CyberWire Daily - US indicts two Stone Panda operators amid ongoing international concern over Chinese IP theft. Suspicious customer support traffic on Twitter. Emergency IE patch. Influence experiment.
Episode Date: December 20, 2018In today’s podcast, we hear that the US has indicted two hackers working for China’s Ministry of State Security. US and allies are said to be planning a joint response to China’s industrial espi...onage. Twitter sees suspicious customer support traffic. Microsoft issues an emergency patch for Internet Explorer. Facebook continues to struggle with transparency. New Knowledge CEO acknowledges a questionable experiment in social media manipulation. And, flash: Russian embassy hack was “brutal.” Rick Howard from Palo Alto Networks with some holiday reading suggestions. Guest is Sarah Tennant from the Michigan Economic Development Corporation describing new cyber security initiatives at Michigan universities. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2018/November/CyberWire_2018_12_20.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash n2k code N2K at checkout. That's joindelete.me.com slash N2K, code N2K.
The U.S. has indicted two hackers working for China's Ministry of State Security.
U.S. and allies are said to be planning a joint response to China's industrial espionage.
Twitter sees suspicious customer support traffic.
Microsoft issues an emergency patch for Internet Explorer.
Facebook continues to struggle with transparency.
New Knowledge's CEO acknowledges a questionable experiment in social media manipulation.
And newsflash, the Russian embassy hack was brutal.
From the CyberWire studios at DataTribe, I'm Dave Bittner
with your CyberWire summary for Thursday, December 20th, 2018.
This morning, the U.S. Justice Department unsealed yesterday's indictment of two Chinese hackers, Zhu Hua and Zhang Shilong,
whom it connected with a long-running extensive campaign by China's Ministry of State Security to steal intellectual property from at least 12 countries.
Initial reactions regard the indictment as containing damning accusations against Beijing, especially long-standing and systematic violation
of that government's undertakings to restrain itself
with respect to industrial espionage.
The condemnation appears to be international.
The U.S. is expected to be joined by the U.K.,
Australia, Canada, Japan, and Germany, at least,
in an announcement of joint action against Chinese cyber espionage.
CrowdStrike's co-founder and CTO Dmitry Alperovitch commented in an email to us that,
quote, it is unprecedented and encouraging to see the U.S. government, joined by so many international allies,
taking a decisive stance against Chinese state-sponsored economic espionage.
CrowdStrike has been among the security companies reporting what's generally regarded as a surge in Chinese industrial espionage.
The scope of the Ministry of State Security's interests has been very wide.
The sectors targeted include, and aren't limited to,
biotechnology, defense and aerospace, mining, pharma, professional services, and transportation.
Alperovic went on to praise the indictments as a significant step toward holding China responsible
for cyber espionage in the service of economic competition.
He said, quote,
While this action alone will not likely solve the issue,
and companies in U.S., Canada, Europe, Australia, and Japan will continue to be targeted The indictment says the two indicted men were members of APT10,
the threat group also known as Potassium, CVNX, MenuPass, Red Apollo, and of course,
Stone Panda. China also remains under suspicion of being responsible for the breach of EU diplomatic
cables. Beijing denies responsibility, as one would expect. Whoever was responsible seems to
have accomplished their espionage through simple phishing.
When you ponder which of the 50 states in the good old U.S. of A.
is leading the pack in cybersecurity economic development,
certainly California is among the usual suspects,
along with New York, Texas, and our personal favorite, Maryland.
Sarah Tennant is strategic advisor for cyber initiatives for the Michigan Economic Development Corporation,
and she makes the case that Michigan deserves a closer look.
So Michigan is the capital of the global automotive industry.
So I'm sure when you think about Michigan, you think about automotive.
But the future of automotive is mobility.
And Michigan is really the place to be for business and researchers and entrepreneurs looking to shape the next transportation frontier.
So a world of autonomous vehicle design and advanced manufacturing has to include cybersecurity.
So cybersecurity has really become that focal point that is the umbrella that goes across all industries.
And so one of the efforts that you all have spun up there, you have some new cyber ranges at Northern Michigan University
and University of Michigan Flint. What prompted these efforts?
Really, this again was prompted by our governor's vision for the state. He created a cyber
initiative in 2011 that had a vision of unclassified cyber range hubs where talent
could train, test, and really become that central focal
point as a cyber resource in the state. So a cyber range hub, if you're not familiar with
what a hub is, it's really a magnet site for the community that brings people, schools,
and employers together to be part of the cyber ecosystem. So the hub sites are really meant to host events, exercises, and training classes
where companies can access virtual infrastructure for product development, testing, and demonstrations.
So can you describe to us what's the relationship between industry and government and the
universities themselves? I suppose there's a lot of collaboration between the three?
There is. Cybersecurity really has to be a collaborative effort, and we recognize that early on.
We can't do it without industry.
We need to know what industry's needs are.
So these hubs have industry's input.
So we have advisory boards with the hubs that will bring in industry to let them know what their needs are.
And industry can help to really define what happens in the
hubs and what the needs are for them. And really, it becomes that talent pipeline for this industry
as well. We're talking about an industry, the cybersecurity industry is something that,
while it has been around for a long time on the network side, the physical cybersecurity industry
is a new and emerging market for Michigan.
And we're looking to focus on that as well.
And we need input from industry for what their needs are so that we can not only train upcoming talent, but also the existing workforce needs.
We can't wait 10 years for the kids in high school to come out of school.
We have an immediate need now.
for the kids in high school to come out of school. We have an immediate need now.
Now, the work that you do with the Michigan Economic Development Corporation,
how do you get the word out? What's the pitch that you make to startups to tell them,
hey, Michigan is the place you want to be?
So what we talk about with startups is if they're looking to get into that physical cyber system, so if they're looking to get into the mobility industry or aerospace or
defense, they have access to the client in Michigan. So we have such a robust industry here
and it's a large industry, but it's a really small network and we can get them connected
with those big OEMs, both in defense and auto. So we really want them to be in a place where they have access. Michigan is the epicenter
for automotive R&D and defense R&D. So we have the ability to connect them with the people
in industry that they need to be talking to about their products. What we really want to
make people aware of is that Michigan really is a leader in cybersecurity,
and we really are thinking about cybersecurity in a very holistic way. While we promote
collaboration for businesses, we're creating a robust talent pipeline, and if people are looking
to get into the industry or bring their industry to a state, Michigan is a state to be. That's Sarah
Tennant. She's from the Michigan Economic
Development Corporation. Twitter observed a large volume of unusual traffic to its customer support
site early this week. The social media company thinks it might be receiving some unwanted
attention from potential hackers in either Saudi Arabia or China. The incident remains unclear,
but it's clear enough for investors to have shied
away from the company's stock. Late yesterday, Microsoft issued an out-of-band patch for an
Internet Explorer vulnerability being actively exploited. It's a remote code execution issue
in the scripting engine's handling of objects in memory. Facebook continues to suffer from its long-running accretion of bad news.
The Access, the New York Times reported that Facebook-granted partners
may have been less nefarious and less extensive than it sounded.
Ars Technica looks at what Facebook said it actually shared, and how, and why,
and concludes that a lot of what the New York Times describes
seems to have amounted to
application integration of the sort that few users would find objectionable. Unfortunately
for Facebook, a lot of people are in a mood to dismiss Facebook's explanations as just so much
logic chopping. The social network and its explanations did acknowledge a desire to deal
more transparently with its users. Their response to the story said in part,
quote, still we recognize that we've needed tighter management over how partners and developers can
access information using our APIs. We're already in the process of reviewing all our APIs and the
partners who can access them, end quote. But the Times story was damaging because it revealed that there was more sharing going on,
even after Facebook had told everybody they'd come completely clean about their practices, post Cambridge Analytica.
This week's reports on Russian influence operations during recent U.S. elections hit with considerable eclat.
One of the more insightful brief takes on them came from The Grug, who blogged Monday,
quote, I think it just reveals that the Russians were another super PAC in the election.
The only truly unique thing they brought to the table was the hacked emails and documents.
That was special, end quote.
How PAC-like the operations were is indicated by an admission that came, oddly enough,
from the head of the company, New Knowledge, that produced one of the reports. Jonathan Morgan, New Knowledge CEO, said with
expressions of an uneasy conscience that he had conducted an experiment in Alabama's closely
contested special election for a Senate seat last year. Morgan says he created an inauthentic
Facebook page to see whether he could do on a small scale
what Russia's Internet Research Agency did on a larger scale.
He also bought some retweets for less than $10, he said,
to measure the lift he might achieve in social media messaging.
He says it was too small an effort to have helped the Democratic candidate,
who in any case lost to his Republican opponent.
Almost a thought experiment, AL.com
quotes him as saying. We'd like to offer some clarity here. If you do the experiment, it's no
longer a thought experiment. But that aside, Morgan says that now, in hindsight, he probably
shouldn't have done it. It's an interesting question. University researchers have found
themselves wrapped up in comparably murky studies conducted online.
There's so far no obvious internet equivalent of a medical center's human subjects research review board,
or none that we know of.
Perhaps the community might give the matter some thought.
RT complains that the Russian embassy in London was subjected to a brutal hack earlier this week.
Apparently, its press webpages were rendered inaccessible for a period of time.
The hack, RT and the embassy hint darkly,
appears to have been mounted from somewhere within Great Britain.
If nothing else, the complaint shows some elasticity
in the Foreign Ministry's understanding of the meaning of brutality.
A few hours of downtime, that's brutal,
but Novichok nerve agent left around town? Come on, that's just the kind of stuff any sports
enthusiast would have in their kitchen, right? Between the protein powder and the creatine.
Sure, maybe your local GCN doesn't carry Novichok, but brutal? Nothing to see here. Move on.
Nothing to see here. Move on. You'll be solving customer challenges faster with agents, winning with purpose, and showing the world what AI was meant to be.
Let's create the agent-first future together.
Head to salesforce.com slash careers to learn more.
Do you know the status of your compliance controls right now?
Like, right now. We know that real-time visibility
is critical for security, but when it comes to our GRC programs, we rely on point-in-time checks.
But get this, more than 8,000 companies like Atlassian and Quora have continuous visibility
into their controls with Vanta. Here's the gist. Vanta brings automation to evidence collection
across 30 frameworks,
like SOC 2 and ISO 27001.
They also centralize key workflows
like policies, access reviews, and reporting,
and helps you get security questionnaires done
five times faster with AI.
Now that's a new way to GRC. Get $1,000 off Vanta when you go to
vanta.com slash cyber. That's vanta.com slash cyber for $1,000 off.
And now, a message from Black Cloak.
Did you know the easiest way for cybercriminals to bypass your company's defenses is by targeting your executives and their families at home?
Black Cloak. Learn more at blackcloak.io. And joining me once again is Rick Howard. He's the Chief Security Officer at Palo Alto Networks,
and he also heads up Unit 42. That's their threat intelligence team.
Rick, it's great to have you back. As we record this, we are heading into the holidays. I don't
know about you, but I am ready for a long winter's nap. And one of the
things you wanted to check in with was maybe a way to kick back and sit in front of the fire,
perhaps with an adult beverage in your hand and enjoy a good read. What do you have to recommend
for us this year? Exactly. That's what we should be doing. A little downtime going into the
holidays. It's time for family and loved ones and a little relaxation, an escape, shall we say, from the hustle and bustle of the year.
What better way to idle away that time is to curl up with a good book.
You know I'm a big fan of reading cybersecurity books, especially from my cybersecurity canon project.
Right.
So the first book I want to recommend is William Gitson's 1984 landmark novel called Narrowmancer.
Have you heard of this before?
I am familiar with it.
I haven't read it, but I certainly know of it.
Well, it's really fabulous, just the history of it.
For not being a geek or a cyber anything,
Gibson invented and clarified our cybersecurity language
10 years before it became mainstream.
He coined words like cyberspace. He launched the cyberpunk genre.
He pontificated about a sci-fi trope called the singularity. He guessed correctly that
hacktivism would be a thing and understood that we would all need some sort of search engine
long before any of us knew how vital Google and other similar services would become.
He received multiple book awards for this one and is often quoted as having one of the
best ever opening novel lines.
And here it is.
The sky above the port was the color of television tuned to a dead channel.
Yeah, that's fantastic stuff.
So the main narrow man's character is Case.
He's a world class hacker cowboy.
And Gibson refers to all hackers as cowboys in
the book and he's kind of fallen out from grace ends up joining a misfit team the leader armitage
kind of an ex-military person there's an assassin molly a beautiful cyborg uh the techie finn he's
the prototype scrounger you know he gets all the stuff they need to do their missions in the
mentalist peter a psychopathic mind bender right so and the reader is never really sure what the team's ultimate
objective is until close to the end of the story but along the way we get plenty of kung fu between
the assassin and every bad guy we meet uh love making between the hacker and the assassin and
a verbal description of what it means to hack that is eerily similar to how modern computer games gamers play today.
Here's the thing.
What is not to like about this?
Why would the cybersecurity geeks of the world love a story where the loser hacker can win the girl,
act for a greater good, be critical to a super ninja's purpose, and ultimately be the hero of the story?
All right.
So the cyberpunk elements make the story fun, but the hacking, copulating,
jit-suing elements make the story sore. And at least for a geek like me, it's fantastic.
Escapist fantasy, right, Rick?
That's exactly why I'm in cyberpunk. All right. That's book one. Second book. Okay. And this is
my favorite hacker novel of all time. All right. And I know that's a big, bold statement, but I will defend it to the death.
It is Neil Stevenson's 1990 novel called Cryptonomicon.
The story revolves around a multi-generational family, a dot-com family in the 90s and a family in World War II.
But the story has everything in it.
Gold treasure hunt, World War II commando raids, code breaking at Bletchley Park, the importance of Dungeons and Dragons to people like me, jaw-dropping complexities of 20th century banking, the necessity and procedures for getting the correct ratio of milk to Captain Crunch kernels in your morning cereal.
This is an important thing for geeks.
an important thing for geeks.
The horror is experienced by soldiers and civilians in the Philippines during World War II
and the significance of
cryptological systems in our state-of-the-art
world. Not to mention two love
stories and a glimpse of some interesting
historical figures
like Lieutenant Ronald Reagan,
Alan Turing, and General
MacArthur. And as you
might expect, this is a dense read.
So this is not a novel you're going
to get through in a weekend, but one of Stevenson's great gifts is his ability to juggle many seemingly
unrelated and interesting characters within the story and then surprise the reader about how they
all are connected at the end. So Cryptonomicon is packed with ideas. Take your time with it.
Savor the journey, though, and find your favorite parts. And like I said, it is my favorite hacker
novel of all time. And you should have read it by now.
Good recommendations.
And at least one of these, you can sit by that fire and relax and enjoy your winter break.
So, Rick Howard, thanks for joining us.
Thank you, sir.
Thank you. suite of solutions designed to give you total control, stopping unauthorized applications,
securing sensitive data, and ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today to see how a default deny approach can keep your company safe and compliant. And that's the Cyber Wire.
For links to all of today's stories, check out our daily briefing at thecyberwire.com.
And for professionals and cybersecurity leaders who want to stay abreast of this rapidly evolving field, sign up for Cyber Wire Pro.
It'll save you time and keep you informed.
Listen for us on your Alexa smart speaker too.
The CyberWire podcast is proudly produced in Maryland
out of the startup studios of DataTribe,
where they're co-building the next generation
of cybersecurity teams and technologies.
Our amazing CyberWire team is Elliot Peltzman,
Puru Prakash, Stefan Vaziri, Kelsey Bond,
Tim Nodar, Joe Kerrigan, Carol Terrio, Ben Yellen, Thanks for listening.
We'll see you back here tomorrow. Thank you. comes in. With Domo, you can channel AI and data into innovative uses that deliver measurable
impact. Secure AI agents connect, prepare, and automate your data workflows, helping you gain
insights, receive alerts, and act with ease through guided apps tailored to your role.
Data is hard. Domo is easy. Learn more at ai.domo.com. That's ai.domo.com.