In today's podcast, we hear about cyber fraud affecting an aerospace company. Observers continue to follow fresh waves of SCADA hacks in Ukraine. Malwarebytes warns Symantec that a partner's not playing fair with customers. NSA Director Rogers says encryption isn't going away. And we hear about the markets from the CyberWire editor.
Dave Bittner: [00:00:03:12] An aircraft component supplier in Austria is victimized by cyber fraud. NATO looks to its ISIS counter messaging and acknowledges it's got some work to do. A trusted partner betrays its trust. NSA stakes out a pro-encryption position and AT&T declares neutrality in the crypto wars. We get an object lesson in how not to patch a backdoor (hint: Batman's not inherently more secure than BlackWidow). And finally, what in the world's going on with Find My iPhone Apps in Atlanta?
Dave Bittner: [00:00:34:04] This CyberWire podcast is made possible by the Johns Hopkins University Information Security Institute, providing the technical foundation and knowledge needed to meet our nation's growing demand for highly-skilled professionals in the field of information security, assurance and privacy. Learn more online at isi.jhu.edu.
Dave Bittner: [00:00:57:00] I'm Dave Bittner in Baltimore with your CyberWire summary for Friday January 22nd, 2016.
Dave Bittner: [00:01:03:08] Most cyberattacks on aerospace targets have aimed at intellectual property theft, not so in one disclosed this week. This time it's direct theft of money. Austria's FACC AG, an aircraft parts manufacturer that supplies both Boeing and Airbus, reports losing $54 million to cyber criminals. FACC says its accounting department was apparently targeted, that its system security wasn't compromised and that the loss involved an outflow of liquid funds. Observers read this as signaling the likelihood that the company was the victim of a socially engineered fraudulent wire transfer. A criminal investigation is in progress.
Dave Bittner: [00:01:39:24] The most recent wave of cyber attacks against Ukrainian power distribution systems seems unconnected with December's rolling blackouts. The current attempts aren't accompanied by BlackEnergy malware and observers are less quick to point to the Russian government as the likely culprit. But the Russian government remains the prime suspect in both the December hacks and this past week's incident at Kyiv Boryspil International Airport.
Dave Bittner: [00:02:02:21] Tech support scams are depressingly familiar, but they're usually not executed by authorized resellers of the companies whose tech support is being spoofed. That, however, appears to have happened this week as Malwarebytes uncovered the actors behind a Symantec theme scam. Investigation of a scam alert identified Silurian Tech Support, an authorized Symantec partner, as the outfit pushing its services through bogus scare messages and interactions that even included the notorious, "let our technician take control of your machine", come on. Malwarebytes promptly reported their findings to a horrified Symantec, which swiftly moved to end its relationship with Silurian.
Dave Bittner: [00:02:40:02] As reported by CRN, Symantec has said, "While we can't say conclusively who was behind this particular scam, we can confirm that this particular site has been taken down and that we are also in the process of terminating our partner agreement with Silurian after identifying any abuse of the Norton or Symantec brand. We pursue our rights and defend our intellectual property and where necessary will work with law enforcement."
Dave Bittner: [00:03:04:20] US voter databases are still circulating on the dark web. The data they include strongly suggests they were stolen from campaign consulting firms.
Dave Bittner: [00:03:12:12] On the policy and legislative fronts, it seems likely that the U.S.-EU Safe Harbor arrangements will expire before a new agreement can be worked out. Companies doing transatlantic business are looking closely how expiration will affect compliance and risk management.
Dave Bittner: [00:03:27:20] NATO leaders, notably U.S. Defense Secretary Carter, say they're working harder at counter-ISIS information operations, but also acknowledge that they're playing catch up in the war for the hearts and minds of the disaffected.
Dave Bittner: [00:03:40:03] And the crypto wars continue. US NSA director Rogers says, "Encryption is here to stay" and appears to stake out a position in contrast to that of crypto skeptical FBI director Comey. Director Comey, of course, has been advocating a search for a technical fix that would enable decryption on demand, or some equivalent aid to criminal and security investigation.
Dave Bittner: [00:04:00:12] From the Industry side, AT&T declines to join Apple and others in opposing any government attempt to limit or weaken encryption. "It's not industry's call," says AT&T's CEO Stephenson.
Dave Bittner: [00:04:11:04] In crime and punishment, Igor Dubovoy pled guilty to conspiracy to commit wire fraud in a U.S. federal court. Dubovoy was implicated in an insider stock trading scheme that depended on hacking corporate networks to obtain early copies of press releases. Prosecutors say the illicit trades netted some $100m.
Dave Bittner: [00:04:31:00] For reasons no one can explain, an Atlanta couple is having to deal with irate people showing up at their doorstep to demand their lost iPhones back. Find My iPhone Apps are steering people to an utterly innocent address; sometimes the phone owners bring the cops with them. The couple says that a police explanation usually works but not always. Anyone have any ideas?
Dave Bittner: [00:04:51:06] In industry news, analysts look at FireEye's prospects and wonder how it will weather challenges from rival, Palo Alto, especially given Palo Alto's recent collaboration with Proofpoint.
Dave Bittner: [00:05:01:18] And finally, the story of a backdoor in AMX Harman's NX-1200, a programmable device used to control audio visual in building systems, offers an instructive cautionary tale concerning patches. SEC Consult found the back door, which includes packet sniffing functionality, last March. They disclosed it to AMX Harman, which pushed out a fix. That fix, however, seems to have amounted to nothing more than changing the backdoor's password and going from BlackWidow to IAmBatman really didn't represent a security upgrade. After all, few would regard DC as inherently more secure than Marvel, or are we missing something?
Dave Bittner: [00:05:41:16] This CyberWire podcast is made possible by the generous support of Recorded Future, the real time threat intelligence company whose patented web intelligence engine continuously analyzes the entire web to help information security analysts stay ahead of cyberattacks. Learn more at recordedfuture.com
Dave Bittner: [00:06:04:06] Joining me is John Petrik, editor of The CyberWire. John, what is going on in the market?
John Petrik: [00:06:08:16] We're seeing, generally long term, a lot of investor interest in the cybersecurity sector, we've seen in the last couple of weeks some corrections downward. And that of course is to be expected when you've got a dynamic sector like cybersecurity, when you've got one that's highly speculative and one that's populated with a lot of story stocks.
Dave Bittner: [00:06:26:09] Yes, let's clarify that for our listeners, what exactly is a story stock?
John Petrik: [00:06:29:18] A story stock? A story stock is a stock whose value reflects future potential as opposed to assets and income. So you invest in a story stock fundamentally because you buy this story, you like this story, it tells about the prospects of big, future returns on investment, and that doesn't mean that investors in story stocks are suckers. They're often very savvy investors and they look for a good story, and if the story's compelling enough, it may well bear itself out in the future. Right now in our sector, FireEye is a good example of a story stock.
Dave Bittner: [00:07:03:14] You're betting on the notion that the story's gonna have a happy ending?
John Petrik: [00:07:06:14] That's right.
Dave Bittner: [00:07:07:11] How about unicorns?
John Petrik: [00:07:08:24] A unicorn is a startup that's valued at $1 billion or more. And this is mostly a U.S. term. For example, there's a tradition in Canada of calling stocks like that Narwhals, but unicorn is spread throughout the investing world too. So if you have a startup that's valued at more than a billion, you've got a unicorn.
Dave Bittner: [00:07:30:11] And why unicorn?
John Petrik: [00:07:31:15] Think about unicorns. They're rare, they're desirable, they're benign, they're nice. Everybody likes unicorns.
Dave Bittner: [00:07:39:11] A little bit magical, perhaps?
John Petrik: [00:07:40:23] A little bit magical. And right now we've got unicorns in our sector, in Tanium, and as of the story's out today, ForeScout has attracted enough venture interest that it's joined the ranks of the unicorn.
Dave Bittner: [00:07:53:10] So what are analysts forecasting for 2016?
John Petrik: [00:07:57:05] Again, they're looking at generally an optimistic outlook for cybersecurity stocks, and they're also looking for more mergers and acquisitions.
Dave Bittner: [00:08:04:24] Alright, John Petrik, thanks for joining us.
Dave Bittner: [00:08:09:11] And that's The CyberWire. For links to all of today's stories, along with interviews, our glossary and more, visit TheCyberWire.com. The CyberWire podcast is produced by CyberPoint International and our editor is John Petrik. Thanks for listening.
Copyright © 2020 CyberWire, Inc. All rights reserved. Transcripts are created by the CyberWire Editorial staff. Accuracy may vary. Transcripts can be updated or revised in the future. The authoritative record of this program is the audio record.
The Johns Hopkins University Information Security Institute provides the technical foundation and knowledge needed to meet our nation's growing demand for highly skilled professionals in the fields of information security and information assurance. Learn more online at isi.jhu.edu.
Recorded Future is a real-time threat intelligence company whose patented Web Intelligence Engine continuously analyzes the entire Web to help information security analysts stay ahead of cyber attacks. Learn more at recordedfuture.com.