CyberWire Daily - States and gangs. Insider threats and mole hunts. The misguided vigilante behind BrikerBot. Hollywood hacks. Not a Nigerian prince this time, just the Director General of the National Intelligence Agency.
Episode Date: April 21, 2017In today's podcast we hear that cyber gangs are busily at work reverse-engineering the last ShadowBrokers' document dump. But the Russian ones at least are probably getting some state help. Insider th...reats and mole hunts. BrickerBot's author plays a dangerous vigilante game—operating technology may be particularly at risk. Hollywood's best depictions of hacking. Ben Yelin describes a weaponized animated GIF. Carson Sweet from CloudPassage on government requests that providers turn over emails and lagging legislation. And there are forty-three million dollars in a Nigerian apartment. No, really—forty-three million in cash. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash n2k code N2K at checkout. That's joindelete.me.com slash N2K, code N2K.
Cyber gangs work away at the last shadow broker's document dump.
A look at state connections with criminals in cyberspace,
plus insider threats and mole hunts.
BrickerBot's author plays a dangerous vigilante game.
Hollywood's best depictions of hacking.
And there are $43 million in a Nigerian apartment.
No, really, $43 million in cash.
I'm Dave Bittner in Baltimore with your Cyber Wire summary for Friday, April 21, 2017.
Cyber criminal gangs are busily at work reverse engineering the tools alluded to in last week's Shadow Brokers document dump,
according to what Sensei and Recorded Future tell CyberScoop they're observing in the dark web. These gangs
are for the most part Russian, but with a significant fraction hailing from China.
How much serious labor the gangs will have to put in is a matter for speculation,
but it may be less for the Russians than for the Chinese, given the degree to which Russian
security and intelligence services have systematically interpenetrated and co-opted
criminal organizations.
U.S. authorities show signs of pursuing the gangs as a matter of both law enforcement
and national security, and BuzzFeed has a long report on the topic.
The sources of the shadow broker's leaks remain under investigation, but as the Daily Beast
notes, signs in the latest set of leaks may point to an insider, which could set off a mole hunt as likely to be disruptive as productive.
Whether those signs were inadvertent or deliberately planted to send a message or sow discord remains unknown.
Catching insiders bent on behaving badly is rarely as easy as it seems it ought to be.
How many people have endured lectures on the motivations of those who turn to spying?
Those motives have often been summed up in the acronym M.I.C.E.
for money, ideology, compromise, and ego,
to which one of our stringers once heard a frustrated colleague shout
during a counterintelligence lecture,
Hey, why does anyone do anything?
So, people looking for the usual markers of disaffection,
carelessness, instability, unexplained sudden affluence, and so on.
But in practice, things like multiple arrests, spectacular infidelity,
tendentious complaints to inspectors general,
and public but unexplained visits to Russian embassies get overlooked.
Well, he always seemed a little odd, but, well, that's just old so-and-so,
co-workers say when someone's collared after a decade of spying.
Cooler heads now think the rumor that the U.S. hacked North Korean missile tests last weekend
is both wishful and wayward.
Sure, thinking people throughout the civilized world would like to be reassured
that Mr. Kim's nuclear delivery systems could be incapacitated remotely
by means short of strike or invasion, but alas, it's rarely that Mr. Kim's nuclear delivery systems could be incapacitated remotely by means short of strike or invasion, but alas, it's rarely that easy.
Hack Forums is an underground community known for Davy Crockett-esque exaggeration and braggadocio.
You know what we mean.
Everyone who posts is half man, half horse, and half alligator,
with a little bit of snapping turtle thrown in.
But the self-proclaimed author of Brickerbot, someone calling himself Janitor,
seems to be the real thing, according to Bleeping Computer.
Janitor registered his profile at Hackforums on January 21, 2017,
and on the 27th of that month told the discussion board that,
quote, you've probably seen a drop in your bot counts by now, end quote,
board that, quote, you've probably seen a drop in your bot counts by now, end quote,
since he'd killed more than 200,000 telnet devices since the previous November.
He's since claimed to have bricked about 2 million IoT devices.
Janitor comes across as righteous and impatient.
IoT botnets like Mirai are, in his view, a huge problem, and one that market forces cannot and will not correct.
So he's taken matters into his own hands.
He says he wants to force better IoT security,
and won't shut down Brickerbot regardless of the damage it's causing.
Janitor, it's safe to say, is a wanted man.
This sort of vigilante action is arguably as big a problem as the issues it seeks to redress.
ICS CERT has issued an alert for BrickerBot,
and industrial control system operators have reason to be particularly concerned.
ICS CERT offers this advice.
Quote,
ICS CERT strongly encourages asset owners not to assume that their control systems are deployed securely
or that they are not operating with an Internet-accessible configuration.
Instead, asset owners should thoroughly audit their networks for Internet-facing devices,
weak authentication methods, and component vulnerabilities.
Control systems often have Internet-accessible devices installed without the owner's knowledge,
putting those systems at increased risk of attack."
We heard from Nozomi Network CEO Edgar Captivier,
who says Brickerbot is an obvious threat to operating technology systems,
where sudden failure without warning presents a very serious problem.
Recovery from a Brickerbot infestation, he says, could be both lengthy and expensive.
He strongly seconds the advice of ICS-CERT
and adds the recommendation that plant operators
look into network behavioral analysis.
We've had occasion to talk about the Hollywood hack,
the guy in the hoodie tapping intently at a keyboard
for five seconds or so and then saying,
I'm in, as a kernel panic scrolls across the screen.
But Dark Reading today published their list of movies
and TV shows they think got InfoSec right.
Here's their list.
Sneakers from 1992, Black Hat from 2015, Enemy of the State from 98, War Games in 83,
Minority Report in 2003, and of course, Mr. Robot in 2015.
How about you?
When do you think Hollywood gets it right, and when does it
go spectacularly wrong? Let us know on Twitter. It's at the Cyber Wire.
And finally, you know those Nigerian princes whose bereaved widows are always emailing us for help,
transferring their late husbands' legacies? Well, here's a real-world case out of Nigeria.
That country's spymaster, their director general of the National
Intelligence Agency, has been suspended on a corruption beef connected with the campaign
of former President Goodluck Jonathan. Apparently, $43 million were found, much of it in neatly
stacked Benjamins in a nice Lago apartment. The director general's spokespeople say the apartment
was like a safe house for spies and stuff,
and that the money was for, you know, covert operations and things.
But President Buhari's buying none of it, probably because 43 million bucks is a lot of unexplained sudden affluence, even in Nigeria.
So if you get an email from Lagos over the next two weeks, please don't click the link.
Chances are they're not writing to you.
Or who knows?
Maybe they are.
Calling all sellers.
Salesforce is hiring account executives to join us on the cutting edge of technology.
Here, innovation isn't a buzzword.
It's a way of technology. Here, innovation isn't a buzzword. It's a way of life. You'll be solving
customer challenges faster with agents, winning with purpose, and showing the world what AI was
meant to be. Let's create the agent-first future together. Head to salesforce.com slash careers
to learn more. Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks.
But get this.
More than 8,000 companies like Atlassian and Quora
have continuous visibility into their
controls with Vanta. Here's the gist. Vanta brings automation to evidence collection across 30
frameworks like SOC 2 and ISO 27001. They also centralize key workflows like policies, access
reviews, and reporting, and helps you get security questionnaires done
five times faster with AI. Now that's a new way to GRC. Get $1,000 off Vanta when you go to
vanta.com slash cyber. That's vanta.com slash cyber for $1,000 off. stay home with her young son. But her maternal instincts take a wild and surreal turn as she
discovers the best yet fiercest part of herself. Based on the acclaimed novel, Night Bitch is a
thought-provoking and wickedly humorous film from Searchlight Pictures. Stream Night Bitch January
24 only on Disney+. Cyber threats are evolving every second and staying ahead is more than just a challenge.
It's a necessity.
That's why we're thrilled to partner with ThreatLocker,
a cybersecurity solution trusted by businesses worldwide.
ThreatLocker is a full suite of solutions designed to give you total control,
stopping unauthorized applications, securing sensitive data,
and ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today to see how a default-deny approach can keep your company safe and compliant.
Joining me once again is Ben Yellen.
He's a senior law and policy analyst at the University of Maryland Center for Health and Homeland Security.
Ben, welcome back.
Saw a story come by recently in the New York Times about a well-known journalist
and sort of the weaponization of an animated gif.
Fill us in here. What's going on?
So this is a gentleman by the name of Kurt Eichenwald.
He's a reporter for Newsweek. He became a target of what we call the alt-right on the internet, sort of a group of
young, generally conservative males. Eichenwald was a critic of President Trump during the campaign.
He wrote a lot of stories that were very critical of the incoming president. So he became this
online target. What happened to him
in December is that one of his followers on Twitter sent him an image with an animated GIF
that contained flashing capital letters with a blinding strobe light. And this was significant
because Mr. Eichenwald has epilepsy and he's talked a lot about his epilepsy even on his social media accounts
so the fbi conducted an investigation uh they found the individual that sent this gift his
name is john rain ravello and he lives in salisbury maryland and ben just just to interrupt
you there i mean the this animated gift did trigger a seizure it triggered a seizure absolutely so
because of mr eichenwald's epilepsy his condition condition caused him to have a seizure when seeing this image.
So it caused significant physical harm, which is not something we generally see with crimes like this.
Mr. Rubello was charged under a criminal cyber-stalking statute.
And he was charged with the intent to kill or cause bodily harm.
And this is a very,
very unusual charge. Usually with cyber stalking, we're concerned about two things. We're concerned
about harm to somebody's mental health and well-being, and that can include suicide. Or
we're concerned about cyber attacks, harm to somebody's internet infrastructure, that sort
of thing. It's very rare that something that you send somebody online
could trigger physical pain and ultimately a seizure, which obviously is very serious.
Another thing that makes this case unique is the paper trail on it. The cyber stalker seemed to
have known that Mr. Eichenwald had this condition. He had mentioned it before. There was some direct
messages that were uncovered as part of the investigation that he intended to activate
Mr. Eichenwald's epilepsy. So unlike almost all other cases you find of cyber-stalking,
there's a paper trial that shows an intent to injure and cause bodily harm. Mr. Rovello,
who did this, is facing up to 10 years in prison for these charges. And the
trial is going to take place in Texas, where Mr. Eichenwald lives. And it'll be very interesting
to see how that goes. Ben Yellen, thanks for joining us.
And now a message from Black Cloak. Did you know the easiest way for cyber criminals to bypass your company's defenses
is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform
secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk.
In fact, over one-third of new members discover they've already been breached.
Protect your executives and their families 24-7, 365 with Black Cloak. Learn more at blackcloak.io.
My guest today is Carson Sweet.
He's Chairman and Chief Technology Officer at CloudPassage,
where they say they enable enterprises to fearlessly embrace the power of agile computing
by delivering innovative, automated security and compliance solutions.
We began our discussion around the recent ruling by a U.S. judge
ordering Google to hand over emails stored outside the U.S.
in order to comply with an FBI search warrant. The case hinges on the federal law called the
Stored Communications Act, a law that was written in 1986. The thing that's interesting to me is
that, you know, we continue to have these fights about laws that were written 20 or 30 years ago.
They were written at a time when we
didn't have the kind of technology for communication that we have today. And we're seeing more of that
today. And that's what we're seeing with the recent Google order. Microsoft went through this
some months ago, where there was a federal government order to turn over information
on foreign nationals. And that was actually rejected by judges and that
was appealed and it was the rejection was upheld. So that was, you know, good news for privacy,
not good news for law enforcement. But this situation, the judge has actually pointed to
a 30 year old law that says that it's not a big deal to make a copy of communications from one
place to another because it doesn't actually keep the account holder from accessing their data.
So it's not a form of theft. Possessory interest is the term that you hear tossed around in this
particular case. And therefore, Google should make a copy of the communication and put it on U.S. soil so that essentially the FBI can then request it and get access to it.
So it's a bit of a turnaround.
It's a little bit surprising to a lot of folks.
And again, it looks to some very old legislation that I doubt very seriously anyone intended to be used this way because, of course, it was developed in 1986.
intended to be used this way because, of course, it was developed in 1986. We've got a lot of laws on the books that have to do with physicality, that have to do with possession. You know,
an old question that used to come up and it looks like it's bubbling up again in this case.
If I make a copy of something that's yours, a digital copy, have I stolen it from you?
Right. Because theft means that you've been deprived of ownership. That kind of problem with just the way that laws are written and the context in which laws were written 10, 15, 20, 30 or more years ago,
and those laws being applied to situations now is really sort of the quagmire that we're stuck in.
What about the mismatch between the velocity at which legislation is updated and the velocity that things develop in cyber?
Yeah, it's a great question, and I think that that is bigger challenges with the technology velocity we're seeing today.
When you look back at the adoption of, let's say, client-server technology, which took over the world from mainframes,
that kind of a disruption was much slower than the kinds of disruptions we
see now. Adoption of web technology happened a little bit faster, and there were more ripples,
if you will. With these sort of big technology disruptions, there's usually one big seismic
shift, and then there are a lot of aftershocks. And as we go along in our progression, our
evolution of technology, since the days of mainframe, we see more aftershocks every time we see a big disruption.
Cloud technology, software as a service, the number of different technologies and platforms available, the number of communication modes that we have today that we just didn't have is accelerating.
And that's going to continue to accelerate.
is accelerating and that's going to continue to accelerate. The way that we legislate today is extremely problematic with regards to trying to keep up with the technology advancement that's
happening. And so, you know, the next one that we talk about in the security world quite often is,
you know, machine learning and artificial intelligence. These technologies are starting
to have a big positive impact on the security world.
And of course, we don't have enough security practitioners out there and we can't develop
and grow that skill set fast enough. And so what does that mean from a legal perspective?
You know, is something that a machine dictates or a machine discovers, is that admissible? Is it
something that is probable cause? There are all these issues now around artificial intelligence and machine learning.
So that's just one example of what's next with regards to legislation struggling to keep up with innovation.
And then the international question comes in, and that's really where a lot of the issues we're seeing today come from,
is does one sovereign state have a right to gain access to another sovereign state's data under overt
legal means? And so, you know, even if we do figure this out for a single nation state,
then we have to figure it out for the international community as well. So there have been a lot of
discussions around, do you have the right to delete certain things about yourself? And
can you call up Google and say, I want you to wipe out all the data you have about, you know, here's my name and my email address, you know, run that to ground for a minute around.
Let's say that, you know, there was a law passed in the United States that said that any consumer had the right to contact any vendor and say, delete my stuff.
Very much like the do not call list that we came up with.
Well, then how do we implement that, right? So that alone, from a practical perspective, becomes a massive problem
with regards to e-discovery. So where is my data? Could any of these massive providers and collectors
of data even find everywhere that my data lives and then prove to me that it's been deleted? So
from a practical perspective, I think our society has gotten to a point, we may be beyond the point of no return. At some point, the reality needs to be what does
privacy now mean in a digital society? I think that's really the bigger question. And some of
these issues around deletability of personal data, I think are sort of harbingers of that
conversation starting. That's Carson Sweet from Cloud Passage.
And that's The Cyber Wire.
We are proudly produced in Maryland by our talented team of editors and producers.
I'm Dave Bittner.
Thanks for listening.
Your business needs AI solutions that are not only ambitious, but also practical and adaptable.
That's where Domo's AI and data products platform comes in. With Domo,
you can channel AI and data into innovative uses that deliver measurable impact. Secure AI agents connect, prepare, and automate your data workflows, helping you gain insights, receive alerts,
and act with ease through guided apps tailored to your role. Data is hard. Domo is easy.
Learn more at ai.domo.com.
That's ai.domo.com.