In today's podcast we look at studies of how ISIS actually operates online. Apparently they do so much the way crooks do—by abusing legitimate services. But when it comes to encryption, the jihadists seem to be rolling their own. Ransomware updates and warnings—the FBI reminds victims not to pay. The group that hit the Qatar National Bank may be preparing release of another bank's information. Infrastructure companies invest to shore up cyber defenses. We hear from the University of Maryland's Jonathan Katz on digital signatures, and we talk with the Denim Group's John Dickson about power grid security.
Dave Bittner: [00:00:03:12] How do terrorists actually communicate online? A lot like criminals, Trend Micro finds. More bank breaches may be cued up, Kaspersky Labs warns. Ransomware remains a threat and the FBI says, again, that you shouldn't pay. Investors look at the cyber sector and some VCs put some money on it. And, hey there, all you people who hold clearances, did you know that President Putin and Supreme Leader Khamenei are concerned about your privacy? Neither did we.
Dave Bittner: [00:00:32:04] This CyberWire podcast is made possible by Cylance, offering cyber security products and services that are redefining the standard for enterprise endpoint security learn more at cylance.com.
Dave Bittner: [00:00:49:05] I'm Dave Bittner in Baltimore with your CyberWire summary for Wednesday, May 4th, 2016.
Dave Bittner: [00:00:55:19] How terrorists actually communicate online has been scrutinized lately, the conclusions people draw, or jump to, about how ISIS works in cyberspace have informed or inflamed the crypto wars. Trend Micro yesterday published a timely study in which they took a close look at online terrorist communications. Their conclusions emerged from the study of more ordinary forms of cyber crime. The researchers found that terrorist groups have a lot technically in common with their underworld brothers and sisters. Both classes of mischief-makers abuse legitimate services, both crooks and terrorists work to establish and maintain anonymity, both need to work with unskilled collaborators. In this last respect their needs and interests diverge a bit, criminal gangs use disposable mules, ISIS aims at the sort of inspiration that might both inspire a mass movement and stand in for fragile command and control of terrorist cells.
Dave Bittner: [00:01:50:04] The financial sector continues to receive attention from the hacktivist-criminal axis. Kaspersky warns that hackers who breach the Qatar National Bank have hit a second, unnamed bank and will be releasing stolen data soon. The group is thought to be based in Turkey. Nothing new today on OpIcarus, the opening round in the Anonymous campaign to punish the world's banks for crimes against humanity.
Dave Bittner: [00:02:13:09] Ransomware continues to circulate, the FBI issued another warning about the threat at the end of last week and has, again, urged victims not to pay. While malicious email links remain common vectors, they're not the only ones. Fox-IT has outlined how ransomware purveyors are abusing vulnerabilities in remote desktop protocol installations as an infection route. Such RDP vulnerabilities are of particular concern to corporate networks.
Dave Bittner: [00:02:39:07] Chances are, unless you're in the power distribution biz, you really don't think all that much about electricity, in most of the developed world electrical power is available 24/7 and it's been that way for decades. But, as electrical grids become more connected to networks, they're also connected to potential vulnerabilities. John Dickson is a principle with the Denim Group.
John Dickson: [00:02:59:06] You've essentially taken what was really a closed system, electrical distribution and creation, and all of the industrial controls around it, and made it a bit more open. If you look at electrical utilities in any country, they're usually split between the folks responsible for the distribution of production side and the folks that run the internal IT network. Those two entities are starting to merge their cultures, their security concerns, and that's what's created much of this clash of cultures.
Dave Bittner: [00:03:33:04] Part of the reason for this culture clash are the different needs and tempos of the teams involved in various areas of the production environment.
John Dickson: [00:03:40:00] You have a production network that is a little bit more sit and forget, the lifetime life-cycle of some of these systems may be measured in decades. Compare that with the network world and the IT world where you're upgrading operating systems at least on an every other year basis, and your infrastructure has been swapped out at least every three to five years, so it's just a much more dynamic and much more changing network, and it creates all these different, interesting interactions.
Dave Bittner: [00:04:13:06] Utility companies typically aren't under the same kind of constant attacks that, say, financial institutions experience because there aren't the same sort of financial incentives. But John Dickson warns utility companies not to be complacent.
John Dickson: [00:04:25:23] The challenge with the electrical industry is the fact that the likely attacker is going to be what we all a nation state, a country, and if that country has a national interest to knock somebody off the grid for a week or two that is particularly worrisome, and most electrical utilities are not equipped to defend against that level of threat.
Dave Bittner: [00:04:49:17] That's John Dickson from The Denim Group, their website is denimgroup.com.
Dave Bittner: [00:04:56:06] In industry news, investment analysts are looking nervously at FireEye, the industry bellwether is due to release results late tomorrow after markets close in New York, and some analysts think sales channel "confusion," intensified competition and product pricing may lead to a disappointment.
Dave Bittner: [00:05:13:13] Venture capital, despite some fears to the contrary, continues to reach some security startups. DFLabs, a Milan-based company that offers automated cyber incident response and management, has just secured $5.5 million in series A funding from Evolution Equity Partners. Michigan's Duo Security received a $2.5 million grant from the state's strategic fund. This is a workforce development grant, Duo will hire up to 300 employees as a result of the funding.
Dave Bittner: [00:05:43:13] Finally, as the US mulls changes to its security clearance management systems, considering increased monitoring of online behavior for insider threats and possible adoption of a FICO-like threat score for cleared personnel, some surprising observers express some surprising concerns. Iran's PressTV and Russia's Sputnik News are there for you, Fort Meade, worried about your privacy and civil liberties. So, you've got this going for you. Vladimir Vladimirovich and Ali Khamenei have got your back.
Dave Bittner: [00:06:12:24] It's nice people care, but, somehow, this strikes us with cognitive dissonance, as if Chancellor Palpatine and Supreme Leader Snoke were to position themselves as protectors of the Gungan. Well, May the Fourth be with you, Padawans.
Dave Bittner: [00:06:32:08] This CyberWire podcast is made possible by Wide Angle Youth Media, a non-profit that provides free media education to Baltimore youth, to tell their own stories and become civic leaders. Learn, watch and connect at wideanglemedia.org.
Dave Bittner: [00:06:52:14] Jonathan Katz is a professor of computer science at the University of Maryland, and Director of the Maryland Cyber Security Center, one of our academic and research partners. Jonathan, I know one of your areas of research is digital signatures, in fact, you wrote a book on the subject. What do we mean when we refer to digital signatures?
Jonathan Katz: [00:07:09:03] Digital signatures are a mechanism for providing message integrity in the public e-setting. And basically, the way they work is that one party will generate a pair of keys, a public key and a matching private key, and then they can distribute their public key widely and, of course, keep their private key a secret and known only to themselves. Then what they can do is, they can take any message and sign it using their private key to generate what's called a signature, and release that along with the original message, and anybody in possession of that party's public key can then verify that that signature is a valid signature on that message with respect to that public key. This serves as a proof that the party in question actually did affix their signature, did complete their signature over that message and so that the message actually originated from them.
Dave Bittner: [00:07:54:21] What are the areas where digital signatures are mostly likely to be used?
Jonathan Katz: [00:07:59:09] Well, digital signatures are actually used quite widely. One of the ways in which they're used perhaps most often is in the FSL protocol, and basically what they are used for is as a component in proving to our user that you are actually connecting to the website that you intended to. For example, when you go online and try to connect to google.com, for example, there's a complicated protocol that takes place, but underlying that is a digital signature that actually proves that the party at the other end, that you're communicating with, is a party who has Google's public key. Then, presumably, the only party in possession of that matching, private key is Google, and so that serves as proof that the person at the other end whom you're communicating with is Google themselves.
Dave Bittner: [00:08:42:21] Is this an area of ongoing development?
Jonathan Katz: [00:08:45:15] Well it is, and one of the big concerns nowadays is the potential for quantum computers which, as we know, have the potential to break all public e-cryptography currently used on the internet. One thing people are looking at is so called post-quantum digital signature schemes that would be secure even in the advent of quantum computers.
Dave Bittner: [00:09:07:10] Jonathan Katz, thanks for joining us. Don't forget we'd like to hear your questions for our academic and research partners, if you have a question you can email it to firstname.lastname@example.org.
Dave Bittner: [00:09:20:16] For links to all of today's stories along with interviews, our glossary and more, visit thecyberwire.com. Thanks to all of our sponsors who make the CyberWire possible. Did you know you can reach our audience of engaged, informed business, government and academic leaders? Not to mention the galactic resistance in the Jedi Council, by sponsoring the CyberWire. Visit thecyberwire.com/sponsors and find out how.
Dave Bittner: [00:09:43:06] The CyberWire podcast is produced by Pratt Street Media, the editor is John Petrik, I'm Dave Bittner. As always, thanks for listening.
Copyright © 2019 CyberWire, Inc. All rights reserved. Transcripts are created by the CyberWire Editorial staff. Accuracy may vary. Transcripts can be updated or revised in the future. The authoritative record of this program is the audio record.
Cylance is revolutionizing cybersecurity with products and services that proactively prevent, rather than reactively detect the execution of advanced persistent threats and malware. Our technology is deployed on over 4 million endpoints and protects hundreds of enterprise clients worldwide including Fortune 100 organizations and government institutions.
Wide Angle Youth Media is a non-profit that provides free media education to Baltimore youth to tell their own stories and become civic leaders. Learn, watch, and connect at wideanglemedia.org.