The CyberWire Week in Review 1.15.16

In this week's podcast, we discuss the state of the inquiry into Ukraine's power grid hack, infrastructure attacks as casus belli, the ISIS info ops establishment, crypto wars, export wars, and, of course, the Crackas with Attitude. And we feature an interview on industrial control system security with expert Joe Weiss.


Dave Bittner: [00:00:02:18] How hackers took down a Ukrainian utility grows clearer - at least it's clearer how they didn't do it - and utilities around the world look to their defenses. ISIS expands its information ops establishment: tweets, emojis, magazines, e-zines and a news agency. The dark web is looking more dystopian than utopian; many vendors patch this week. The crypto wars continue, joined by skirmishing over cyber export control and the Crackas With Attitude enter stage left.

Dave Bittner: [00:00:32:17] This CyberWire podcast is made possible by the Johns Hopkins University Information Security Institute, providing the technical foundation and knowledge needed to meet our nation's growing demand for highly skilled professionals in the field of information security, assurance and privacy. Learn more on line at isi.jhu.edu.

Dave Bittner: [00:00:55:01] I'm Dave Bittner in Baltimore with your CyberWire weekend review for the week ending Friday January 15th 2015.

Dave Bittner: [00:01:02:17] Consensus among observers is that last month's electrical outages in Western Ukraine represented a coordinated cyber attack. SANS thinks, and others concur, that the attack was not directly accomplished by BlackEnergy malware, still less through BlackEnergy's KillDisk module, but that BlackEnergy accompanied the operation and US officials offer a tight-jawed warning to expect more attacks on industrial control systems.

Dave Bittner: [00:01:27:02] In the Ukraine, breakers were cycled remotely and BlackEnergy malware was found in the affected utilities networks, probably delivered by an XLS dropper, but how the breakers were cycled remains unclear. BlackEnergy has long been familiar as an espionage kit but in all probability was not the means the attackers used to take down the grid.

Dave Bittner: [00:01:46:17] The SANS Institute's influential industrial control systems blog says, "We assess with high confidence based on company statements, media reports and first hand analysis, that the incident was due to a coordinated intentional attack". The blackouts, therefore, seem to have been accomplished by malware that enabled attackers to access breaker control systems, turning them on and off at will.

Dave Bittner: [00:02:10:04] Observers agree that the incident is more bellwether than outlier, and warn utilities to expect more attacks in 2016. Some analysts, like those in the Foundation for Resilient Societies, note that the attack in western Ukraine seems to have operated by striking substations and that regulatory regimes for the power distribution industry tend to neglect substations. For all the warnings, however, we're reminded again by Sophos's Naked Security blog that squirrels have a far greater track record of success against the grid than to hackers.

Dave Bittner: [00:02:43:10] It strikes many observers as significant that, whoever was responsible for the attack, and Eyesight Partners is pointing a finger at the Russian threat actors known as Sandworm, didn't actually destroy or damage elements of the grid. Researchers at Digital Bond Labs publicly described this week what observers call a relatively easy new way of hacking controls to burn out a variable speed industrial motor. Such a capability has obvious implications for attacks on infrastructure, since variable speed motors are used in many industrial processes. We spoke to industrial control system security expert Joe Weiss about substations, squirrels, hacking and what investigators should be looking for in Ukraine.

Joe Weiss: [00:03:24:00] Breakers were opened in a whole series of substations and that led to somewhere between a three to six hour outage to something like 80,000 customers. That's what we should be focusing on. The hacking questions all have to be in the context of how did that relate to the breakers being opened in the substations.

Dave Bittner: [00:03:48:24] One of the things Weiss finds particularly interesting is that the attackers seems to be deliberate in their restraint.

Joe Weiss: [00:03:53:09] When you get to the breakers in the substation there are a lot of things that you could do to cause reasonably significant damage. That was not done here. Essentially all they did was open those breakers. It's like you open the fuse in your fusebox in your house and as soon as you put the fuse back in, the lights go back on. The lights were back on somewhere between three to six hours. If you can get access to these breakers you can cause real problems. In this case, whoever did that did not cause any major problems.

Dave Bittner: [00:04:39:15] Weiss says this attack sends a cautionary message to operators in the United States.

Joe Weiss: [00:04:45:03] Low voltage transmission and electric distribution are excluded from the nerve critical infrastructure protection standard, which means these substations that were targeted, if they were in the United States, would have had no cyber security protection or evaluation or anything else because they would have been outside the scope.

Dave Bittner: [00:05:10:09] Much has been made of the fact that more power outages have been caused by squirrels than cyber attacks, but Weiss warns that we not let that fact be a distraction.

Joe Weiss: [00:05:18:22] Not only do you have squirrels, you have ice storms, you have hurricanes, you have earthquakes. Yes, it's a problem with a two to three day outage, but the reason we care about cyber security of the grid, and the reason I'm pointing out that in the Ukraine they chose not to cause real damage, is with cyber which you absolutely can do is bring the grid down for in the order of nine to 18 months or more. That a squirrel cannot do.

Dave Bittner: [00:05:55:14] He also emphasized the importance of collaboration.

Joe Weiss: [00:05:58:13] There needs to be a joint effort between the security people, who understand security but do not understand the domains of electric power, water, chemicals, you name it, and the engineers who understand that domain but not security. And one of our biggest problems today is you've got the IT community running amok without having a really good idea of what they're even trying to do.

Dave Bittner: [00:06:27:15] The threat is not just theoretical. According to Weiss these are real world problems with serious consequences and, in his view, we're not yet addressing them properly.

Joe Weiss: [00:06:36:17] The operators need to know, in other words not the IT people but the control system people, is that cyber threats can affect the reliability and safety of these systems because, in general, cyber security can actually damage equipment, kill people or lead to major releases, and these things have already happened. There's been over a thousand deaths to date from control system cyber incidents. That's a really big deal and a reason why we have to address this. But we have to address it in the right way, and I don't believe most of what's happened has been the right way.

Dave Bittner: [00:07:29:18] Our thanks to Joe Weiss. His website is realtimeacs.com.

Dave Bittner: [00:07:35:08] If, indeed, this incident represents a state mounted cyber attack, what sort of response would be proportionate and justified? This question arises when considering many incidents. Take, for example, the recently discovered Iranian incursion into dam control systems in Rye, New York. Just Security from the Center for Human Rights and Global Justice at New York University School of Law, considers whether that episode should be considered an act of war. The short answer is no, but the question is, as they say, complicated.

Dave Bittner: [00:08:04:20] The Tallinn Manual, which has emerged as an influenced guide to NATO thinking on the matter, holds that a cyber attack need not be physically destructive to constitute "use of force" but also stops short of drawing any bright lines in the matter. And so, the conclusion in the Just Security piece is that the Rye incident wasn't an act of war but that it also could warrant what lawyers called retortion. A response that its once unfriendly, unlawful, perhaps comparable cyber reconnaissance.

Dave Bittner: [00:08:34:07] The US Government, in the form of ICS-CERT, says it's providing support to Ukraine's investigation of the attack. Ukraine's government expects to comment on the power grid hack after it finishes its investigation, which it expects to be complete on January 18th.

Dave Bittner: [00:08:49:17] Apart from the BlackEnergy spyware kit, the other action coordinated with cycling the substation breakers was a wave of calls to the utility's customer service centers which appear to have been intended to provide misdirection to cover the attack.

Dave Bittner: [00:09:03:00] Distributed denial of service attacks are also being used for such purposes. Corero warns utilities, telecom providers and others to watch for what it's calling "dark DDoS". By this they're not implying that there could be "light DDoS" say the incipient Jedi Rey as opposed to the dark side's Kylo Ren, but rather they're emphasizing the increasing use of denial of service as a smokescreen for more serious attacks.

Dave Bittner: [00:09:27:17] DDoS does indeed remain a threat. Akamai, for example, estimates that 2015 saw them increase in frequency by 180%. But, as usual, it's possible to over-hype any particular incident. A recent case may be found in the "New World Hackers" New Year's Eve test attack on the BBC. #TangoDown, the name of the op, claimed 600 gigabytes per second in a test of power which would indeed be pretty big. As ZDNet observes, "You would think that after such a big bang someone might have noticed," but no one did. Tripwire sums up Akamai's findings as "greater number, smaller punch".

Dave Bittner: [00:10:06:20] In the Middle East, increasing sectarian and political tensions between Saudi Arabia and Iran inflamed the long simmering regional cyber riot, in which many expect to see the governments themselves join, if they haven't already. Iran itself made a splashy foray into online propaganda, posting video of detained US Navy personnel apparently apologizing for what Iran alleges is a violation of its territorial waters.

Dave Bittner: [00:10:30:07] Some observers continue to warn that ISIS should be expected to develop more effective and extensive cyber warfare capabilities, but so far the terrorist group has concentrated more on information operations as opposed to cyber operations narrowly conceived. One disturbing and undoubted capability they're seeking, however, is the ability to use the Internet as an aid to finding and murdering journalists and others within ISIS controlled areas who don't toe the Caliphate's line.

Dave Bittner: [00:10:57:06] ISIS has also launched its own encrypted messaging app, and it's not only offering emojis for inspiration across social media, but some jihadis more or less aligned with ISIS have begun publishing an online cyber warfare magazine. It's called Kybernetiq, and it's initially being published in German. ISIS has also either established or assumed control over a news service, Amaq, that features early distribution of communiques claiming responsibility for attacks.

Dave Bittner: [00:11:23:10] Since the focus of online jihad continues to remain inspiration, which falls within the realm of information operations, how one might counter the ISIS narrative remains a conundrum for opposing security services. Counter narrative operations appear, on early reports, to have been a point of interest in Friday's White House outreach to Silicon Valley, with particular emphasis given to denying ISIS inspiration its social media platform.

Dave Bittner: [00:11:47:23] But it may be wayward to conceive of this is principally a technical challenge. The Daily Beast, for one, points out that the decidedly old school dead-tree ISIS magazine, Dabiq, enjoys a wide following, so the message in this case seems to trump the medium.

Dave Bittner: [00:12:03:09] The US Departments of State and Defense show signs of looking beyond technical approaches to fighting ISIS and toward more aggressive counter-messaging. But some America-watchers things the new style of information operations, even if it gets its messaging right, will soon find itself entangled with legal and organizational obstacles. In any case, US President Obama's State of the Union address cautioned that giving ISIS too much credit is effectively giving them aid and comfort.

Dave Bittner: [00:12:28:14] Among social media firms, Twitter especially finds itself between a free speech rock and a counter-terror hard place. Its contretemps with Turkey's government over Kurdish pro-independence tweets shows the practical impossibility of accommodating irreconcilable interests.

Dave Bittner: [00:12:44:21] The widow of a man slain by ISIS in Jordan is also suing Twitter. She claims Twitter negligently permitted ISIS to pass on inspiration and direction to her late husband's murders. Few legal observers expect the suit to hold up in court but, in the event it should, the case's implications for online communication will be very large.

Dave Bittner: [00:13:04:10] Declarations of war aside, Anonymous continues to turn up easier targets in the civilized world than it has found in ISIS. Nothing new from Anonymous in its declared war on ISIS, but the anarchist collective did find time over the weekend to hit Nigerian Government sites to protest what Anonymous views of that government's corruption. The 'hacktivists' have also been active in the pro-cetacean front this week, protesting whaling by downing some Icelandic government websites and by disrupting Nissan. Nissan is baffled by the connection, but apparently a Japanese headquarters implicates you in Japan's annual dolphin take.

Dave Bittner: [00:13:39:17] In the UK, Labour Opposition Leader Jeremy Corbyn's Twitter account was briefly hijacked to express a range of puerile, semi-obscene commentary in the news of the day. Corbyn and Labour have since wrested back control of the account.

Dave Bittner: [00:13:53:10] The Russian hacker, wOrm, associated in recent years with attacks on the BBC, Bank of America and Adobe, claims to have successfully broken into Citrix. WOrm's identity remains unknown. It's not even known if wOrm is a single individual or a group.

Dave Bittner: [00:14:09:04] Some Dell customers report being contacted by unusually plausible scammers who know a lot about their Dell accounts. The calls aren't from Dell, and Dell, which is investigating, says it hasn't been hacked, so where the data came from remains a mystery.

Dave Bittner: [00:14:23:12] Security experts draw some familiar lessons from this week's takedown of a Romanian ATM hacking gang and the recent guilty plea by a former baseball executive who intruded into a rival club's system. First, old unpatched software is inherently risky; take note, users of Windows 8 and Internet Explorer. And, second, pay close attention to common sense cyber hygiene, especially when employees transition into or out of your organization.

Dave Bittner: [00:14:49:02] The SlemBunk Android banking Trojan discovered last year is proving more persistent and dangerous than initially thought. It's got a longer attack chain and drive-by infection capability and, according to FireEye, it's been actively used in the wild.

Dave Bittner: [00:15:04:06] Ransomware continues its usual rounds. Angler and Neutrino exploit kits are distributing Cryptowall, and the RIG exploit kit is serving up Radamant malware. Brian Krebs reports on ransomware's growing effect on users of cloud services.

Dave Bittner: [00:15:19:04] Symantec describes an upgrade to information-stealing malware, Android.Bankosy, which can now bypass the protection of one-time passwords generated through two factor authentication systems. It does so by establishing a bogus identity with the infected device.

Dave Bittner: [00:15:35:06] The Rovnix Trojan continues to worry Japanese banks, that nation's distinctive language no longer serving as an effective linguistic moat around its financial system. Other countries go on their guard against similar Rovnix infestations.

Joe Weiss: [00:15:49:02] Arbor Networks describes a multi-pronged malware campaign targeting sites, most of them belonging to non governmental organizations in southeast Asia. There's no formal attribution of the malware cluster, which Arbor is calling Trochillus, but the campaign's sophistication and choice of targets suggests to some observers that it was mounted by China's government.

Dave Bittner: [00:16:10:04] Akamai warns that a malicious search engine optimization scheme is using SQL injection to goose search hits.

Dave Bittner: [00:16:16:15] Brazil's cyber black market is booming, according to a widely-circulated Trend Micro study. That black market, as usual, mirrors features of legitimate markets including training programs and the criminal labor market's illegitimate invisible hand.

Dave Bittner: [00:16:30:06] Users of social media are again cautioned against over sharing, which can render them vulnerable to social engineering, password or security question guessing and other threats. A long piece in the New Yorker on confidence games offers an occasion for reflection on how very old forms of fraud find new outlets in cyberspace.

Dave Bittner: [00:16:48:12] Krebs takes an interesting look inside the boiler rooms of cyber criminal's call centers. Fluency in the mark's native languages is at a premium.

Dave Bittner: [00:16:57:12] Cyber libertarians, as Wired calls them, once saw Silk Road as the dawn of a new free market untrammeled by government or cartel finagling. That false dawn has faded with Silk Road's eclipse. The dark web's markets have become as seedy and sleazy as the physical black markets they've supplemented. See, for example, the Hell hacking forum as an example of such sleaze. Its denizens go after a breathalyser vendor. Still, remember those black markets do behave like markets.

Dave Bittner: [00:17:17:05] This CyberWire podcast is brought to you by the Digital Harbor Foundation, a non-profit that works with youth and educators to foster learning, creativity, productivity and community through technology education. Learn more at digitalharbor.org.

Dave Bittner: [00:17:49:12] I'm joined by John Petrik, editor of the CyberWire. John, explain to me the difference between active cyber defense and active defense.

John Petrik: [00:17:57:12] They're often used interchangeably, aren't they? You'll see them talked about as if they're the same thing, but there actually are slightly different usages that people will find for them. Active defense, that's the more commonly used one. These are cyber defensive measures that are designed to inflict damage on an attacker by exploiting vulnerabilities in the attack toolkits, by distributing disinformation by inflicting malicious code on the attacker, things like that. It's often called "hacking back", that's active defense. So, enterprises might undertake active defense against threats themselves. In its more aggressive forms, active defense is a very controversial defensive strategy and you'll find very few people who will say "We do active defense, we hack back." People generally don't do that kind of cyber vigilantism. It's a little different from active cyber defense though which involves no operations against non-cooperating networks or systems.

Dave Bittner: [00:18:56:21] All right, that sounds complicated. Help me understand, explain that for me.

John Petrik: [00:19:00:23] Okay. Active cyber defense, and this is a usage we've heard mostly from some people in NSA, speaking of public fora. Active cyber defense is an approach to cyber defense that concentrates on detection and mitigation of cyber risks in near real time, that is, as quickly as possible, what some people call cyber relevant time. So active cyber defense involves placing sensors on your own networks and then automating detection analysis, automating reverse engineering and automating mitigation to reduce the need for human intervention. So, ideally, in active cyber defense you want to get to the point where information can be automatically shared machine to machine amongst cooperating enterprises. And this kind of active cyber defense, it is important to remind ourselves, involves no intrusion into hostile or non-cooperating networks or systems. It focuses entirely on the defendant network, and it's therefore absolutely not to be confused with "hacking back" or active defense.

Dave Bittner: [00:20:01:04] So, to use a real world metaphor, would this be the difference between putting a chain link fence around my property and putting an electrified chain link fence around my property?

John Petrik: [00:20:10:10] An electrified chain link fence backed up by a rowdy guard dog and roving patrols. Yeah, it's about increasing the visibility of your own network and it's about, above all, automating the kinds of detection and analysis classification and response in your defensive systems.

Dave Bittner: [00:20:29:04] Now, do you let people know that your system is actively defended? Do you put up this "Warning, electric fence" sign in the cyber realm or is it something where you don't know that it's an active system until you try to break in and suddenly you discover you've been hit back?

John Petrik: [00:20:42:23] You know, I don't know that there's a lot of, that many people see a lot of value in that kind of warding off of criminals. I expect that would work about as well as the old ADT sign in my front yard that hasn't deterred four burglaries in the last 12 years. So, you know, you make the call, but I suspect most people would not want to give much information about their defenses to a potential attacker.

Dave Bittner: [00:21:06:10] Alright, always interesting. Thanks, John.

Dave Bittner: [00:21:18:06] A flaw in eBay is reported to have rendered user credentials vulnerable to compromise. Fake login pages may have enabled hackers to steal usernames and passwords. Bit Defender has explained how the cross-site scripting vulnerability enabled more plausible fishing attacks against eBay customers.

Dave Bittner: [00:21:35:11] The European data center services provider, Interxion, discloses a breach in its CRM system that may have exposed sensitive customer information.

Dave Bittner: [00:21:44:15] Researchers are finding Apple's patch of OS X's gatekeeper security feature more porous than users might wish. Other researchers claim they've identified vulnerabilities in Advantech's EKI-1322 serial device server. The flaws may include a back door.

Dave Bittner: [00:22:01:00] Some disclosures provoke controversy. A researcher claims to find a backdoor in older versions of Fortinet's 40 OS. Fortinet denies it's a back door and calls it a management authentication issue they've already patched.

Dave Bittner: [00:22:14:10] And two security firms, Bugsec and Cynet ,say they've found a design feature of next generation firewalls that's inherently vulnerable to exploitation. At issue is the next gen firewall's inspection of apps as opposed to ports. To do this they allow a TCP handshake regardless of packet destination, and this is what Bugsec and Cynet find objectionable. Next generation firewall companies vigorously deny that the feature amounts to a flaw. The vendors counter that, as Palo Alto, puts it, "Firewall policy is never violated," and that the rules in place preclude the handshake from creating problems.

Dave Bittner: [00:22:47:20] The US National Highway Traffic Safety Administration finishes its study of last year's proof of concept hack of Jeep vehicles. They conclude that only Jeeps were vulnerable, but car manufacturers continue to show increased sensitivity to hacking. General Motors has asked security researchers to help look for and fix automotive software bugs.

Dave Bittner: [00:23:06:05] This weeks Patch Tuesday marked the long-expected end of support for older versions of Windows and Internet Explorer. It also featured a number of critical patches to both Microsoft and Adobe products.

Dave Bittner: [00:23:17:01] Juniper Networks will drop over the next few weeks its reliance on a weak back-doored encryption scheme. Mozilla deals with the consequences of too hasty SHA1 deprecation, consequences which Google, in contrast, seems to have anticipated. VMware and Apple both issue security upgrades, and tomorrow marks the end of Microsoft support for versions 8, 9 and 10 of Internet Explorer.

Dave Bittner: [00:23:39:24] Trend Micro has patched a remote execution bug in its anti-virus software. A Google researcher discovered and disclosed the vulnerability. Drupal improved the security of its update process. Cisco released three sets of patches, wireless LAN controller software, identity services engine software and Aironet 1800 series access points. Open SSH7.1P2 is also out, with a fix for a flaw that could leak private keys.

Dave Bittner: [00:24:06:08] Industry continues to dislike proposals by various governments to mandate weak encryption or installation of back doors. While experts differ, the emerging consensus is that the effect of doing so would be to increase the vulnerability of Internet users without realizing any compensatory gains in security. Nevertheless, the Council on Foreign Relations sees a global trend toward growing government appetite for internet control or restriction.

Dave Bittner: [00:24:30:09] In the UK, surveillance policy aspirations seems to be shifting from mandated back doors towards some sort of decrypt-on-demand regime. This trend is manifesting itself in some national jurisdictions too. A Staten Island assemblyman would add New York State to the list of jurisdictions seeking to require device manufacturers to decrypt on demand traffic their products carry. Legal observers think the bill has slim chance of passage and a still slimmer chance of withstanding the inevitable challenges in court.

Dave Bittner: [00:24:58:21] Elsewhere in the crypto wars, Fortune claims that cryptography guru David Chaum's PrivaTegrity, widely discussed as Chaum's contribution to achieving a modus vivendi between privacy and security, has been widely misunderstood. PrivaTegrity is not, Chaum tells Fortune, a back-doored encryption scheme (and he regrets having let earlier reports characterize it as having a back door), but rather one that features distributed ten-party control. The cryptography community will no doubt be discussing whether this changes the prevailing dim view of PrivaTegrity.

Dave Bittner: [00:25:31:21] Researchers at Penn State claim to have made significant progress on an algorithm that could prove useful in identifying terrorist actors, and police forces turn to threat scoring as an aid to investigation. Such measures carry their own, if different, controversies but they do suggest that issues at stake aren't confined to encryption policy, and former US DCI and NSA Director Hayden's characterization of NSA's capabilities is also interesting in this respect. He told the Forex 16 conference that the agency "Steals other people's stuff in the cyber domain." It's the duty of every country's intelligence services, he explained, and then added "As a former director of NSA, I like to think we're number one."

Dave Bittner: [00:26:13:02] Industry is also leery of cyber arms control agreements, which most firms see as tending toward the criminalization of legitimate security research. The US House of Representatives Committee on Oversight and Government Reform held hearings this week on proposed US implementation of the Wassenaar Cyber Arms Control regime. The deliberations appear to auger changes in the cyber export control agreement's implementation. Industry wants change, the Department of Homeland Security is moderately sympathetic to industry and even the State Department betrays some buyer's remorse over the agreement. It's unlikely in the extreme that the US would withdraw from Wassenaar, but significant modification of the rules the government will develop with respect to cyber export control is widely expected. The President is also said to be meditating on an Executive Order that would mandate certain measures federal agencies would take in response to large scale cyber incidents, catastrophic incidents and some characterizations. Some observers continue to worry that US defensive and offensive cyber policy lacks what they see as structure or focus.

Dave Bittner: [00:27:17:09] In industry news, rumor and speculation about mergers and acquisitions continue to affect cyber security company share prices, sometimes regardless of whether the affected companies themselves are themselves the subject of such rumors. Various cyber story stocks, including perennial market darling FireEye, experienced a sell-off early in the week, but investment analysts remain generally bullish on the sector. Nice Systems agreed to purchase analytics shop, Nexidia, for $135 million.

Dave Bittner: [00:27:33:17] Bloomberg speculated about 2016 tech IPOs. Their list of IPO candidates include two cyber security firms: Tenable Network Solutions and Tanium. Appthority picked up $10 million in series B venture funding. IBM bought the German company, Iris Analytics. In a fraud prevention play. Raytheon and Websense will call their new combined venture Forcepoint, and will integrate firewall shop Stonesoft, recently acquired from Intel, into the brand. Distil Networks acquired Scrape Sentry, whose capabilities are seen as both competing and complementary. Accounting firm Horne LLP buys Halberd and establishes a cyber practice, PSS acquires Tetra Concepts, and Check Point is in initial talks over a possible acquisition of CyberArk.

Dave Bittner: [00:28:30:19] In crime and punishment, Damballa assures all of us that the Norwegian police have taken down the author of the MegalodonHTTP crimeware. US FBI Director Comey tells cyber criminals to steer clear of the cyber G-men in the Pittsburgh office, and we're with Director Comey on this one.

Dave Bittner: [00:28:37:20] The dread pirate Ross Ulbricht is appealing his Silk Road sentence, this time on grounds related to the judicially proven corruption of some federal officers involved in his case. The Romanian police, with an assist from Europol, take down a major ATM hacking bang.

Dave Bittner: [00:29:05:04] In the US there's more trouble over the classification of former Secretary of State Clinton's emails. Judges find a troubling lack of precedent complicating the sentences they hand down for convicted hackers. Lack of precedent seems to bother the courts in a way analogous to that in which lack of actuarial data troubles insurance companies trying to price cyber risk transfer.

Dave Bittner: [00:29:26:11] And finally, remember the Crackas With Attitude who counted coup against some of US Director of Central Intelligence Brendon's private accounts? They're back or, at least, as Motherboard sensibly observes, someone pretending to be the Cracka is back and they're tugging on Superman's cape. This time they've taken on US Director of National Intelligence Clapper, redirecting calls to a pro-Palestinian number and defaming Clapper in social media with rude schoolyard demonics. The Crackas seem to have exploited a bug in the Clapper family service provider Verizon Fios broadband. The Office of the Director of National Intelligence is aware of the incident and has initiated appropriate investigations. One would think the Crackas may find themselves on increasingly thin ice.

Dave Bittner: [00:30:09:13] And that's the CyberWire's weekend review. A note to our listeners and readers, the CyberWire will be taking Monday off in observance of Doctor Martin Luther King Junior Day. We'll be back as usual on Thursday January 19th. Enjoy the holiday. For links to all of this week's stories along with interviews, our glossary and more, visit thecyberwire.com. The CyberWire podcast is produced by CyberPoint International and our editor is John Petrik. Thanks for listening.

Copyright © 2020 CyberWire, Inc. All rights reserved. Transcripts are created by the CyberWire Editorial staff. Accuracy may vary. Transcripts can be updated or revised in the future. The authoritative record of this program is the audio record.

Supported by:
Johns Hopkins University Information Security Institute

The Johns Hopkins University Information Security Institute provides the technical foundation and knowledge needed to meet our nation's growing demand for highly skilled professionals in the fields of information security and information assurance. Learn more online at isi.jhu.edu.


Betamore is an award-winning coworking space, incubator and campus for technology and entrepreneurship located in the Federal Hill neighborhood of downtown Baltimore. Learn more at betamore.com.

Subscribe to the CyberWire
Subscribe to the CyberWire Podcast: RSS Stitcher Google Play Music Castbox
Follow the CyberWire