CyberWire Daily - Russian indicted in US midterm election influence conspiracy case. Styles and goals of info ops. Cyber deterrence. DPRK petty crime. Alt-coin scammer. Spy chip story remains unconfirmed, unretracted.
Episode Date: October 22, 2018In today's podcast we hear that the US has indicted a Russian accountant for conspiring to influence US midterm elections. Different nations have different styles of information operations because the...y have different goals. Technology shifts, but underlying principles of propaganda remain. The EU barks cyber deterrence but doesn't bite, yet. North Korea's petty cyber crime wave. A scammer is after alt-coin enthusiasts. And there's neither confirmation nor retraction of Bloomberg's spy-chip story. Joe Carrigan from the Johns Hopkins Information Security Institute joins us to discuss network segmentation. For links to all of today's stories, visit https://thecyberwire.com/issues/issues2018/October/CyberWire_2018_10_22.html Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash N2K, code N2K.
A Russian accountant is indicted for conspiring to influence U.S. midterm elections.
Different nations have different styles of information operations because they have different goals. Thank you. nor retraction of Bloomberg's spy chip story.
From the CyberWire studios at DataTribe, I'm Peter Kilby, executive editor,
sitting in for the vacationing Dave Bittner with your CyberWire summary for Monday, October 22,
2018. Late Friday, the U.S. Department of Justice announced the indictment of a Russian national on charges of attempting to interfere with the approaching midterm elections. Elena Alexeyevna Koshinova of
St. Petersburg, Russia, was charged with conspiracy to influence U.S. elections.
She is alleged to have been active in the 2016 election cycle as well, but her indictment marks
the first charges brought in connection with the 2018 vote. Her role is an interesting one. She's
an accountant, and she's
charged with managing the finances for Project Lakhta, an influence campaign directed toward
the now-familiar goal of inflaming existing American political and cultural fissures.
As has been the case with other Russians indicted in the U.S., Ms. Kushinova isn't in custody.
If she ever faces trial, she could face five years' imprisonment.
The techniques Project Latka used
are also interesting. There were, of course, the familiar trolls right off the St. Petersburg farm,
but these inauthentic identities weren't the whole of the operation by a long shot.
The trollmasters also sought, with some success, to rope unwitting Americans into the op,
often by forming and moderating groups on social media. U.S. authorities continue to express concern over influence operations not only by Russia,
but by China and Iran as well. Many security firms say that they're not seeing much evidence
of operations by China and Iran, but they acknowledge that they could be missing something.
It's worth noting that the sorts of activities the three countries are known for
differ in important ways. In the case of China,
while much cyber espionage has been directed toward the theft of trade secrets, the influence
operations reported have for the most part consisted of working to influence policy in
certain specific directions. Thus, Beijing has, for example, funded various think tank programs
as well as cultural centers at universities. Iran's influence operations
have consistently sought to push specific narratives to gain favor and support specific
foreign policy objectives. In this, they resemble those mounted by Saudi Arabia. We'll hear more
about Saudi influence operations in a moment. Thus, both China and Iran have tended toward
positive goals, that is, positive from their point of view. Russian information operations
have, in contrast, been negative. point of view. Russian information operations have,
in contrast, been negative. Their goal has been opportunistic disruption. In the case of election influence attempts, Moscow doesn't particularly care who gets elected as long as Americans grow
to hate and mistrust one another. As the Justice Department points out in its comments on the
Kusinova indictment, quote, the conspirators' alleged activities do not exclusively adopt one ideological
view. They wrote on topics from various, sometimes opposing, perspectives, unquote. This kind of
influence operation is inherently opportunistic and inherently easier to pull off than campaigns
that have specific positive goals. What's seen as relatively new in these operations is the
weaponization of advertising technology that's grown up with the internet. And indeed, the same rifle shot accuracy that can be used to send your
ads about airfares and nutritional supplements can be readily adapted to manipulating opinions
and beliefs in other areas. But it's worth recalling the underlying principles haven't
changed that much. With apologies to Professor McLuhan, sometimes the message stays the same,
whether it's delivered by graffiti, pamphlet, broadsheet, loudspeaker truck, radio, television, or tweet.
As the Grug points out in his underground tradecraft blog, quote, people keep rediscovering the basic principles of propaganda that were documented a century ago.
It's basically like every new technology demonstrates the old maxim, six months in the laboratory can save an afternoon in the library, unquote. Saudi influence operations and social media draw attention as the
kingdom continues to vigorously and implausibly spin its role in the murder of journalist Jamal
Khashoggi at Saudi Arabia's Istanbul consulate. Twitter has banned inauthentic accounts, pushing
the kingdom's official line. The New York Times also reports that Saudi intelligence services attempted to infiltrate Twitter by compromising an employee back in 2015.
The European Union concluded its meetings last week with gruff noises about cyber deterrence,
but did not finally enact the sanctions against Russia, the UK, and Netherlands advocated.
Kaspersky says it's detected dark pulsar malware infections
in Russia, Iran, and Egypt.
Dark pulsar is one of the alleged
NSA equation group hacking tools
the shadow brokers dumped
back in the spring of 2017.
Calling all sellers.
Salesforce is hiring account executives
to join us on the cutting edge of technology.
Here, innovation isn't a buzzword.
It's a way of life.
You'll be solving customer challenges faster with agents, winning with purpose, and showing the world what AI was meant to be.
Let's create the agent-first future together.
Head to salesforce.com slash careers to learn more.
Do you know the status of your compliance controls right now? Like, right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs,
we rely on point-in-time checks. But get this, more than 8,000 companies
like Atlassian and Quora have continuous visibility into their controls with Vanta.
Here's the gist. Vanta brings automation to evidence collection across 30 frameworks,
like SOC 2 and ISO 27001. They also centralize key workflows
like policies, access reviews, and reporting
and helps you get security questionnaires done
five times faster with AI.
Now that's a new way to GRC.
Get $1,000 off Vanta
when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1,000 off.
And now a message from Black Cloak. Did you know the easiest way for cyber criminals to bypass your
company's defenses is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk.
In fact, over one-third of new members discover they've already been breached.
Protect your executives and their families 24-7, 365 with Black Cloak. Learn more at blackcloak.io.
And I'm pleased to be joined once again by Joe Kerrigan. He's from the Johns Hopkins University
Information Security Institute. Joe, I was speaking to a security researcher recently who was talking about people's ability
to hack into TVs. And one of the things he brought up was this notion of within your home network,
basically segmenting it, having a separate Wi-Fi network for your IoT devices versus
your regular browser, your laptops, your phones, your regular web
browsing.
What's your take on that?
I think it's a great idea.
I do see one issue with it, and that's not something that, the only issue I see with
it is it's not something every layman is going to have the ability to do.
It's going to, you know, it might be out of reach of guys or girls like my parents, for
example.
Sure, sure, yeah.
They're probably not going to be able to do this.
And my parents actually do have a smart TV in their house.
It would be nice to be able to segment it.
So it would be simple enough to do.
You could either have a piece of equipment that can handle the VLAN
or perhaps have a guest network segmentation.
Or you could actually buy two pieces of hardware
and have one piece of hardware handle
the internet of things products in your house, like your TVs, your thermostat or whatever,
and have the other piece of hardware that you control handle your Wi-Fi network for
your family's devices. Yeah, this is something we did in our house for a while just sort of to
control access for the kids know to keep them from
being on the network at all hours of the day and night we had a separate network set up for them
that had time restrictions on it and then one for my wife and i that was that was unrestricted right
um that was actually uh hidden it didn't broadcast its name so they didn't even know it was there
and that's great because perfect because if they knew it was there sure they would certainly crowdsource a solution to hack into it right
absolutely so i've been thinking about doing this as well um simply because i you know my my isp is
verizon and i think last time we were talking and and you asked if i had any iot devices in my house
and my immediate response was oh no i don't have any of those. And then you asked, well, what about your cable boxes?
And I went, oh, yeah, those are essentially just little Linux boxes that sit on my network.
They creep in.
Exactly.
So, you know, these things, you don't even think about what you have as an IoT device.
Right.
We have a television that can run Netflix, can run, you know, Spotify, and it can run apps.
And it's on the Wi-Fi network.
That's right.
And my daughter has one of those as well
that she uses as a streaming device
and a computer monitor.
So again, as we talk about,
you and I talk about over and over again,
is attack surface.
Exactly.
And so if you can separate the attack surface
of all these IoT devices.
Right.
And now if somebody compromises one of your IoT devices
and these things never
get updated, then that's
the problem with them.
So now if I compromise, if somebody
compromises my IoT device, it's
isolated on a network, and the only thing it's going
to have access to is other IoT devices,
things that I might not consider to be critical.
I'm certainly not going to
store my data on that
part of the network.
Joe Kerrigan, thanks for joining us.
My pleasure.
What's Pyongyang's quiet crime wave? Gaming hacks, says Recorded Future.
High-profile hacks have tended to serve as misdirection for the persistent, low-level cybercrime North Korea uses to fill its sanctions and mismanagement-depleted treasury.
Stealing and reselling in-game purchases would seem to be the very definition of petty crime,
but it apparently pays Pyongyang to play. And of course, ordinary criminals remain busy too.
Antivirus company Dr. Web is tracking one hood who's actively pursuing people interested in
cryptocurrencies. The scammer goes by the norms to hack, invest timer,
hit block, and MM power. As Bleeping Computer notes, the crook works by setting up quite convincing websites that poses legitimate exchanges. His bogus sites also run phony
lotteries, rent coin mining tools that don't exist, or even in a twist on a mystery shopper scam,
offers altcoins just for browsing the web. His goal is usually to find crypto
wallets and relieve them of their contents. So if you must fiddle with altcoins, fiddle with care.
Finally, we follow up on a controversial Bloomberg story on Chinese spy chips allegedly
found in motherboards. The news is there is no news. Apple's CEO Cook told Bloomberg at the end
of last week that Bloomberg owed the world a retraction, but so far Bloomberg hasn't offered one.
No one else has been able to confirm the story.
And so the grain of rice-sized malicious chips remain as ghostly and as elusive as ever.
Consensus is rapidly moving toward the conclusion that there's nothing there at all.
Thank you. suite of solutions designed to give you total control, stopping unauthorized applications,
securing sensitive data, and ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today to see how a default deny approach can keep your company safe and compliant. And that's the Cyber Wire.
For links to all of today's stories, check out our daily briefing at thecyberwire.com.
And for professionals and cybersecurity leaders who want to stay abreast of this rapidly evolving field, sign up for Cyber Wire Pro.
It'll save you time and keep you
informed. Listen for us on your Alexa smart speaker too. The CyberWire podcast is proudly
produced in Maryland out of the startup studios of DataTribe, where they're co-building the next
generation of cybersecurity teams and technologies. Our amazing CyberWire team is Elliot Peltzman,
Puru Prakash, Stefan Vaziri, Kelsey Vaughn, Tim Nodar, Joe Kerrigan, Carol Terrio, Ben Yellen, Thanks for listening.
We'll see you back here tomorrow. Thank you. Domo is easy. Learn more at ai.domo.com. That's ai.domo.com.