In today's podcast, we say farewell to a legendary coder, and we also remember the Battle of Midway. Influence operations in the Gulf may have been Russian. Alleged leak of NSA report on election hacking proceeds. Two new data breaches are disclosed. A script kiddy is arrested in Japan for writing and distributing ransomware. EternalBlue remains a risk. Johns Hopkins' Joe Carrigan reviews research on cracking mobile device passwords using accelerometers. Eliana Schwartz describes the Cybertech Fairfax conference. Turla resurfaces, and they've new backdoors and everything. But what's their thing with Britney Spears?
Dave Bittner: [00:00:01:02] You may have noticed we do have a lot of fun producing the CyberWire for you everyday, and if you have fun listening to it, we hope you'll consider supporting us on Patreon. It's patreon.com/thecyberwire. Thanks.
Dave Bittner: [00:00:15:05] We say farewell to a legendary coder and we also remember the Battle of Midway. Influence operations in the Gulf may have been Russian. The alleged leak of a NSA report on election hacking proceeds. Two new data breaches are disclosed. EternalBlue remains a risk. Turla resurfaces and they've got new back doors and everything. But what's their thing with Britney Spears?
Dave Bittner: [00:00:42:05] As research from our sponsors, Cylance, will tell you, DLL hacking isn't a new threat but that doesn't mean it's no longer dangerous. Cylance has found a Graftor variant that's up to no good and that shows the ability to hide quietly in plain sight. Whatever the malware controllers are up to you can learn something about their malicious code, how to recognize it and what you can do to protect yourself by visiting the threat spotlight piece on Graftor at cylance.com/blog. Understand the threat. If you want to feel truly lucky, go beyond relying on Lady Luck or at least realize that fortune is infatuated with the efficient and the prepared. Learn more at cylance.com/blog. And we thank Cylance for sponsoring our show.
Dave Bittner: [00:01:33:15] Major funding for the CyberWire podcast is provided by Cylance. I'm Dave Bittner in Baltimore with your CyberWire summary for Wednesday, June 7th, 2017. We'd like to begin today's podcast with two bits of retrospective news. First, farewell to Jean E. Sammet, who passed away two weeks ago in Maryland. Ms Sammet was the co-designer of COBOL, the Common Business Oriented Language, the programming language that brought computing to the business mainstream. The US Department of Defense was a big user of COBOL and COBOL's daughter TACBOL was important in early US battle management computation systems like TACFIRE. She passed away on May 20 in Maryland at the age of 89. Our condolences to friends and family as we remember a long life and a life well-lived.
Dave Bittner: [00:02:22:10] Today is also the 75th anniversary of the final day of the Battle of Midway. The US Navy's victory was enabled by creative and brilliant intelligence work done for an admiral, Chester Nimitz, who knew how to use it. The intelligence story has it all, brilliant misfits, Navy bandsmen turned code breakers, even behavioral biometrics, the Morse code operators' distinctive fist on the key and trolling, a message sent to be intercepted by the Imperial Navy and trick Yamamoto's operators into revealing the meaning of their code-within-a-code. So, spare a thought for Station Hypo and CINCPAC intelligence and for Joe Rochefort and Jasper Holmes, both of whom would have been completely at home in cyberspace. If you want to learn more, Walter Lord's book "Incredible Victory" is still a great place to start.
Dave Bittner: [00:03:11:24] Turning from history to news, ISIS has claimed responsibility for two more atrocities, a murder and hostage standoff in Melbourne and a double suicide bombing in Tehran. Both are being exploited online for their presumed inspirational value, although there are some early signs of resistance to being inspired. Deutsche Welle reports widespread revulsion among the UK's Pakistan community in response to last weekend's attacks in London and a large number of British Muslim clerics are refusing to conduct funeral services for the terrorists killed during their rampage.
Dave Bittner: [00:03:45:20] The Tehran murders are not as anomalous as some would think. Shi'ite Muslims are little better than Crusaders in ISIS's book. Similar intra-Muslim conflict may be playing out in current tensions between Qatar and its Arab neighbors. Those neighbors, especially Saudi Arabia, have long seen Iran as a dangerous rival in the region. CNN has reported today that US investigators think the news in Qatar that prompted the diplomatic rift between Qatar and other states in the region was hoaxed. The hackers hijacked Qatar's news service with pro-Iranian commentary and pro-Israeli commentary with the evident intent of inducing just such a response from Saudi Arabia and other Sunni powers.
Dave Bittner: [00:04:29:04] Investigation of the recently charged NSA leaker continues. Reality Winner, the alleged leaker, is reported to have served in the US Air Force as a cryptologic language analyst, working to translate intercepts in languages, including Pashto and Farsi. Investigators found her on the basis of internal printer watermarks in the leaked documents, which they saw when the Intercept sought to verify that they were genuine. Edward Snowden, who knows a thing or two about leaking, but who also hardly counts as a disinterested observer, has said that Ms Winner's prosecution would be a direct assault on freedom of the press, since it involves charging her with providing information to journalists, which we suppose is one way of looking at it. The Intercept is coming in for some criticism of its own, having apparently blown its source by showing a copy of the leaked documents to US Intelligence Community officials.
Dave Bittner: [00:05:21:06] As far as the leaked reports themselves go, they relate to Russian influence operations conducted up to the final week of last year's US elections. Former US Homeland Security Secretary Johnson says he knows nothing of the report or its conclusions.
Dave Bittner: [00:05:36:05] The CyberWire is proud to be a media partner with the upcoming Cybertech Fairfax Conference, June 13th in Fairfax, Virginia. Eliana Schwartz is one of the organizers of the event and she joins us with the details.
Eliana Schwartz: [00:05:49:05] Cybertech Fairfax, which is coming up very quickly next week, is a one day conference and exhibition about cyber security and cyber technology problems and solutions and it will have a conference all day, it'll be starting at around 8:30, doors will open at 7:30 and it'll be until 5:30 pm and, alongside this, we'll have the exhibition and exhibition will feature approximately 30 companies and that's including both larger companies and as well as other startup pavilion and some of the highlights among the sessions are our startup pitch competition and we'll have a keynote speech from the Honorable Michael Chertoff, who was the former Secretary, Secretary of the US Department of Homeland Security.
Dave Bittner: [00:06:29:21] Who are you targeting here? Who's the ideal person to attend?
Eliana Schwartz: [00:06:33:03] We have a nice mix between government, industry and entrepreneurs. We of course have some tech experts as well, that's a large part of our audience and our community. This event in particular, more than some of the other cybertech events, based on the location, has a lot to do with government cyber security and government industry relations. In addition to that, we have startups and we have students who are welcome to attend our conference as well. The event is held in partnership with the Fairfax County Economic Development Authority. They are sort of our local anchor in this event. We do cybertech events around the world and we always have a local partner that helps us find the best of what the local space has to offer. So this one in particular is the Fairfax County Economic Development Authority and the event itself is being held in Tysons Corner at the Capital One Headquarters.
Dave Bittner: [00:07:21:11] That's Eliana Schwartz from the Cybertech Fairfax Conference. You can find out more about conference at fairfax.cybertechconference.com.
Dave Bittner: [00:07:31:13] The EternalBlue exploits behind WannaCry and some other recent problems are appearing in attempts against aerospace and defense industry targets. They're reported to have been ported to Windows 10, which lends additional urgency to patching.
Dave Bittner: [00:07:46:11] The attention ransomware has recently drawn has tended to eclipse other threats, including the familiar ones of large data breaches. Two such have surfaced this week. Security company 4iq found 77,000,000 individuals' records exposed in a breach of Edmodo educational technology and Kromtech researchers found an exposed database in the US of 10,000,000 cars and their owners. Thieves are thought to be popping champagne corks, at least figuratively, over the trove of VIN numbers and associated data.
Dave Bittner: [00:08:19:06] A teenage boy in Japan has been arrested for creating and distributing ransomware. His motive? It wasn't even financial. He wanted to become famous. The kid is only 14. The Turla threat actors are back, working through a backdoored Firefox extension that checks Instagram for command-and-control. Platforms other than Instagram are also being used but Turla shows a preference for Britney Spears Instagram emissions. Turla's thing for Ms Spears baffles us. We'd have thought they were, like us, partial to Olga, Rita, and Vera. But go figure. So this one's for you, all you cryptologic language analysts. We still love you guys. You're all winners, the good kind of winners, in our book.
Dave Bittner: [00:09:08:14] A few words about our sponsors at E8 Security. If you've been to any security conference over the past year, you've surely heard a lot about artificial intelligence and machine learning. We know we have. But E8 would like you to know that these aren't just buzz words. They're real technologies and they can help you derive meaning from what an overwhelmed human analyst would see as an impossible flood of data. So go to e8security.com/cyberwire and let their white paper guide you through the possibilities of these indispensable emerging technological tools. Remember, the buzz about artificial intelligence isn't about replacing humans, it's really about machine learning, a technology that's here today. So see what E8 has to say about it and they promise you won't get a sales call from a robot. Learn more at e8security.com/cyberwire. And we thank E8 for sponsoring our show.
Dave Bittner: [00:10:03:23] Joining me once again is Joe Carrigan. He's from the Johns Hopkins University Information Security Institute. Joe, saw an article come by on TechCrunch about some researchers from Newcastle University in the UK. They published a paper recently that was talking about on-board sensors and privacy issues. Specifically, they were able to crack four digit pins on people's mobile devices with 70% accuracy on the first try, simply by using the accelerometers in the device.
Joe Carrigan: [00:10:32:24] Right, and they, they know that when you push a certain button the phone's going to tilt one way, like, if you push a five the phone's going to go straight down and if you push maybe a two it's going to bend up a little bit. This is an issue because I know in Android and I'm not sure about what the level of permission access is in the Apple universe, but in Android a lot of these permissions, or a lot of these sensors rather, don't require any permissions to access them. Things like the accelerometer, the proximity sensor, the light sensor. The Android model doesn't view this as a threat. The operating system won't ask for you to approve that the app has access to this. Now, they will ask that you approve the app has access to some of the more obvious sensors, like your microphone on your phone or your camera. Now we're talking about the use of these unprivileged sensors for-- you know, and this is what hackers do, is they think about how to find the unintended use of this, of whatever is available to them and they capitalize on it. I think it's pretty smart. These guys at Newcastle came up with a very clever way to deduce some very important information from some unprivileged sensors.
Dave Bittner: [00:11:42:08] And the article points out that they can access this information through a web browser. So, you know, theoretically, you could have some browser tab open in the background and while that tab is left open in the background, you know, seemingly minding its own business, no, it can be monitoring this information while you're entering in PINs or passwords for other things, it can be using just the accelerometer and positioning data from the phone, which it didn't have to ask for permission to get, to get your passwords and pins with a shockingly high percentage of accuracy.
Joe Carrigan: [00:12:17:05] Well, they said it took five tries or five--
Dave Bittner: [00:12:20:07] Five-- 70% accuracy on the first try, 100% accuracy by try number five.
Joe Carrigan: [00:12:25:05] Right. That's interesting that it takes that many tries to get 100% accuracy.
Dave Bittner: [00:12:28:21] Yeah, then one of the things they said was, the point here, how to protect yourself against this, is to close tabs in the background.
Joe Carrigan: [00:12:35:24] Close tabs in the background, right.
Dave Bittner: [00:12:36:04] You know, quit, quit apps or make sure they're not running in the background and--
Joe Carrigan: [00:12:39:11] Or uninstall them.
Dave Bittner: [00:12:40:18] Uninstall them. Right, well, you know, we've talked about those Flashlight apps that-- free apps that just, you know, require all sorts of permissions. But in this case they don't even need to ask to get access to this data on your mobile device.
Joe Carrigan: [00:12:53:13] Right, yeah, one of the things I'm happy to see is a lot of vendors are coming out, when you buy a phone from them, the Flashlight app is already included in the phone.
Dave Bittner: [00:13:01:15] Yeah, so yet another thing to be mindful about on your mobile device, thanks to these clever, clever researchers and, inevitably, the hackers who follow in their footsteps.
Joe Carrigan: [00:13:10:20] That's right.
Dave Bittner: [00:13:11:10] Alright, Joe Carrigan, thanks for joining us.
Joe Carrigan: [00:13:13:09] My pleasure.
Dave Bittner: [00:13:16:18] And that's the CyberWire. For links to all of today's stories, along with interviews, our glossary and more, visit thecyberwire.com. Thanks to all of our sponsors who make the CyberWire possible, especially to our sustaining sponsor, Cylance. To find out how Cylance can help protect you, using artificial intelligence, visit cylance.com. Thanks to all of our supporters on Patreon. Thank you so much for your generosity. It really does make a difference. Another way you can support the CyberWire is by leaving a review for our podcast on iTunes. It really is a great way to help other people find our show. The CyberWire podcast is produced by Pratt Street Media. Our editor is John Petrik. Social media editor is Jennifer Eiben. Technical editor is Chris Russell. Executive editor is Peter Kilpe. And I'm Dave Bittner. Thanks for listening.
Copyright © 2020 CyberWire, Inc. All rights reserved. Transcripts are created by the CyberWire Editorial staff. Accuracy may vary. Transcripts can be updated or revised in the future. The authoritative record of this program is the audio record.
Cylance is revolutionizing cybersecurity with products and services that proactively prevent, rather than reactively detect the execution of advanced persistent threats and malware. Learn more at cylance.com
Artificial Intelligence & Machine Learning. This technology is popping up in everywhere in cybersecurity. Aside from sounding cutting-edge, what does it mean? What value does it add? Find out exactly how cool AI and machine learning are, and how small nuances in how each is used can make a big difference from E8, at e8security.com.