The CyberWire Daily Podcast 11.13.20
Ep 1214 | 11.13.20

CISA offers its assessment (high) of US election security. An alleged GRU front media group is fingered. Notes on cybercrime, and one cheap proof-of-concept.


Dave Bittner: CISA says U.S. elections were secure, that recounts are to be expected in tight races. But election-themed malspam continues, of course. A news platform is flagged as a GRU front. A new ransomware strain takes payment through an Iranian Bitcoin exchange. The Jupyter information-stealer is out and active. David Dufour on detecting deepfakes and misinformation. Dr. Jessica Barker on her new book, "Confident Cyber Security." And Plundervolt is a $30 proof of concept.

Dave Bittner: From the CyberWire studios at DataTribe, I'm Dave Bittner with your CyberWire summary for Friday, November 13, 2020. 

Dave Bittner: The U.S. Cybersecurity and Infrastructure Security Agency issued a statement yesterday about the recent U.S. elections that called them the most secure in American history. The statement, prepared jointly by federal and state officials, added this perspective on recounts - quote, "when states have close elections, many will recount ballots. All of the states with close results in the 2020 presidential race have paper records of each vote, allowing the ability to go back and count each ballot, if necessary. This is an added benefit for security and resilience. This process allows for the identification and correction of any mistakes or errors. There is no evidence that any voting system deleted or lost votes, changed votes or was in any way compromised," end quote. 

Dave Bittner: So CISA's judgment is that voting systems as such were uncompromised and that recounts are proceeding as they would in any close election. Any corrections to ballot counts that may prove necessary as recounts are finished are thus likely to be prompted by errors or retail-level fraud, not any deep, widespread corruption of voting systems. 

Dave Bittner: However secure the elections were, that, of course, hasn't prevented criminals from seeking to take advantage of the tension, division and uncertainty that surrounded them. The Washington Examiner reports that a great deal of spam baited with allegations of fraud at the polls is appearing in inboxes. According to security firm Malwarebytes, a great deal of the spam is delivering the Qbot Trojan. 

Dave Bittner: Bellingcat reports that Bonanza Media, which bills itself as an independent investigative project dedicated to pursuing alternative explanations of the 2014 crash of Malaysian Airlines Flight MH17, is, in fact, a Russian disinformation front run by the GRU. 

Dave Bittner: Bonanza Media was founded, Bellingcat says, early in 2019 by an RT alumna, Yana Yerlashova, who had specialized in debunking coverage of the Dutch-led investigation. She received the assistance of a conspiracy-minded blogger in the Netherlands, one Max van der Werff, who had also become a frequent guest on various Russian media outlets. 

Dave Bittner: Bellingcat's conclusions are that, quote, "senior members of the GRU entered into direct and regular communication with the project leader. The GRU received advanced copies of Bonanza's publications, provided its employees illegal cross-border access into Eastern Ukraine, furnished the project with confidential internal documents of the official Dutch-led MH17 Joint Investigation Team conducting the official criminal investigation into the deaths of 298 passengers and crew members that were hacked by GRU's cyber warfare division and likely instructed Bonanza Media to leak them," end quote. 

Dave Bittner: Most of Bonanza Media's claims about MH17 have been of the suggestive rather than conclusive varieties, such as the investigation is still open, the documents leave questions unanswered, there's a lot of reasonable doubt and so on. The more positive lines of disinformation that circulated in the open Russian state-controlled media included claims that Ukrainian forces had shot the airliner down by mistake, that the crash never actually happened and the debris field and bodies had been staged by Kyiv, or even that the shootdown represented a bungled Ukrainian attempt to assassinate Russian President Putin. 

Dave Bittner: The actual, non-alternative explanation of the MH17 crash is that the Boeing 777 was shot down over Eastern Ukraine by a Russian anti-aircraft unit operating deniably in support of separatist forces fighting under the control of the Russian government. Dutch investigators, who had international responsibility for inquiring into the disaster, concluded that the airliner was shot down with a Buk missile fired by the 53rd Anti-Aircraft Missile Brigade of the Russian Federation. The flight had been en route to Kuala Lumpur from Amsterdam with 283 passengers and 15 crew members on board. There were no survivors. 

Dave Bittner: The Dutch-led Joint Investigation Team's findings confirmed early Ukrainian assertions as well as reports by German and U.S. intelligence services. 

Dave Bittner: An article in Foreign Policy describes a resurgence in Islamic activity online. Some 500 extremist channels focused on Central Asia are active over such social media as Telegram and VKontakte. Most of the networks have ties to the Islamic State, now expelled from territory it once controlled in Syria. 

Dave Bittner: The online radicalization in Kazakhstan, Kyrgyzstan, Tajikistan, Turkmenistan and Uzbekistan is following familiar patterns - underemployed young, mostly male adherents, with recruiting eased by international tension between Muslim and non-Muslim nations, such as the tension between Russia and Turkey or between Armenia and Azerbaijan over Nagorno-Karabakh, and with geographical spread assisted by diaspora members of the target population. 

Dave Bittner: Researchers at security firm Check Point are describing the Pay2Key ransomware operation, which they describe as unusually fast in its ability to compromise and encrypt a targeted network. CTech reports that a number of Israeli firms have fallen victim to Pay2Key. 

Dave Bittner: Who's operating the ransomware is unknown, but Bitcoin payments some of the victims have made were channeled through an Iranian cryptocurrency exchange, Excoino. There's nothing inherently nefarious about Excoino, but the company does require users to have an Iranian phone number and identification. On that basis, Check Point thinks it likely that the perpetrators are Iranian nationals. 

Dave Bittner: Morphisec has published an account of a new information-stealer, Jupyter. The security company says that so far, Jupyter has collected Chromium, Firefox and Chrome browser data, but that it also seems to have potential as a full-fledged back door. Its command-and-control, while shifting several times since the malware began to appear in May, has always traced back to Russia, so Morphisec thinks Jupyter is probably the work of a Russian criminal gang. 

Dave Bittner: The University of Birmingham has published a follow-up to reports on Plundervolt. The university says its researchers have demonstrated a device that can overcome protections against the Plundervolt vulnerability that Intel fixed last year. The cheap proof-of-concept device costing only $30 connects to the separate and unprotected voltage regulator chip in a way that enables it to control the CPU's voltage. The researchers conclude that it may be time to rethink SGX - Software Guard Extension - security measures. 

Dave Bittner: My guest today is Dr. Jessica Barker. She's co-founder and socio-technical lead at U.K.-based security firm Cygenta. She joins us to discuss her recently published book, "Confident Cyber Security: How to Get Started in Cyber Security and Futureproof Your Career." 

Jessica Barker: Well, I have to be honest. I was approached by the publishers, Kogan Page. And so an email just came in out of the blue saying they have this series of books - you know, "Confident Coding," "Confident Web Design" - and they wanted, for the first time, to publish "Confident Cyber Security." They were aware of me, and they wondered if I would be interested in being the author. 

Jessica Barker: And so I absolutely jumped at the chance. To be honest, I've been thinking about publishing books by myself for a while, so it felt like great timing. And it was an opportunity, as I saw it, to write a book that I would've loved to have read 10 years ago when I was starting out in the industry. 

Dave Bittner: Well, you break the book up into several sections. Why don't we go through some of those together? You start off with an introduction to cybersecurity. What are you covering there? 

Jessica Barker: So what I wanted with the book was for it to appeal to people who maybe are getting started in their career, people who are interested in cybersecurity but don't know much about it, people who maybe - you know, like board members who maybe need to know more about cybersecurity and are kind of starting with not a blank page, but without much background knowledge. 

Jessica Barker: And so I wanted to start with an introduction that really outlines why cybersecurity is important, what it is, and to make sure that all of us, as we started with the book, were kind of on the same page. 

Dave Bittner: One of the sections of the book covers the future of cybersecurity and what it means for your career. And I think that's an important part of this. There's a part of this book that really is a guide, almost sort of a map for folks who are trying to figure out how it does fit into your career. It's going to fit into so many careers as we move forward. 

Jessica Barker: Exactly. I think cybersecurity is so interesting 'cause, essentially, it weaves through a lot of different jobs, a lot of different professions in a way that those professions, you know, would never have thought, even probably 10 or so years ago. So I wanted to do justice to that. 

Jessica Barker: And particularly, you know, I work with a lot of senior executives and board members, and I know that they need potentially more support in getting up to speed. So I wanted to write for that audience. 

Jessica Barker: But I also wanted to write for the audience of somebody who is thinking about cybersecurity as their career who is maybe starting out. Maybe they're at university or even, you know, in school. And they're thinking, actually, I want to work in cybersecurity, or I'm just starting out in cybersecurity; how do I move forward? 

Jessica Barker: It can be so daunting, this field, to know actually what path to follow. I wanted to try and provide a bit of practical guidance on that. 

Dave Bittner: Yeah. I mean, it strikes me that there's something here for everyone, both for folks who are just getting started, but also for people who've been in cybersecurity for a while. It's nice to have an overview of maybe some of the areas that aren't part of your day-to-day. 

Jessica Barker: I often hear that from people, and I myself have this. You know, I work very much on the human side. And so that can mean that I sometimes don't delve as deep into the physical or into the technical elements. And so actually having something that provides an overview I think is very helpful because in cybersecurity, most of us will specialize, to some extent, in different areas. It's such a broad field that none of us can be experts in everything. 

Jessica Barker: So I wanted the book to actually empower someone who, you know, might be working as a pen tester and actually wants to know a bit more about social engineering or, you know, wants to know a bit more about cybersecurity at the board level. You know, if you're working with senior executives, then actually knowing what they need to know and knowing kind of how they would look at this problem, I think that can be quite helpful, particularly if you're thinking about moving your career in a different direction or moving to a more senior level. 

Dave Bittner: One of the things I like about the book is that you touch on cybersecurity in a variety of different industries. 

Jessica Barker: Yeah, it's one thing I noticed working with different people and different industries is the way that cybersecurity is so fundamental in all sorts of different organizations and sectors. And actually, with our work - our outreach work with schools, I developed a talk that is "What Taylor Swift can teach us about Cybersecurity." And it's basically a way of talking about cybersecurity to teenagers, you know, particularly the career side. I talk about cybersecurity in the music industry and the film industry and with footballers. 

Jessica Barker: So I thought it would be interesting to bring that into the book because I've seen how engaging that can be for people, and just really bringing to life the fact that this isn't just for banks, this isn't just for governments; it's also for pop stars, and it is for the film industry. It is for sports teams and, you know, influencers - social media influencers. 

Jessica Barker: Like, everybody needs an awareness of cybersecurity now because information and connected information is so vital to so many different parts of society and the economy. 

Dave Bittner: That's Dr. Jessica Barker from Cygenta. The book is titled "Confident Cyber Security: How to Get Started in Cyber Security and Futureproof Your Career." There's more to this interview. You can check it out over on our website,, in the CyberWire Pro section. 

Dave Bittner: And I'm pleased to be joined once again by David Dufour. He's the vice president of engineering at Webroot. David, it is always great to have you back on the show. I want to touch base with you when it comes to deepfakes and misinformation, some of the stuff that I know you and your team are tracking when it comes to that side of things. What can you share with us today? 

David Dufour: Yeah. So, you know, there's kind of two different topics that can go hand in hand, deepfakes being where you create images or videos that actually look like someone, but they're not that person. And then a lot of times, they - not only do they just look like someone; they're presenting information that appears to be coming from that person in that video that could be misinformation. 

Dave Bittner: Right. 

David Dufour: So these two things tied together can be really tricky. 

Dave Bittner: Well, what are some of the specifics here? What are some of the - what are your concerns? 

David Dufour: Well, a credit card, if it gets stolen, you can call up the bank and get a new credit card number. That credit card's no good anymore. 

Dave Bittner: Right. 

David Dufour: For most people - I mean, you and I, David, we're always going to the plastic surgeon, getting work done. 

Dave Bittner: True. 

David Dufour: So our faces are always changing. 

Dave Bittner: Yeah. 

David Dufour: But for most people, when your images are stolen and used in a deepfake scenario, you know, there's so much information out there from an image perspective that people aren't thinking about that, you know, it can start to be used, and it almost becomes insurmountable that it can't be pulled back. And as this technology gets better, I think we're going to see more and more of a threat of people mimicking other people, both from a celebrity level down to a grassroots individual level, that it's going to become a problem. 

Dave Bittner: What about this creation of new images of people from wholesale creation? In other words, you know, I've seen someone spins up a fake Twitter account, and you can do an image search on the photo they use for the account image, and it turns out it's a stock photo. You know, it's, you know, average middle-aged guy or something like that. But now we've got these systems that are just literally creating realistic photos of people out of thin air. That's a different thing. 

David Dufour: Well, that is a different thing. 

David Dufour: And not only that, you can sometimes create an image based on images you got from someone, you know, because they had an Instagram page and somehow start to link all that together to create maybe a Twitter account or some other account that you control that somehow adds, you know, a validity to the fact that, oh, I see this person on Instagram, and I see all these posts that they're making on Twitter or on Facebook or some other social media. And all of a sudden, it represents - and you could be putting videos out there on YouTube, and you've built this whole persona around someone that started - the nucleus is real, and now it all becomes believable simply because you've been able to automate and generate all this contextual information that's completely bogus. 

Dave Bittner: Yeah. It strikes me that, you know, we've got this - we're heading into this era where it's going to be harder and harder to believe what you see and what you hear. And obviously, it's good for everyone to be skeptical and have their critical thinking skills. And I wonder if we're coming up to an age where we need some sort of chain of custody - dare I say, a blockchain of custody - when it comes to digital imagery, you know, the things that we're - the things we're seeing in our news feeds every day. 

David Dufour: I absolutely could not agree more. Unfortunately, I don't have what the exact methodology of that would look like. You know, I haven't been able to - you know, we need smarter people than me to come up with that. But you're absolutely right. 

David Dufour: Look; I think five years ago, six years ago, people put all this information on social media, and they were shocked at what, you know, cybercriminals could do with that information - I'm just talking words here - how they could, you know, fake who they were. And now, with the deepfake technology, you're going to see a lot of that be visual. And all of a sudden - you know, people trust their eyes more than they may trust something they read. And so the minute it's visual, now we've got another - you know, on order, another magnitude of issues. 

David Dufour: And so to your point, how do we take some type of technology, like blockchain, to link that to actually validate, whether it's behind-the-scenes work or, you know, something that you see that says, this is legitimate because of my blockchain number, that's something we need to figure out how to address 'cause it's - it is truly going to become an issue. 

Dave Bittner: All right. Well, David Dufour, thanks for joining us. 

David Dufour: Great being here, David. 

Dave Bittner: And that's the CyberWire. For links to all of today's stories, check out our daily briefing at And for professionals and cybersecurity leaders who want to stay abreast of this rapidly evolving field, sign up for CyberWire Pro. It'll save you time and keep you informed. With a name like that, it has to be good. Listen for us on your Alexa smart speaker, too. 

Dave Bittner: Don't miss this weekend's episode of "Research Saturday" and my conversation with Larry Cashdollar from Akamai. We're going to be talking about some of his favorite CVE submissions over the past 20 years. That's "Research Saturday." Check it out. 

Dave Bittner: The CyberWire podcast is proudly produced in Maryland out of the startup studios of DataTribe, where they're co-building the next generation of cybersecurity teams and technologies. Our amazing CyberWire team is Elliott Peltzman, Puru Prakash, Stefan Vaziri, Kelsea Bond, Tim Nodar, Joe Carrigan, Carole Theriault, Ben Yelin, Nick Veliky, Gina Johnson, Bennett Moe, Chris Russell, John Petrik, Jennifer Eiben, Rick Howard, Peter Kilpe. And I'm Dave Bittner. Thanks for listening. We'll see you back here next week.