CyberWire Daily - WikiLeaks dumps Dumbo dox. HBO's hack gets bigger. Group IB outs the United Islamic Cyber Force. Cerber goes after Bitcoin. Lawsuits over NotPetya; more companies warn. Election fraud in Venezuela.
Episode Date: August 3, 2017In today's podcast, we hear that WikiLeaks has dumped "Dumbo" project documents. Separation of agencies as a way of rendering leaks less likely. HBO's hack is getting bigger, apparently. Group IB... outs members of the United Islamic Cyber Force to Interpol. Cerber goes after Bitcoin. WannaCry ransom payments are being moved, perhaps laundered. Lawsuits loom over NotPetya as more companies warn the malware had a material effect. The FBI says you can't exercise your right to be forgotten by DDoS. Election fraud in Venezuela. Markus Rauschecker from UMD CHHS on large companies like FaceBook and Google being vulnerable to privacy and antitrust concerns. Jim Pflaging from the Chertoff Group, promoting their upcoming Security in the Boardroom event, speaking to the role of the board director when it comes to cyber security.And your guests can eavesdrop on you through your Amazon Echo. (But why would you have those people over anyway?) Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash n2k code N2K at checkout. That's joindelete.me.com slash N2K, code N2K.
Wikileaks dumps the Dumbo project.
Separation of agencies is a way of rendering leaks less likely.
HBO's hack is getting bigger, apparently.
Group IB outs members of the United Islamic Cyber Force to Interpol.
Cerber goes after Bitcoin.
WannaCry ransom payments are being moved, perhaps laundered.
Lawsuits loom over NotPetya as more companies warn the malware had a material effect.
The FBI says you can't exercise your right to be forgotten by DDoS.
Election fraud in Venezuela.
And your guests can
eavesdrop on you through your Amazon Echo. But why would you have those people over anyway?
I'm Dave Bittner in Baltimore with your Cyber Wire summary for Thursday, August 3rd, 2017.
In a now familiar weekly ritual, WikiLeaks has dumped more alleged CIA documents from
its Vault 7.
These purport to describe the Dumbo Project, which is said to be a program that compromised
webcams and microphones.
Dumbo appears designed more to facilitate and conceal physical access than to serve
as a set of collection tools.
How WikiLeaks and others get their material
remains a matter of investigation and concern to intelligence services. A study the U.S.
Government Accountability Office released this week concluded that separating NSA and U.S.
Cyber Command may make it less likely that cyber tools leak. The HBO hack seems to be getting
bigger, seven times as big as the Sony hack, observers say,
apparently taking quantity of lost data as their yardstick. HBO says its email system wasn't
compromised, as some had feared, but fears that more shoes will drop remain. HBO has retained
Mandiant to help mop up. Mandiant is, of course, the same company called in to help Sony.
help mop up. Mandiant is, of course, the same company called in to help Sony.
Russian security firm Group IB, working with Interpol, has identified a number of the skids who make up the United Islamic Cyber Force, the UICF, a crew of ISIS-aligned, nuisance-level
online vandals. It's not yet known what Interpol intends to do with the information, but the UICF operators are said to
reside in Algeria, Indonesia, Kosovo, Morocco, Nigeria, and Pakistan. They're mostly known for
website defacements. From Germany comes warning against a new form of spear phishing. No links,
no attachments, just an email apparently from a colleague suggesting you look into the subject.
Googling that subject takes you to an infected site.
Personnel in at least three German government agencies have received the plausible and innocent-looking spear phishing.
Security experts advise email users to treat the subjects of emails from colleagues with suspicion.
Cryptocurrencies are now attracting criminals on the Willy Sutton-esque grounds that, well, that's where the money is.
In addition to the initial coin-offering theft we've seen over the last two weeks,
the familiar ransomware strain SareBear has undergone an evolution.
It now has functionality that enables it to loot Bitcoin wallets.
Some of WannaCry's victims tried to recover their data by paying the demanded Bitcoin ransom,
despite the apparent botch WannaCry's masters made of their payment system. The amounts paid
weren't in the aggregate large, but about $140,000 have been moved from the wallets to other
locations, presumably by the criminals with access to the accounts. Merck has warned that its
manufacturing operations were severely impeded by NotPetya,
that the incident will have material effect on their earnings,
and that they haven't fully yet recovered.
Merck will not be the last company to warn.
Beiersdorf, which manufactures Nivea Cosmetics,
is still investigating and recovering from NotPetya,
but the company has reported that €35 million in sales will be delayed into the next quarter.
There may be other effects as well, as was the case with Merck.
Beiersdorf is working first on remediation and restoration of operations.
The Beiersdorf CFO said, quote, There is a cost and there will be a cost associated with this.
We are still working our way through it.
Our focus so far has been on recovery, end quote.
Six major international
corporations, four in Europe, two in Russia, who've disclosed NotPetya infestations are due
to report results this month. The plaintiff's bar has predictively taken note of NotPetya.
A Ukrainian law firm, Yuskudom Attorneys Association, is assembling injured companies
to join in a lawsuit against Intellect Service LLC,
the company whose ME-Doc accounting software was the patient zero of the NotPetya pandemic.
Taking a look at our CyberWire event tracker, the Chertoff Group has an event coming up August 23,
2017 in Palo Alto, California. It's called Security in the Boardroom. We spoke with Jim
Flaging from the Chertoff Group
about the event and about evolving attitudes of board members when it comes to cybersecurity.
People have now realized that security is a business risk. It's no longer just a technical
risk. And for many, it's a top business risk. However, what's also beginning to emerge is that
security is an opportunity.
It's an opportunity to build trust with your stakeholders.
It's an opportunity to create competitive advantage and ultimately growth.
And so we see that as a really interesting dynamic to play out through boards, because
if you get down to it, boards, I think, really care about three things. And as a
board member, it's risk management, financial risk, operational risk, reputational risk, and cyber
risk, of course, and there's others. So risk management, value creation, and then ultimately
metrics. How do we measure and know we're on course? So it's in that lens of we think now that if security is both a risk
and an opportunity, it really widens the aperture of what board members should be thinking about,
what C-level executives should think about. And it was with that sort of impetus that we said,
we think there's some room to both add value to how you should do this. And that's partly what
we're doing here in the series.
So where do you think security fits in within boardroom priorities?
I would say that there is growing recognition at the board that this is a top business risk.
And for large public companies, it's a robust part of their agenda. And there's many statistics from leading insurers and others who would say
cyber has jumped up to near the top. However, when you look at the broader population of boards,
and this would reflect the boards that I'm on, is that cyber is far from a boardroom competency.
In fact, through the Chertoff Group research, two-thirds of directors that we've spoke to report having little or no cyber knowledge.
And 35% said we leave cyber off the board agenda because of this lack of expertise and comfort.
And finally, when you ask them, well, how would you learn about this?
Board members learn from other board members.
So they network. Board members learn from other board members. So they network. Board
members learn from relevant stories. And we're finding successful approaches from CISOs of
share them stories that might just be topical in the news. Share them stories that might be relevant
because it pertains to the industry that you're in. or share stories that could present a clear and present danger to
the firm you're in. So it's becoming known as a top business risk, but what we need to move it to
is a boardroom competency, and that's what the overall objective of the security series is all
about. That's Jim Flaging from the Chertoff Group. Their event, Security in the Boardroom, is coming
up August 23rd, 2017 in Palo Alto, California.
To find out more about upcoming events
and to find out how to list your event on our CyberWire event tracker,
visit thecyberwire.com.
A gentleman from Seattle is currently enjoying a sabbatical in jail
as he awaits U.S. federal hacking charges.
The FBI says the defendant, Kamyar Yohan Rakshan, undertook
a distributed denial-of-service campaign against Legal.com in 2015. Mr. Yohan Rakshan identified
himself to Legal.com as being from Anonymous and told the legal services website he would
shut them down if they didn't remove case citations concerning his prior criminal conduct.
They didn't, and on January 24,
2015, he was as good as his word and commenced DDoSing. The attack stopped as soon as Legal.com
took down the material he found objectionable. The suspect will face a judge later this month.
You may have heard about this election hacking and influence stuff. Investigation proceeds in
the U.S. and elsewhere.
But if you really want to get a look at what a hacked election looks like,
cast your eyes toward Venezuela,
where the Chavista government seems to have gone on a ballot-stuffing spree
that would make a healer from Chicago's 10th ward blush.
Some one million votes are said to have been invented in a claimed landslide
that brings in a temporary parliament to perfect the constitution
in place of the National Assembly. President Maduro's government claims a turnout of 8 million
voters in Sunday's election. That's about 41 percent, but the opposition says the actual
turnout was on the order of 12 percent. The company that provides the voting machines used
in Venezuela, Smartmatic, says it knows with certainty that the election was rigged.
Their CEO told the London Times,
quote,
End quote.
Most observers see this as a step toward a one-party state with a dictatorship, that suggests, but
President Maduro says there's nothing to see here, so just move on. That is, move on with him to a
brighter, more peaceful, more Bolivarian future, and so on. And finally, researchers at MWR Info Security warn that your house guests could use your Amazon Echo to bug you.
We suggest this remediation.
Stop having creepy people over to your place.
Calling all sellers.
Salesforce is hiring account executives to join us on the cutting edge of
technology. Here, innovation isn't a buzzword. It's a way of life. You'll be solving customer
challenges faster with agents, winning with purpose, and showing the world what AI was
meant to be. Let's create the agent-first future together. Head to salesforce.com slash careers
to learn more.
Do you know the status of your compliance controls right now? Like, right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs,
we rely on point-in-time checks. But get this, more than 8,000 companies like
Atlassian and Quora have continuous visibility into their controls with Vanta. Here's the gist.
Vanta brings automation to evidence collection across 30 frameworks like SOC 2 and ISO 27001.
They also centralize key workflows
like policies, access reviews, and reporting,
and helps you get security questionnaires done
five times faster with AI.
Now that's a new way to GRC.
Get $1,000 off Vanta
when you go to vanta.com slash cyber.
That's vanta.com slash cyber
for $1,000 off.
In a darkly comedic look at motherhood and society's expectations,
Academy Award-nominated Amy Adams stars as a passionate artist
who puts her career on hold to stay home with her young son.
But her maternal instincts take a wild and surreal turn
as she discovers the best yet fiercest part of herself.
Based on the acclaimed novel,
Night Bitch is a thought-provoking and wickedly humorous film
from Searchlight Pictures.
Stream Night Bitch January 24 only on Disney+.
And now a message from Black Cloak.
Did you know the easiest way for cybercriminals to bypass your company's defenses
is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform
secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home,
your company is at risk.
In fact, over one-third of new members
discover they've already been breached.
Protect your executives and their families
24-7, 365, with Black Cloak.
Learn more at blackcloak.io.
Joining me once again is Marcus Roshecker. He's the Cybersecurity Program Manager at the University of Maryland Center for Health and Homeland Security. Marcus, welcome back. I saw
an interesting story come by from Wired. It was called Digital Privacy is Making Antitrust Exciting Again.
And really the notion here is that we have these large companies like Google, like Facebook, who are amassing these giant piles of data about their customers and they might be bumping into some antitrust issues.
into some antitrust issues? It's a very interesting question that's being raised more and more.
I think the first thing we have to do is take a look at what antitrust law is supposed to do.
And really, there are two prongs to this, which is to, one, promote competition, and two, to limit barriers to entry for new companies to get into the market. And I think seeing these large companies that have such a
great presence and such big influence, I think most would agree that it is somewhat difficult for
new companies to get in on this market and to be a serious competitor to some of these established
companies out there. And yet, how would one even go about breaking up a company like this? Or is
it a matter of simply waiting for time to pass and perhaps something like, you know, waiting for the
next big thing to come along? With this question that's being raised in the article about whether
or not antitrust regulators should be looking at privacy issues, consumer privacy issues,
I think that's a really important piece.
Historically, regulators have been looking at consumer welfare. And what that really means is
the price, right? The price of a product. Would a price of a product go up because of a certain
business deal? If the answer to that is yes, then there might be some antitrust issues there.
Now we're seeing these companies offer a lot of their services for free,
which means that there really isn't a price to look at
to see whether or not there's a negative effect on the market or an antitrust issue.
So some are suggesting that antitrust regulators look at some other factors,
and one of those factors may be consumer privacy.
These large companies are collecting more and more data, and that's really where their value is at, right? The data they hold can be consumer privacy. These large companies are collecting more and more data, and that's
really where their value is at, right? The data they hold can be monetized. It's incredibly
valuable to have all this data on consumers and on users. Some are suggesting that antitrust
regulators really should be looking at some of these other factors other than just price to see
whether or not business practice is anti-competitive and bad for the market.
So as it is now, I mean, these discussions are more sort of philosophical than anything.
There's no major push to break up Facebook or break up Google right now.
Yeah, you're absolutely right.
I think a lot of these new ideas are more philosophical or academic at this point.
But we'll see how that develops.
I think there are some legitimate arguments to be made and certainly should be explored more.
We'll just see how that develops in the time coming.
Marcus Roschek, as always, thanks for joining us.
Thank you. ThreatLocker is a full suite of solutions designed to give you total control, stopping unauthorized applications, securing sensitive data, and ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today to see how a default-deny approach can keep your company safe and compliant. And that's The Cyber Wire.
We are proudly produced in Maryland
by our talented team of editors and producers.
I'm Dave Bittner.
Thanks for listening.
Your business needs AI solutions that are not only ambitious, but also practical and adaptable.
That's where Domo's AI and data products platform comes in. With Domo, you can channel AI and data into innovative uses that deliver measurable impact.
Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights, receive alerts, and act with ease through guided apps tailored to your role.
Data is hard. Domo is easy.
Learn more at ai.domo.com. That's ai.domo.com.