australia,
an incident that, absent the caliphate's claims,
could easily have been lost in the sad background noise of ordinary violent crime.
ISIS isn't alone in seeking to inspire and recruit online.
Violent anarchist groups, particularly ones originating in Greece,
appear to be going down a similar path in cyberspace.
That phenomenon remains young and small, but will bear watching.
Such howling seems largely overt,
which has induced some observers to call into question calls for restrictions on end-to-end encryption,
like those issued Sunday by British Prime Minister May.
While command and control might well benefit from encryption,
mass marketing of ideas probably doesn't.
and control might well benefit from encryption, mass marketing of ideas probably doesn't.
Our use of the tropes lone wolf and known wolf perhaps calls for some explanation,
as at least one reader has objected that calling someone a wolf could be taken as an honorific,
wolves being intelligent predators and of course the immediate ancestors of our beloved domestic dogs. After all, sports teams are often given names like Timberwolves, Wolfpack, and so on.
Clearly, we have no such honorific intent.
Killers, like those who rampaged against innocents in London Saturday,
merit no respect, and even less honor.
But the wolf usage seems to us to have a place.
Inspiration seems analogous to the howling of a pack to its dispersed members,
and known wolf conveniently rhymes with lone wolf, so think of the evil wolves of European folklore
and understand that it's no honor to be compared to them.
Finally, the Dark Overlord has returned. Remember him? His dark lordship is best known for an
attempted shakedown of Netflix. This week,
the Dark Overlord is said to have leaked eight episodes of an ABC show on Pirate Bay after the
network refused to pay extortion. So far, the torrent caper looks like a flopperoo. There are
no Nielsens for torrents, but Bleeping Computer, as of last night, had found only three people
trying to download the program. What was the program?
A game show. Steve Harvey's Thunderdome for all of you out there in television land.
Happy viewing, but do wait until your local ABC affiliate airs Mr. Harvey's work.
Calling all sellers. Salesforce is hiring account executives to join us on the cutting edge of technology.
Here, innovation isn't a buzzword.
It's a way of life.
You'll be solving customer challenges faster with agents, winning with purpose, and showing the world what AI was meant to be.
Let's create the agent-first future together.
Head to salesforce.com slash careers to learn more.
Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks.
But get this, more than 8,000 companies like Atlassian and Quora have continuous visibility
into their controls with Vanta. Here's the gist. Vanta brings automation to evidence collection
across 30 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies,
access reviews, and reporting, and helps you get security questionnaires done five times
faster with AI. Now that's a new way to GRC. Get $1,000 off Vanta when you go to vanta.com
slash cyber. That's vanta.com slash
cyber for $1,000
off.
In a darkly
comedic look at motherhood and society's
expectations, Academy Award
nominated Amy Adams stars
as a passionate artist who puts her career on hold to stay home with her young son.
But her maternal instincts take a wild and surreal turn as she discovers the best yet fiercest part of herself.
Based on the acclaimed novel, Night Bitch is a thought-provoking and wickedly humorous film from Searchlight Pictures.
Stream Night Bitch January 24 only on Disney+.
Cyber threats are evolving every second,
and staying ahead is more than just a challenge.
It's a necessity.
That's why we're thrilled to partner with ThreatLocker,
a cybersecurity solution trusted by businesses worldwide.
ThreatLocker is a full suite of solutions designed to give you total control,
stopping unauthorized applications,
securing sensitive data,
and ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today
to see how a default-deny approach
can keep your company safe and compliant. And I'm joined once again by Rick Howard. He's the
chief security officer at Palo Alto Networks, and he also heads up Unit 42, which is their threat
intel team. Rick, welcome back. You've been having some conversations with
some folks in government that have raised some concerns on your end. Yeah, I got a couple of
raised eyebrows over here. And the reason is I've had the opportunity to talk to several city,
state, and federal C-level executives about how they are thinking just about cloud deployments, both SaaS applications like Box and Office 365 and Salesforce,
and IaaS and PaaS deployments in cloud spaces like Google, Amazon, and Microsoft.
Now, it has been clear in these discussions that these government leaders totally get the value of moving
at least a portion of their digital workspaces to these cloud environments.
The economies of scale are too much to be ignored.
But what was alarming to me was that many of them feel and stated outright that they
thought security certifications from third-party auditors on these cloud providers, programs
like the FedRAMP program for the federal government, that is all the security they need to make
these deployments.
And I have to tell you, that cannot be further from the true. Programs like FedRAMP certify that the cloud service provider has a decent
internal security process to protect their own environments. It does nothing to protect the data
that you store there. It has no individuality about what you're trying to do with your cloud
deployment. So the thing to remember here is that the security of cloud environments is a
shared responsibility. Cloud providers protect their systems, but the customers are responsible
to protect the data they store there. So my recommendation to all government security
leaders and to all network defenders is to choose a cloud vendor who can give you the
same security services that they are already giving you behind your perimeter and in your data centers for all of your cloud deployments. So what kinds of questions should
these folks be asking? Well, every cloud provider is a little bit different. Okay. And if they get
FedRAMP certified, like the one I called out here, I would definitely get a list of all the things
they are certified for. But when you start looking at that list, and you can look it up on the DHS website, all the
things that FedRAMP searches for, it is basic security process, like do they have cameras on
the data center doors? Do they check their employees? You know, all this basic security
stuff that every company goes through. It has nothing to do with, say, if I put Palo Alto
Network's personal data up there, what are they doing to secure that
down the cyber kill chain, right? So there's nothing there for that. So that's what they
have to worry about. All right. Good information. Rick Howard, thanks for joining us. Thank you, sir.
And now a message from Black Cloak. Did you know the easiest way for cybercriminals to bypass your company's defenses
is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform
secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk.
In fact, over one-third of new members discover
they've already been breached.
Protect your executives and their families
24-7, 365 with Black Cloak.
Learn more at blackcloak.io.
And that's The Cyber Wire.
We are proudly produced in Maryland by our talented team of editors and producers.
I'm Dave Bittner. Thanks for listening. Thank you. you can channel AI and data into innovative uses that deliver measurable impact.
Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights, receive alerts,
and act with ease through guided apps tailored to your role.
Data is hard. Domo is easy. Learn more at ai.domo.com.
That's ai.domo.com.