In today's podcast, we hear that Ecuador has told the world they cut Assange's Internet connection (but will continue his asylum), and that they did so on their own. Russia Today remains predictably unconvinced. WikiLeaks shows no signs of stopping election doxing. The US may be considering a campaign of counter-embarrassment as its response to Russian information operations. Fallout from the Yahoo! breach continues. London banks are hit with ransomware. More IoT botnets form from Mirai code. Terbium's Emily Wilson explains the weaponization of intel. Venafi's Kevin Bocek describes what their look at Yahoo!'s encryption revealed. And we take a quick look at the blockchain.
Dave Bittner: [00:00:03:01] Yes, Ecuador tells the world, we cut Assange's Internet connection, and we did it on our own. Russia Today says tell it to the marines. WikiLeaks shows no signs of stopping election doxing.The US maybe considering a campaign of counter-embarrassment as its response to Russian information operations. Fallout from the Yahoo breach continues. London banks hit with ransomware. More IoT botnets form from Mirai code. And we take a quick look at the blockchain.
Dave Bittner: [00:00:36:17] Time for a word from our sponsor E8 Security. And let me ask you a question. Do you fear the unknown? Lots of people do of course the Loch Ness Monster, mermaids, stuff like that. But we're not talking about those, we're talking about real threats, unknown, unknowns lurking in your network. The people at E8 have a white paper on hunting the unknowns with machine learning and big data analytics that go beyond the old school legacy signature matching and human watch standing. Go to E8security.com/dhr and down their free white paper, Detect, Hunt, Respond. It describes a fresh approach to the old problem of recognizing and containing a threat no-one has ever seen before. The known unknowns like Stonehenge and Werewolves - they're nothing compared to the unknown unknowns out there in the wild. See what E8's got to say about them. Go to E8security.com/dhr and check out that free white paper. And we thank E8 for sponsoring our show.
Dave Bittner: [00:01:40:02] I'm Dave Bittner in Baltimore with your CyberWire summary for Wednesday, October 19th 2016.
Dave Bittner: [00:01:46:17] Ecuador's government has issued a communique on Julian Assange's Internet outage. They say they did it, and on their own, not in response to any external pressure, because Assange was using their London embassy and its Internet connectivity to interfere with another country's election. That other country, of course, is the United States. That explanation seems about right - no responsible foreign ministry wants its embassies used for virtual filibustering. But Russia today isn't buying it and trots out an interview with a disaffected US Foreign service type to argue on the basis of a priori possibility that US hacked the connection. Ecuador notes that it continues to extend Assange asylum, and that they've not interfered at all with WikiLeaks.
Dave Bittner: [00:02:31:12] The US response to what it unequivocally calls Russian cyber operations against the US remains unclear. Assange's Internet disruption probably wasn't it, certainly not all of it, especially since the US promised to send a message that couldn't be missed. Speculation centers on the possibility of a Panama-Papers-like-release of documents embarrassing to Russian President Putin.
Dave Bittner: [00:02:55:10] And a story that broke this morning is still developing. Czech authorities announce they've arrested a Russian man in connection with cyberattacks against US targets. The Czechs collared the unnamed Russian national on October 5th, but for what they are calling "tactical reasons" held the announcement. He's expected to face extradition to the US which is said to have helped the Czechs identify him. Twitter commentary tends to think that, whatever the man is alleged to have done, it may not have included hacking the Democratic National Committee.
Dave Bittner: [00:03:25:09] Fallout from the very large Yahoo breach continues and the state of Verizon's acquisition of Yahoo's core assets remains very much up in the air as Verizon deems the breach material to the acquisition. Our guest Kevin Bocek from Venafi spoke with us about some of the encryption issues surrounding the Yahoo breach.
Kevin Bocek: [00:03:44:14] What we found is a state of chaos which indicates that Yahoo just was not prepared to deal with the amount of encrypted traffic which likely let the bad guys get the data out, and still are in a state of unpreparedness. Especially compared to others like Google.
Dave Bittner: [00:04:04:01] Alright, well I mean chaos is certainly a strong word. Can you dig in and tell us what made you come to that conclusion?
Kevin Bocek: [00:04:12:04] Yes, well we took a look at what organizations are supposed to be doing right now. Things like having MD5 digital certificates that can essentially be conjured up out of thin air using Amazon web services for not much money. Well Yahoo is still using on live systems those types of digital certificates again that can basically be conjured up. And an attacker could now look like Yahoo. That's really, really poor security and, of course, a state of the art is well beyond that. Not only were they using MD5 certificates but they also were still using SHA-1 certificates. Those are certificates, you probably know, that in January of 2017, browsers are going to say sites using them are insecure.
Dave Bittner: [00:05:13:05] So if we use Yahoo as our example of what not to do, what are the lessons learned here? What are things that organizations should be doing to make sure that in terms of their encryption security they are where they need to be?
Kevin Bocek: [00:05:26:18] First of all, they need to know what they're using. They need to know what type of digital certificates they're using throughout their network out to the cloud. Next, of course, once you understand what you're using you're going to understand and be able to triage what you need to replace. Things like shon one need to be transitioned immediately because very shortly your customers, your partners even, your employees are going to receive errors on websites saying that they are insecure.
Kevin Bocek: [00:05:58:00] And then ultimately what you want to get to a state is automating. So, automating the replacement, much like Google has. Because now all your security systems, so your firewall, your IPS IDS and other security systems that need to look inside of encrypted traffic can do so. And that's something that's really, really important these days. As we add more and more encryption we have to be able to know what is our good encryption and then where are the bad guys trying to hide because they are using encryption of their own and turning it against us. And if we're blind, much like it appears Yahoo was, we can see what the consequences can be.
Dave Bittner: [00:06:40:00] That's Kevin Bocek from Venafi. Financial Institutions in London are sustaining a significant ransomware campaign worldwide the prevailing strain of ransomware circulating by email remains Locky.
Dave Bittner: [00:06:54:01] Flashpoint and other security companies following the fate and effect of the widely distributed Mirai IoT botnet source code continue to watch it proliferate. Criminals are using it to herd bots around the world. Expect more targeted distributed denial-of-service to emerge from the Internet-of-things.
Dave Bittner: [00:07:13:05] We spent Monday evening at the blockchain tech talks hosted by Novetta at the Jailbreak Brewing Company in Laurel, Maryland. Experts from Novetta and Chainalysis spoke about blockchain technology, what it is, where it came from, how it works and what effect it's having on commerce, banking and eventually daily life.
Dave Bittner: [00:07:31:24] Novetta's Peter Muller, a self-admitted "Bitcoin enthusiast", discussed the technical principle behind blockchain, strengths and weaknesses, and its most famous and successful application thus far, Bitcoin. He described what people are doing right now with blockchain when it's useful, when it's not,and when it's "just snakeoil".
Dave Bittner: [00:07:51:13] It's fair to say that Muller definitely doesn't think it's snake oil. He explained how Bitcoin's blockchain was an unalterable, append-only, distributed ledger, and that this technology lent Bitcoin transactions both security and transparency. He sees a significant future for blockchain technology everywhere from financial services to medicine.
Dave Bittner: [00:08:12:02] His colleague at Chainalysis, company CEO Michael Gronager, defined blockchain as "a permissionless distributed database hardened against tampering and revision". Its key concept is "digital scarcity", items that can't be copied, only moved. The technology has received all the hype it has, in Gronager's view, precisely because it's disruptive. It provides what Gronager called "convertibility" and "certifiability," and it lowers the cost of both.
Dave Bittner: [00:08:41:11] It also offers a disruptive approach to financial regulation. Gronager invited the audience to compare Uber's disruption of local transportation, the heavily regulated taxi industry. Uber solved what's essentially a regulatory challenge through the convergence of three technologies: GPS, social media and big data. Uber's rating system created self-regulation. Gronager added "Blockchain provides an analogous auditability which is what you need to regulate financial transactions. You find a virtuous transparency in the blockchain".
Dave Bittner: [00:09:16:24] Visit the CyberWire.com for accounts of the talks as well as some background on blockchains growing mainstream acceptance. It's proving attractive not only to financial services but in other areas as well. Among the companies outside financial services that have placed big bets on blockchain are IBM, which, of course, needs no introduction. And Maersk the shipping company and leader in logistics.
Dave Bittner: [00:09:41:10] One more sign of such growing acceptance appeared yesterday as a new venture fund. Iterative Instinct, which also goes by "i2" announced that it had secured $1.4 million in capital commitment to its $2million dollar debut fund. I2's investment mandate is to seed startups working in core blockchain technologies specifically cryptographic hashing, asymmetric cryptography, and peer to peer distributed computing.
Dave Bittner: [00:10:09:01] And finally we'll again advise everyone to straighten up and fly right. Adult Friend Finder had been found vulnerable to file inclusion vulnerabilities, and credentials for the naughty and no-safe-for-work Brazzers site have shown up for sale in a dark web market.
Dave Bittner: [00:10:30:04] Time for a message from our sponsor Clearedjobs.net. If you're a cyber security professional and you're looking for a career opportunity, you need to check out the free Cyber Job Fair on the first day of Cyber Maryland Thursday October 20th at the Baltimore Hilton hosted by Clearedjobs.net. They're a veteran known specialist at matching security professionals with rewarding careers. The cyber job fair is open to all cyber security professionals both cleared and non-cleared. It's open to college students and cyber security programs too. You'll connect face to face with over thirty employers like Swift, Decer and the Los Alamos National Laboratory. You can also tune up your resume and get some career coaching all of it's free from career expert and air force veteran Patra Frame. To learn more visit Clearedjobs.net and click job fairs in the main menu. Remember that's Clearedjobs.net and we'll see you in downtown Baltimore. And we thank Clearedjobs.net for sponsoring our show.
Dave Bittner: [00:11:31:08] Joining me once again is Emily Wilson. She's the director of Analysis at Terbium Labs. Emily, there's this notion that the bad guys are using intelligence information in new ways. That they're actually weaponizing this information. Tell us what we need to know about that?
Emily Wilson: [00:11:47:01] Sure. I think kind of everyone has seen in the news recently kind of the data coming out of the DNC hacks, you know Guccifer 2.0 kind of dropping something new every week. And that's a really interesting situation where we're seeing information being dumped. You know whether in a large amount all at once or kind of teased out over several weeks where, an international actor is really trying to influence American policy. The election is creeping ever closer and this information keeps making headlines as something that maybe isn't nefarious or illegal but was intended to be kept private by a campaign is coming out and obviously everyone is trying to use that to their advantage. In this case believed to be the Russians are obviously using this to frame Hillary Clinton in a way that they think would be best for them.
Dave Bittner: [00:12:32:18] And how does this contrast this acceleration, this evolution of tactics?
Emily Wilson: [00:12:39:12] Sure, I mean when you tend to think of information so you think of something that is done perhaps for sale, for financial gain. I have you know this powerful client list I'll spare you the rest of it. Or for vandalism, to make someone look bad. For example, coming out of Brazil as we head into the Olympics, seeing information that's around the government whether kind of government owned organizations or kind of government police forces. These Brazilians are using this information to kind of highlight what they believe to be terrible actions and terrible overreach by the government. Ignoring the problems at home.
Dave Bittner: [00:13:13:22] Are these generally being used with criminal motives or are some people using them for a type of protesting.
Emily Wilson: [00:13:24:10] Sure, in some cases there is a level of criminality to it. Right, anytime that you are advertising stolen information for sale or kind of just because that is illegal. But, protests do tend to gain speed online especially when you're looking at a group like Anonymous. You know if Anonymous says okay operation Icarus let's target the banks, there are people who are going to jump on that bandwagon and go after a bank just because they want to be a part of the broader protest of the international financial system.
Dave Bittner: [00:13:52:17] So is this a trend that you all expect to continue?
Emily Wilson: [00:13:56:14] Absolutely. The election is getting closer by the day and in addition to these larger breaches we're seeing a number of smaller breaches that just aren't making the news. For example, even dating back to kind of super Tuesday seeing dumps of GOP delegates from a Western state and their personal information, or you know contactless for candidates being dumped. And, we believe that that kind of vandalism frankly, whether or not its internationally based, is going to continue to appear as we kind of move through the Election cycle and frankly through to the inauguration.
Dave Bittner: [00:14:28:01] Alright, Emily Wilson thanks for joining us.
Dave Bittner: [00:14:32:16] And that's the CyberWire. Thanks to our sponsors for making the CyberWire possible. The CyberWire podcast is produced by Pratt Street Media. Our Editor is John Petrik. Our Social Media Editor is Jennifer Eiben and our Technical Editor is Chris Russell. Our Executive Editor is Peter Kilpe and I'm Dave Bittner. Thanks for listening.
Copyright © 2020 CyberWire, Inc. All rights reserved. Transcripts are created by the CyberWire Editorial staff. Accuracy may vary. Transcripts can be updated or revised in the future. The authoritative record of this program is the audio record.
DETECT. HUNT. RESPOND. Your data + security analytics will help you prevent your next security incident. Find out how. E8 Security.