The CyberWire Daily Podcast 6.13.16
Ep 119 | 6.13.16

Jihadists continue online inspiration. India worries about China's cyber activity. Symantec buys Blue Coat, Microsoft LinkedIn.


Dave Bittner: [00:00:03:22] Jihadist online inspiration increases as ISIS loses ground. Social media security concerns continue as more than two-factor authentication seems necessary. The NFL Players Association hires K2 to advise its members on online security. Notes on the importance of key management. Takedowns and fresh targeting shifts the ransomware landscape, and paying ransom doesn't seem to be working these days. Symantec buys Blue Coat and Microsoft acquires LinkedIn.

Dave Bittner: [00:00:33:13] And now, let me mention one of our sponsors, E8, and let me ask you a question: do you fear the unknown? Lots of people do, of course. Sasquatch, chemtrails, chupacabras, stuff like that. But we're not talking about those, we're talking about real threats, unknown unknowns lurking in your networks. The people at E8 have a white paper on hunting the unknowns with machine learning and big data analytics that go beyond the old-school legacy signature-matching in human watch standing.

Dave Bittner: [00:00:58:21] You're going to want to go to and download their free white paper, "Detect, Hunt, Respond." It describes a fresh approach to the old problem of recognizing and containing a threat no one has ever seen before. The known unknowns like the yeti, like UFOs - they're nothing compared to the unknown unknowns out there in the wild. See what E8's got to say about them. Check out the white paper,

Dave Bittner: [00:01:29:16] I'm Dave Bittner in Baltimore with your CyberWire summary from Monday, June 13th, 2016. There's little so far to add to early reports of Saturday's massacre in Orlando, Florida. The attack has been claimed by ISIS and the shooter apparently called 911 to identify himself and declare his adherence to the caliphate shortly before he opened fire at the gay nightclub.

Dave Bittner: [00:01:51:19] How much ISIS inspiration contributed to the attack is still unclear so soon after the attack. And, from ISIS's point of view, really doesn't matter much. But the shooter, who was killed at the scene, seems to have had at least tangential contact over recent years with online jihadists. His Internet connections to sympathizers with Islamic terror were enough to bring him to the attention of the FBI twice, but not enough for the FBI to conclude he was a serious threat.

Dave Bittner: [00:02:18:18] Nor were such contacts obstacles to his getting and holding a job with G4S, a large and leading gates-and-guards security company.

Dave Bittner: [00:02:27:17] ISIS and its competitors in jihad Al Qaeda and the Taliban continue to post grisly calls to jihad. As ISIS loses more ground, it can be expected to decline from statelet to insurgency, and then to simple terrorism in the taxonomy offered by War on the Rocks.

Dave Bittner: [00:02:45:02] The Taliban is newly active online, apparently following the ISIS template, although in a more localized way. Anonymous has countered with low-grade defacements of jihadist Twitter accounts. They've been posting adult images to ISIS sympathizers' Twitter profiles and timelines. Governments and companies in the US and elsewhere continue to look with mixed success for messaging that will help counter the online appeal to jihad.

Dave Bittner: [00:03:09:12] Major social media platforms continue to remediate their credential issues. Wired last Thursday ran an interview with "Peace," the hacker who claims to be the one selling stolen databases at big discounts. Mr. Peace, whose tone is both callow and self-important, describes the activities of his crew, which disbanded upon its leader's retirement some time ago.

Dave Bittner: [00:03:30:03] Peace decided to sell credentials when one "Tessa" began doing so "without permission." Peace says that the data had been more valuable before the compromises became generally-known, and was bought by actors most interested in using it for spamming. Once the data became public, selling them at low prices was simply a way of picking up a lot of cash.

Dave Bittner: [00:03:51:03] It's worth noting Microsoft, undeterred by security worries, bought LinkedIn over the weekend for a reported $26.2 billion. And the NFL Players' Association has retained a security company, K2 Intelligence, to help its members and their families with social media security.

Dave Bittner: [00:04:08:05] Let's Encrypt, the not-for-profit certificate authority backed by Mozilla, the Electronic Frontier Foundation and others, inadvertently leaked 7,618 users' email addresses. That's about 1% of their users. Let's Encrypt was established to make it easy for website administrators to switch from HTTP to HTTPS.

Dave Bittner: [00:04:29:10] Takedowns and new criminal techniques shift the ransomware landscape. Angler and Dridex both appear to have been taken down with Locky ransomware exiting with Dridex. The current ransomware leaders are Crysis, with data theft capabilities in addition to file encryption functionality, Jigsaw, with a helpful life chat support feature to assist victims in paying the extortion, and Flocky, said to be locking up Sharp and Phillips Android-based smart TVs with a dimwitted threat from the non-existent "US Cyber Police."

Dave Bittner: [00:04:59:21] It's worth noting that paying ransom hasn't seemed to have helped the University of Calgary much. Many of its systems remain unrecovered from the attack it sustained a week ago, which means they bought very little for the $20,000 Canadian they paid their attackers.

Dave Bittner: [00:05:14:21] In industry news, two start-ups received journalistic or venture capital love. The journalistic love goes to Area One Security, the spear phishing protection specialists, who receive not just one but two mash notes from the New York Times over the weekend. Area 1's leaders take some pains to disassociate themselves from the prevailing tone of pessimism about the inevitability of successful attacks, which pessimism they, or at least the Times, associates with FireEye's public statements.

Dave Bittner: [00:05:42:24] The VC love goes to Canadian behavioral analytics shop Interset, which received an undisclosed investment from In-Q-Tel, the venture fund operated by the US intelligence community. In-Q-Tel's picks are widely followed. The fund was, for example, an early investor in Palantir.

Dave Bittner: [00:06:01:22] And Blue Coat didn't stay on the block for too long. Symantec has announced plans to buy the privately-held company for $4.7 billion in cash. The acquisition is seen as an enterprise security play.

Dave Bittner: [00:06:13:24] Internationally, as Australia seeks to come to grips with the magnitude of the cyber threats it faces, and the US Congress considers what might constitute an act or a situation provoking or justifying war in cyberspace, India and the Republic of Korea move to higher alert with respect to longstanding regional rivals, especially China and North Korea.

Dave Bittner: [00:06:34:13] Industry sources would like to see more of a sense of crisis in Canberra, but, in fairness, that's what you'd expect industry sources to say.

Dave Bittner: [00:06:42:13] India's defense establishment is concerned with Suckfly and other Chinese APT groups, government or criminal, and hopes both higher alert levels and closer cooperation with the US in cyberspace will afford a degree of protection.

Dave Bittner: [00:06:57:04] Finally, the National Cyber Security Hall of Fame is taking nominations for the class of 2016. If you know someone who's made cyberspace a better place through science, technology, leadership, policy or other art, consider recommending them for the hall. Nominations are open through July 20th. You can learn more at I don't suppose they have a podcasting category? Hmm, too soon.

Dave Bittner: [00:07:26:13] I'd like to give a quick thanks to our sponsors at ThreatConnect. ThreatConnect is an enterprise-level security platform that allows you to unite all your people, processes and technologies behind an intelligence-driven defense. And they're teaming up with Forrester, the global research and advisory firm, for a look at fragmentation in the security industry, what it means, and what can be done about it. You can hear what they've got to say and consider how to apply the lessons to your own organization by signing up for ThreatConnect's webinar. It's scheduled for Tuesday, June 28th. Catch Forrester's Jeff Pollard and ThreatConnect's Chief Intelligence Officer, Rich Barger, as they discuss the issues fragmentation poses for organizations of all sizes, and offer their thoughts on how to unify security operations in your enterprise. Visit and tell them the CyberWire sent you.

Dave Bittner: [00:08:13:14] Best of all, the price is right: free. That's Check it out.

Dave Bittner: [00:08:25:16] And I'm joined by John Leiseboer. He is the CTO at QuintessenceLabs, one of our academic and research partners. When it comes to encryption, one of the key aspects is key management. What can you tell us about the importance of key management when it comes to cryptography?

John Leiseboer: [00:08:41:07] Well, encryption is relatively easy. All major platforms are supported by easy-to-use, good cryptographic implementations. Certainly, care is necessary to build secure applications using standard crypto-implementations. But there is no need to understand the internals of algorithms in order to use them correctly.

John Leiseboer: [00:09:00:06] Unfortunately, this ease of use with crypto-implementations has just moved the real problem somewhere else, and that location has been moved to is key management. This is where a good and properly-implemented key management protocol can help.

John Leiseboer: [00:09:14:18] The hard parts of securely generating, managing, storing, monitoring, controlling and distributing keys can be delegated to a key management server. As in the world of networking where IP is ubiquitous, a well-known standard protocol is invaluable in increasing the overall security level of applications and systems.

John Leiseboer: [00:09:35:09] There are a few protocols out there that can be used for this purpose in terms of key management, but one such protocol that is becoming more popular and is more common these days is a protocol called the Oasis Key Management Interoperability Protocol, or KMIP.

John Leiseboer: [00:09:51:15] This particular protocol is supported by a large and growing number of vendors to build either the cryptographic side of applications, or perhaps encrypting disk arrays or tape systems or applications like database encryption, and is also supported by vendors on the other side, the key management server vendors.

John Leiseboer: [00:10:12:04] Having a common protocol allows users of these systems to mix and match the server vendors and the client vendors, and hopefully, as in the world of networking, come up with solutions that are both secure and easy to implement. A very important part of the KMIP protocol is the ability to send request messages and receive responses between different vendors' platforms.

John Leiseboer: [00:10:40:22] Every six months or so, the KMIP community comes together for interoperability testing. We perform operations with our standard products to verify that products can create keys, get keys, we could attribute keys, can modify attributes of keys, etc. in such a way that we ensure there is both security and ease of use for the users of such systems.

Dave Bittner: [00:11:06:06] John Leiseboer, thanks for joining us. And if you have any questions that you'd like to have our academic and research partners answer on our show, you can send them to

Dave Bittner: [00:11:18:24] And that's the CyberWire. For links to all of today's stories, along with interviews, our glossary, and more, visit Thanks to all of our sponsors who make the CyberWire possible. If you'd like to place your product, service, or solution in front of people who will want it, you'll find few better places to do that than the CyberWire. Visit and find out how to sponsor our podcast or daily news brief.

Dave Bittner: [00:11:42:01] The CyberWire podcast is produced by Pratt Street Media, the editor is John Petrik. I'm Dave Bittner. Thanks for listening.