CyberWire Daily - WikiLeaks dumps alleged CIA obfuscation code. Attribution skeptics speculate about Russian ops (or the lack thereof). ISIS information operations manual revealed. RATs in the wild.
Episode Date: April 3, 2017In today's podcast, we hear that WikiLeaks has dumped what it claims are CIA source code files. The leak seems to aim at raising suspicion that attacks attributed to foreign governments are in fact fa...lse-flag operations. The International Association of Athletics Federations says it was hacked by Fancy Bear. Two new RATs—remote access Trojans—are discovered in the wild. ISIS takes some cyber hits, and an investigator outlines the group's information operations manual. At the annual Women in Cyber Security Conference we catch up with US Naval Academy Midshipmen Svetla Walsh and Deja Baker. David Dufour from Webroot reviews their latest threat report. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash N2K, code N2K.
WikiLeaks dumps what it claims are CIA source code files.
The International Association of Athletics Federations says it was hacked by Fancy Bear.
Two new rats are discovered in the wild, ISIS takes some cyber hits,
and an investigator outlines the group's information operations manual.
I'm Dave Bittner in Baltimore with your Cyber Wire summary for Monday, April 3rd, 2017.
I'm Dave Bittner in Baltimore with your CyberWire summary for Monday, April 3, 2017.
WikiLeaks' latest dump of purported CIA cyber operations documents is said to reveal Langley's obfuscation techniques,
which some read as a false flag capability.
On Friday, the group released 676 source code files for the Marble Framework,
which is said to be a collection of tools the CIA used to make its hacking effectively untraceable and unattributable. Among the files are some
suggested ways of including non-American English linguistic clues in attack code. Russian, Chinese,
Korean, Arabic, and Farsi are specifically called out. This is perceived as particularly damaging
because it arouses suspicion that much of what the U.S. intelligence community attributed to foreign nation-states,
in fact, could have emerged from Langley. There's no positive evidence of CIA false flag operations,
but the leak certainly benefits Russia above all other foreign cyber operators.
It also will fuel attribution skepticism, which over the weekend induced some
observers to call official U.S. conclusions that the Russians, in the form of Cozy Bear and Fancy
Bear, were responsible for, among other things, the damaging email compromise the Democratic
National Committee sustained during last U.S. elections. That skepticism has been fueled by
security firm CrowdStrike's partial retraction of some results it released
concerning Russian cyber operations, mostly directed against Ukraine.
In this case, the recent skepticism is coming more from the political left than the political right,
with at least one observer calling the DNC email compromise an inside leak,
with attribution to the Russian intelligence services a cyber-Tonkin-Golf incident.
We don't know about that. There is a great deal of evidence that Russian services has been actively
involved in influence operations against U.S. and other Western targets for some time,
so this doesn't look like a case of seeing radar ghosts and dolphin wakes during the dog watches.
But we do agree that hasty and mistaken attribution is problematic,
especially when governments consider kinetic retaliation for cyberattacks.
And the Cyber Wire has been warning about the possibility
of a cyber-tonkin' golf incident since October 2013.
FBI investigations continue, as do those in both houses of Congress.
The Senate's hearings are concentrating on Russian disinformation operations,
now thought to have extended to several Republican targets as well.
Speaking of Russia, the International Association of Athletics Federation, the IAAF,
reports being compromised by Fancy Bear,
the latest in a series of Athletic Association hacks
since a number of Russian Olympians were booted from Rio last year on doping beefs.
There's no hesitation or ambiguity at all in the IAAF's attribution.
The Cyber Wire spent this past weekend
at the annual Women in Cybersecurity event in Tucson, Arizona,
where over 800 women and a handful of men enjoyed inspirational keynotes,
technical breakout sessions, a poster session, a job fair, and much more.
I caught up with some speakers and attendees,
and will be featuring their stories throughout the week.
Svetla Walsh and Deja Baker are midshipmen at the United States Naval Academy in Annapolis, Maryland.
In addition to their rigorous coursework at the Academy,
they're volunteering their time to put together a program at a local library for fourth and fifth graders called Hello Computer Science.
We hear from Svetla Walsh first, followed by Deja Baker.
This event kind of came together when the library reached out to the Naval Academy and said, hey, we'd like to run a coding event.
We know you guys have some really smart midshipmen. Could you guys get some together and bring them over here?
You guys have some really smart Midshipmen.
Could you guys get some together and bring them over here?
And Walsh approached me and one other Midshipman,
because I'm a computer science major, she's an IT major,
so we're going to work together with the high school students to let them have ownership.
They created their own modules to work with the kids
to teach them concepts about computer science.
As Midshipman, you have a busy schedule.
Why is it important for you to take time to do something like this?
I think just what matters to me is just giving back.
And the teachers in my lives have given me a chance and said, you know, we want to help you, and I just want to do the same.
We work a lot with underrepresented minorities, people that don't get a chance to be exposed to this environment,
and I think it's not fair, and I want to do my part.
Yeah, I think it's important to teach kids while they're younger about basic computer concepts so they can learn more later and know, I know something about that. I can actually do these
things. I think a lot of people look at our majors and they're like, wow, computer science,
that's super hard. Well, it's not really, you know, I mean, it's a harder major, I think. It's
challenging, but I'm learning a lot. So I think the kids will, if they absorb the knowledge,
maybe they think we can do this too, just like you guys. Tell me, what is the path that brought you here to studying computer science and technical fields at the academy?
Well, actually, I'm a prior enlisted cryptologic technician, so I have a computer background in that sense.
And I knew I wanted to go to college, so I applied as an enlisted person to go to Naval Academy.
So my path's a little different than, I guess, a high school student that went directly in.
I'm from a small town. I'm one of eight. I enlisted knowing I wanted to go to
college. I couldn't afford it, but I was, you know, book smart, but I was like, you know, I can't afford
college. My family can't pay for me to go, so being enlisted gave me an opportunity to serve
my country and as well learn some skills. Coming to the Naval Academy, I got an opportunity to
learn about all these different majors,
and I always liked technology, but I didn't understand it.
So it was like that curiosity of like, you know, I really like technology,
but I don't understand it, and I want to actually understand it.
So IT sounded like the best route to go.
For that young woman who may be considering a career in tech,
but isn't sure, may be considering a military career,
what advice do you all have with the experiences that you've had so far?
I think I would tell that person to actually, that they can do it,
that to not sell themselves short.
I think as a female in general, we're told things growing up
that maybe you should look more into the humanities,
you shouldn't focus on STEM, and that's not true.
We're just as smart as everyone else.
We just need the opportunity to do that, or we need to believe in ourselves.
So I think that's the biggest thing.
I would say just role models.
As a black woman, it's like my role models growing up were kind of more in the entertainment industry
and just what's on TV and what society perpetuates to me.
You can do whatever you want to do, and don't think you have to do one route because it's all you see.
I'm hoping that I am at least doing my part as being a role model and saying,
you know what, I love fashion, I love tech.
And if you want to do the military, that's awesome.
And then if you have another idea, like maybe going to fashion or tech,
then go pursue it as well.
Don't think that you're locked in a certain path.
Yeah, actually, that's important.
We're not just females. We're multifaceted.
We have different things going on.
Svetla Walsh and Deja Baker are midshipmen from the United States Naval Academy.
You'll be able to hear more from them and some of the other women at the Women in Cybersecurity
Conference on an upcoming special edition of the Cyber Wire.
The two major competing jihadist brands pursue somewhat different lines of attack.
ISIS concentrates on information operations, but it's currently going through a rough patch
with counter-messaging, counter-hacking, and arrests making inroads against the caliphate.
Amok, regarded as the terrorist group's official news agency, has warned its users not to download
a malicious app that impersonates a flash player. A number of visitors to the site have already been
infected. It's apparently a watering hole attack disseminating spyware. Anonymous claims it's responsible for the hack. The anti-ISIS messaging that accompanies
counterattacks like those Amok recently sustained have a consistent symmetrical message. ISIS is
weak. Indeed, inducing perception of weakness is perhaps the most profitable line the caliphate's
opponents have followed.
ISIS has so far had little success in direct cyber attacks on targets in the Dar al-Harb,
that is, the world outside the caliphate,
but British authorities are taking seriously signs and chatter that an attempt on infrastructure controls in the UK may be in the works.
ISIS's competitor, al-Qaeda, appears to be at the root of recent restrictions
on carrying laptops and similar devices on airliners.
The group has apparently been studying airport security systems
with a view to slipping bombs concealed in electronic devices aboard aircraft.
Their activity is being tracked online and remains under investigation.
Finally, we'd be remiss if we let you think that ordinary criminals were idle.
Two new rats, that's remote-access Trojans, have been observed in the wild. Felismes by Forcepoint
and Redleaves by Japan CERT. Felismes exhibits a fairly sophisticated modularity, and Redleaves
is successfully being spread by, what else, email. So get out there and set your rat traps accordingly. isn't a buzzword. It's a way of life. You'll be solving customer challenges faster with agents,
winning with purpose,
and showing the world
what AI was meant to be.
Let's create the agent-first future together.
Head to salesforce.com slash careers
to learn more.
Do you know the status
of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks.
But get this.
More than 8,000 companies like Atlassian and Quora
have continuous visibility into their controls with Vanta.
Here's the gist.
Vanta brings automation to evidence collection
across 30 frameworks,
like SOC 2 and ISO 27001.
They also centralize key workflows
like policies, access reviews, and reporting,
and helps you get security questionnaires done
five times faster with AI.
Now that's a new way to GRC. Get $1,000 off Vanta when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1,000 off.
In a darkly comedic look at motherhood and society's expectations,
Academy Award-nominated Amy Adams stars as a passionate artist who puts her career on hold to stay home with her young son.
But her maternal instincts take a wild and surreal turn
as she discovers the best yet fiercest part of herself.
Based on the acclaimed novel, Night Bitch is a thought-provoking and wickedly humorous film
from Searchlight Pictures. Stream Night Bitch January 24 only on Disney+.
Cyber threats are evolving every second, and staying ahead is more than just a challenge.
It's a necessity.
That's why we're thrilled to partner with ThreatLocker,
a cybersecurity solution trusted by businesses worldwide.
ThreatLocker is a full suite of solutions designed to give you total control,
stopping unauthorized applications, securing sensitive data,
and ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today to see how a default-deny approach can keep your company safe and compliant.
And I'm pleased to be joined once again by David DeFore.
He's the Senior Director of Engineering and Cybersecurity at WebRoot. David, welcome back. I know you all there at WebRoot recently published your annual threat report, and you wanted to share some of the findings from that report with us.
familiar with that, but just in case some of your listeners might not be, that's when a piece of malware is existing in the wild and it changes from every computer that it lands on. So it's
never the same file. It might do the same type of attack, but it never looks the same on any
machine that it lands on. And last year we saw 94% of all malware we saw at WebRoot was polymorphic. And that means it only landed on
a single machine. We again know this, that lists and older ways of doing analysis on threats that
are attacking computers, they really have broken down at this point. And you do have to use a lot
of newer technologies around machine modeling and watching the behaviors of these files rather than trying to identify the structure of the file.
So let's talk some about phishing.
So phishing is my favorite topic.
Well, that and ransomware, they're kind of tied.
I mentioned before, David, that I was in the Air Force, the very first training I had once I was out of basic at my security in the computer work we were doing was that the number one way that people actually hacked into computer system was social engineering your username and password.
It was nothing fancy.
It was that basic.
And this is just social engineering.
And this is just social engineering. And this is the 80s. And here we are almost 30 years
later. And phishing is still the number one way of getting into computer systems. And it is
literally another form of social engineering someone's username and password.
Yeah, there were some pretty sobering statistics in the report.
Yes. So we see 84% of these phishing websites that are trying to grab this information are gone.
They're out of existence in less than 24 hours.
And what that means is you have to find active ways to protect yourself against phishing sites, one of which being simple education.
Trying to learn about how phishing works.
Trying to learn about how phishing works.
I know your average listener is not going to spend time reading about phishing,
but they really do need to know what they're clicking on and why.
And then also they need to have tools that will actively block against phishing websites,
allowing them to go there.
And it needs to be dynamic, not just list-based, because these sites disappear so quickly.
All right, Interesting stuff.
David DeFore, as always, thanks for joining us.
And now, a message from Black Cloak.
Did you know the easiest way for cybercriminals to bypass your company's defenses is by targeting your executives and their families at home?
Black Cloak's award winning digital executive protection platform secures their personal devices, home networks,
and connected lives. Because when executives are compromised at home, your company is at risk.
In fact, over one third of new members discover they've already been breached.
Protect your executives and their families 24-7, 365 with Black Cloak.
Learn more at blackcloak.io.
And that's The Cyber Wire.
We are proudly produced in Maryland by our talented team of editors and producers.
I'm Dave Bittner.
Thanks for listening.
Your business needs AI solutions that are not only ambitious, but also practical and adaptable.
That's where Domo's AI and data products platform comes in.
With Domo, you can channel AI and data into innovative uses that deliver measurable impact.
Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights, receive alerts, and act with ease through guided apps
tailored to your role. Data is hard. Domo is easy. Learn more at ai.domo.com. That's ai.domo.com.