CyberWire Daily - The CyberWire 12.29.15
Episode Date: December 29, 2015Learn more about your ad choices. Visit megaphone.fm/adchoices...
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K. stay home with her young son. But her maternal instincts take a wild and surreal turn as she
discovers the best yet fiercest part of herself. Based on the acclaimed novel, Night Bitch is a
thought-provoking and wickedly humorous film from Searchlight Pictures. Stream Night Bitch January
24 only on Disney+.
Hey everybody, Dave here. Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try DeleteMe.
I have to say, DeleteMe is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners, today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k
at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash n2k code N2K at checkout. That's joindelete.me.com slash N2K, code N2K. attack cell, ISIS aspirational cyber-offensive capabilities, Flash gets patched, new payment
fraud patterns emerging, and Chinese and U.S. cyber laws are reviewed.
I'm Dave Bittner in Baltimore with your Cyber Wire summary for Tuesday, December 29, 2015.
ISIS-DASH adherents appear to be attempting collaboration towards cyber attack capabilities.
Consensus among observers of the group's dark web chatter is that DASH hasn't progressed beyond
low-grade script kitty levels and that any serious offensive capability remains aspirational.
Still, their efforts will bear watching. Persistence pays off. Elsewhere, Jomet Udidawa,
nominal charitable and political arm of the South Asian Islamist group pays off. Elsewhere, Jomet Udidawa, nominal charitable and political
arm of the South Asian Islamist group Lushkaritiba, barked an announcement that a 24-7 cyber operations
cell has been established to hold Indian targets under threat. Indian businesses consider how they
and their government should respond. Turkey continues recovery from the recent denial of
service campaign it sustained.
The government talks up its tighter security measures and reaffirms its commitment to building
up a cyber security workforce. Observers foresee the usual labor market pinch.
Adobe patches Flash Player in response to Huawei's discovery of a zero-day vulnerability.
Analysts regard the out-of-band patch worth immediate attention.
Huawei says the flaw they discovered is being exploited in the wild. Researcher Chris Vickery has found data
for 191 million registered U.S. voters, essentially all of them, exposed online. Vickery blames an
incorrectly configured database. No one really knows who's responsible, but early speculation
points toward an unidentified customer of political campaign service provider NationBuilder.
A presentation at the Chaos Computer Club says flaws in payment communication protocols
Poseidon and ZVT could compromise PINs and otherwise enable banking and payment fraud.
Widespread U.S. adoption of chip-and-pin payment cards in 2016 is expected
to shift cybercriminals toward card-not-present fraud, with the sharing economy most heavily
affected. Forbes reviews the hottest cybersecurity startups of 2015. New Chinese anti-terrorist
legislation is characterized as requiring firms to decrypt on demand. It's unclear how different
this will prove to be from requiring backdoors. The Washington Post looks at recent U.S. cyber
legislation and thinks those who see it as a privacy disaster are making too much of a relatively
modest attempt to foster information sharing.
Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security, but when it comes to our GRC programs, we rely on point-in-time checks.
But get this.
More than 8,000 companies like Atlassian and Quora
have continuous visibility into their controls with Vanta. Here's the gist. Vanta brings automation
to evidence collection across 30 frameworks, like SOC 2 and ISO 27001. They also centralize
key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done five times faster with AI.
Now that's a new way to GRC.
Get $1,000 off Vanta when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1,000 off.
Cyber threats are evolving every second, and staying ahead is more than just a challenge.
It's a necessity. That's why we're thrilled to partner with ThreatLocker,
the cybersecurity solution trusted by businesses worldwide. ThreatLocker is a full suite of solutions designed to give you total control, stopping unauthorized applications, securing
sensitive data, and ensuring your organization runs smoothly and securely. Visit ThreatLocker.com
today to see how a default-deny approach can keep your company safe and securely. Visit ThreatLocker.com today to see how a default deny approach can
keep your company safe and compliant. Joining me is Andre Protas. He's the technical director
of the security research team at CyberPoint International.
Andre, I want to ask you about backdoors.
Backdoors have been in the news with what's been going on with Juniper Networks.
What is a backdoor?
So a backdoor is code intentionally left to regain access later by an adversary.
So for the Juniper case, there are two backdoors that are being
discussed. One is a cryptographic backdoor that is an implemented weak encryption mechanism that
may allow somebody to decrypt traffic. The other one which we'll focus on is the actual code
backdoor. So allowing somebody without access to know of a root password and regain access later.
And so, again, just from a basic point of view, why would a backdoor like this be put in in a case like what Juniper is dealing with?
So Juniper is one of the largest, I guess, ISP-grade router and switch suppliers in the world.
It would be really nice for an adversary to have some sort of access to all those devices.
They would want access.
It's really easy to gain access to network if you have access to the router.
So as opposed to having to send phishing attacks or to send malicious documents to users,
all you have to do is just log into the router, set yourself up a VPN account,
and you can just walk in and do whatever you need to do is just log into the router, set yourself up a VPN account, and you can just walk in and do whatever you need to do.
And who would we be looking at for being responsible for installing the backdoor in a case like this?
Yeah, there's a lot of speculation as to who would have done it.
I think there's been a lot of finger-point's likely not the NSA or GCHQ because they're
focused on doing more defensive work and they would likely not backdoor software of U.S. origin.
So it's kind of hard to tell who might be behind it, But based on the fact that it showed
that an adversary was putting in
not only a backdoor for a password,
but also some strong cryptographic backdoor code as well,
shows that the attacker wasn't just somebody
that knew how to code C,
but also had a strong cryptanalysis background or department.
So it'd probably be a larger organization rather than just
a rogue developer. Now, are there tools for rooting out backdoors? Are there ways that you can go
through your system and try to root them out? There are, but it requires a lot of manual effort.
So there's actually a project or a competition called Underhanded C, which I've participated
in in the past. It's pretty interesting, but the idea is that you write normal C code that has some sort of backdoor
or some sort of nefarious action that can be triggered by an outside attacker. This
competition is trying to hide it. So whoever's able to make the most effective backdoor,
but make it the most difficult to identify is effectively the winner. So the reason that this project or this backdoor in Juniper
didn't seem to get identified is because it looked like normal code.
It looked like a debug string,
and it would have taken a very smart eye to be able to identify this.
And this happened, I believe, in 2012.
So this has been sitting around for a long time.
It required somebody to identify it at that change,
so that code check-in must have been identified,
and I'm guessing that nobody was going to go back in time
to review every code check-in as part of due diligence.
So once it's checked in, once it's approved,
once it passes quality assurance,
then it's just pretty much in the code base forever
until somebody comes across it again. All right. I think that's it. What about, like, how did they discover? Should I ask
you how they discovered the Juniper backdoor? Like, once it's in there, how do you know it?
Yeah, you can bring that up. yeah so in the again i keep coming
back let me start that over um so in a case like this how is this back door discovered was what all
of a sudden was was the vulnerability exposed how did they know they had a problem yeah so there's
actually a lot of speculation about that right now um the thought is because um nobody was just
going to come across this back door unless there is a reason to see it.
So there is either the chance that it was identified in the wild.
Some attacker may have been using this back door to gain access to a system over time,
and somebody was able to identify what password they used, identify that, yep, that is actually a backdoor password to alert Juniper and then, you know, push out the patch. Or it might have come along during a security audit,
either within Juniper or with an outside party. I know there's a lot of collaboration with,
you know, with critical infrastructure software like this, it's going to get a lot of eyes on it
to be able to analyze. So it's hard to say how it was identified, but my guess would probably be a real live attack was identified and analyzed,
and they were able to identify that, yes, there is a backdoor installed, and that led them to identify the second backdoor as well, too.
All right, interesting stuff.
Andre Protos, Technical Director of the Security Research Team at CyberPoint International.
Thanks once again for joining us.
Of course.
And now, a message from Black Cloak.
Did you know the easiest way for cybercriminals to bypass your company's defenses is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk.
In fact, over one-third of new members discover they've already been breached.
Protect your executives and their families 24-7, 365, with Black Cloak. Learn more at blackcloak.io.
And that's The Cyber Wire.
We are proudly produced in Maryland by our talented team of editors and producers.
I'm Dave Bittner. Thanks for listening.
Thank you.