CyberWire Daily - Russian treason arrests may be tied to espionage. ANSSI director warns of cyber jihad. Symantec remediates Shamoon 2. U.S. Cellular was not breached.
Episode Date: January 30, 2017In today's podcast we discuss some updates on the Russian treason arrests, with side suspicions being cast in the direction of underworld in-fighting. A principal victim of Shamoon 2 reports its recov...ery. IoT threats and the risk of always-on, always-listening devices. French security officials warn that cyber jihad could enlist cyber mercenaries. Cisco patches its telepresence software. Joe Carrigan from Johns Hopkins stops by to discuss always-listening IoT devices. And don’t worry: no one really got locked into their room at that posh Alpine resort. (Worry about other stuff.) Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash N2K, code N2K.
Updates on the Russian treason arrests with side suspicions of underworld infighting.
A principal victim of Shamoon 2 says that it has now recovered.
IoT threats and the risk of always-on, always-listening devices.
French security officials warn that cyber jihad could enlist cyber mercenaries.
Cisco patches its telepresence software.
And don't worry, no one really got locked into their rooms at that posh Alpine resort.
I'm Dave Bittner in Baltimore with your Cyber Wire summary for Monday, January 30, 2017.
Counter to some expectations late last week, the arrest of Kaspersky security researcher Ruslan Stoyanov has begun to look like an actual espionage case as opposed to the corruption beef many suspected.
Sergei Mikhailov, deputy chief of FSB's Center for Information Security,
has also been arrested, with Novaya Gazeta and Radio Free Europe reporting over the weekend
that the men are charged with passing information to the Americans.
A third man, FSB Major Dmitry Dokochayev, was also arrested in the sweep.
Krebs on Security thinks the treason dust-up is related to suspicion
over who's been leaking unflattering material about Russian leaders
to the gadfly blog Shaltey Boltey, that's the Russian equivalent of Humpty Dumpty.
And this, in turn, he suspects, is connected to long-running grudges
among figures in the Russian cybercriminal
underworld.
Novaya Gazeta also reports that Mikhailov is thought to have provided information about
hosting service King Servers to U.S. intelligence services.
King Servers is owned by Russian national Vladimir Fomenko.
His servers were used as a platform for hacks of Illinois and Arizona state election systems
in 2016.
Those attempts are generally unattributed but are thought by some observers to be connected
with Russian security services.
Another one of Fomenko's customers was the Russian electronic payment entrepreneur Pavel
Vrublevsky, whose company, Chronopay, was implicated in various cyberattacks on Russian
companies.
Vrublevsky was arrested in
2011 and convicted in a Russian court in 2013. Fomenko says he has no connection to any hackers
or cyber criminals who might have made use of King's servers. Radio Free Europe says Mikhailov
testified in court that he, quote, knew Vrublevsky and his talents well, end quote. The story is, as they say, developing.
Saudi Arabia's Sedera Chemical Company, says it, or more precisely Cementek, hired by Sedera,
has completed remediation of the Shamoon attack the company recently sustained.
But the Kingdom of Saudi Arabia remains concerned about further infestations,
especially since it strongly suspects Iran as the source and
origin of the regional malware threat.
This suspicion is widely shared.
Iran has taken some shots at targets in the U.S. as well, mostly in the financial sector,
and one famous intrusion into the controls of a small flood control dam in downstate
New York.
Iran may have demonstrated some hacking chops, but its Islamist rival, ISIS, so far has not.
That happy situation may not last long.
Guillaume Poupard, director of the French security agency ANSI, warned at a conference last week
that while jihadist groups have so far shown little hacking ability,
this could change rapidly should digital mercenaries sell the groups their services.
This could change rapidly should digital mercenaries sell the groups their services.
The mercenaries could do so inadvertently, given the anonymity of much black market information sharing.
And of course, hacking aside, such groups have shown considerable facility with influence operations.
Cisco has discovered and patched a remote code execution vulnerability in its telepresence multiport control unit, MCU software.
Fixes are available for the MSE8510 and 5300 series models.
The 4500 model is also vulnerable to the remote code execution flaw, but it won't be patched.
It reached its end of life last July.
Last week we heard allegations that U.S. Cellular had sustained a breach, and we noted that the telecom provider had found no sign that it had been compromised.
U.S. Cellular confirmed to us early this morning that the purported breach is bogus.
The data posted in Hacker Fora didn't come from any U.S. Cellular database.
And finally, ransomware hit a resort hotel in Austria last week,
specifically a picturesque lakeside Alpine Four Star hotel. Reports were more than a little breathless, claiming that guests had been locked
into their rooms. That didn't happen and apparently isn't possible, because fire codes require that
hotels let you out of your room whatever electronic state their locks may be in,
as hotel manager Christoph Brandstater pointed out to Bleeping
Computer. Nor were guests locked out either. Apparently, what did happen is that the hotel's
ability to make new keys was impaired, and that this is what the extortionists held at risk.
While not as lurid as initial reports had it, the incident is nonetheless further evidence of the
way cyber extortionists are turning to the Internet of Things as ways
of disrupting businesses.
In the meantime, don't worry about getting locked into your hotel room.
Worry about that free Wi-Fi instead.
Calling all sellers.
Salesforce is hiring account executives to join us on the cutting edge of technology.
Here, innovation isn't a buzzword.
It's a way of life.
You'll be solving customer challenges faster with agents, winning with purpose, and showing the world what AI was meant to be.
Let's create the agent-first future together.
Head to salesforce.com slash careers to learn more.
Head to salesforce.com slash careers to learn more.
Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks.
But get this, more than 8,000 companies like Atlassian and Quora have continuous visibility into their controls with Vanta.
Here's the gist.
Vanta brings automation to evidence collection across 30 frameworks,
like SOC 2 and ISO 27001.
They also centralize key workflows like policies, access reviews, and reporting, Thank you. slash cyber. That's vanta.com slash cyber for $1,000 off.
In a darkly comedic look
at motherhood and society's expectations,
Academy Award-nominated
Amy Adams stars as a passionate
artist who puts her career on hold
to stay home with her young son. But her maternal instincts take a wild and surreal turn as she discovers the best yet fiercest part of herself.
Based on the acclaimed novel, Night Bitch is a thought-provoking and wickedly humorous film from Searchlight Pictures.
Stream Night Bitch January 24 only on Disney+.
Only on Disney+. ThreatLocker is a full suite of solutions designed to give you total control, stopping unauthorized applications, securing sensitive data,
and ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today to see how a default-deny approach can keep your company safe and compliant. Joining me once again is Joe Kerrigan. He's from the Johns Hopkins University
Information Security Institute. Joe, welcome back. You know, we had a story recently on
the Cyber Wire about this little caper that happened with the Amazon Alexa, where a news
organization in San Diego announced that,
actually we've started calling her She Who Will Not Be Named
so as to not activate her among our listeners.
Yes, but someone, this news story summoned the name
and many people within their listening area,
without knowing it, ordered a dollhouse over the thing. So I wanted to address
this issue of these always-on listening devices. There are several of them.
Right. There's the Alexa. You've got the, I don't want to say the OKGOOGLE because my phone's
sitting right next to me. And then you've got Cortana from Microsoft. And they're always on.
And Amazon's done something where they've made the device a separate device that you keep in your home.
And I'll tell you, I'm an Amazon Prime member.
And when this came out, I got a special offer that said you can get an Amazon Echo in your house
and we'll sell it to you as an Amazon Prime member early for $99.
And I was like, ooh.
And it sounds very exciting, very cool. And I go home and I
mention it to my wife and she goes, I can't believe you of all people want to put a bug in
your house. It took my wife telling me that this thing is essentially always listening and you
don't know what it's storing and what it's not storing. Amazon says the only thing they're storing is the information after you say the keyword to open it up.
Right.
They say it has like a 60-second buffer
and it's not actually sending your raw audio to Amazon.
It's sending something to Amazon that represents your raw audio
because they're doing a search on it.
Whether that's a sound deck that gets processed
on the machine in your home or something, it's enough information to understand what you've said.
But it also got me thinking about how, like on my laptop computer, like a lot of people,
I have a piece of tape over the camera on the computer.
I have that too on my laptop.
But you can't really do that with a microphone.
No, you can't. And that's actually an interesting thing. I've heard at the Department of Defense, they open up your new laptop and they disable the microphone right off the bat. That's
one of the first things they do. Also at home, I have a big old tower PC that is my main PC.
I enjoy playing video games, so I like to have a nice PC that I can
upgrade and swap out parts for. And that's great, but it's not exactly a portable machine.
These portable machines are essentially not user serviceable. So when you have a microphone that's
built into these portable machine, you have very little control over it. And we've seen that in
our research with Matthew Brocker and Steve Chekaway, probably around three years ago, found a way to turn on the older MacBook cameras without
notifying the user with a little LED, little green LED. What I'd like to see happen is I'd
like to see hardware manufacturers offer a way for me to physically disconnect these devices
from the rest of the computer.
Not with software, but to physically throw a switch and have these things no longer hot, as it were.
So swinging back to the Alexa, you know, Amazon says you can change the word that summons her.
Right.
So that seems like a pretty good thing to do right off the bat there to protect yourself from
people accidentally purchasing things for you. Right. And there's also parental controls you
can put in. I actually have an Amazon Fire TV and my nephews came over one day and now they're four
and five and they were just playing with the remote and ordered some video that kind of looked
like it might be a good kids video and
charge my account three bucks. There you go. That's how they get you. Exactly. It was an
inexpensive way for me to learn the lesson to put parental controls on it. You know, everybody in my
house knows the parental control codes, but my four-year-old nephew doesn't. Right. So it's a
matter of what, you know, the kind of security that you need to be usable. All right. Joe
Kerrigan, thanks for joining us.
My pleasure, Dave.
And now a message from Black Cloak.
Did you know the easiest way for cyber criminals to bypass your company's defenses
is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform Thank you. Protect your executives and their families 24-7, 365 with Black Cloak.
Learn more at blackcloak.io.
And that's The Cyber Wire.
We are proudly produced in Maryland by our talented team of editors and producers.
I'm Dave Bittner. Thanks for listening.
Your business needs AI solutions that are not only ambitious,
but also practical and adaptable.
That's where Domo's AI and data products platform
comes in. With Domo, you can channel AI and data into innovative uses that deliver measurable
impact. Secure AI agents connect, prepare, and automate your data workflows, helping you gain
insights, receive alerts, and act with ease through guided apps tailored to your role.
Receive alerts and act with ease through guided apps tailored to your role.
Data is hard.
Domo is easy.
Learn more at ai.domo.com.
That's ai.domo.com.