CyberWire Daily - Unauthorized banking transfers in Mexico? A lifeline for ZTE. Iranian cyber op-tempo rises. Russian troll farm's ad buys. Reining in apps. Cell tracking. Anonymous is back.
Episode Date: May 14, 2018In today's podcast we hear that Mexican banks may have sustained unauthorized funds transfers. Presidents Trump and Xi seem willing to toss a lifeline to drowning ZTE. Some researchers report an upti...ck in Iranian cyber operations. Russia's premier troll farm bought Facebook and Instagram ads targeting American teenaged girls. Apple, Facebook, and Twitter tighten their grip on apps connecting to their stores or services. Police cell-tracking receives scrutiny. And Anonymous is back. Justin Harvey from Accenture with his thoughts on whether the U.S. pulling out of the Iran nuclear deal will lead to more cyber attacks from Iran. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash N2K, code N2K.
Mexican banks may have sustained unauthorized funds transfers.
Presidents Trump and Xi seem willing to toss a lifeline to drowning ZTE. Some researchers
report an uptick in Iranian cyber operations. Russia's premier troll farm bought Facebook and
Instagram ads targeting American teenage girls. Apple, Facebook, and Twitter tightened their grip
on apps connected to their stores or services. Police cell tracking received scrutiny, and Anonymous is back.
From the CyberWire studios at DataTribe, I'm Dave Bittner with your CyberWire summary for Monday, May 14, 2018.
At the end of last month, there was an attempted raid on Mexico's banking transfer system. Mexico's central bank now says
that it appears there may have indeed been successful unauthorized transfers through the
country's interbank SPEI system. Three banks were initially said to have been affected,
Banco del Bajio S.A., Banco Mext, and Grupo Financiero Banorte. Those three and two other
financial institutions
were asked to move to a backup connection to the central bank
after experiencing difficulties connecting through SPIE,
the country's interbank electronic transfer system.
The attack seemed at the time of the initial announcement
to have been contained as the banks shifted their connections
to an alternative contingency system.
Since then, however, more than 25 financial institutions have also moved to backup systems,
and Mexico's central bank says that it appears there may have indeed been unauthorized transfers
through the country's interbank SPEI system.
At least one bank experienced an incident last week.
The story continues to develop.
In a surprising development over the weekend,
U.S. President Trump seems willing to toss ZTE some sort of unspecified lifeline to keep them in business.
ZTE has been subject to U.S. sanctions that effectively barred it from using U.S. software and components in its products.
The company last week announced it from using U.S. software and components in its products.
The company last week announced it had stopped its major operations.
The U.S. beef with ZTE centered on the company's flouting of sanctions imposed on Iran,
and then lying about it.
That's the offense that prompted the Commerce Department to impose sanctions.
There have been other concerns about ZTE and its bigger sister Huawei.
Some of those concerns involved security.
The Chinese companies had been widely viewed with suspicion by security analysts who thought them likely to operate closely with China's security and intelligence services.
Those fears have been given recent voice in the U.S. by Representative Adam Schiff,
a Democrat of California and ranking member of the U.S. by Representative Adam Schiff, a Democrat of California and
ranking member of the House Intelligence Committee.
They're also figuring prominently in Australian debates over telecommunications service providers'
use of equipment from ZTE and Huawei.
Australia had earlier blocked Huawei-equipped undersea cable service over concerns about
Chinese surveillance.
This week, sections of the
Australian press are exhorting ZTE as corrupt in the course of objecting to the possibility
that the company will become a major player in 5G telephone service.
The other issue surrounding the Chinese device manufacturers is economic. The U.S. has long
been concerned over Chinese IP theft, and the two countries have been at loggerheads over their respective shares of the coming 5G market.
Returning to Iran and heightened tension between that country and the U.S., security firm CrowdStrike says it's already discerned an increase in Iranian cyber operations against U.S. targets.
cyber operations against U.S. targets. The company's researchers say they saw the uptick begin within 24 hours of the U.S. announcement that it would withdraw from the Iran nuclear deal.
Other observers are reporting a heightened interest in cryptocurrencies on the part of Iranians
looking for some sort of cushion against conflict-driven austerity.
Among Facebook and Instagram ads purchased by the Russian troll farm Internet Research Agency
were several promoting a problematic Chrome extension, FaceMusic.
FaceMusic catered to several demographics,
but was most successful among American girls ages 14 to 17.
The extension collected Facebook and web browsing information.
It also messaged the friends of those who installed it.
Facebook's ongoing review of data-collecting apps
has resulted in suspension of about 200 of them.
In Facebook's case, the review has been prompted by widespread concerns
over data harvesting and use by the now-defunct Cambridge Analytica.
Apple is also reviewing apps, but in that company's case,
it's a matter of cleaning its store in preparation for GDPR.
It's seeking out and purging apps that inappropriately gather information,
especially in ways that will invite sanctions under GDPR, which takes effect in less than two weeks.
Twitter is also tightening its grip on how it makes data available.
The company announced late last year that user streams,
an API widely used by analytics and market research companies,
would be deprecated this June.
Over the weekend, one of the earliest Twitter analytics companies,
Favstar, announced that it would shut down on June 19th.
Favstar says that Twitter hasn't given it enough details
about the account activity API,
including enterprise pricing, and that, quote,
Favstar can't continue to operate in this environment of uncertainty, unquote.
U.S. Senator Ron Wyden, a Democrat from Oregon,
is asking the FCC and telecommunications companies what they know about Securus, a service that enables law enforcement agencies to track cell phone locations.
He's also told the Department of Homeland Security that he wants details on various
unattributed Stingray phone trackers in Washington before he'll vote to confirm
Christopher Krebs as Undersecretary of the Nation's Programs and Protections Directorate.
Anonymous is back in the news, twice. Russia's blocking of Telegram prompted
self-described anonymous hackers to deface websites belonging to the Federal Agency for
International Cooperation. Among remarks denouncing censorship, the defacements called
media regulator Roskomnador a handful of incompetent brainless worms. This seems unlikely to change many minds in Moscow,
but commentators who dislike Russian censorship seem to like the moxie the message displays.
And last Thursday, in the U.S. state of Ohio,
the FBI arrested one James Robinson, 32, from Akron.
Mr. Robinson, who went by the nom de hack of AkronPhoenix420, allegedly
de-dossed the Akron Police Department and a city website. He associated himself with
Anonymous, down to the Guy Fawkes mask, but apparently de-anonymized himself by connecting
to his Twitter account from his home IP address. That Twitter timeline was filled with lots of Guy Fawkes goodness.
And so OPSEC again runs afoul of the human drive to say, hey, look at me.
Calling all sellers.
Salesforce is hiring account executives to join us on the cutting edge of technology.
Here, innovation isn't a buzzword.
It's a way of life.
You'll be solving customer challenges faster with agents,
winning with purpose, and showing the world what AI was meant to be.
Let's create the agent-first future together.
Head to salesforce.com slash careers to learn more.
Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security, but when it comes to our GRC programs, we rely on point-in-time checks.
But get this.
More than 8,000 companies
like Atlassian and Quora have continuous visibility
into their controls with Vanta.
Here's the gist.
Vanta brings automation to evidence collection
across 30 frameworks like SOC 2 and ISO 27001.
They also centralize key workflows
like policies, access reviews, and reporting, and helps you get security questionnaires done five times faster with AI.
Now that's a new way to GRC.
Get $1,000 off Vanta when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1,000 off.
And now, a message from Black Cloak.
Did you know the easiest way for cyber criminals to bypass your company's defenses is by targeting your executives and their families at home.
Black Cloak's award-winning digital executive protection platform secures their personal
devices, home networks, and connected lives. Because when executives are compromised at home,
your company is at risk. In fact, over one-third of new members discover they've already been breached. Protect your executives and their families 24-7, 365, with Black Cloak.
Learn more at blackcloak.io.
And I'm pleased to be joined once again by Justin Harvey.
He's the Global Incident Response Leader at Accenture.
Justin, we recently had, of course, the news that President Trump pulled the United States out of the Iran nuclear deal.
What are we expecting here? Folks are on guard when it comes to cyber attacks.
Sure. We're definitely all hands on deck at this point. For right or wrong, agree or disagree, it does appear that
the United States is going to be exiting the Iran nuclear agreement. And I think that what we have
seen historically is when there are two nation states that are involved in a conflict, there's
always going to be some sort of espionage that accompanies that. And usually on the backs of some sort of negative action or negative reaction, there is a prop the last few hundred years, for regular human espionage. I think the same could be said for cyber espionage.
I think that the levels of Iran state-sponsored cyber espionage, I wouldn't characterize them as
all-time lows, but they've definitely been a lot quieter than they have been, particularly
after Obama negotiated that agreement. And now that that
agreement is being stripped, or at least the United States leaving, what incentive is there
for Iran not to conduct their own operations, either for military purposes to create that sort
of check and balance, perhaps with our critical infrastructure, in addition to retribution for not receiving
the goods. Think about, for instance, the Boeing deal. Boeing is losing $20 billion worth of
airplane sales to Iran. Iran may want to either retaliate or they may want to conduct some
espionage operations in order to further their own goals in the region commercially.
Do you suspect that we'll see some testing from Iran? Will they be
walking right up to that line to see how far they can go?
I think most nation states are doing that. They're really testing the waters on to see
where that red line is, if you will. Just how far can a nation push the United States until there's either a kinetic
or a cyber counteraction? Because we live in a free society, it's very easy for us to see
the other nation's point of view and seeing that they're all wounded and that they have
complaints. You never hear about our own U.S. Cyber Command operations in
other countries. It's kind of like if you don't hear about the SEAL team, the SEAL team is doing
their work. So while I'm confident that Cyber Command has their operations under control,
I do believe that we will start to see more and more Iranian-based cyber espionage or cyber attacks. And one other
sub-bullet to that is it may not always be readily obvious. And what I mean by that is
we've also seen an uptick in nation-states working through proxy groups. So if I were a nation-state,
why would I want to attack critical infrastructure with either malware or tactics, techniques,
and procedures
that are associated with Iran. I would want to adopt another nation state and to conduct the
same operation. So if and when I did trip that red line and the U.S. said, ah, we got you,
it's better to have the finger pointing at someone else than your own nation.
Right. All right. Well, time will tell. Certainly something worth keeping an eye on. As always, Justin Harvey, thanks for joining us. Thank you.
Cyber threats are evolving every second and staying ahead is more than just a challenge.
It's a necessity. That's why we're thrilled to partner with ThreatLocker,
Thank you. run smoothly and securely. Visit ThreatLocker.com today to see how a default deny approach can keep your company safe and compliant. And that's the CyberWire. For links to all of today's stories, check out our daily briefing at thecyberwire.com.
And for professionals and cybersecurity leaders who want to stay abreast of this rapidly evolving field, sign up for Cyber Wire Pro.
It'll save you time and keep you informed.
Listen for us on your Alexa smart speaker, too.
The Cyber Wire podcast is proudly produced in Maryland out of the startup studios of DataTribe,
where they're co-building the next generation
of cybersecurity teams and technologies.
Our amazing Cyber Wire team is Elliot Peltzman,
Puru Prakash, Stefan Vaziri, Kelsey Vaughn,
Tim Nodar, Joe Kerrigan, Carol Terrio, Ben Yellen,
Nick Volecki, Gina Johnson, Bennett Moe, Chris Russell,
John Petrick, Jennifer Iben, Rick Howard, Peter Kilpie, and I'm
Dave Bittner. Thanks for listening. We'll see you back here tomorrow.
Your business needs AI solutions that are not only ambitious, but also practical and adaptable.
That's where Domo's AI and data products platform comes in.
With Domo, you can channel AI and data into innovative uses that deliver measurable impact.
Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights,
receive alerts, and act with ease through guided apps tailored to your role. Data is hard. Domo
is easy. Learn more at ai.domo.com. That's ai.domo.com.