DNI says "warning lights are blinking red" over cyber threats. Election interference remains a risk despite lower than expected levels of threat activity. Presidents Trump and Putin meet in Helsinki. Notes on the Mueller investigation and the GRU indictments. Huawei, under suspicion over African cyberespionage, is said to be excluded from participation in Australian 5G buildout. Congress may reimpose ban on ZTE. Kaspersky fails to win emergency injunction against US sanctions. Ben Yelin from UMD CHHS, weighing in on the indictments of the Russians.
Dave Bittner: [00:00:03] DNI says warning lights are blinking red over cyber threats. Election interference remains a risk despite lower-than-expected levels of threat activity. Presidents Trump and Putin meet in Helsinki. Notes on the Mueller investigation and the GRU indictments. Huawei, under suspicion over African cyber-espionage, is said to be excluded from participation in the Australian 5G build-out. Congress may reimpose the ban on ZTE. And Kaspersky fails to win an emergency injunction against U.S. sanctions.
Dave Bittner: [00:00:42] And now a word from our sponsor, ObserveIT. What in the world could old '80s technology have in common with insider threat management? Well, visit the ObserveIT booth at Black Hat in Vegas to find out. They're going back to the '80s to reminisce about throwback technology and show you how to take a 21st-century approach to your insider threat-management strategy. Your Nintendo, floppy disks and OG Macintosh computer will all be there next to your dusty DLP solution to remind you why hashtag Throwback Thursday technology should stay in the past. It's time to go back to the future with ObserveIT for a more complete and modern approach to data loss prevention. Gain visibility and insights into user and file activity instead of simply locking data down with cumbersome tags, limitations and rules. And before you head out, take ObserveIT's quiz on which '80s pop culture icon best represents your insider threat-management strategy. Whether you're Han Solo, Tron or Egon from "Ghostbusters," you're a pretty righteous dude. Visit observeit.com/cyberwire, and take that quiz today - observeit.com/cyberwire. And we thank ObserveIT for sponsoring our show. Major funding for the CyberWire podcast is provided by Cylance.
Dave Bittner: [00:02:07] From the CyberWire studios at DataTribe, I'm Dave Bittner with your CyberWire summary for Monday, July 16, 2018.
Dave Bittner: [00:02:15] U.S. Director of National Intelligence Dan Coats said Friday that warning lights are blinking red with respect to imminent cyberattacks against the U.S. by Russia, China, Iran and North Korea. Coats spoke shortly after the Department of Justice publicly released its indictment of 12 Russian officers of the GRU military intelligence service. Coats did not suggest that a major act of kinetic terror was in the offing. But he did tell meetings at the Hudson Institute that there were persistent pervasive threats to disrupt American society. These are not, he contended, limited to influence operations, still less to direct hacking of elections, but that they extend to the real possibility of attacks on critical infrastructure. He alluded in particular to threats the energy and financial sectors face.
Dave Bittner: [00:03:08] The DNI's warning-lights-blinking-red metaphor, of course, harkens back to the retrospective assessment of the months before al-Qaeda's 9/11 terror attacks. U.S. intelligence and security services were uneasy then. It seemed that something was in the works. But what it was, how it would happen and where it would take place were obscure until their tragic revelation that morning in September 2001.
Dave Bittner: [00:03:34] While Russian activity directed against U.S. midterm elections seems to be relatively less intense than it was during the 2016 presidential election, U.S. Secretary of Homeland Security Nielsen warned state election officials Saturday that this particular threat was by no means over and done with and that they needed to look to election security and avail themselves of the tools available to buck it up.
Dave Bittner: [00:03:58] Presidents Trump and Putin met in Helsinki, Finland today. The meetings began with one-on-one sessions - interpreters excepted, of course. Each president will have at least one translator on hand. This initial session ran long and was followed by larger meetings at which both leaders were accompanied by advisers. This was apparently both presidents' preference and made some observers uneasy, mostly in the United States, where people with some experience of seeing Mr. Putin operate note that he's capable of specious persuasion and expressed the hope that Mr. Trump would be wary during their discussions. The topics discussed are known to have included trade, China, Islamist terrorism, the Syrian civil war and nuclear arms control.
Dave Bittner: [00:04:47] President Trump, as expected, brought up the indictment, which many in Congress wanted brought up firmly and frankly. President Trump did ask about Fancy Bear's capers, and as expected, Mr. Putin flatly denied everything. The Russian denials are reminiscent of those issued over the Novichok nerve agent attacks in England - we didn't do it, and you should show us all of your evidence, which we'd be happy to evaluate. The two presidents did discuss the formation of a joint cybersecurity working group and, while acknowledging significant remaining differences, described the talks as productive, and that they considered themselves competitors but in a good way. Further accounts of the summit are expected to emerge over the course of the week.
Dave Bittner: [00:05:34] The summit, of course, took place in the shadow of Friday's indictments of 12 GRU officers for their involvement in various aspects of a conspiracy to commit hacking, fraud and money laundering in the course of Russia's attempts to disrupt the 2016 U.S. elections. Special counsel Robert Mueller charges that the GRU hacked U.S. political targets, mostly the Democratic National Committee and the Clinton campaign, during the 2016 election cycle. The members of Fancy Bear are said to have accomplished their intrusion through spear-phishing, and both DC Leaks and Guccifer 2.0 are alleged to be Russian false identities.
Dave Bittner: [00:06:13] The indictment also touches on money laundering. The GRU operators are alleged to have mined bitcoin to pay for their infrastructure in a deniable and unobtrusive way. So far the investigation has not announced any American cooperation with the Russian operations. That would of course be of paramount interest. Observers speculate that the special counsel will wrap up the investigation by the end of this summer.
Dave Bittner: [00:06:39] Since the GRU proved itself adept in the special counsel's view at running various fictitious personae, some are looking for other instances of that organization's use of misdirection in the form of catfish, sockpuppets and other front organizations. U.S. senators Gardner, a Republican of Colorado, and Wyden, a Democrat of Oregon, have asked the Department of Justice to determine whether the Cyber Caliphate was also a Russian false flag operation. The Cyber Caliphate, which represented itself as an online wing of the Islamic State, drew considerable notoriety for threats it made against the families of U.S. military service members, threats that figure prominently among the senators' questions.
Dave Bittner: [00:07:24] Huawei, long under scrutiny in the West as a potential security threat, has also long denied that it's anything of the kind. But that claim is looking shakier amid revelations that the company may have been involved in several incidents of espionage. The French news outlet Le Monde reports that Huawei seems to have been involved in a major Chinese espionage campaign against the African Union. The company's devices have apparently been used to collect and exfiltrate data from the union's headquarters in Addis Ababa, Ethiopia. The African Union's current headquarters, which opened in 2012, was constructed and equipped by China as a, quote, "gift of China to friends of Africa," end quote.
Dave Bittner: [00:08:08] In 2017, African Union IT personnel noticed that their servers were reporting back between midnight and 2 a.m. each night to unknown servers located in Shanghai. Complaints of espionage from Addis Ababa and denials of the same from Beijing have been swapped for some time, but renewed consideration of the incident has done Huawei no favors elsewhere. Australia's government, for one, is said to have decided to exclude Huawei from that country's build out of its 5G infrastructure.
Dave Bittner: [00:08:40] The U.S. Congress hasn't forgotten ZTE, another Chinese device manufacturer, and is considering including sanctions against that company in the upcoming defense authorization bill. Another company facing harsh U.S. scrutiny - Kaspersky Lab, which many in Congress and the intelligence community regard as dangerously close to Russian security services, failed in its Friday attempt to get a U.S. Court of Appeals to issue an emergency injunction against a ban on Kaspersky products within the federal government. The company is disappointed but plans to continue its challenge to the ban's constitutionality.
Dave Bittner: [00:09:22] And now a bit about our sponsors at VMware. Their trust network for Workspace ONE can help you secure your enterprise with tested best practices. They've got eight critical capabilities to help you protect, detect and remediate. A single open-platform approach, data loss prevention policies and contextual policies get you started. They'll help you move on to protecting applications, access management and encryption. And they'll round out what they can do for you with microsegmentation and analytics. VMware's white paper on "A Comprehensive Approach to Security Across the Digital Workspace" will take you through the details and much more. You'll find it at thecyberwire.com/vmware. See what Workspace ONE can do for your enterprise security - thecyberwire.com/vmware. And we thank VMware for sponsoring our show.
Dave Bittner: [00:10:23] And joining me once again is Ben Yelin. He's a senior law and policy analyst at the University of Maryland Center for Health and Homeland Security. Ben, welcome back. Thanks for jumping in with us here. Last Friday, we had the news of this indictment of 12 Russian military intelligence officials. We've covered the news side of this, so I think we have a good handle on the nuts and bolts of what's going on operationally here. But I'm curious in your take on it. What do you think this tells us?
Ben Yelin: [00:10:50] So I think it tells us first of all the scale and scope of the operation, how widespread it was, how extensive it was, how technologically advanced it was. I also think it hints at the involvement of certain unindicted U.S. persons. And it does that a number of times. I think the most eye-popping one and the one that piques my curiosity is that it mentions that one of - so Guccifer 2.0, which was the username that was used by the Russian conspirators to release information to third parties, most notably WikiLeaks - they received an email from a congressional candidate asking for stolen information on one of their opponents. And we have no information on who that congressional candidate is.
Ben Yelin: [00:11:39] And there are a number of such mentions of U.S. persons. They mentioned someone - and I think based on news reports we think it is Roger Stone, a longtime associate of President Trump - but somebody who was communicating regularly with the Russian co-conspirators, the ones who were indicted who were falsely claiming to be this Guccifer 2.0 Ukrainian lone, you know, hacktivist.
Ben Yelin: [00:12:03] So, you know, that's something I'm certainly watching out for, is that we've established that there has been a crime committed. That's been established in the indictment. That's been established in identifying the names of these conspirators. But we have hints that there was some sort of involvement by U.S. persons. And that leads me to believe that they are going to be if not future indictments, at least part of the Mueller report will be involvement of U.S. persons in this criminal scheme.
Dave Bittner: [00:12:32] How much, if anything, do you think we should read into the timing of this? This was released as President Trump was heading off to meet one on one with Putin.
Ben Yelin: [00:12:40] So that's a great question. You know, a lot of people - because Bob Mueller has this sort of mythic persona - you know, he doesn't leak. He's very meticulous in laying out the facts. He doesn't showboat. He doesn't give press conferences. I think it leads a lot of us to think that he's some sort of genius, that he - everything he does is purposeful as part of some sort of four-dimensional chess activity.
Ben Yelin: [00:13:05] I'm not so sure about that. It is certainly interesting to me that this was released ahead of President Trump's meeting with Vladimir Putin. I don't think there's any evidence to the effect that it was that Robert Mueller handed down these indictments purposefully at this moment because of that summit. And in fact, it seems like President Trump was informed of them earlier in the week, certainly before the whole congressional hearing with Peter Strzok, the former FBI agent, and before he even ventured overseas.
Ben Yelin: [00:13:38] It does, however - it's sort of a power play from Mueller to a certain extent in saying, I don't care that you are meeting with President Putin next week. We're not stopping this investigation. In fact, it's ramping up. We're not going to be beholden to your claims of this being fake news. Where we see evidence of criminal conduct we're going to prosecute it. And we're going to do it whether that has an effect on the diplomatic relations you're trying to establish personally with President Putin or not. So I think we can certainly read something into that. Special counsel Mueller is not going to be bullied. He's not going to be intimidated into abandoning this investigation. And I think that's certainly something we can read into.
Dave Bittner: [00:14:24] So based on what you've read from the indictment, do you think we're more or less likely to see criminal conspiracy charges involving Americans?
Ben Yelin: [00:14:32] I think we're more likely to see them. I mean, I think this is how Mueller is building the case. First you establish the crime. Then you establish various U.S. persons as conspirators in this crime. What we don't know is to the extent that people who are part of Trump's inner circles are going to be charged with these conspiracies. Certainly there was nothing in the indictment that related to people within President Trump's inner circle. So you can read the tea leaves on the individuals mentioned in the indictments. You know, I didn't see anything on Jared Kushner or Donald Trump Jr.
Ben Yelin: [00:15:05] The types of individuals who were talked about in this indictment, Roger Stone in particular, are sort of on the peripheral of the Trump orbit. But just because they weren't mentioned in the indictment that, you know, we're not going to see further charges - I think what we're seeing here is that special counsel Mueller laying the groundwork. He wants to prove that there was this extensive criminal conspiracy to hack into the DNC and to the Democratic Congressional Campaign Committee and to Hillary Clinton's campaign advisers' emails, prove that, you know, crimes were committed under the Computer Fraud and Abuse Act, and then slowly start to make connections as to how involved American entities were conspiring to commit this crime. And I certainly think we see sort of the groundlings of that in the indictment with the mention of various U.S. persons.
Ben Yelin: [00:15:54] The other thing that really piqued my interest is that - I think they're referred to as Organization 1 in the indictment, but we all know based on news reports that it's actually referring to WikiLeaks. And WikiLeaks had coordinated very closely with GRU, with these Russian agents, prior to the Democratic National Convention, saying, you know, if you have any Hillary-related emails, specifically in relation to Bernie Sanders, we'd like them released now ahead of the Democratic convention. And as we know, those emails were released. And it caused a lot of consternation and chaos at the convention.
Ben Yelin: [00:16:30] What puzzles me is whether these Russian agents would have known independently that there would be that sort of commotion at the Democratic National Convention if these emails were released. That's where - and obviously I have no proof of this - you can speculate as to whether members of the Trump campaign or, you know, either within their inner circle or more on the periphery provided intelligence to these hackers or potentially to WikiLeaks, saying, you know, this would be a good time to release those emails.
Ben Yelin: [00:17:01] They're going into the convention. We would love to see a show of disunity among Democrats. We'd like to see doubts being sown in the mind of Bernie Sanders supporters as to the legitimacy of this nomination. I think you can sort of see at least the broad outlines of that in the indictment just based on the fact that we know these Russian intelligence agents were communicating with WikiLeaks, specifically about the timing of when to release these incriminating emails. So I think, you know, there's certainly something to read into that.
Dave Bittner: [00:17:32] All right. Well, obviously stay tuned - more to come, right?
Ben Yelin: [00:17:37] Yeah, I do not think we're at the end of this story. I mean, obviously there have been some whispers in the last several months that, you know, maybe Mueller didn't have anything on actual, quote, end quote, "collusion," but he was going to make some sort of allegations of obstruction of justice. So I think these indictments at least for me lead in the other direction - that it's still a very open question as to whether U.S. persons affiliated with the Trump campaign were part of this large criminal conspiracy to steal information. And I think now that we've established the scope of that conspiracy, I think there are some very open questions as to who participated in it in the United States.
Dave Bittner: [00:18:17] All right, well, as always, Ben Yelin, thanks for joining us.
Ben Yelin: [00:18:20] Thank you.
Dave Bittner: [00:18:25] And that's the CyberWire. For links to all the stories mentioned in today's podcast, check out our daily news brief at thecyberwire.com. Thanks to all of our sponsors for making the CyberWire possible, especially to our sustaining sponsor Cylance. To find out how Cylance can help protect you using artificial intelligence, visit cylance.com. And Cylance is not just a sponsor. We actually use their products to help protect our systems here at the CyberWire. And thanks to our supporting sponsor VMware, creators of Workspace ONE Intelligence. Learn more at vmware.com.
Dave Bittner: [00:19:00] The CyberWire podcast is proudly produced in Maryland out of the startup studios of DataTribe, where they're co-building the next generation of cybersecurity teams and technology. Our show is produced by Pratt Street Media with editor John Petrik, social media editor Jennifer Eiben, technical editor Chris Russell, executive editor Peter Kilpe, and I'm Dave Bittner. Thanks for listening.
Copyright © 2019 CyberWire, Inc. All rights reserved. Transcripts are created by the CyberWire Editorial staff. Accuracy may vary. Transcripts can be updated or revised in the future. The authoritative record of this program is the audio record.
ObserveIT is the leading Insider Threat Management solution with approximately 1,700 customers across 87 countries. ObserveIT is the only solution that empowers security teams to detect insider threats, streamline the investigation process, and prevent data exfiltration. Start your free trial of ObserveIT today.
VMware is a global leader in cloud infrastructure and business mobility. Built on VMware's industry-leading virtualization technology, our solutions deliver a new model of IT that is fluid, instant and more secure. Learn more.