The CyberWire Daily Podcast 8.2.16
Ep 154 | 8.2.16

US, Russia trading hacks in cyberspace? Brazilian cybercrime ramps up.


Dave Bittner: [00:00:03:18] A quick look at Black Hat. Iran appears to be watching Syrian dissidents, and an Israeli hacktivist breaches an Iranian ISP. Observers continue to track the apparent Russian hacks of at least three US Democratic Party groups. Russia says it's found a sophisticated spyware infestation of its networks, and the news media draw the inference, NSA. WikiLeaks says more Clinton dox are coming. Afraidgate switches from CryptXXX to Locky. Yahoo credentials may be for sale in the black market. ISIS hopes to disrupt the Rio games, criminals hope to profit. Interpol shuts down a Nigerian scammer. And we pass on advice for staying safe at Black Hat.

Dave Bittner: [00:00:45:13] Time to take a moment to tell you about our sponsor, Cylance. Are you looking for something beyond legacy security approaches? If you are, and who isn't, you're probably interested in something that protects you at machine speed, and that recognizes malware for what it is, no matter how the bad guys have tweaked the binaries or cloaked their malice in the appearance of innocence. Cylance knows malware by its DNA. Their solution scales easily and it protects your network with minimal updates, less burden on your system resources and limited impact on your network and your users. Find out how Cylance is revolutionizing security with artificial intelligence and machine learning. It may be artificial intelligence, but it's real protection. Visit to learn more about the next generation of anti-malware. And even better, if you're at Black Hat this year, swing by booth 1124 and chat with the Cylance people. Cylance: artificial intelligence, real threat prevention. And we thank Cylance for sponsoring our show.

Dave Bittner: [00:01:47:18] I'm Dave Bittner, in Baltimore, with your CyberWire summary for Tuesday, August 2nd, 2016.

Dave Bittner: [00:01:53:20] Black Hat has completed its training sessions and opens today with the CISO summit. We’ll keep you apprised tomorrow of anything we learn at the conference.

Dave Bittner: [00:02:01:16] The demonstrations, the Arsenal, the presentations, and the exhibit hall all go into full swing tomorrow and Thursday. One of the more anticipated demonstrations will be Miller's and Valasek's car hack. They’ll be picking on the Jeep Cherokee again and this time they intend to show what they can do through a compromised CAN bus. There will also be the usual round of product announcements, awards, tips, techniques, and observations. We'll keep you posted.

Dave Bittner: [00:02:28:02] Elsewhere in the world, the University of Toronto's Citizen Lab and researchers at FireEye see signs of Iranian cyber espionage targeting anti-Assad Syrian dissidents, some of them based in Turkey. FireEye calls the activity characteristic of other Iranian operations it's observed.

Dave Bittner: [00:02:45:19] Iran itself has sustained an attack. An Israeli hacker, probably a hacktivist, although it's early to be certain, is said to have breached the Iranian Internet service provider Daba. User credentials are reported to have been leaked.

Dave Bittner: [00:02:59:10] The ongoing troubles surrounding US election hacks continue. The Democratic National Committee, the Democratic Congressional Campaign Committee, and the Clinton campaign have all been doxed. And various security firms continue to regard the culprit as the Russian government. Fidelis and ThreatConnect, both of which have investigated the DCCC hack, say they're convinced Fancy Bear, the GRU, was behind it.

Dave Bittner: [00:03:23:10] The Clinton campaign, addressing their own hack, claims that only a DNC voter analytics program they used was compromised. The campaign's internal systems and email are, they assure the public, still secure. The FBI is investigating.

Dave Bittner: [00:03:37:23] Russia may be positioning itself as an injured party. The FSB has announced that professional spyware has been found on sensitive Russian networks. They teach an object lesson in attribution by declining to say who they think did it, but you don’t have to be Philip Marlowe to put two and two together and add them up to USA. The media covering the story haven't been slow to speculate that US security services, NSA being the one inevitably mentioned in dispatches, have compromised some significant Russian networks, and perhaps have found their way into the Cozy Bear and Fancy Bear as well. The bears are, respectively, thought to be FSB and GRU operations.

Dave Bittner: [00:04:19:10] For its part, the US mulls how and indeed whether to respond to Russia's apparent intrusion into various Democratic Party networks.

Dave Bittner: [00:04:27:07] WikiLeaks's Julian Assange refuses to say where he got the Democratic Party documents he's dumping, but he does say they've got a lot more to dump. They'll be releasing it soon, he says, at their discretion.

Dave Bittner: [00:04:39:13] Some recent court decisions have shaped the data privacy landscape. Later we'll hear about the implications of one of them, the ruling in Microsoft's favor that enables Redmond to keep data stored in Irish servers away from US law enforcement.

Dave Bittner: [00:04:52:17] In cybercrime news, social engineers are turning to QRL jacking, a newly popular way of compromising accounts, so disclose QR codes with due circumspection.

Dave Bittner: [00:05:04:23] The Afraidgate ransomware operators are still using the Neutrino exploit kit, but appear to be shifting from CryptXXX to Locky.

Dave Bittner: [00:05:12:14] Researchers continue their scrutiny of the AdGholas malvertising campaign, with particular attention given to the means by which its operators cover their tracks. Proofpoint notes that much of AdGholas's stealth and obfuscation has been achieved through steganography, hiding code in images.

Dave Bittner: [00:05:30:20] Peace, the criminal known for selling MySpace and LinkedIn credentials, many of them junk, but still a problem and a nuisance, is back on the criminal forum the Real Deal. This time he says he's offering 200,000,000 Yahoo credentials. He says they've been traded privately for some time, but that now they're being offered openly. Peace wants 3 Bitcoin, about $1,860. Yahoo is investigating. The breach remains unconfirmed.

Dave Bittner: [00:05:57:21] We spoke with Spirent's Sameer Dixit about what Spirent is seeing with respect to emerging threat patterns and what you can do to protect yourself.

Sameer Dixit: [00:06:06:02] One of the newest patterns that we have actually seen which was not there, sort of not fully developed last year was automotive security, SCADA, ICS, and IoT. Places where security so far has been done with obscurity, places like healthcare systems and networks, SCADA, ICS, automotive, like, until a year or two ago, like, if you go after an automotive vulnerability disclosure, you would be, like-- companies would lawyer up and shut you down. But now the industry has gotten a little bit more acceptance to, to vulnerability programs and things like that. So, you would see more and more come out of that industry in terms of cybersecurity, vulnerabilities and threats. And then the fourth one is IoT, being a new area. We focus mainly on-- right now mainly on making it work. Now that we have kind of reached a stage that it has started to work, now people are thinking about, like, "Oh, we built this, but there are security gaps." And that's what-- these are the four trends where I could see, like, healthcare, SCADA, ICS, automotive and IoT where there would be more need for security going forward. And I would see this as the trend.

Dave Bittner: [00:07:23:24] Sameer Dixit also has some advice when it comes to password strength.

Sameer Dixit: [00:07:28:11] When it comes to password, there is a, a big misconception about, "Okay, I need to make my password complex." But really when it comes to passwords, it's not really the complexity, it's the size that matters. So, making it longer, you are, you're making it tougher to track than making it more complex with nowadays computing power.

Dave Bittner: [00:07:48:18] That's Sameer Dixit from Spirent.

Dave Bittner: [00:07:52:16] The cybercriminal infrastructure in Brazil has ramped up for a wave of theft and fraud surrounding the Olympic Games. Fortinet reports an 83% surge in malicious URLs detected in Brazil. There's also been a rise in test attacks. Sponsors, participants, attendees, and others interested in the Games are warned to be on their guard. Opening ceremonies will be held this Friday evening.

Dave Bittner: [00:08:14:23] There is unfortunately also another threat to the Olympics. Observers tracking ISIS say the terrorist group has increased its use of Portuguese in the inspirational traffic it's currently circulating. The group desires jihadist attacks on the games. Brazilian authorities and those of other nations are increasing their vigilance.

Dave Bittner: [00:08:33:16] Some good news on cybercrime, Interpol takes down a Nigerian scammer with assistance from Trend Micro and Fortinet. So, there will be at least one fewer gang inviting you to share in the oil wealth of a recently deceased and quite fictitious prince.

Dave Bittner: [00:08:48:21] A highly cleared FBI tech has plead guilty to a charge of spying for China. It's good news that he's out of circulation, but bad news that he was in circulation at all.

Dave Bittner: [00:08:59:23] Our stringers are getting some advice on security from Black Hat USA, which notes that it doesn't condone any malicious activity, in Vegas or anywhere else. It's common sense stuff, but it's always worth giving commonsense a once-over.

Dave Bittner: [00:09:13:02] So remember, don't expect privacy on the Internet. Don't open links you get from unknown or untrusted sources, and don't, please don't, take thumb drives from strangers. I mean, you wouldn't take candy, right? Unless maybe if they were mints in a bowl of the Acme Cybersecurity Company's booth, but you know what we mean. Encrypt your traffic, always good advice, and don't connect to any unknown network. Disable Bluetooth and NFC, and don't, don't, don't plug into any random open line, jack, or cable. Nothing good ever comes of that. Don't leave your devices unattended. And be sure your patches are up-to-date before you arrive. And bring cash. You use ATMs near the conference at your peril, so don't let your card get skimmed.

Dave Bittner: [00:09:55:15] Oh, and when you leave Las Vegas, let your passwords stay in Vegas. Pick new passwords, for everything. Beyond that, enjoy Black Hat. We're pretty sure our stringers are.

Dave Bittner: [00:10:09:24] Time for a timely message from our sponsors at E8 Security. Putting your data together with E8's analytics for security that can handle the unknown unknowns. Consider what might warn you off to malware on your system. Listening or running programs on a rare or never seen before open port is one of them. It's easy to say that but could you say what counted as rare or never seen before? Or would that information jump out at you as you reviewed logs? If you had time to review your logs. And by the time the logs reached you, the news would be old. But, E8's analytical tools recognize and flag the threat at once, enabling you to detect, hunt and respond. Get the White Paper at and get started. And if you're at Black Hat this week, check out E8's great T-shirt scavenger hunt. The details are on their website. E8 Security, your trusted partner. And we thank E8 for sponsoring our show.

Dave Bittner: [00:11:04:07] Joining me once again is Ben Yelin. He's a senior law and policy analyst with the University of Maryland Center for Health and Homeland Security. Ben, a case came through recently about Microsoft winning an appeal. It was the ruling about data searches. What can you tell us about this ruling?

Ben Yelin: [00:11:19:06] So, the background of the case is that a Federal Judge in New York in 2013 issued a warrant for the emails of a suspect that was involved in or alleged to have been involved in drug trafficking. And some of the data that the government sought resided on Microsoft computers located in Ireland. Microsoft stopped the order in court, arguing that it shouldn't be forced to comply with a US Court Order demanding data held in another country. The Justice Department's counter was that because Microsoft is a US based company the government can get the data even if it is stored elsewhere. So, this became a major high stakes battle between Silicon Valley and the US Law Enforcement community, especially piggybacking off some other high profile cases this year, like the iPhone unlocking case in San Bernardino.

Ben Yelin: [00:12:15:12] So, Microsoft won this battle. In a Federal Appeals Court, they ruled that the government cannot force Microsoft to turn over emails or other personal data stored on computers overseas. I think this case is going to have major ramifications. And it's also influenced both where companies like Microsoft store their data in order to protect the privacy of communications and who customers use to protect their most personal information. I also think that a key civil liberties victory here is that the court viewed these communications as having greater privacy interest because they contained the content of communications, than something like business records or financial records. I think in previous cases, courts have determined that those types of records, transactional records would be acceptable, even if they're stored overseas. But, because there's a greater privacy interest at stake with the content of communications, there needs to be more stringent protection.

Ben Yelin: [00:13:15:07] So, I think it's a major victory for Microsoft. It's a major victory for Silicon Valley, and for privacy advocates.

Dave Bittner: [00:13:22:19] Is this a situation where companies like Microsoft, or companies like Apple, who have expressed an interest in the privacy of their users, they could simply offshore the storage of personal information and by that matter protect it?

Ben Yelin: [00:13:34:18] I think that would be the most sweeping implication of this case. And I think we'll see what happens once it moves beyond the second circuit. If the second circuit is affirmed, or the Supreme Court refuses to take the case, then I think we're going to see sort of a groundbreaking shift in where data is stored and I think both companies and individuals who have a great interest of protecting their private information are going to look to this case as a precedent and, and start to store some of their most personal information in overseas servers.

Dave Bittner: [00:14:06:18] All right. Ben Yelin, thanks for joining us.

Dave Bittner: [00:14:11:02] And that's The CyberWire. A reminder that there's an extended version of my recent interview with Daniel Ennis, former Director of NSA Threat Operations Center, and Executive Director of the University of Maryland Cyber Initiative, on our website And if you enjoy our show, we hope you'll help spread the word and leave a review and rating on iTunes. It's one of the easiest things you can do to help us grow our audience.

Dave Bittner: [00:14:33:14] The CyberWire podcast is produced by Pratt Street Media. The Editor is John Petrik. Our Social Media Editor is Jen Eiben and our Technical Editor is Chris Russell. Our Executive Editor is Peter Kilpe. And I'm Dave Bittner. Thanks for listening.