CyberWire Daily - US report on 2020 foreign election meddling is out, and Russian and Iran are prominently mentioned in dispatches. Recovering from the Hafnium and Holiday Bear campaigns.
Episode Date: March 17, 2021The US Intelligence Community has released its report on 2020 foreign election meddling. It found no successful hacking, but a lot of clever influence operations. Ukraine says it stopped a significant... Russian cyberespionage campaign. Recovery from the SolarWinds and Exchange Server compromises continues. Joe Carrigan shares thoughts on the Verkada hack. Our guest is Oscar Pedroso from Thimble on getting kids hooked on technology. And no, that celebrity tweeter isn’t really going to send you $2000 for every $1000 you give back to the community. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/10/51 Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash N2K, code N2K.
The U.S. intelligence community has released its report on 2020 foreign election meddling.
Ukraine says it stopped a significant Russian cyber espionage campaign.
Recovery from the solar winds and exchange server compromises continues.
Joe Kerrigan shares thoughts on the Verkada hack.
Our guest is Oscar Pedroso from Thimble on getting kids hooked on technology.
And no, that celebrity tweeter isn't really going to send you $2,000
for every $1,000 you give back to the community.
From the CyberWire studios at DataTribe,
I'm Dave Bittner with your CyberWire summary
for Wednesday, March 17th, 2021.
The U.S. intelligence community late yesterday released the unclassified version of its report
on foreign interference in the 2020 federal elections.
The investigation found no evidence of foreign attempts to manipulate vote counts or other
technical aspects of the election. It did find evidence of an extensive Russian influence
campaign aimed at denigrating then-candidate Biden to the advantage of then-President Trump,
with a strong overarching goal of eroding confidence
in U.S. elections. The investigation found that Iran conducted a similar influence effort aimed
at damaging President Trump's candidacy. Both efforts were authorized at the highest levels
by President Putin in Moscow and by Supreme Leader K Khomeini in Tehran.
Russia's efforts were marked by extensive preparation and the use of trolls,
agents of influence and influencers of the useful idiot variety, with messaging amplified by online proxies and Russian official media outlets.
In general, Russian policymakers, while not in every respect happy with President Trump,
clearly preferred him to a President Biden,
although they had made their peace with a possible Biden presidency by the closing weeks of the campaign,
seeing a silver lining in President Biden's presumed interest in reviving arms control agreements
perceived as working to Russia's advantage.
Their long-standing goal, which the report says endures into the present,
is to weaken the United States, and whatever is likely to accomplish that,
particularly erosion of trust in U.S. civil and political institutions, is a good bet.
Iran wasn't particularly in favor of President Biden,
but the Islamic Republic was definitely opposed
to President Trump. Their influence operation ran principally through social media and,
interestingly enough, highly targeted email campaigns that spoofed the Proud Boys and
threatened the recipients, for the most part likely Democratic voters, with crude appeals
to vote for Trump, hoping thereby to provoke a backlash against
the former president. Tehran's efforts work to exploit and exacerbate fissures in American civil
society, and the report warns that these efforts have continued post-election. Iran chose what the
report calls cyber tools and methods because they were cheap, scalable, deniable, and required no physical access to the U.S.
The investigation considered the possibility of interference by other governments as well,
but none of the others were as active as those of either Russia or Iran.
China considered undertaking an influence campaign, but eventually seems to have decided to sit the election out,
apart from taking some minor shots at then-President Trump.
In general, Beijing seems to have performed a cost-benefit analysis
and decided that it saw no particular advantage to China
in the election or defeat of either major party candidate,
and in particular no advantage that would outweigh
the bad optics
of getting caught while finagling. Traditional influence, lobbying, and economics were judged
to be the best bet for advancing Chinese interests, and in any case the view from Beijing
sees bipartisan, Sinophobic consensus in the U.S., and that anti-China sentiment is going to endure
whichever party holds the major
positions in government. Beijing may have thought President Trump mildly worse for Chinese interests
than President Biden, but not worse enough to warrant a big push to see him defeated.
Lebanese Hezbollah, Cuba, and Venezuela played bit parts with their own minor influence operations.
None of them had any use for President Trump and woofed against him,
but their efforts were ineffectual, petty larceny stuff lost in the noise.
And of course, there was the usual criminal presence manifesting itself in ransomware attacks,
at least one of which affected a voter registration system.
But the crooks don't appear to have been aligned with any government
or to have had any particular political purpose.
As one might expect, the Russian embassy in Washington didn't much like the IC's report,
saying, quote,
The report says the embassy is just more American megaphone diplomacy.
Ukraine's SBU security services says it stopped a large Russian cyber espionage effort yesterday, according to Reuters.
The goal was to get access to classified data of the highest institutions of state power of Ukraine, the SBU said. They attributed the cyber espionage campaign to Russia's FSB, the security service whose cyber activity has often been called Cozy Bear.
Officials said during a White House media availability Friday that U.S. agencies are within about a week of remediating the effects of Holiday Bear's SolarWinds compromise.
The nine agencies known to have been compromised are addressing, among other things, network visibility. the modernization of federal IT systems, which the senior officials characterized as a bargain
when compared to the costs of sustaining another compromise of this kind and magnitude.
Those same officials also commented on the ongoing campaign against Microsoft Exchange Server.
Here, too, network visibility was cited as a challenge.
Quote,
cited as a challenge, quote, the U.S. government largely does not have visibility into U.S.
infrastructure, and many of these actors operate out of U.S. infrastructure. And as we talked about,
the us part of really needing to start prioritizing security in the way we build and buy software, we can do innovation and security, end quote. Worldwide response to Hafnium's exchange server hack continues.
Netherlands authorities, Reuters reports, have found at least 1,200 compromised servers.
Authorities said, quote, the National Cyber Security Center observes that as a result
of vulnerabilities, data is being stolen, malware is placed, back doors are being built
in,
and mailboxes are offered for sale on the black market, end quote.
So much of the fallout from exchange server vulnerability exploitation continues to be criminal in nature.
And finally, the Tampa Bay Times reports that the teenage Twitter hacker, Graham Ivan Clark, has taken a guilty plea to Florida state charges of running a scam
that used hijack high-profile Twitter accounts to get people to send him Bitcoin.
Last summer, Mr. Clark, then a student at Gaither High School,
worked the now-familiar Cast Your Bread Upon the Waters scam,
tweeting things like this from famous people's accounts.
I'm giving back to the community, he tweeted from an account belonging to then-candidate Joe Biden.
All Bitcoin sent to the address below will be sent back doubled.
If you send $1,000, I will send back $2,000.
Only doing this for 30 minutes. Enjoy!
A pro tip, if you want to give back to the community,
treat it as a gift and don't look for a return on your investment.
Mr. Clark will be a guest of the governor of Florida for three years
with an additional three years of probation to follow.
Calling all sellers.
Salesforce is hiring account executives to join us on the cutting edge of technology.
Here, innovation isn't a buzzword.
It's a way of life.
You'll be solving customer challenges faster with agents,
winning with purpose, and showing the world what AI was meant to be.
Let's create the agent-first future together.
Head to salesforce.com slash careers to learn more.
Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks.
But get this, more than 8,000 companies like Atlassian and Quora have continuous visibility into their controls with Vanta.
Here's the gist. Vanta brings automation to evidence collection across 30 frameworks, like SOC 2 and ISO 27001.
They also centralize key workflows like policies, access reviews, and reporting,
and helps you get security questionnaires done five times faster with AI.
Now that's a new way to GRC.
Get $1,000 off Vanta when you go to vanta.com slash cyber. That's vanta.com slash
cyber for $1,000 off. And now a message from Black Cloak.
Did you know the easiest way for cybercriminals to bypass your company's defenses is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform
secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk. Thank you. Among the casualties of the global COVID pandemic has been the opportunity for students to enjoy in-person collaborative classroom experiences,
specifically things like science and technology labs, robotics clubs, and other STEM-related activities.
labs, robotics clubs, and other STEM-related activities. Oscar Pedroso is CEO at Thimble,
a company that provides live and on-demand robotics and coding classes for kids,
as well as hands-on kits that students can have shipped to them. Not surprisingly,
throughout the pandemic, he and his team have been busier than ever.
Right now, it's a little bit of everything as far as hybrid and hybrid learning is a term being tossed around a lot, which just consists of in-person as well as online instruction.
And last year when the pandemic hit, parents weren't really sure what was going on. I don't
think anyone knew what was really going on, really. But from the school standpoint, a lot of schools ended up shutting down or remained
online, strictly online until they knew more information about where everything was going.
So for a good chunk of 2020, kids were really learning at home for the most part.
And then now that we're in 2021, there seems to be a shift into
hybrid learning and then the slow transition back to in-person instruction. Now you all have filled
some of the gap here. Can you describe to us, I mean, what are the kits that you all make available
to some of these students? So we teach electronics and programming. So a lot of our kits revolve
around robots, drones, video games. And these tend to be things that kids are drawn to. And I was
certainly drawn to them when I was younger too. And so we have 15 different types of kits and
they range anywhere from building a Wi-Fi robot, a weather station, a little piano
synthesizer. And each of these projects touches on a different type of discipline out there. So
whether it's smart home technology, GPS and navigation, robotics and mechatronics, we really
try to make it broad so that kids can be exposed to different subject areas and not just one.
kids can be exposed to different subject areas and not just one.
Yeah, boy, we've really come a long way since my Radio Shack 150 in one kit back in the day.
Definitely.
How do you go about making sure that you're reaching some of the kids that are underrepresented? Are there things like scholarships? Are there ways to hit
those particular kids and families? Definitely. We do
monthly scholarships. So we do five a month and we will usually put out a campaign on social media
for anyone that might not be able to afford a membership. We also work with schools and through
various partners like National Grid, for example, they're a big utility provider here in the
Northeast. They have various community and
neighborhood programs geared at serving underserved schools. So through those partnerships,
we're able to work with National GRIT to subsidize the cost of these programs for kids who might not
ever really get to access any of this type of instruction. That's Oscar Pedroso from Thimble.
Cyber threats are evolving every second,
and staying ahead is more than just a challenge.
It's a necessity.
That's why we're thrilled to partner with ThreatLocker,
a cybersecurity solution trusted by businesses worldwide.
ThreatLocker is a full suite of solutions
designed to give you total control,
stopping unauthorized applications,
securing sensitive data,
and ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today to see how a default
deny approach can keep your company safe and compliant.
And joining me once again is Joe Kerrigan.
He's from the Johns Hopkins University Information Security Institute
and also my co-host on the Hacking Humans podcast.
Hello, Joe.
Hi, Dave.
We've seen widespread coverage of this story about the surveillance camera company,
Verkada, and some bad news that they've had to deal with here. I'm looking at a
story from Bloomberg that covers this over on the Yahoo Finance site. Can you bring us up to date?
What's going on here? So this group of hackers calling themselves, I don't know if they have
been dubbed an APT with a long number after it, or if this has been designated to them by other
people, but they are essentially Arsene Cat is what they call themselves. And one of them, somebody found
a leaked super user account name and password out on the net, on the internet somewhere.
And they use that to gain access to the system. In fact, as soon as Bloomberg contacted Ricotta, these
actors lost control and lost the
access that they had. But
while they were in, they were
able to access the feeds of 150,000
security cameras,
surveillance cameras, inside of prisons,
hospitals, companies,
police departments, schools.
They were inside the Sandy Hook
School, which is where that horrible
shooting took place back in 2012. They claimed that they were in a Tesla production facility,
although Tesla says that's just one of our suppliers. That's not us. All of our stuff
is stored locally, not in the cloud. There was one case where they had a, or one example
in the video that Bloomberg saw, where in a Florida hospital in Halifax, Halifax Health,
that showed what appeared to be eight hospital staffers tackling a man and putting him to a bed.
Of course, we don't know what the situation is here, but on their public-facing website, Vercada has a case study
that is called How a Florida Healthcare Provider Easily Updated and Deployed a Scalable HIPAA
Compliant Security System. Safe to say this is no longer HIPAA compliant, or at least this is
a HIPAA violation, right? Right, right. Yes, I don't think you're going out on a limb by saying that. Sure.
Right. Sure. So, you know, this, this actually has impact on the, on, on a lot of people like
the patients. Now, I don't know that the video has been released. I don't know that, I mean,
Bloomberg has seen the video. I don't think they're going to publish it. That would be unethical,
I think. Yeah. The fact that, just the fact that they state what's here is fine.
We don't need to see the video.
Right.
And it's interesting to me these folks are claiming to be hacktivists.
Right.
And that they're not out there.
They're not, you know, it's not a ransomware thing.
They're not asking for money.
They're trying, they say that they're trying to raise awareness at how video cameras are everywhere.
This panopticon of surveillance,
and they just want to draw attention to that. Do you feel any sympathy for their case there?
Well, I don't know. There's somebody who's identified as Tilly Cotman,
probably not their real name, and their Twitter account has already been suspended. So
no more is coming out of, uh, that venue. But the quote here is the reasons for hacking our quote,
lots of curiosity, fighting for freedom of information and against intellectual property,
a huge dose of anti-capitalism and a hint of anarchism. And it's also just too much fun not to do it. That's the quote.
So, you know, I think that anti-capitalism is in vogue right now. So they might be trying to
curry favor with people. Maybe they actually are anti-capitalist, who knows? You know,
curiosity, fighting for freedom of information and against intellectual property.
the curiosity, fighting for freedom of information and against intellectual property.
I understand fighting for freedom of information. I really do empathize with the surveillance state.
I'm not a big fan of all the surveillance that goes on. And this does bring up a good point about, well, we have all this surveillance technology around, but don't worry, it's secure.
No, it's probably not secure.
All you have to do is look on the internet and find a username and password to let somebody go in and everybody's security just goes right out the window. So I empathize with that a lot. But
that being said, this is not how you go about it. Well, I think also it points out the issue of third-party risk, which is certainly a hot topic these days, how so many organizations had put their trust in Verkada.
Right.
You know, well-known organizations globally had put their trust in Verkada, and, you know, you've got this, what reportedly was a hard-coded, hanging out there on the internet, and all these organizations get hit.
Right. Everybody gets owned on this.
Yeah.
I don't know. This is kind of like a basic failure of an authorization system.
We talk about the three A's, authentication, authorization, and auditing.
authentication, authorization, and auditing. There is no reason for someone to be authorized to view every single thing in the Verkata system. I mean, there's really no reason to have a super
user account like this, especially in modern times. I mean, the principle of least privilege
is a security basic, almost an axiom by now, that you don't go around creating essentially what
are root users in an enterprise system like this, that you compartmentalize as much as
you can, but there's really not a reason to have this kind of level of access.
And there's certainly not a reason to publish it or to let it leak out.
Yeah.
Well, it's an unfortunate and cautionary tale.
And it's going to be interesting to see how this plays out over the long term.
Yeah, it will be interesting to see what happens here.
Yeah.
All right.
Well, Joe Kerrigan, thanks for joining us.
It's my pleasure, Dave. And that's the Cyber Wire.
For links to all of today's stories, check out our daily briefing at thecyberwire.com.
And for professionals and cybersecurity leaders who want to stay abreast of this rapidly evolving field, sign up for Cyber Wire Pro.
It'll save you time and keep you informed.
The more you drive it, the better it gets.
Listen for us on your Alexa smart speaker too.
The CyberWire podcast is proudly produced in Maryland
out of the startup studios of DataTribe,
where they're co-building the next generation
of cybersecurity teams and technologies.
Our amazing CyberWire team is Elliot Peltzman,
Puru Prakash, Kelsey Bong,
Tim Nodar, Joe Kerrigan, Kirill Terrio, Ben Yellen, Nick Vilecki, Gina Johnson, Bennett Moe,
Chris Russell, John Petrick, Jennifer Iben, Rick Howard, Peter Kilby, and I'm Dave Bittner.
Thanks for listening. We'll see you back here tomorrow.
Your business needs AI solutions that are not only ambitious,
but also practical and adaptable.
That's where Domo's AI and data products platform comes in.
With Domo, you can channel AI and data into innovative uses that deliver measurable impact.
Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights, receive alerts, and act with ease through guided apps tailored to your role. Thank you.