The CyberWire Daily Podcast 8.4.16
Ep 156 | 8.4.16

Black Hat, of course. US election concerns, and more jihadist info ops.


Dave Bittner: [00:00:03:20] Black Hat sees some winners, not only of the Best of Black Hat competition, but also the experts who captured the flag at the Kaizen. DNC hacks raise questions about US voting security. Democratic Senators call for hearings on Donald Trump’s request that Russia find the 30,000 emails deleted from Hillary Clinton’s State-Department-era homebrew server. China seems to be probing Philippine networks in conjunction with the dispute over territorial waters in the South China Sea. The Gozi banking Trojan is said to be headed for US targets. Bitfinex is looted of tens of millions in Bitcoin. The Real Deal criminal market seems to be suffering from poor customer service, and no one quite knows what’s become of the boss.

Dave Bittner: [00:00:50:02] Time to take a moment to tell you about our sponsor, Cylance. Are you looking for something beyond Legacy Security approaches? If you are, and who isn't, you're probably interested in something that protects you at machine speed, and that recognizes malware for what it is, no matter how the bad guys have tweaked the binaries or cloaked their malice in the appearance of innocence. Cylance knows malware by its DNA. Their solution scales easily, and it protects your network with minimal updates, less burden on your system resources and limited impact on your network and your users. Find out how Cylance is revolutionizing security with artificial intelligence and machine learning. It may be artificial intelligence, but it's real protection. Visit to learn more about the next generation of anti-malware, and even better, if you're at Black Hat this year, swing by Booth 1124 and chat with the Cylance people. Cylance: artificial intelligence, real threat prevention. And we thank Cylance for sponsoring our show.

Dave Bittner: [00:01:52:04] I'm Dave Bittner in Baltimore with your CyberWire summary for Thursday, August 4th, 2016. We’re out at Black Hat, and we’ll have an additional podcast devoted to some interviews with the participants. But for now we’d like to recognize some of the people who’ve taken honors at the event, starting with Aaron Lint, Vice President of Research at Arxan, who placed first in Booz Allen Hamilton’s Kaizen. The Kaizen is a capture-the-flag event sponsored annually by Booz Allen Hamilton. We spoke with Booz Allen Hamilton's Timothy Nary about the competition.

Timothy Nary: [00:02:22:20] It started about four years ago as an internal training exercise, and we've been bringing it out to Black Hat and running this competition for a couple of years now. It's a great exercise for people to sharpen their cybersecurity skills, and their tool sets, and learn some new things. So this year our capture-the-flag, we're running a traditional Japanese style. So we have challenges ranging from web hacking to exploitation, reverse engineering, coding, a little bit of everything. Kaizen itself is rooted in the Japanese culture, and it has a meaning of continuous improvement of self, and that's something that we feel very strongly about and that we want to continuously improve our skill set in cybersecurity and that you always have to stay on top. Doing capture-the-flags is one great way to keep your skills sharp.

Dave Bittner: [00:03:06:05] This year's Kaizen winner was Aaron Lint, Vice President of Research at Arxan.

Aaron Lint: [00:03:11:09] I'm actually a repeat player. I came in third place a couple of years back, but first time I've won it. I'm a graduate of Purdue University. I got a Computer Science Masters there, and I started off working at a small applications security company. I kind of worked up through the ranks as kind of being a good white hat hacker and attacker, really enforcing practical attacks on software, not the sophisticated crazy hacks. Most of the hacks that happen are simple and really straightforward. That's one of the things I think is a misconception a lot of people have. And so these competitions sort of highlight that fact, and make it accessible to people. It's an excellent tool to learn, it's an opportunity to branch out in a safe space. You know you're not on the firing line, it's not your employment at risk, etc. So I always encourage people that are learning in infosec to play CTFs, as many and as often as you can. I always find it very interesting that there's something new and that you learn something new every time. That's why keeping fresh with these skills is really important.

Dave Bittner: [00:04:18:22] Congratulations, Aaron.

Dave Bittner: [00:04:20:20] Congratulations also to the winners of Dark Reading’s Best of Black Hat: Deep Instinct (which was named most innovative startup), Vectra (recognized as the most innovative emerging company), and Paul Vixie (founder and CEO of Farsight Security, named the most innovative thought leader).

Dave Bittner: [00:04:39:05] In the wider world, the Democratic National Committee complains that the FBI should have warned the DNC earlier that it was under cyberattack. Had they known, the DNC says, they would have been quicker to defend, secure, and remediate.

Dave Bittner: [00:04:52:01] The leaked emails from the DNC, the Democratic Congressional Campaign Committee, and the Clinton campaign - more of which, WikiLeaks promises, are coming - continue to stoke concerns about the security of US voting systems. Homeland Security Secretary Jeh Johnson mulls publicly about designating voting systems as critical infrastructure, but observers see this as, so far, amounting to little more than an assertion of agency equities in line with the recently issued PPD-41, the President’s directive on US cyber incident coordination. Issues of technology, procedures, and above all resources remain to be addressed.

Dave Bittner: [00:05:29:13] Questions about former Secretary of State Clinton’s homebrew server persist, and some Democratic Senators are calling for hearings on Republican candidate Trump’s invitation that Russia find and release Clinton’s missing emails.

Dave Bittner: [00:05:42:13] Dispute over ownership of territorial waters in the South China Sea again finds expression in cyberspace. Chinese cyber units appear to be prospecting Philippine targets with spyware. F-Secure has observed the NanHaiShu RAT active in regional networks. North Korea is again actively engaging South Korean targets. Seoul is complaining that Pyongyang has been hacking emails of South Korean diplomats.

Dave Bittner: [00:06:08:11] Turning to the Islamic State and its online activities, it’s long been noted that secure messaging app Telegram has for some time been one of ISIS’s preferred means of communication. Unfortunately for the Caliphate, Telegram seems leakier than ever. Iranian hackers are said to have taken another run at the app and uncovered data - specifically including phone numbers - on some fifteen-million users.

Dave Bittner: [00:06:32:05] Whether or not one of their command-and-control channels has proven less secure than they’d hoped, ISIS and its competitors in jihad continue to work on their online inspiration of followers. Egypt’s Islamic State affiliate takes to the Internet to promise suffering to Israel. Boko Haram (in what amounts by jihadist standards to a charm offensive) goes online to promise more attacks on Christians but reassures everyone that it will leave mosques alone. Pakistan’s al Qaeda and Taliban group seeks to inspire through the example of the Osama bin Laden, whom, of course, they present as a martyr.

Dave Bittner: [00:07:06:19] In cybercrime news, US banks and credit unions are warned that a fresh wave of Gozi malware infections is headed their way. Gozi is an evolved version of earlier banking Trojans. It’s engineered to be stealthier than its predecessors, and it seems optimized for accomplishing fraudulent funds transfers.

Dave Bittner: [00:07:25:08] Bitcoin exchange Bitfinex has taken itself offline after losses that for now total somewhere between $66 and $72 million. Trading is suspended until the exchange can clap a stopper over the losses, recover funds, and resume secure operations. Neither suspects nor the precise mode of attack are known, yet, and speculation ranges from hackers to collusion by insiders.

Dave Bittner: [00:07:50:04] Digital Shadows has presented their study of the Russian web-hosting service Deer dot io, which further supports the general view that the service caters to online criminals. Among its prominent users is Darkside dot Global, where the criminal Tessa88 sold stolen MySpace and Twitter passwords.

Dave Bittner: [00:08:08:03] Finally, the impresario behind the Real Deal criminal market seems to have disappeared, at least for now, and the site’s customer service appears to be suffering for it. The Real Deal gained notoriety as the bazaar where the hacker, Peace, tried to sell stolen credentials (most recently credentials he claimed to have stolen from Yahoo accounts). The Real Deal is still up, but it’s become buggy and unreliable. Peace and others piously hope that the criminal market wouldn’t do anything really criminal, like abscond with stolen goods and services. One can only hope.

Dave Bittner: [00:08:45:18] Time for a message from our sponsor E8 Security. You know the old perimeter approach to security no longer protects against today's rapidly shifting cyber threats. You've got to address the threats to your network once they're in your networks. E8 Security's behavioral intelligence platform enables you to do just that. Its self-learning security analytics give you early warning when your critical resources are being targeted. The E8 Security platform automatically prioritizes alerts, based on risk, and lets your security team uncover hidden attack patterns. To detect, hunt and respond, you need a clear view of the real risks in your business environment. That's what E8 gives you. Visit and download the free white paper to learn more. E8: transforming security operations. And we thank E8 for sponsoring our show.

Dave Bittner: [00:09:39:11] And I'm pleased to be joined once again by Dr. Vikram Sharma. He's the founder and CEO of QuintessenceLabs. Dr. Sharma, you all set out the outset when you started Quintessence, you were working on quantum key distribution, but you know, very often when you're running a company and you put that product out in the real world, you have to make adjustments, and there's lessons you learned, and that was your experience here as well, yes?

Dr. Vikram Sharma: [00:10:00:17] Absolutely, Dave. As you quite rightly noted, we started off our journey and continue to have as one of our core capabilities, a quantum key distribution system. But as we brought that to market, what we saw was that that market, while important, was developing at a rate slower than what we had originally anticipated. However, I think you noted that point about agility, and I guess we were fortunate enough to recognize that some of the capabilities that sat within the quantum key distribution had broader applications to protect, not only data in motion, but data at rest also. And what we did was partition out the true random number generation system, which is a quantum random number generator, and couple that with advanced key management. And that seemed to resonate, and indeed is resonating, stronger with market. So, our learning certainly has is staying true to our original mandate, which was in the area of quantum security, but it's also been critical to be responsive to the market and adjust and adapt our offering to take into account the feedback that the market is providing.

Dave Bittner: [00:11:29:06] And when you're dealing with this internally, you know, you're a relatively new company, you're starting up, you're getting going, was there any resistance internally? Was the any challenges when people were coming back and saying, hey what you're doing is great, but we really need something different or something additional to that?

Dr. Vikram Sharma: [00:11:45:16] Yes, Dave. There were a couple of areas in particular that I could point to, where we had to evolve the group. The first was that we were quite heavy in terms of scientific experts, and nearly part of our journey, as we made this transition towards technologies which were a blend of conventional cybersecurity with advanced physics, we found the composition of the team had to evolve to accommodate that, and indeed a number of cybersecurity experts were added in to the team. The other thing where we found an evolution in the company was culturally, where we had to, I guess, evolve the mindset from being one about doing very interesting and cutting-edge scientific work, to producing robust offerings that would survive in a fiercely competitive commercial environment.

Dave Bittner: [00:12:46:17] Alright, so you need to be responsive and you need to be agile. Dr. Vikram Sharma, thanks for taking the time for us, and we'll talk again soon.

Dave Bittner: [00:12:57:09] And that's the CyberWire. For links to all of today's stories, along with interviews, our glossary, and more, visit Thanks to all of our sponsors, who make the CyberWire possible. The CyberWire podcast is produced by Pratt Street Media. Our editor is John Petrik. Our social media editor is Jennifer Eiben, and our technical editor is Chris Russell. Our executive editor is Peter Kilpe and I'm Dave Bittner. Thanks for listening.