The CyberWire Daily Podcast 1.13.16
Dave Bittner: [00:00:03:15] Anonymous turns its attention to Iceland. International help in the investigation of Ukraine's grid hack and implications of that hack for other countries. A US Executive Order on agency response to a catastrophic cyber incident is said to be in the works. Security companies differ over next-generation firewalls. Microsoft and Adobe issue their monthly patches. M&A news in the cyber sector. And the Crackas with Attitude? They're back.
Dave Bittner: [00:00:31:23] This CyberWire podcast is made possible by the Johns Hopkins University Information Security Institute, providing the technical foundation and knowledge needed to meet our nation's growing demand for highly skilled professionals in the field of information security, assurance and privacy. Learn more online at isi.jhu.edu.
Dave Bittner: [00:00:54:05] I'm Dave Bittner, in Baltimore, with your CyberWire summary for Wednesday, January 13th, 2016.
Dave Bittner: [00:01:01:00] Declarations of war aside, Anonymous continues to find easier targets in the civilized world than it has in ISIS. The hacktivist collective protests whaling with an attack on Icelandic government sites.
Dave Bittner: [00:01:12:24] The US government, in the form of ICS-CERT, says it's providing support to Ukraine's investigation of the recent attack on that country's power grid. Former senior US intelligence officials reiterate warnings that the US power grid is comparably vulnerable. ICS expert and Applied Control Solutions Managing Partner, Joe Weiss, told the CyberWire about one regulatory gap he thinks should be addressed.
Joe Weiss: [00:01:36:20] This affected low voltage transmission and electric distribution. Low voltage transmission and electric distribution are excluded from the NERC critical infrastructure protection standards.
Dave Bittner: [00:01:53:07] You can hear more of our conversation with Joe Weiss on this Friday's CyberWire Week in Review.
Dave Bittner: [00:01:58:12] Researchers at Digital Bond Labs describe what observers characterize as a relatively easy new way of remotely burning out variable-speed industrial motors. Such a capability has obvious implications for attacks on infrastructure.
Dave Bittner: [00:02:13:04] ISIS is reported to have added some new secure messaging apps. The "Amaq Agency" and Alrwai apps join Telegram in the ISIS toolkit. Some new year predictions warn of growing ISIS cyber attack capability, but US President Obama's State of the Union address counter-warned against aiding ISIS by giving them too much credit. The President is also said to be meditating an Executive Order that would mandate certain measures Federal agencies would take in response to large scale cyber incidents, catastrophic incidents in some characterizations. Some observers continue to worry that US defensive and offensive cyber policy lacks what they see as structure or focus.
Dave Bittner: [00:02:51:18] As the crypto wars between security officials and privacy advocates continue to gutter, some recent developments may perhaps inform the debate. Researchers at Penn State claim to have made significant progress on an algorithm that could prove useful in identifying terrorist actors, and police forces turn to "threat scoring" as an aid to investigation. Such measures carry their own, if different, controversies but they do suggest that the issues at stake aren't confined to encryption policy. And former US DCI and NSA Director Hayden's characterization of NSA's capabilities is also interesting in this respect. He told the S4X16 conference that the agency, "steals other people's stuff in the cyber domain." It's the duty of every country's intelligence services, he explained, then added, "As a former director of NSA, I like to think we're number one." He also distinguished legitimate intelligence operations from, for example, economic espionage.
Dave Bittner: [00:03:49:05] Symantec described an upgrade to information-stealing malware Android.Bankosy which can now bypass the protection of one-time passwords, generated through two-factor authentication systems. It does so by establishing a bogus identity within the infected device.
Dave Bittner: [00:04:04:20] Zscaler takes a look at a bad neighborhood. Sundown, Neutrino, and Angler exploit kits are gurgling around the address space registered under "Alexander Mulgin Serginovic."
Dave Bittner: [00:04:15:05] Some disclosures provoke controversy. A researcher claims to find a backdoor in older versions of Fortinet's FortiOS. Fortinet denies it's a backdoor and calls it a management authentication issue they've already patched. And two security firms, BugSec and Cynet, say they've found a design feature of next-generation firewalls that's inherently vulnerable to exploitation. At issue is the next-gen firewalls' inspection of apps as opposed to ports.
Dave Bittner: [00:04:41:17] To do this they allow a TCP handshake, regardless of packet destination, and this is what BugSec and Cynet find objectionable. Next-generation firewall companies vigorously deny that the feature amounts to a flaw. The vendors counter that, as Palo Alto puts it, "firewall policy is never violated" and that the rules in place preclude the handshake from creating problems.
Dave Bittner: [00:05:03:08] Brazil's cyber black market is booming, according to a widely-circulated Trend Micro study. That black market, as usual, mirrors features of legitimate markets including training programs in the criminal labor market's illegitimate invisible hand.
Dave Bittner: [00:05:17:13] Last year's Hacking Team leaks are reported to have helped put Kaspersky on the track of a Microsoft Silverlight zero-day.
Dave Bittner: [00:05:25:01] This week's Patch Tuesday marked the end of support for older versions of Windows and Internet Explorer. It also featured a number of critical patches to both Microsoft and Adobe products.
Dave Bittner: [00:05:35:13] In industry news, CEOs and CISOs are finding their distinctive perspectives on cyber security reciprocally illuminating. "Canadian M&A" has an interesting three-part series on cyber considerations during all phases of mergers and acquisitions. Distil Networks acquires ScrapeSentry, whose capabilities are seen as both competing and complementary, accounting firm, Horne LLP, buys Halberd and establishes a cyber practice, PSS acquires Tetra Concepts; and Check Point is in initial talks over a possible acquisition of CyberArk.
Dave Bittner: [00:06:09:11] In crime and punishment, the Dread Pirate, Ross Ulbricht, is appealing his SilkRoad sentence, this time on grounds related to the judicially proven corruption of some Federal officers involved in his case.
Dave Bittner: [00:06:21:04] And finally, remember the Crackas with Attitude, who counted coup against some of US Director of Central Intelligence Brenann's private accounts? They're back, or at least as Motherboard sensibly observes, "someone pretending to be the Cracka," is back, and they're tugging on Superman's cape. This time they've taken on US Director of National Intelligence, Clapper, redirecting calls to a pro-Palestinian number and defaming Clapper in social media with rude schoolyard demotics. The Office of the Director of National Intelligence is aware of the incident and has initiated appropriate investigations. One would think the Crackas are on increasingly thin ice.
Dave Bittner: [00:07:01:01] This CyberWire podcast is brought to you through the generous support of Betamore, an award-winning coworking space, incubator and campus for technology and entrepreneurship, located in the Federal Hill neighborhood of downtown Baltimore. Learn more at Betamore.com.
Dave Bittner: [00:07:21:03] Joining me is John Petrik, editor of the CyberWire. John, a term that comes up regularly in the CyberWire is SCADA. What is SCADA?
John Petrik: [00:07:28:13] SCADA, that's S-C-A-D-A, stands for Supervisory Control and Data Acquisition. It refers to automated industrial control systems and especially those kinds of automated industrial control systems that are used to control large scale processes, or processes that are distributed across a wide geographic area.
Dave Bittner: [00:07:49:03] Would SCADA be applied to the Ukraine hack that we've seen recently?
John Petrik: [00:07:55:02] Yes. Power grids are an example of an industrial system that's geographically widely distributed. SCADA's really a subset of industrial control systems, or ICS. An industrial control system is one that controls industrial processes, obviously, as the name implies. So, motion control systems for industrial robots and process control systems that regulate variables like pressure, flow, temperature, things like that, those are all examples of industrial control systems. SCADA systems, which typically control processes over those large widely distributed areas, that's a kind of ICS.
Dave Bittner: [00:08:29:17] Alright, John Petrik, thanks very much.
Dave Bittner: [00:08:33:19] And that's the CyberWire. For links to all of this week's stories, along with interviews, our glossary and more, visit theCyberWire.com. The CyberWire podcast is produced by CyberPoint International, and our editor is John Petrik. Thanks for listening.