The CyberWire Daily Podcast 5.20.16
Ep 104 | 5.20.16

TeslaCrypt says "sorry, here's the key." 50-cent-ers troll China.


Dave Bittner: [00:00:03:23] The US Congress wants to upgrade Cyber Command status to a Unified Combatant Command. Phineas Phisher takes on police in Catalonia. US researchers find a big piecework sweatshop for social media trolling in China. Operation Groundbait chums eastern Ukraine's cyber waters. Conficker's still around. Cyber stocks get some investor love this week and TeslaCrypt's operators say sorry and promise to close up shop. Yes, we're surprised to; but on the other hand, the crooks do seem to have given ESET their keys.

Dave Bittner: [00:00:35:10] This CyberWire podcast is brought to you by Recorded Future; the real time threat intelligence company whose patented web intelligence engine continuously analyzes the entire web, to give information security analysts unmatched insight into emerging threats. Sign up for free daily threat Intel updates at

Dave Bittner: [00:01:00:07] I'm Dave Bittner in Baltimore with your CyberWire summary and weekend review for Friday, May 20th 2016.

Dave Bittner: [00:01:07:15] In the US, Cyber Command appears destined, at least if the House of Representatives has its way, to be elevated to status as a Unified Combatant Command. A bill making it so passed the House at midweek, as part of the National Defense Authorization Act. The White House has threatened to veto the legislation on other grounds.

Dave Bittner: [00:01:26:11] Unified Combatant Commands in the American Defense establishment, represent the highest operational levels; answering directly to the National Command Authority. They draw upon more than one military service. Such commands are either geographical, like European Command, or Central Command, or functional, like Strategic Command or Special Operations Command. Cyber Command would be a functional command. It currently falls under US Strategic Command.

Dave Bittner: [00:01:52:19] Some members of Congress believe that Cyber Command’s growing importance warrants separating it from NSA, with whom it shares a leader. Yesterday at DCOI 2016, we heard Admiral Michael Rogers, who leads both NSA and Cyber Command, respond to questions about the proposed change in his organization’s status. He said, of course, that it wasn't his call, and made all the expected right noises about the change not affecting his command's missions or its readiness to cooperate with all of its partners.

Dave Bittner: [00:02:22:04] Operation Groundbait continues to chum for influential fishermen in eastern Ukraine. Its target seems to be, generally speaking, separatist and pro-Russian. But one shouldn’t be too quick with attribution; hybrid war is rarely obvious and who’s doing the chumming remains to be seen. ESET is tracking the campaign.

Dave Bittner: [00:02:41:18] Phineas Phisher, who just pilfered a Bitcoin trove, which he donated to Kurdish anti-capitalists in Syria, remains on the hacktivist stage. He’s taking on the Catalan police with an exposé of their alleged brutality. He’s also said to have taken down a police union server, with some data destruction reported. The attack against Catalonian law enforcement is available for your inspection. Mr. Phisher has posted it online.

Dave Bittner: [00:03:08:10] We're used to associating information operations in social media with ISIS, but don’t overlook the Chinese Government. A study by US researchers at Harvard, Stanford and the University of California San Diego describes a massive propaganda campaign in social media. About 488 million posts are pumped out annually in support of government information goals. The operation is organized and compensated as piecework. The operators are called the 50 Cent-ers because they’re thought be paid 50 cents a post. As is consistent with China’s inward-looking tendencies, the 50 Cent-ers principally address a domestic as opposed to an international audience.

Dave Bittner: [00:03:49:06] You may recall Conficker, an old worm Microsoft stamped on back in 2008; but it’s back, or rather, it never really left. Check Point says Conficker was implicated in one out of every six identifiable attacks in April 2016; it’s also teaching a few object lessons. First, an exploit doesn’t have to be a zero-day to work; anything that works is just fine with attackers. They’re not artists, after all. Secondly, as we’re learning today at the Jailbreak Security Summit, there are a lot of embedded devices that work with older Windows instances and Conficker remains a nuisance in the Internet-of-things. Thirdly, Conficker’s persistence underlines, yet again, the importance of patching. It was, after all, patched more than eight years ago and it’s still an irritant.

Dave Bittner: [00:04:37:11] Today's podcast is made possible by Find rewarding IT engineering opportunities in Maryland; tackling complex security challenges in the defense arena. Join G2, a growing company where creativity; curiosity and playfulness lead to innovative problem-solving. Learn more at

Dave Bittner: [00:05:03:05] Joining me is Malek Ben Salem. She's the R&D Manager for Security at Accenture Technology Labs; one of our academic and research partners. Malek, I know an area of research for you is the use of semantic technologies for cyber defense. Take us through, what do you mean when you're talking about semantic technologies?

Malek Ben Salem: [00:05:19:16] When we're dealing with software, semantic technology, its main characteristic is that it encodes meaning separately from data and from content. You know, known technologies are ontologies that are implemented in the OWL language, for example; where you define entities and concepts and then link them to data to give that data meaning. This is different from the traditional IT approach where data itself carries its meaning and its relationship embedded within.

Malek Ben Salem: [00:05:56:04] We're using that semantic meaning to enrich the data that we collect, say through a SIM tool or any security appliance. We can use those semantic technologies, particularly ontologies, to annotate the data and enrich it; so that an expert system can be used to reason about the data. It can identify what the data means and it can automatically correlate and link that data and at a next step, it can reason about the data. For example, as it sees several security events, it may be able to infer the progression of an attack and be able to follow how the attacker is moving; what techniques it's using, what step in the attack progression it is at and then be able to predict what would be the next attack step.

Dave Bittner: [00:06:58:21] Alright, Malek Ben Salem, thanks for joining us.

Dave Bittner: [00:07:04:10] This CyberWire podcast is brought to you by the Digital Harbor Foundation: a non-profit that works with youth and educators to foster learning, creativity, productivity and community through technology education. Learn more at

Dave Bittner: [00:07:33:24] In industry news, this week saw a lightening of investors’ moods after recent weeks’ downbeat news and bearish security share performance. Cisco surprised observers, Barron’s prominently among those observers, by reporting much better than expected earnings and issuing optimistic guidance. It’s particularly noteworthy that the networking giant’s security business made a clear contribution to its strong results.

Dave Bittner: [00:07:56:11] Analysts are characterizing Cisco’s security network as a “hedge” against IT sector headwinds. Stock tipsters are now talking about depressed share prices in other industry bellwethers like FireEye, Symantec and Palo Alto as representing buying opportunities. There’s much chatter about going long. This is probably a good time to remind everyone that we are not, I repeat not, offering investment advice. Please apply all appropriate disclaimers about risk, etcetera. Did I mention that the CyberWire doesn’t offer investment advice?

Dave Bittner: [00:08:27:16] There’s also some M&A news. KEYW moves closer to selling off its Hexis commercial security subsidiary, as KEYW sharpens its focus on government security markets. The buyer will be an undisclosed private equity firm.

Dave Bittner: [00:08:42:11] Investigations suggest that a Bangladesh bank official’s compromised computer was used in the SWIFT-related hack. The Bank of England tells UK financial institutions to buck up the security of their interactions with SWIFT.

Dave Bittner: [00:08:56:11] In the US, the Securities and Exchange Commission gave the financial sector a stern talking to at a Reuters-convened summit. Too many firms, the SEC says, are sloppy with respect to cyber security and some of their biggest risks lie in cyberspace. Another regulatory body, the U.S. Commodity Futures Trading Commission, said yesterday that it plans to issue rules on cyber security; automated trading and position limits later this year. The new rules will be issued pursuant to Dodd-Frank financial reform legislation.

Dave Bittner: [00:09:27:00] Finally, ransomware continues to hold its place as the principal cyber threat to businesses. The Microsoft Malware Protection Center says that the US, Canada and Italy are the countries most affected. But some good news has arrived from Bratislava: ESET took a direct approach and asked TeslaCrypt’s proprietors for their encryption key. To everyone’s surprise, except possibly ESET’s, the TeslaCrypt hoods not only handed over the key, but also said they were sorry and said they were closing up shop. One may doubt the remorse, but the key at least seems genuine. So again, bravo ESET.

Dave Bittner: [00:10:17:18] My guest today is Author and Historian, Abby Smith Rumsey. Her latest book is When We Are No More: How Digital Memory Shapes Our Future. The book explores human memory from prehistory to the present; from pictures painted on cave walls to today, with all the world's knowledge available in an instant on our mobile devices.

Dave Bittner: [00:10:36:01] Abby Smith Rumsey spoke to me from her home in San Francisco. We talked about the history of data technology, privacy, what responsibility we have as cyber security professionals to be good stewards of the world's data, our culture's digital memory in our personal and professional lives. I began our conversation by asking her to describe what prompted her to write the book.

Abby Smith Rumsey: [00:10:56:21] Well, I'm a historian and I'm writing about why it is that, at times like this, when we're sort of creating more and more information, it's harder for us to keep that information; to create a really robust historical record both for present and future generations. I talk about some of the technical issues about why digital information is harder to maintain; to capture robust samples of and to maintain for long periods of time. But I also talk about the risk that that poses if we don't solve the problem and it's not just a risk to present generations, but also to future generations to lose the past.

Dave Bittner: [00:11:38:17] It's easy for us to experience a sense of information overload. Rumsey says, historically speaking, this feeling is nothing new.

Abby Smith Rumsey: [00:11:45:19] With each major innovation in information technology, going back to the invention of the cuneiform and the papyrus and in particular the printing revolution of the 1400s, in the beginning, people, when they glommed onto a new technology, were in a wild, sort of experimental, optimistic phase. They used it a lot without having in place any way to deal with the consequences of producing, for example, so many books; as happened in the 15 and 1600s.

Abby Smith Rumsey: [00:12:18:20] The kind of shock that people have with the amount of information available digitally is actually very well-documented; having been experienced by people in the first couple of generations of print. You know, that sort of emotional and sort of cognitive disjunction of having too much information. You have this kind of vertigo, because you can't quite figure out what is and isn't important to pay attention to.

Dave Bittner: [00:12:43:19] One of the challenges with digital technology, of course, is how quickly things become obsolete.

Abby Smith Rumsey: [00:12:48:18] We don't have the luxury of being able to look at digital information the way we've been looking at books. We can't just burn a CD, put it on a shelf for 100 years and expect somebody to be able to pull that CD off the shelf, look at it and determine what its long-term value has turned out to be. We have to actually capture that information, preserve it now.

Abby Smith Rumsey: [00:13:12:16] You know, anything that is in a code that can only be read by a machine will not endure. Whatever records we leave behind have to be eye-legible; have to be read by the human eye. But, you know, anything stored on magnetic tape, or in magnetic means; anything stored on computers that can't be read by eyes but only by machines, we could lose all of that and not be able to retrieve it.

Dave Bittner: [00:13:35:22] It's difficult to know what's going to prove valuable to future generations. History has shown that, sometimes, there's important information hidden within the most mundane of archives.

Abby Smith Rumsey: [00:13:45:12] The British Naval Museum, in fact, has a vast collection of Mariners' log books from its years on the high seas as the empire that ruled the waves. Each one is a log book written by hand, onboard ship. It records everything that happens in the course of a day on a ship. It reads like a very boring almanac about the birds they are seeing, the temperatures, the size of the waves and so on and so forth. They've been able to scan this material and they've created a database and now scientists are studying oceans and atmospheres, changes in weather, flora and fauna and things like that, that are so important to climate science. They're now looking at these centuries of data about ocean conditions.

Abby Smith Rumsey: [00:14:36:22] These old log books are kind of like this gold mine of information for the study of climate change and. Incidentally, nobody in the 18th or 19th Century thought that log books would be valuable to study climate change; because nobody at that time imagined that human beings were changing the climate of the globe.

Dave Bittner: [00:14:56:04] What about us? I asked Abby Smith Rumsey about the role of cybersecurity professionals in preserving our future.

Abby Smith Rumsey: [00:15:03:06] Well, I think the role is incredibly valuable. Just having taken on this very complicated technical task of trying to secure data into the future, when we know that the world in which they are operating, technically, hardware, software, etcetera is always changing. I hope that they, in their capacity as private citizens, actually join the chorus of citizens who are demanding that our politicians pay a lot more attention to settling some of these issues around digital security; about protecting national security and privacy at the same time.

Abby Smith Rumsey: [00:15:38:14] This is a dynamic kind of balance that needs to be in place, but it needs to be negotiated and re-negotiated constantly. Somehow in this political cycle, we seem to be talking about everything but these important issues; so it's really difficult that we and cybersecurity people in particular operate, in a world in which these policies are not dealt with forthrightly.

Dave Bittner: [00:16:02:08] What about the future? We're sure to make some mistakes along the way, but Rumsey remains hopeful.

Abby Smith Rumsey: [00:16:07:23] As an historian, I remain optimistic that we may go through a lot of losses; we have a lot to learn and we learn best by making mistakes. But in the end, we will actually master memory in the digital age as well. The short-term losses will be acute and very regrettable. We could lose a lot that we really want to keep, until we figure out how to master these systems of memory.

Abby Smith Rumsey: [00:16:32:08] I think it's even more important that, those of us who are living through this transition, document the kind of things that we're going through, exactly how we feel about this transition; so that, in the future, people will have a record of how the world they lived in passed through this time of great turbulence and note the things that might not have survived into the future.

Dave Bittner: [00:16:54:00] That's Author and Historian Abby Smith Rumsey. Her book is When We Are No More: How Digital Memory Shapes Our Future. If you're in the Washington D.C. area, she'll be leading a discussion and book signing at the Library of Congress on Tuesday, May 24th at noon.

Dave Bittner: [00:17:12:23] That's the CyberWire. For links to all of today's stories, along with interviews, our glossary, and more, visit The people who are interested in those stories tend to be people who read or listen to the CyberWire. If you'd like to reach them, visit the and find out how you can sponsor the news brief or podcast and thanks to all our sponsors who make the CyberWire possible.

Dave Bittner: [00:17:35:12] The CyberWire is produced by Pratt Street Media. Our Editor is John Petrik. I'm Dave Bittner. As always, thanks for listening and have a great weekend.